瑞星卡卡安全论坛
ewengod - 2006-2-23 3:33:00
病毒名称:Backdoor.Gpigeon.pi
路径: IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE
本人菜鸟一个,请各位朋友教小弟除去这一害.
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 3:24:41, on 2006-2-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
E:\Program Files\maxthon\Maxthon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsLogVw.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Rising\Rav\InBuild.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1.97_qoo\HijackThis.exe
R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: ????? - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: x4-943.tmp
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O11 - Options group: [TBH] QQ
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
uiabc1234 - 2006-2-23 7:01:00
http://it.rising.com.cn/service/technology/Ravgpk_Download1.htm
“灰鸽子”专用检测清除工具
不言放弃 - 2006-2-23 8:16:00
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
下载HIJACKTHIS
重新导出日志
ewengod - 2006-2-23 12:40:00
我用了瑞星的灰鸽子的专杀工具了,没用,它不能删除只是结束进程.
导了几次,都是开机后上网后就导,好象都是一样的....
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 12:41:48, on 2006-2-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
E:\Program Files\maxthon\Maxthon.exe
E:\Program Files\TTPlayer\TTPlayer.exe
E:\Program Files\Tencent\qq\QQ.exe
e:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1.97_qoo\HijackThis.exe
R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: (no name) - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\system32\hap.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: (no name) - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\system32\winhtp.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: ????? - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: x4-943.tmp
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]
O11 - Options group: [TBH] QQ
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
ewengod - 2006-2-23 17:14:00
同志们,帮帮忙啊~~
BlackStone - 2006-2-23 17:18:00
日志扫描工具版本太低
用
Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)工具的下载、使用参考
http://forum.ikaka.com/topic.asp?board=28&artid=7318038
ewengod - 2006-2-23 17:42:00
ProcessPIDCPUDescriptionCompany Name
System Idle Process077.27
Interruptsn/aHardware Interrupts
DPCsn/a3.03Deferred Procedure Calls
System46.06
smss.exe576Windows NT Session ManagerMicrosoft Corporation
csrss.exe632Client Server Runtime ProcessMicrosoft Corporation
winlogon.exe656Windows NT Logon ApplicationMicrosoft Corporation
services.exe7001.52Services and Controller appMicrosoft Corporation
ati2evxx.exe892
svchost.exe908Generic Host Process for Win32 ServicesMicrosoft Corporation
TIMPlatform.exe448TIMPlatformtencent
agentsvr.exe3148Microsoft Agent ServerMicrosoft Corporation
svchost.exe984Generic Host Process for Win32 ServicesMicrosoft Corporation
CCenter.exe1080CCenterBeijing Rising Technology Co., Ltd.
svchost.exe1096Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1224Generic Host Process for Win32 ServicesMicrosoft Corporation
svchost.exe1308Generic Host Process for Win32 ServicesMicrosoft Corporation
RavMonD.exe1440RavMondBeijing Rising Technology Co., Ltd.
RavStub.exe1892Rising RavStubBeijing Rising Technology Co., Ltd.
spoolsv.exe1648Spooler SubSystem AppMicrosoft Corporation
AuthenMngService.exe1684
H3C Client.exe3484H3C 认证客户端华为技术有限公司
wdfmgr.exe1208Windows User Mode Driver ManagerMicrosoft Corporation
alg.exe3188Application Layer Gateway ServiceMicrosoft Corporation
lsass.exe712LSA Shell (Export Version)Microsoft Corporation
explorer.exe38721.52Windows ExplorerMicrosoft Corporation
procexp.exe4032Sysinternals Process ExplorerSysinternals
atiptaxx.exe424ATI Desktop Control PanelATI Technologies, Inc.
realsched.exe436RealNetworks SchedulerRealNetworks, Inc.
realplay.exe2072RealPlayerRealNetworks, Inc.
RavTask.exe452RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe4681.52RavMonBeijing Rising Technology Co., Ltd.
ctfmon.exe600CTF LoaderMicrosoft Corporation
TTPlayer.exe208千千静听Alen Soft
iexplore.exe716Internet ExplorerMicrosoft Corporation
GameClient.exe4008浩方对战平台上海浩方在线信息技术有限公司
QQ.exe3340QQTENCENT
Maxthon.exe23846.06Maxthon Web BrowserMaxthon International Ltd.
