病毒名称:Backdoor.Gpigeon.pi    
路径:    IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE

本人菜鸟一个,请各位朋友教小弟除去这一害.       

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 3:24:41, on 2006-2-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
E:\Program Files\maxthon\Maxthon.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsLogVw.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Rising\Rav\InBuild.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: ????? - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: x4-943.tmp
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O11 - Options group: [TBH]  QQ
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com

我用了瑞星的灰鸽子的专杀工具了,没用,它不能删除只是结束进程.


导了几次,都是开机后上网后就导,好象都是一样的....


HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 12:41:48, on 2006-2-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
E:\Program Files\maxthon\Maxthon.exe
E:\Program Files\TTPlayer\TTPlayer.exe
E:\Program Files\Tencent\qq\QQ.exe
e:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Documents and Settings\Administrator\桌面\hijackthis1.97_qoo\HijackThis.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: (no name) - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\system32\hap.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: (no name) - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\system32\winhtp.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - Toolbar: ????? - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: ????? - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: x4-943.tmp
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 
O11 - Options group: [TBH]  QQ
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com

同志们,帮帮忙啊~~

ProcessPIDCPUDescriptionCompany Name
System Idle Process077.27
Interruptsn/aHardware Interrupts
DPCsn/a3.03Deferred Procedure Calls
System46.06
  smss.exe576Windows NT Session ManagerMicrosoft Corporation
  csrss.exe632Client Server Runtime ProcessMicrosoft Corporation
  winlogon.exe656Windows NT Logon ApplicationMicrosoft Corporation
    services.exe7001.52Services and Controller appMicrosoft Corporation
    ati2evxx.exe892
    svchost.exe908Generic Host Process for Win32 ServicesMicrosoft Corporation
      TIMPlatform.exe448TIMPlatformtencent
      agentsvr.exe3148Microsoft Agent ServerMicrosoft Corporation
    svchost.exe984Generic Host Process for Win32 ServicesMicrosoft Corporation
    CCenter.exe1080CCenterBeijing Rising Technology Co., Ltd.
    svchost.exe1096Generic Host Process for Win32 ServicesMicrosoft Corporation
    svchost.exe1224Generic Host Process for Win32 ServicesMicrosoft Corporation
    svchost.exe1308Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe1440RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1892Rising RavStubBeijing Rising Technology Co., Ltd.
    spoolsv.exe1648Spooler SubSystem AppMicrosoft Corporation
    AuthenMngService.exe1684
      H3C Client.exe3484H3C 认证客户端华为技术有限公司
    wdfmgr.exe1208Windows User Mode Driver ManagerMicrosoft Corporation
    alg.exe3188Application Layer Gateway ServiceMicrosoft Corporation
    lsass.exe712LSA Shell (Export Version)Microsoft Corporation
    explorer.exe38721.52Windows ExplorerMicrosoft Corporation
    procexp.exe4032Sysinternals Process ExplorerSysinternals
atiptaxx.exe424ATI Desktop Control PanelATI Technologies, Inc.
realsched.exe436RealNetworks SchedulerRealNetworks, Inc.
realplay.exe2072RealPlayerRealNetworks, Inc.
RavTask.exe452RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe4681.52RavMonBeijing Rising Technology Co., Ltd.
ctfmon.exe600CTF LoaderMicrosoft Corporation
TTPlayer.exe208千千静听Alen Soft
iexplore.exe716Internet ExplorerMicrosoft Corporation
GameClient.exe4008浩方对战平台上海浩方在线信息技术有限公司
QQ.exe3340QQTENCENT
Maxthon.exe23846.06Maxthon Web BrowserMaxthon International Ltd.
Thunder.exe1372Thunder Networking Technologies,LTD
War3.exe2403.03Warcraft IIIegamestar kenshin
RsAgent.exe3360RsAgent ApplicationBeijing Rising Technology Co., Ltd.

