求助，中Backdoor.Gpigeon.uql病毒 bbs.ikaka.com

sinoqin - 2006-10-16 20:52:00

请高手指点如何彻底查杀？怎么生成日志文件啊？那个软件是什么来着？我忘了。
谢谢啊

细胞终结者 - 2006-10-16 20:54:00

从http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.21.505（RC2）导出全部日志,不要修改，贴上

sinoqin - 2006-10-16 21:11:00

2006-10-16,20:56:48

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
<P2kAutostart><> [N/A]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<SigmatelSysTrayApp><stsystra.exe> [SigmaTel, Inc.]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation]
<IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE> [Sonic Solutions]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<DMXLauncher><C:\Program Files\Dell\Media Experience\DMXLauncher.exe> [N/A]
<StormCodec_Helper><"D:\Program Files\Ringsz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Synaptics, Inc.]
<Dell QuickSet><C:\Program Files\Dell\QuickSet\quickset.exe> [Dell Inc]
<ShowLOMControl><> [N/A]
<igfxtray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<igfxpers><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Intel Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Intel Corporation]

==================================

sinoqin - 2006-10-16 21:11:00

启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[腾讯QQ]
<C:\Documents and Settings\大帅\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[ay_Pi / ayPi]
<C:\WINDOWS\G_S.exe><N/A>
[Intel(R) PROSet/Wireless Event Log / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NICCONFIGSVC / NICCONFIGSVC]
<C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe><Dell Inc.>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Rising Proxy Service / RfwProxySrv]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Intel(R) PROSet/Wireless Service / S24EventMonitor]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[system / system]
<C:\WINDOWSrundll><N/A>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)]
<"D:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe"><Macrovision Corporation>
[Windows / Windows ]
<C:\WINDOWS\rundll><N/A>
[Intel(R) PROSet/Wireless SSO Service / WLANKEEPER]
<C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel(R) Corporation>

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.4.9.0 / AegisP]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Apaidi / Apaidi]
<\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[APPDRV / APPDRV]
<\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[bvrp_pci / bvrp_pci]
<\??\C:\WINDOWS\system32\drivers\bvrp_pci.sys><N/A>
[cercsr6 / cercsr6]
<C:\WINDOWS\SYSTEM32\DRIVERS\cercsr6.SYS><Adaptec, Inc.>
[DLABOIOM / DLABOIOM]
<System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM]
<System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN]
<System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M]
<System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM]
<System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM]
<System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N]
<System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM]
<System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M]
<System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[DRVMCDB / DRVMCDB]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM]
<System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSF_DPV / HSF_DPV]
<system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL]
<system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[mdmxsdk / mdmxsdk]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkycryp / npkycryp]
<\??\D:\QQ\npkycryp.sys><N/A>
[OMCI / OMCI]
<\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[rimmptsk / rimmptsk]
<system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk]
<system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp]
<system32\DRIVERS\rixdptsk.sys><REDC>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[WLAN 传输 / s24trans]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SigmaTel High Definition Audio CODEC / STHDA]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[SVKP / SVKP]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[Synaptics TouchPad Driver / SynTP]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Conexant Setup API / UIUSys]
<system32\DRIVERS\UIUSYS.SYS><N/A>

==================================

sinoqin - 2006-10-16 21:12:00

浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Wbho Class]
{40E3A34A-3282-41F8-AD2C-051BAB96AD4A} <C:\WINDOWS\system32\Usign.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[TOL24]
{345ff7d8-2364-4ef7-889b-7d3c1d0bd342} <http://www.TOL24.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\FastAIT2006\IEBand.dll, 金山软件股份有限公司>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SysProWmi Class]
{01A88BB1-1174-41EC-ACCB-963509EAE56B} <C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx, Dell Computer Corp.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[]
{7634AC7F-970B-4D1D-8255-2D59AF896079} <C:\WINDOWS\DOWNLO~1\VoiceCtl.dll, >
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
{EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[DjVuCtl Class]
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} <C:\WINDOWS\system32\DjVuCntl.dll, LizardTech>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Wbho Class]
{40E3A34A-3282-41F8-AD2C-051BAB96AD4A} <C:\WINDOWS\system32\Usign.dll, N/A>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\FastAIT2006\IEBand.dll, 金山软件股份有限公司>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[AquaRealOcx Control]
{7DB39A0D-580F-4BE9-9195-8BFCD226F6C2} <D:\Program Files\formosoft\aqua real\AquaReal.ocx, formosoft>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[ModemHelperCom Class]
{94BF6C82-F075-11D4-AB95-000102B2D025} <C:\Program Files\Modem Helper\MDMDptch.dll, BVRP Software>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[KvScanOnline Control]
{EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[导出到 Microsoft Excel(&x)]
<res://D:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
<D:\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
<D:\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
<D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ\SendMMS.htm, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