Thunder.exe1372Thunder Networking Technologies,LTD
War3.exe2403.03Warcraft IIIegamestar kenshin
RsAgent.exe3360RsAgent ApplicationBeijing Rising Technology Co., Ltd.
BlackStone - 2006-2-23 17:44:00
注意看贴,是Autorun不是Procexp
ewengod - 2006-2-23 18:21:00
找不到Options->Hide Microsoft Entries菜单项
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AddrPlus3TENCENTc:\program files\tencent\adplus\runner.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ IMJPMIG8.1Microsoft IMEMicrosoft Corporationc:\windows\ime\imjp8_1\imjpmig.exe
+ IMSCMig微软拼音输入法安装工具Microsoft Corporationc:\program files\common files\microsoft shared\ime\imsc40a\imscmig.exe
+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe
+ PHIME2002A微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe
+ PHIME2002ASync微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ StormCodec_Helperc:\program files\ringz studio\storm codec\stormset.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ AutoCAD 启动加速器.lnkAutoCAD Startup AcceleratorAutodesk, Incc:\program files\common files\autodesk shared\acstart16.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ helperdllc:\windows\system32\drivers\pupw.sys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ctfmon.exeCTF LoaderMicrosoft Corporationc:\windows\system32\ctfmon.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Internet ExplorerWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe
+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe
+ Microsoft Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\windows\inf\unregmp2.exe
+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll
+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll
+ Outlook ExpressWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe
+ Themes SetupMicrosoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe
+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe
+ 通讯簿 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurnWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ PostBootReminderWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ SysTraySystray shell service objectMicrosoft Corporationc:\windows\system32\stobject.dll
+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\windows\system32\acsignicon.dll
+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
+ Autodesk DWF PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acdwfthmbprxy16.dll
+ Fusion CacheMicrosoft .NET Runtime Execution EngineMicrosoft Corporationc:\windows\system32\mscoree.dll
+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationc:\program files\microsoft office\office11\msohev.dll
+ QQ Search HookTencentc:\program files\tencent\adplus\iehelp.dll
+ QQAddrBar Drop TargetTencentc:\program files\tencent\adplus\iehelp.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll
+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CdnForIE ClassCdnForIECNNICc:\program files\cnnic\cdn\cdnforie.dll
+ DownloadValue ClassDownloadStart Modulec:\windows\system32\winhtp.dll
+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll
+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司e:\program files\tencent\qq\qqiehelper.dll
+ Router LayerFile not found: C:\WINDOWS\System32\aclayer.dll
+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll
+ ThunderIEHelper Classxunleibho BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v11.dll
+ URLMonitor ClassHAPHenbangc:\windows\system32\hap.dll
+ WMHlprObj ClassCNNIC Web Mail for WindowsCNNICc:\program files\cnnic\cdn\wmhlpr.dll
+ 百度超级搜霸BaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ iehelp.dllTencentc:\program files\tencent\adplus\iehelp.dll
+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 一搜File not found: C:\Program Files\YiSou\yisou.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司d:\game\hf\hfgame3\gameclient.exe
ewengod - 2006-2-23 18:23:00
+ 易趣购物 File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=50
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Poller c:\windows\system32\ati2evxx.exe
+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe
+ AudioSrv 管理基于 Windows 的程序的音频设备。如果此服务被终止,音频设备及其音效将不能正常工作。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Browser 维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。如果服务停止,列表不会被更新或维护。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ CryptSvc 提供三种管理服务: 编录数据库服务,它确定 Windows 文件的签字; 受保护的根服务,它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务,它帮助注册此计算机获取证书。如果此服务被终止,这些管理服务将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ DcomLaunch 为 DCOM 服务提供加载功能。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dhcp 通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。 Microsoft Corporation c:\windows\system32\svchost.exe
+ dmserver 监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止,动态磁盘状态和配置信息会过时。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Dnscache 为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止,计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用,任何明确依赖它的服务将不能启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ERSvc 服务和应用程序在非标准环境下运行时允许错误报告。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Eventlog 启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。 Microsoft Corporation c:\windows\system32\services.exe
+ GrayPigeonServer2.0 监控管理. c:\windows\g_server2.0.exe