找不到Options->Hide Microsoft Entries菜单项
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ AddrPlus3TENCENTc:\program files\tencent\adplus\runner.exe

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ IMJPMIG8.1Microsoft IMEMicrosoft Corporationc:\windows\ime\imjp8_1\imjpmig.exe

+ IMSCMig微软拼音输入法安装工具Microsoft Corporationc:\program files\common files\microsoft shared\ime\imsc40a\imscmig.exe

+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe

+ PHIME2002A微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe

+ PHIME2002ASync微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe

+ StormCodec_Helperc:\program files\ringz studio\storm codec\stormset.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ AutoCAD 启动加速器.lnkAutoCAD Startup AcceleratorAutodesk, Incc:\program files\common files\autodesk shared\acstart16.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

+ helperdllc:\windows\system32\drivers\pupw.sys

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCTF LoaderMicrosoft Corporationc:\windows\system32\ctfmon.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Internet ExplorerWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\windows\inf\unregmp2.exe

+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Outlook ExpressWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Themes SetupMicrosoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ 通讯簿 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurnWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ PostBootReminderWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\windows\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ AutoCAD 数字签名图标覆盖处理程序AcSignIcon ModuleAutodeskc:\windows\system32\acsignicon.dll

+ Autodesk Drawing PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll

+ Autodesk DWF PreviewAcThumbnail ModuleAutodeskc:\program files\common files\autodesk shared\thumbnail\acdwfthmbprxy16.dll

+ Fusion CacheMicrosoft .NET Runtime Execution EngineMicrosoft Corporationc:\windows\system32\mscoree.dll

+ Microsoft Office HTML Icon HandlerMicrosoft Office 2003 componentMicrosoft Corporationc:\program files\microsoft office\office11\msohev.dll

+ QQ Search HookTencentc:\program files\tencent\adplus\iehelp.dll

+ QQAddrBar Drop TargetTencentc:\program files\tencent\adplus\iehelp.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll

+ Web FoldersMicrosoft Web FoldersMicrosoft Corporationc:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ CdnForIE ClassCdnForIECNNICc:\program files\cnnic\cdn\cdnforie.dll

+ DownloadValue ClassDownloadStart Modulec:\windows\system32\winhtp.dll

+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司e:\program files\tencent\qq\qqiehelper.dll

+ Router LayerFile not found: C:\WINDOWS\System32\aclayer.dll

+ Tencent Browser HelperTencentc:\program files\tencent\adplus\iehelp.dll

+ ThunderIEHelper Classxunleibho BHOThunder Networking Technologies,LTDc:\windows\system32\xunleibho_v11.dll

+ URLMonitor ClassHAPHenbangc:\windows\system32\hap.dll

+ WMHlprObj ClassCNNIC Web Mail for WindowsCNNICc:\program files\cnnic\cdn\wmhlpr.dll

+ 百度超级搜霸BaiduBar ModuleBaidu.com, Inc.c:\program files\baidu\bar\baidubar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ iehelp.dllTencentc:\program files\tencent\adplus\iehelp.dll

+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ 一搜File not found: C:\Program Files\YiSou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司d:\game\hf\hfgame3\gameclient.exe

+ 易趣购物            File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=50

HKLM\System\CurrentControlSet\Services           

+ Ati HotKey Poller            c:\windows\system32\ati2evxx.exe

+ ATI Smart    ATI Smart        c:\windows\system32\ati2sgag.exe

+ AudioSrv    管理基于 Windows 的程序的音频设备。如果此服务被终止，音频设备及其音效将不能正常工作。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Browser    维护网络上计算机的更新列表，并将列表提供给计算机指定浏览。如果服务停止，列表不会被更新或维护。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ CryptSvc    提供三种管理服务: 编录数据库服务，它确定 Windows 文件的签字; 受保护的根服务，它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务，它帮助注册此计算机获取证书。如果此服务被终止，这些管理服务将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ DcomLaunch    为 DCOM 服务提供加载功能。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Dhcp    通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ dmserver    监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止，动态磁盘状态和配置信息会过时。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Dnscache    为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止，计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用，任何明确依赖它的服务将不能启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ ERSvc    服务和应用程序在非标准环境下运行时允许错误报告。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Eventlog    启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。    Microsoft Corporation    c:\windows\system32\services.exe

