详细内容2006-08-13 10:58:22, IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Gpigeon.uql
每次开机都能在内存中扫描到，每次瑞星都说清除掉了，可下次开机又来了。

日志如下：
Logfile of HijackThis v1.99.1
Scan saved at 9:29:32, on 2006-8-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\windows\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\windows\System32\nvsvc32.exe
C:\windows\Explorer.EXE
c:\program files\rising\rfw\RfwCfg.exe
F:\TD\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [ProxyThorn] C:\Program Files\ProxyThorn\ProxyThorn.exe
O4 - HKLM\..\Run: [eSnips] "F:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [LiveUpatePower] C:\Program Files\完美卸载V2006\MyUpdate.exe -PowerOn
O4 - HKLM\..\Run: [PowerOnScan] C:\Program Files\完美卸载V2006\CleanTips.exe
O4 - HKLM\..\Run: [SecExpert] F:\终结者\SecMain.exe Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: &使用暴风下载器下载 - C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: iSee 保存所有图片 - C:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee保存Flash - C:\Program Files\iSee\iSeeSaveFlash.htm
O8 - Extra context menu item: iSee保存所有图片 - C:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee读取Exif - C:\Program Files\iSee\iSeeReadExif.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 网址大全 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{158064F3-9651-4B5F-8D70-0A857CA809DC}: NameServer = 218.2.135.1 61.147.37.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{708FA59D-25A2-4829-8A75-0E46BE2806A6}: NameServer = 218.2.135.1,61.147.37.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{158064F3-9651-4B5F-8D70-0A857CA809DC}: NameServer = 218.2.135.1 61.147.37.1
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\windows\System32\mbprot.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: RsRCenter (RsRCenter        ) - Unknown owner - C:\windows\ZINETINFOSZ.ini
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

修复
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)

O4 - HKLM\..\Run: [LiveUpatePower] C:\Program Files\完美卸载V2006\MyUpdate.exe -PowerOn
O4 - HKLM\..\Run: [PowerOnScan] C:\Program Files\完美卸载V2006\CleanTips.exe
这个据说是病毒...

O23 - Service: RsRCenter (RsRCenter ) - Unknown owner - C:\windows\ZINETINFOSZ.ini
鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索RsRCenter  删除...
删除
C:\windows\ZINETINFOSZ.ini