+ helpsvc 启用在此计算机上运行帮助和支持中心。如果停止服务,帮助和支持中心将不可用。如果禁用服务,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanserver 支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止,这些功能不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ lanmanworkstation 创建和维护到远程服务的客户端网络连接。如果服务停止,这些连接将不可用。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ LmHosts 允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。 Microsoft Corporation c:\windows\system32\svchost.exe
+ PlugPlay 使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。 Microsoft Corporation c:\windows\system32\services.exe
+ PolicyAgent 管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。 Microsoft Corporation c:\windows\system32\lsass.exe
+ ProtectedStorage 提供对敏感数据(如私钥)的保护性存储,以便防止未授权的服务,过程或用户对其的非法访问。 Microsoft Corporation c:\windows\system32\lsass.exe
+ RemoteRegistry 使远程用户能修改此计算机上的注册表设置。如果此服务被终止,只有此计算机上的用户才能修改注册表。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ RpcSs 提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe
+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe
+ SamSs 存储本地用户帐户的安全信息。 Microsoft Corporation c:\windows\system32\lsass.exe
+ Schedule 使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止,这些任务将无法在日程时间里运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ seclogon 启用替换凭据下的启用进程。如果此服务被终止,此类型登录访问将不可用。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SENS 跟踪系统事件,如登录 Windows,网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。 Microsoft Corporation c:\windows\system32\svchost.exe
+ SharedAccess 为家庭和小型办公网络提供网络地址转换、寻址、名称解析和/或入侵保护服务。 Microsoft Corporation c:\windows\system32\svchost.exe
+ ShellHWDetection 为自动播放硬件事件提供通知。 Microsoft Corporation c:\windows\system32\svchost.exe
+ Spooler 将文件加载到内存中以便迟后打印。 Microsoft Corporation c:\windows\system32\spoolsv.exe
+ Themes 为用户提供使用主题管理的经验。 Microsoft Corporation c:\windows\system32\svchost.exe
+ TrkWks 在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。 Microsoft Corporation c:\windows\system32\svchost.exe
+ UMWdf 启用 Windows 用户模式驱动程序。 Microsoft Corporation c:\windows\system32\wdfmgr.exe
+ W32Time 维护在网络上的所有客户端和服务器的时间和日期同步。如果此服务被停止,时间和日期的同步将不可用。如果此服务被禁用,任何明确依赖它的服务都将不能启动。
Microsoft Corporation c:\windows\system32\svchost.exe
+ WebClient 使基于 Windows 的程序能创建、访问和修改基于 Internet 的文件。如果此服务被终止,将会失去这些功能。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ winmgmt 提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止,多数基于 Windows 的软件将无法正常运行。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\svchost.exe
+ wscsvc 监视系统安全设置和配置。 Microsoft Corporation c:\windows\system32\svchost.exe
+ wuauserv 允许下载并安装 Windows 更新。如果此服务被禁用,计算机将不能使用 Windows Update 网站的自动更新功能。 Microsoft Corporation c:\windows\system32\svchost.exe
+ WZCSVC 为您的 802.11 适配器提供自动配置 Microsoft Corporation c:\windows\system32\svchost.exe
ewengod - 2006-2-23 18:24:00
HKLM\System\CurrentControlSet\Services
+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys
+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys
+ AFD AFD 网络支持环境 Microsoft Corporation c:\windows\system32\drivers\afd.sys
+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys
+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys
+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys
+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys
+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys
+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys
+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys
+ cdnprot cdnprot CNNIC c:\windows\system32\drivers\cdnprot.sys
+ cdntran cdntran CNNIC c:\windows\system32\drivers\cdntran.sys
+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys
+ d347bus PnP BIOS Extension c:\windows\system32\drivers\d347bus.sys
+ d347prt SCSI miniport c:\windows\system32\drivers\d347prt.sys
+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys
+ dmio NT Disk Manager I/O Driver Microsoft Corp., Veritas Software c:\windows\system32\drivers\dmio.sys
+ dmload NT Disk Manager Startup Driver Microsoft Corp., Veritas Software. c:\windows\system32\drivers\dmload.sys
+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys
+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys
+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys
+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys
+ FsVga Full Screen Video Driver Microsoft Corporation c:\windows\system32\drivers\fsvga.sys
+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys
+ gagp30kx MS Generic AGPv3.0 Filter for K8/9 Processor Platforms Microsoft Corporation c:\windows\system32\drivers\gagp30kx.sys
+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys
+ hidusb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys
+ HOOKAPI HOOKAPI Driver 瑞星软件有限公司 c:\program files\rising\rav\hookapi.sys
+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys
+ HookReg c:\program files\rising\rav\hookreg.sys
+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys
+ HTTP 此服务实现超文本传送协议(HTTP)。如果此服务被禁用,任何依赖它的服务将无法启动。 Microsoft Corporation c:\windows\system32\drivers\http.sys
+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys
+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys
+ Ip6Fw 为家庭和小型办公网络提供入侵保护服务。 Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys
+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys
+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys
+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys
+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys
+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys
+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys
+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys
+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys
+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys
+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys
+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys
+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys
+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys
+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys
+ Ndisuio NDIS 用户模式 I/O 协议 Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys
+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys
+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys
+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. e:\program files\tencent\qq\npkcrypt.sys
+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys
+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys
+ PCAMPR5 PCAUSA NDIS 5.0 MPR Protocol Driver Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\pcampr5.sys
+ PCANDIS5 PCAUSA NDIS 5.0 Protocol Driver Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\pcandis5.sys
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys
+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys
+ Processor Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\processr.sys
+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys
+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys
+ RasPppoe 远程访问 PPPOE 驱动程序 Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys
+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys
+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys
+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys
+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys
+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys
+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys
+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys
+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys
+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys
+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys
ewengod - 2006-2-23 18:24:00
+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys
+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys
+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys
+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys
+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys
+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys
+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys
+ viaagp1 VIA NT AGP Filter VIA Technologies, Inc. c:\windows\system32\drivers\viaagp1.sys
+ ViaIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\viaide.sys
+ viamraid VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 VIA Technologies inc,.ltd c:\windows\system32\drivers\viamraid.sys
+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys
+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk * File not found: autocheck
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ APIHookDll.dll File not found: APIHookDll.dll
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll
+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll
+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll
+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll
+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll
+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll
+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll
+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll
+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll
+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll
+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll
+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll
+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll
+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll
+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll
+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll
+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll
+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll
+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll
+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll
+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll
+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll
+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll
+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINDOWS\system32\ssmypics.scr My Pictures Slideshow Screensaver Microsoft Corporation c:\windows\system32\ssmypics.scr
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A76A50-E6FD-4123-8310-12F923F9A5EE}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A76A50-E6FD-4123-8310-12F923F9A5EE}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{766D0AC9-C689-40D4-A5B1-89DD1787257F}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{766D0AC9-C689-40D4-A5B1-89DD1787257F}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93C2F07F-8165-4FD4-8D38-41E75C074B35}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93C2F07F-8165-4FD4-8D38-41E75C074B35}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll
+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll
+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll
+ Microsoft Document Imaging Writer Monitor Microsoft? Document Imaging Microsoft Corporation c:\windows\system32\mdimon.dll
+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll
+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll
+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll
ewengod - 2006-2-23 20:02:00
help...........
leasu - 2006-2-23 21:19:00
“灰鸽子”专用检测清除工具
注入型病毒....