+ GrayPigeonServer2.0    监控管理.        c:\windows\g_server2.0.exe

+ helpsvc    启用在此计算机上运行帮助和支持中心。如果停止服务，帮助和支持中心将不可用。如果禁用服务，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ lanmanserver    支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止，这些功能不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ lanmanworkstation    创建和维护到远程服务的客户端网络连接。如果服务停止，这些连接将不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ LmHosts    允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ PlugPlay    使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。    Microsoft Corporation    c:\windows\system32\services.exe

+ PolicyAgent    管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。    Microsoft Corporation    c:\windows\system32\lsass.exe

+ ProtectedStorage    提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。    Microsoft Corporation    c:\windows\system32\lsass.exe

+ RemoteRegistry    使远程用户能修改此计算机上的注册表设置。如果此服务被终止，只有此计算机上的用户才能修改注册表。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ RpcSs    提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ RsCCenter    CCenter    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMond    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

+ SamSs    存储本地用户帐户的安全信息。    Microsoft Corporation    c:\windows\system32\lsass.exe

+ Schedule    使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止，这些任务将无法在日程时间里运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ seclogon    启用替换凭据下的启用进程。如果此服务被终止，此类型登录访问将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ SENS    跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ SharedAccess    为家庭和小型办公网络提供网络地址转换、寻址、名称解析和/或入侵保护服务。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ ShellHWDetection    为自动播放硬件事件提供通知。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Spooler    将文件加载到内存中以便迟后打印。    Microsoft Corporation    c:\windows\system32\spoolsv.exe

+ Themes    为用户提供使用主题管理的经验。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ TrkWks    在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ UMWdf    启用 Windows 用户模式驱动程序。    Microsoft Corporation    c:\windows\system32\wdfmgr.exe

+ W32Time    维护在网络上的所有客户端和服务器的时间和日期同步。如果此服务被停止，时间和日期的同步将不可用。如果此服务被禁用，任何明确依赖它的服务都将不能启动。

    Microsoft Corporation    c:\windows\system32\svchost.exe

+ WebClient    使基于 Windows 的程序能创建、访问和修改基于 Internet 的文件。如果此服务被终止，将会失去这些功能。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ winmgmt    提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止，多数基于 Windows 的软件将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ wscsvc    监视系统安全设置和配置。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ wuauserv    允许下载并安装 Windows 更新。如果此服务被禁用，计算机将不能使用 Windows Update 网站的自动更新功能。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ WZCSVC    为您的 802.11 适配器提供自动配置    Microsoft Corporation    c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services           

+ ACPI    ACPI Driver for NT    Microsoft Corporation    c:\windows\system32\drivers\acpi.sys

+ aec    Microsoft Acoustic Echo Canceller    Microsoft Corporation    c:\windows\system32\drivers\aec.sys

+ AFD    AFD 网络支持环境    Microsoft Corporation    c:\windows\system32\drivers\afd.sys

+ ALCXWDM    Realtek AC'97 Audio Driver (WDM)    Realtek Semiconductor Corp.    c:\windows\system32\drivers\alcxwdm.sys

+ AsyncMac    RAS Asynchronous Media Driver    Microsoft Corporation    c:\windows\system32\drivers\asyncmac.sys

+ atapi    IDE/ATAPI Port Driver    Microsoft Corporation    c:\windows\system32\drivers\atapi.sys

+ ati2mtag    ATI Radeon WindowsNT Miniport Driver    ATI Technologies Inc.    c:\windows\system32\drivers\ati2mtag.sys

+ Atmarpc    ATM ARP Client Protocol    Microsoft Corporation    c:\windows\system32\drivers\atmarpc.sys

+ audstub    AudStub Driver    Microsoft Corporation    c:\windows\system32\drivers\audstub.sys

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys

+ cdnprot    cdnprot    CNNIC    c:\windows\system32\drivers\cdnprot.sys

+ cdntran    cdntran    CNNIC    c:\windows\system32\drivers\cdntran.sys

+ Cdrom    SCSI CD-ROM Driver    Microsoft Corporation    c:\windows\system32\drivers\cdrom.sys