==================================

sinoqin - 2006-10-16 21:13:00

正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1124][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1188][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1332][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1348][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1404][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 10, 1, 0, 1]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[PID: 1432][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 10, 1, 0, 33]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, N/A]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1468][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] [Intel(R) Corporation, 10, 1, 0, 27]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1616][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1784][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1824][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 2008][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 32]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 360][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 524][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1264][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[C:\WINDOWS\System32\DLA\DLASHX_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.12a]
[D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Program Files\MP3播放器管理工具 4.02\AMVConverter\AmvTransform.dll] [, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1628][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWSruKey.DLL] [N/A, N/A]

sinoqin - 2006-10-16 21:14:00

[PID: 1648][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1660][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1664][C:\WINDOWS\stsystra.exe] [SigmaTel, Inc., 1.0.4898.0 nd380 cp1]
[C:\WINDOWS\system32\STLang.dll] [SigmaTel, Inc., 1.2.4889.0 nd229 cp1]
[C:\WINDOWS\system32\stacapi.dll] [SigmaTel, Inc., 1.0.4898.0 nd380 cp1]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1712][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] [Intel Corporation, 10, 1, 0, 42]
[C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46]
[C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\Program Files\Intel\Wireless\bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13]
[C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\Program Files\Intel\Wireless\bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37]
[C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1]
[C:\Program Files\Intel\Wireless\Bin\ZcSvcCHS.dll] [Intel Corporation, 10, 1, 0, 42]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1748][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe] [Intel Corporation, 10, 1, 0, 17]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\Program Files\Intel\Wireless\Bin\FrWrkCHS.dll] [Intel Corporation, 10, 1, 0, 17]
[C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll] [Intel Corporation, 10, 1, 1, 162]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46]
[C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13]
[C:\Program Files\Intel\Wireless\Bin\IntWACHS.dll] [Intel Corporation, 10, 1, 1, 162]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1728][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.64a]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1864][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 10, 100, 1155]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1912][C:\Program Files\Dell\Media Experience\DMXLauncher.exe] [N/A, N/A]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1996][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.4.6 08Mar06]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.4.6 08Mar06]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.4.6 08Mar06]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 216][C:\Program Files\Dell\QuickSet\quickset.exe] [Dell Inc, 7, 1, 10, 0]
[C:\Program Files\Dell\QuickSet\IWH9.dll] [Dell Inc, 7, 1, 10, 0]
[C:\Program Files\Dell\QuickSet\IWH10.dll] [Dell Inc, 7, 1, 10, 0]
[C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]
[PID: 228][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 272][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1052][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4543]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 648][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 720][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1300][C:\Program Files\DrCOM\Dr.COM 宽带登录客户端\ishare_user.exe] [N/A, N/A]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 2364][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 3260][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 3276][C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe] [Dell Inc., 7, 0, 7, 0]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 3376][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 10, 1, 0, 1]
[PID: 3564][D:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe] [Macrovision Corporation, 10, 8, 0, 0]
[PID: 3604][D:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe] [Macrovision Corporation, 10, 8, 0, 0]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 3684][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\WINDOWS\System32\DLA\DLASHX_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.12a]
[D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 3, 0, 131, 0]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]
[PID: 3828][D:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe] [N/A, N/A]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 3860][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 3868][C:\WINDOWS\system32\fxssvc.exe] [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2740][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2900][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 2652][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe] [Intel Corporation, 10, 1, 0, 79]
[C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll] [N/A, 4.0.15.0 2005-11-16 13:05:02]
[C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 10, 1, 0, 31]
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2]
[C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3]
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5]
[C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] [Intel Corporation, 10, 1, 0, 31]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 10, 1, 0, 1]
[C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46]
[C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13]
[C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]

sinoqin - 2006-10-16 21:14:00

[PID: 3412][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3880][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[C:\WINDOWS\system32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[D:\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\WINDOWS\System32\DLA\DLASHX_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.12a]
[C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.12a]
[D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 3, 0, 131, 0]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Dell\QuickSet\dadkeyb.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_003.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 420][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.3.0.220]
[D:\Program Files\Thunder Network\Thunder\Program\updatedownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
[D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 71]
[D:\Program Files\Thunder Network\Thunder\Program\log4cplus.dll] [, 1, 0, 2, 1]
[D:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[D:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [N/A, N/A]
[D:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
[D:\Program Files\Thunder Network\Thunder\Program\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
[D:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 11]
[D:\Program Files\Thunder\Components\InMedia\iEmbed04.dll] [　, 2, 3, 0, 37]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
[D:\Program Files\Thunder Network\Thunder\Program\iTargetAd.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 55]
[PID: 2180][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 3512][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[PID: 1908][F:\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWSruKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
C:\WINDOWS\system32\TcpIpDog0.dll(N/A, N/A)
MSAFD Tcpip [UDP/IP]
C:\WINDOWS\system32\TcpIpDog0.dll(N/A, N/A)
MSAFD Tcpip [RAW/IP]
C:\WINDOWS\system32\TcpIpDog0.dll(N/A, N/A)
RSVP UDP Service Provider
C:\WINDOWS\system32\TcpIpDogR0.dll(N/A, N/A)
RSVP TCP Service Provider
C:\WINDOWS\system32\TcpIpDogR0.dll(N/A, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 tol24.com