ewengod - 2006-2-24 0:05:00
重新发扫描信息
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 23:59:02, 日期 2006-2-23
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
C:\Documents and Settings\Administrator\桌面\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe
R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\system32\hap.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\system32\winhtp.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - IE工具栏增项: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll (file missing)
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Game\hf\HFGame3\GameClient.exe
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] QQ地址栏搜索插件
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O20 - AppInit_DLLs: APIHookDll.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - NT 服务: huawei-3com EAD appendix service (H3C_EAD_APX_SVR) - Unknown owner - C:\Program Files\Huawei-3Com\H3C 认证客户端\eadApxSvr.exe
O23 - NT 服务: huawei-3com protocol authentication service manage center (H3C_SVR_MNG_SERVICE) - Unknown owner - C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
ewengod - 2006-2-24 0:07:00
我用了瑞星的灰鸽子的专杀工具了,没用,它不能删除只是结束进程.
ewengod - 2006-2-24 0:08:00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ AddrPlus3TENCENTc:\program files\tencent\adplus\runner.exe
+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe
+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe
+ StormCodec_Helperc:\program files\ringz studio\storm codec\stormset.exe
+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ AutoCAD 启动加速器.lnkAutoCAD Startup AcceleratorAutodesk, Incc:\program files\common files\autodesk shared\acstart16.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
+ helperdllc:\windows\system32\drivers\pupw.sys
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\windows\system32\acsignicon.dll
+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
+ Autodesk DWF PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acdwfthmbprxy16.dll
+ QQ Search HookTencentc:\program files\tencent\adplus\iehelp.dll
+ QQAddrBar Drop TargetTencentc:\program files\tencent\adplus\iehelp.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CdnForIE ClassCdnForIECNNICc:\program files\cnnic\cdn\cdnforie.dll
+ DownloadValue ClassDownloadStart Modulec:\windows\system32\winhtp.dll
+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll
+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司e:\program files\tencent\qq\qqiehelper.dll
+ Router LayerFile not found: C:\WINDOWS\System32\aclayer.dll
+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll
+ ThunderIEHelper Classxunleibho BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v11.dll
+ URLMonitor ClassHAPHenbangc:\windows\system32\hap.dll
+ WMHlprObj ClassCNNIC Web Mail for WindowsCNNICc:\program files\cnnic\cdn\wmhlpr.dll
+ 百度超级搜霸BaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ iehelp.dllTencentc:\program files\tencent\adplus\iehelp.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ 一搜File not found: C:\Program Files\YiSou\yisou.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司d:\game\hf\hfgame3\gameclient.exe
+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=50
HKLM\System\CurrentControlSet\Services
+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe
+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe
+ GrayPigeonServer2.0监控管理.c:\windows\g_server2.0.exe
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
HKLM\System\CurrentControlSet\Services
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ cdnprotcdnprotCNNICc:\windows\system32\drivers\cdnprot.sys
+ cdntrancdntranCNNICc:\windows\system32\drivers\cdntran.sys
+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys
+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys
+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys
+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.e:\program files\tencent\qq\npkcrypt.sys
+ PCAMPR5PCAUSA NDIS 5.0 MPR Protocol DriverPrinting Communications Assoc., Inc. (PCAUSA)c:\windows\system32\pcampr5.sys
+ PCANDIS5PCAUSA NDIS 5.0 Protocol DriverPrinting Communications Assoc., Inc. (PCAUSA)c:\windows\system32\pcandis5.sys
+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys
+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys
+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\windows\system32\drivers\viaagp1.sys
+ viamraidVIA RAID DRIVER FOR WIN 2000/XP/2003IA32VIA Technologies inc,.ltdc:\windows\system32\drivers\viamraid.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk *File not found: autocheck
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ APIHookDll.dllFile not found: APIHookDll.dll
蝴蝶飞过海 - 2006-2-24 0:26:00
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
这个是鸽子
ewengod - 2006-2-24 0:44:00
http://forum.ikaka.com/topic.asp?board=28&artid=5666824
按这里的做,没了.......
1
© 2000 - 2026 Rising Corp. Ltd.