+ d347bus    PnP BIOS Extension         c:\windows\system32\drivers\d347bus.sys

+ d347prt    SCSI miniport         c:\windows\system32\drivers\d347prt.sys

+ Disk    PnP Disk Driver    Microsoft Corporation    c:\windows\system32\drivers\disk.sys

+ dmio    NT Disk Manager I/O Driver    Microsoft Corp., Veritas Software    c:\windows\system32\drivers\dmio.sys

+ dmload    NT Disk Manager Startup Driver    Microsoft Corp., Veritas Software.    c:\windows\system32\drivers\dmload.sys

+ DMusic    Microsoft Kernel DLS Synthesizer    Microsoft Corporation    c:\windows\system32\drivers\dmusic.sys

+ drmkaud    Microsoft Kernel DRM Audio Descrambler Filter    Microsoft Corporation    c:\windows\system32\drivers\drmkaud.sys

+ ExpScaner    ExpScan.sys        c:\program files\rising\rav\expscan.sys

+ FETNDIS    NDIS 5.0 miniport driver    VIA Technologies, Inc.                  c:\windows\system32\drivers\fetnd5.sys

+ FsVga    Full Screen Video Driver    Microsoft Corporation    c:\windows\system32\drivers\fsvga.sys

+ Ftdisk    FT Disk Driver    Microsoft Corporation    c:\windows\system32\drivers\ftdisk.sys

+ gagp30kx    MS Generic AGPv3.0 Filter for K8/9 Processor Platforms    Microsoft Corporation    c:\windows\system32\drivers\gagp30kx.sys

+ Gpc    Generic Packet Classifier    Microsoft Corporation    c:\windows\system32\drivers\msgpc.sys

+ hidusb    USB Miniport Driver for Input Devices    Microsoft Corporation    c:\windows\system32\drivers\hidusb.sys

+ HOOKAPI    HOOKAPI Driver    瑞星软件有限公司    c:\program files\rising\rav\hookapi.sys

+ HookCont    TDI HOOK Driver    Rising tech Co. ltd    c:\program files\rising\rav\hookcont.sys

+ HookReg            c:\program files\rising\rav\hookreg.sys

+ HookSys    Hooksys    Rising    c:\program files\rising\rav\hooksys.sys

+ HTTP    此服务实现超文本传送协议(HTTP)。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\drivers\http.sys

+ i8042prt    i8042 Port Driver    Microsoft Corporation    c:\windows\system32\drivers\i8042prt.sys

+ Imapi    IMAPI Kernel Driver    Microsoft Corporation    c:\windows\system32\drivers\imapi.sys

+ Ip6Fw    为家庭和小型办公网络提供入侵保护服务。    Microsoft Corporation    c:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriver    IP Traffic Filter Driver    Microsoft Corporation    c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp    IP in IP Tunnel Driver    Microsoft Corporation    c:\windows\system32\drivers\ipinip.sys

+ IpNat    IP Network Address Translator    Microsoft Corporation    c:\windows\system32\drivers\ipnat.sys

+ IPSec    IPSEC driver    Microsoft Corporation    c:\windows\system32\drivers\ipsec.sys

+ IRENUM    Infra-Red Bus Enumerator    Microsoft Corporation    c:\windows\system32\drivers\irenum.sys

+ isapnp    PNP ISA Bus Driver    Microsoft Corporation    c:\windows\system32\drivers\isapnp.sys

+ Kbdclass    Keyboard Class Driver    Microsoft Corporation    c:\windows\system32\drivers\kbdclass.sys

+ kmixer    Kernel Mode Audio Mixer    Microsoft Corporation    c:\windows\system32\drivers\kmixer.sys

+ MEMSCAN    MemScan Driver    瑞星软件有限公司    c:\program files\rising\rav\memscan.sys

+ Mouclass    Mouse Class Driver    Microsoft Corporation    c:\windows\system32\drivers\mouclass.sys

+ mouhid    HID Mouse Filter Driver    Microsoft Corporation    c:\windows\system32\drivers\mouhid.sys