==================================

sinoqin - 2006-10-16 21:15:00

都在这里啦，请高手帮忙啊，谢谢先

sinoqin - 2006-10-16 21:27:00

病毒文件路径C:\Program Files\Internet Explorer\IEXPLORE.EXE

请高手帮助彻底杀毒。谢谢

sinoqin - 2006-10-16 21:41:00

怎么没有人帮忙啊？

sinoqin - 2006-10-17 15:04:00

来个人帮俺看看吧？

sinoqin - 2006-10-17 15:29:00

来人啊，怎么没有人帮俺啊？/？/？？？？？

水树雨下 - 2006-10-17 15:35:00

服务，勾选隐藏微软服务删除
[ay_Pi / ayPi]
<C:\WINDOWS\G_S.exe><N/A>
删除
C:\WINDOWS\G_S.exe，如果能找到G_S.dll,G_S_hook.dll,G_SKey.dll的话一并删除

开始，运行，regedit展开注册表，查找C:\WINDOWS\G_S.exe删除

終生學習 - 2006-10-17 15:38:00

C:\WINDOWS\G_S.exe><N/A>
[system / system]
<C:\WINDOWSrundll><N/A>
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\WINDOWSruKey.DLL] [N/A, N/A]

水树雨下 - 2006-10-17 15:41:00

在加俩
[Windows / Windows ]
<C:\WINDOWS\rundll><N/A>
system / system]
<C:\WINDOWSrundll><N/A>

sinoqin - 2006-10-17 15:43:00

我删除了G_S.exe 没有找到DLL文件。

禁用了ay_pi 服务，用瑞星仍能查到病毒。
没有用到注册表，
谢谢！该怎么办？

終生學習 - 2006-10-17 15:57:00

引用:

【sinoqin的贴子】我删除了G_S.exe 没有找到DLL文件。

禁用了ay_pi 服务，用瑞星仍能查到病毒。
没有用到注册表，
谢谢！该怎么办？
………………

你要查看没有有隐藏文件，把瑞星查到的病毒路劲放上来

sinoqin - 2006-10-17 16:00:00

14,15楼的除了那个G_S.exe以外，什么都没有找到啊

水树雨下 - 2006-10-17 16:00:00

病毒文件名，路径？

水树雨下 - 2006-10-17 16:01:00

运行winrar主程序找找看

sinoqin - 2006-10-17 16:01:00

病毒路径C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Gpigeon.uql
：

終生學習 - 2006-10-17 16:02:00

引用:

【sinoqin的贴子】14,15楼的除了那个G_S.exe以外，什么都没有找到啊
………………

那C盘下的WINDOWSKEY.DLL呢？有没有删除啊

sinoqin - 2006-10-17 16:03:00

我查看了隐藏文件，没有，20楼上说的WINRAR是那个解压缩的软件么？怎么用？
谢谢

sinoqin - 2006-10-17 16:04:00

22楼，C盘根目录下没有那个DLL 文件

sinoqin - 2006-10-17 16:07:00

需不需要我重新启动，重新扫描个日志文件啊？

終生學習 - 2006-10-17 16:13:00

引用:

【sinoqin的贴子】需不需要我重新启动，重新扫描个日志文件啊？

………………

修复..........
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 tol24.com

修复[C:\WINDOWS\system32\TcpIpDog0.dll] 修复这个可能会导致上不了网，此时要卸载网卡驱动，然后再重新安装网卡驱动就可以

sinoqin - 2006-10-17 16:19:00

我重新启动了，然后重新扫了个日志，瑞星仍能发现病毒。需不需要重新贴上来看看？请问，怎么修复啊？谢谢

sinoqin - 2006-10-17 16:23:00

我点了日志扫描程序的修复，瑞星提示修改注册表，我点拒绝，然后提示修复成功，这算修复成功了么？用的推荐修复级别

水树雨下 - 2006-10-17 16:25:00

没有修改注册表就是没有修复成功，再补个Hijackthis日志看看吧

瑞星卡卡安全论坛