+ MSKSSRV    MS KS Server    Microsoft Corporation    c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK    MS Proxy Clock    Microsoft Corporation    c:\windows\system32\drivers\mspclock.sys

+ MSPQM    MS Proxy Quality Manager    Microsoft Corporation    c:\windows\system32\drivers\mspqm.sys

+ mssmbios    System Management BIOS Driver    Microsoft Corporation    c:\windows\system32\drivers\mssmbios.sys

+ NdisTapi    Remote Access NDIS TAPI Driver    Microsoft Corporation    c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio    NDIS 用户模式 I/O 协议    Microsoft Corporation    c:\windows\system32\drivers\ndisuio.sys

+ NdisWan    Remote Access NDIS WAN Driver    Microsoft Corporation    c:\windows\system32\drivers\ndiswan.sys

+ NetBT    NetBios over Tcpip    Microsoft Corporation    c:\windows\system32\drivers\netbt.sys

+ npkcrypt    nProtect KeyCrypt Driver    INCA Internet Co., Ltd.    e:\program files\tencent\qq\npkcrypt.sys

+ NwlnkFlt    IPX Traffic Filter Driver    Microsoft Corporation    c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd    IPX Traffic Forwarder Driver    Microsoft Corporation    c:\windows\system32\drivers\nwlnkfwd.sys

+ Parport    Parallel Port Driver    Microsoft Corporation    c:\windows\system32\drivers\parport.sys

+ PCAMPR5    PCAUSA NDIS 5.0 MPR Protocol Driver    Printing Communications Assoc., Inc. (PCAUSA)    c:\windows\system32\pcampr5.sys

+ PCANDIS5    PCAUSA NDIS 5.0 Protocol Driver    Printing Communications Assoc., Inc. (PCAUSA)    c:\windows\system32\pcandis5.sys

+ PCI    NT Plug and Play PCI Enumerator    Microsoft Corporation    c:\windows\system32\drivers\pci.sys

+ PptpMiniport    WAN Miniport (PPTP)    Microsoft Corporation    c:\windows\system32\drivers\raspptp.sys

+ Processor    Processor Device Driver    Microsoft Corporation    c:\windows\system32\drivers\processr.sys

+ PSched    QoS Packet Scheduler    Microsoft Corporation    c:\windows\system32\drivers\psched.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys

+ PxHelp20    Px Engine Device Driver for Windows 2000/XP    Sonic Solutions    c:\windows\system32\drivers\pxhelp20.sys

+ RasAcd    Remote Access Auto Connection Driver    Microsoft Corporation    c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp    WAN Miniport (L2TP)    Microsoft Corporation    c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe    远程访问 PPPOE 驱动程序    Microsoft Corporation    c:\windows\system32\drivers\raspppoe.sys

+ Raspti    Direct Parallel    Microsoft Corporation    c:\windows\system32\drivers\raspti.sys

+ RDPCDD    RDP Miniport    Microsoft Corporation    c:\windows\system32\drivers\rdpcdd.sys

+ rdpdr    Microsoft RDP Device redirector    Microsoft Corporation    c:\windows\system32\drivers\rdpdr.sys

+ redbook    Redbook Audio Filter Driver    Microsoft Corporation    c:\windows\system32\drivers\redbook.sys

+ Secdrv    SafeDisc driver        c:\windows\system32\drivers\secdrv.sys

+ serenum    Serial Port Enumerator    Microsoft Corporation    c:\windows\system32\drivers\serenum.sys

+ Serial    Serial Device Driver    Microsoft Corporation    c:\windows\system32\drivers\serial.sys

+ splitter    Microsoft Kernel Audio Splitter    Microsoft Corporation    c:\windows\system32\drivers\splitter.sys

+ swenum    Plug and Play Software Device Enumerator    Microsoft Corporation    c:\windows\system32\drivers\swenum.sys

+ swmidi    Microsoft GS Wavetable Synthesizer    Microsoft Corporation    c:\windows\system32\drivers\swmidi.sys

+ sysaudio    System Audio WDM Filter    Microsoft Corporation    c:\windows\system32\drivers\sysaudio.sys

+ Tcpip    TCP/IP Protocol Driver    Microsoft Corporation    c:\windows\system32\drivers\tcpip.sys

+ TermDD    Terminal Server Driver    Microsoft Corporation    c:\windows\system32\drivers\termdd.sys

+ Update    Update Driver    Microsoft Corporation    c:\windows\system32\drivers\update.sys

+ usbehci    EHCI eUSB Miniport Driver    Microsoft Corporation    c:\windows\system32\drivers\usbehci.sys

+ usbhub    Default Hub Driver for USB    Microsoft Corporation    c:\windows\system32\drivers\usbhub.sys

+ USBSTOR    USB Mass Storage Class Driver    Microsoft Corporation    c:\windows\system32\drivers\usbstor.sys

+ usbuhci    UHCI USB Miniport Driver    Microsoft Corporation    c:\windows\system32\drivers\usbuhci.sys

+ VgaSave    VGA/Super VGA Video Driver    Microsoft Corporation    c:\windows\system32\drivers\vga.sys

+ viaagp1    VIA NT AGP Filter    VIA Technologies, Inc.    c:\windows\system32\drivers\viaagp1.sys

+ ViaIde    Generic PCI IDE Bus Driver    Microsoft Corporation    c:\windows\system32\drivers\viaide.sys

+ viamraid    VIA RAID DRIVER FOR WIN 2000/XP/2003IA32    VIA Technologies inc,.ltd    c:\windows\system32\drivers\viamraid.sys

+ Wanarp    Remote Access IP ARP Driver    Microsoft Corporation    c:\windows\system32\drivers\wanarp.sys

+ wdmaud    MMSYSTEM Wave/Midi API mapper    Microsoft Corporation    c:\windows\system32\drivers\wdmaud.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute           

+ autocheck autochk *            File not found: autocheck

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options           

+ Your Image File Name Here without a path    Symbolic Debugger for Windows 2000    Microsoft Corporation    c:\windows\system32\ntsd.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls           

+ APIHookDll.dll            File not found: APIHookDll.dll

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls           

+ advapi32    Advanced Windows 32 Base API    Microsoft Corporation    c:\windows\system32\advapi32.dll

+ comdlg32    Common Dialogs DLL    Microsoft Corporation    c:\windows\system32\comdlg32.dll

+ gdi32    GDI Client DLL    Microsoft Corporation    c:\windows\system32\gdi32.dll

+ imagehlp    Windows NT Image Helper    Microsoft Corporation    c:\windows\system32\imagehlp.dll

+ kernel32    Windows NT BASE API Client DLL    Microsoft Corporation    c:\windows\system32\kernel32.dll

+ lz32    LZ Expand/Compress API DLL    Microsoft Corporation    c:\windows\system32\lz32.dll

+ ole32    Microsoft OLE for Windows    Microsoft Corporation    c:\windows\system32\ole32.dll

+ oleaut32        Microsoft Corporation    c:\windows\system32\oleaut32.dll

+ olecli32    Object Linking and Embedding Client Library    Microsoft Corporation    c:\windows\system32\olecli32.dll

+ olecnv32    Microsoft OLE for Windows    Microsoft Corporation    c:\windows\system32\olecnv32.dll

+ olesvr32    Object Linking and Embedding Server Library    Microsoft Corporation    c:\windows\system32\olesvr32.dll

+ olethk32    Microsoft OLE for Windows    Microsoft Corporation    c:\windows\system32\olethk32.dll

+ rpcrt4    Remote Procedure Call Runtime    Microsoft Corporation    c:\windows\system32\rpcrt4.dll

+ shell32    Windows Shell Common Dll    Microsoft Corporation    c:\windows\system32\shell32.dll

+ url    Internet Shortcut Shell Extension DLL    Microsoft Corporation    c:\windows\system32\url.dll

+ urlmon    OLE32 Extensions for Win32    Microsoft Corporation    c:\windows\system32\urlmon.dll

+ user32    Windows XP USER API Client DLL    Microsoft Corporation    c:\windows\system32\user32.dll

+ version    Version Checking and File Installation Libraries    Microsoft Corporation    c:\windows\system32\version.dll

+ wininet    Internet Extensions for Win32    Microsoft Corporation    c:\windows\system32\wininet.dll

+ wldap32    Win32 LDAP API DLL    Microsoft Corporation    c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           

+ crypt32chain    Crypto API32    Microsoft Corporation    c:\windows\system32\crypt32.dll

+ cryptnet    Crypto Network Related API    Microsoft Corporation    c:\windows\system32\cryptnet.dll

+ cscdll    Offline Network Agent    Microsoft Corporation    c:\windows\system32\cscdll.dll

+ ScCertProp    Common DLL to receive Winlogon notifications    Microsoft Corporation    c:\windows\system32\wlnotify.dll

+ Schedule    Common DLL to receive Winlogon notifications    Microsoft Corporation    c:\windows\system32\wlnotify.dll

+ sclgntfy    Secondary Logon Service Notification DLL    Microsoft Corporation    c:\windows\system32\sclgntfy.dll

+ SensLogn    Common DLL to receive Winlogon notifications    Microsoft Corporation    c:\windows\system32\wlnotify.dll

+ termsrv    Common DLL to receive Winlogon notifications    Microsoft Corporation    c:\windows\system32\wlnotify.dll

+ wlballoon    Common DLL to receive Winlogon notifications    Microsoft Corporation    c:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe           

+ C:\WINDOWS\system32\ssmypics.scr    My Pictures Slideshow Screensaver    Microsoft Corporation    c:\windows\system32\ssmypics.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9           

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A76A50-E6FD-4123-8310-12F923F9A5EE}] DATAGRAM 0    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{57A76A50-E6FD-4123-8310-12F923F9A5EE}] SEQPACKET 0    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{766D0AC9-C689-40D4-A5B1-89DD1787257F}] DATAGRAM 1    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{766D0AC9-C689-40D4-A5B1-89DD1787257F}] SEQPACKET 1    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93C2F07F-8165-4FD4-8D38-41E75C074B35}] DATAGRAM 2    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{93C2F07F-8165-4FD4-8D38-41E75C074B35}] SEQPACKET 2    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP]    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP]    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider    Microsoft Windows Rsvp 1.0 Service Provider    Microsoft Corporation    c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider    Microsoft Windows Rsvp 1.0 Service Provider    Microsoft Corporation    c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors           

+ BJ Language Monitor    Langage Monitor for Canon Bubble-Jet Printer    Microsoft Corporation    c:\windows\system32\cnbjmon.dll

+ Local Port    Local Spooler DLL    Microsoft Corporation    c:\windows\system32\localspl.dll

+ Microsoft Document Imaging Writer Monitor    Microsoft? Document Imaging    Microsoft Corporation    c:\windows\system32\mdimon.dll

+ PJL Language Monitor    PJL Language monitor    Microsoft Corporation    c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port    Standard TCP/IP Port Monitor DLL    Microsoft Corporation    c:\windows\system32\tcpmon.dll

+ USB Monitor    Standard Dynamic Printing Port Monitor DLL    Microsoft Corporation    c:\windows\system32\usbmon.dll

help...........

重新发扫描信息

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      23:59:02, 日期 2006-2-23
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei-3Com\H3C 认证客户端\H3C Client.exe
C:\Documents and Settings\Administrator\桌面\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v11.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AdPlus\IEHelp.dll
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\system32\hap.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\system32\winhtp.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - IE工具栏增项: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll (file missing)
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [AddrPlus3] C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook.dll Rundll32
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\Game\hf\HFGame3\GameClient.exe
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH]  QQ地址栏搜索插件
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O20 - AppInit_DLLs: APIHookDll.dll
O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - NT 服务: huawei-3com EAD appendix service (H3C_EAD_APX_SVR) - Unknown owner - C:\Program Files\Huawei-3Com\H3C 认证客户端\eadApxSvr.exe
O23 - NT 服务: huawei-3com protocol authentication service manage center (H3C_SVR_MNG_SERVICE) - Unknown owner - C:\Program Files\Huawei-3Com\H3C 认证客户端\AuthenMngService.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe