IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Gpigeon.cla
用瑞星可以查出来,也可以清除,但就是每次开机都可以检测出来,说明没有杀死,该怎么杀掉,急求各位大虾!!!!!不胜感激!!!谢谢了!!!!!!

木马克星分析报告:2006-6-24 21:14:31
==================================================
内存中的进程:
[System Process]
AGENTSVR.EXE
alg.exe
CCenter.exe
csrss.exe
CTFMON.EXE
EXPLORER.EXE
hkcmd.exe
hkload.exe
hotkey.exe
IEXPLORE.EXE
igfxtray.exe
Iparmor.exe
LSASS.EXE
RavMon.exe
RavMonD.exe
RavStub.exe
RavTask.exe
realsched.exe
RfwCfg.exe
RfwMain.exe
rfwsrv.exe
RsAgent.exe
SERVICES.EXE
smss.exe
SOUNDMAN.EXE
SPOOLSV.EXE
SVCHOST.EXE
SysExplr.exe
System
VM_STI.EXE
winlogon.exe
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\appHelp.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\GDI32.dll
C:\Program Files\Iparmor\getportlistxp.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\Program Files\Iparmor\hookhookdll.dll
C:\WINDOWS\system32\imagehlp.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\inetmib1.dll
C:\Program Files\Iparmor\Iparmor.exe
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\jscript.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\MFC42.DLL
C:\WINDOWS\system32\MFC42LOC.DLL
C:\WINDOWS\system32\midimap.dll
C:\WINDOWS\system32\mlang.dll
C:\WINDOWS\system32\mpr.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\System32\mshtml.dll
C:\WINDOWS\System32\Msimtf.dll
C:\WINDOWS\System32\msls31.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\netapi32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\Downloaded Program Files\Ohva.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\oledlg.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\RASAPI32.DLL
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\RavExt.dll
C:\Program Files\Rising\Rav\RavScrCh.dll
C:\WINDOWS\system32\RICHED20.DLL
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\sensapi.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\System32\shdoclc.dll
C:\WINDOWS\System32\shdocvw.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\snmpapi.dll
C:\Program Files\Iparmor\SocketInit.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\vbscript.dll
C:\WINDOWS\system32\version.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\winmm.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\winspool.drv
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\wsock32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\msagent\agentdp2.dll
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\msacm32.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\Program Files\Iparmor\SocketArmor.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MSUTB.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\System32\actxprxy.dll
C:\PROGRA~1\baidu\bar\BaiduBar.dll
C:\WINDOWS\System32\BatMeter.dll
C:\WINDOWS\system32\browselc.dll
C:\WINDOWS\system32\BROWSEUI.dll
C:\WINDOWS\System32\CFGMGR32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\System32\CSCDLL.dll
C:\WINDOWS\System32\cscui.dll
C:\WINDOWS\System32\davclnt.dll
C:\WINDOWS\System32\drprov.dll
C:\WINDOWS\system32\DUSER.dll
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Downloaded Program Files\Fqqyyw.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\PROGRA~1\FLASHGET\jccatch.dll
C:\WINDOWS\system32\LINKINFO.dll
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\System32\MSCTF.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\System32\MSIMG32.dll
C:\WINDOWS\System32\msutb.dll
C:\WINDOWS\msxml3.dll
C:\WINDOWS\system32\NETAPI32.dll

C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\NETSHELL.dll
C:\WINDOWS\System32\NETUI0.dll
C:\WINDOWS\System32\NETUI1.dll
C:\WINDOWS\System32\ntlanman.dll
C:\WINDOWS\system32\ntshrui.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\System32\POWRPROF.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\RASDLG.dll
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\System32\Secur32.dll
C:\WINDOWS\system32\shdoclc.dll
C:\WINDOWS\system32\SHDOCVW.dll
C:\WINDOWS\System32\sti.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\System32\themeui.dll
C:\WINDOWS\system32\WINHTTP.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\System32\WS2_32.dll
C:\WINDOWS\System32\WS2HELP.dll
C:\WINDOWS\System32\WSOCK32.dll
C:\WINDOWS\System32\WTSAPI32.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\hccutils.DLL
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxdev.dll
C:\WINDOWS\System32\igfxhk.dll
C:\WINDOWS\System32\igfxres.dll
C:\WINDOWS\System32\igfxsrvc.dll
C:\WINDOWS\System32\LPK.DLL
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\USP10.dll
C:\PROGRA~1\jmesoft\hkload.exe
C:\Program Files\jmesoft\hotkey.exe
C:\WINDOWS\system32\CLUSAPI.DLL
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\System32\DCIMAN32.dll
C:\WINDOWS\System32\DDRAW.dll
C:\WINDOWS\System32\ddrawex.dll
D:\PROGRA~1\sina\UC\UCddt\ddtkillw.ocx
C:\Program Files\Windows Desktop Search\dsWebAllow.dll
C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll
C:\Program Files\Windows Desktop Search\zh-cn\dsWebAllowRes.dll.mui
C:\WINDOWS\system32\expsrv.dll
C:\WINDOWS\System32\iepeers.dll
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ImgUtil.dll
C:\WINDOWS\system32\KakaTool.dll
C:\Program Files\Common Files\System\ado\msado15.dll
C:\Program Files\Common Files\System\ado\msadrh15.dll
C:\WINDOWS\system32\MSDART.DLL
C:\WINDOWS\system32\mshtml.dll
C:\WINDOWS\System32\mshtmled.dll
C:\WINDOWS\System32\msjet40.dll
C:\WINDOWS\System32\msjetoledb40.dll
C:\WINDOWS\System32\MSJINT40.DLL
C:\WINDOWS\System32\msjter40.dll
C:\WINDOWS\System32\msjtes40.dll
C:\WINDOWS\system32\msls31.dll
C:\Program Files\Windows Desktop Search\msvcp60.dll
C:\WINDOWS\System32\mswstr10.dll
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\OLEACC.dll
C:\Program Files\Common Files\System\Ole DB\oledb32.dll
C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\PSAPI.DLL
D:\Program Files\Tencent\QQ\QQIEHelper.dll
C:\WINDOWS\system32\RESUTILS.DLL
C:\WINDOWS\system32\VBAJET32.DLL
C:\WINDOWS\system32\winabc.ime
C:\WINDOWS\System32\WINSPOOL.DRV
C:\WINDOWS\system32\xpsp3res.dll
C:\WINDOWS\System32\igfxress.dll
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Rising\Rav\BWList.dll
C:\Program Files\Rising\Rav\CfgDll.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\perfproc.dll
C:\Program Files\Rising\Rav\PngDll.dll
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Rising\Rav\RSAPPMGR.DLL
C:\Program Files\Rising\Rav\RSCOMMON.DLL
C:\Program Files\Rising\Rav\RsCommX.dll
C:\Program Files\Rising\Rav\RsGuiLib.dll
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\odbccp32.dll
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\NTMARTA.DLL
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\program files\rising\rfw\mPorts.dll
c:\program files\rising\rfw\PngDll.dll
c:\program files\rising\rfw\RfwCfg.exe
c:\program files\rising\rfw\rfwlog.dll
c:\program files\rising\rfw\RSCOMMON.DLL
c:\program files\rising\rfw\RsGuiLib.dll
c:\program files\rising\rfw\PSAPI.DLL
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\msagent\agentmpx.dll
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\system32\HID.DLL
C:\WINDOWS\SOUNDMAN.EXE
C:\Herosoft\HeroV8\AVCDROM.dll
C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll
C:\Herosoft\HeroV8\CoolMenu.dll
C:\Herosoft\HeroV8\httphlp.dll
C:\Herosoft\HeroV8\HttpReq.dll
C:\Herosoft\HeroV8\Sys936.DLL
C:\Herosoft\HeroV8\SysExplr.EXE
C:\WINDOWS\System32\devenum.dll
C:\WINDOWS\system32\ksproxy.ax
C:\WINDOWS\system32\ksuser.dll
C:\WINDOWS\system32\kswdmcap.ax
C:\WINDOWS\system32\msdmo.dll
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\VM31bPrp.Ax
C:\WINDOWS\System32\WINMM.dll
==================================================
启动项目:
; "C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE" /SPOIL /REMADVDEF /MIGRATION32
C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE /SYNC
; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC
; C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME
SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\PROGRAM FILES\JMESOFT\HOTKEY.EXE
C:\WINDOWS\VM_STI.EXE VIMICRO USB PC CAMERA 301X
"C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE"  -OSBOOT
"C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
"C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
C:\HEROSOFT\HEROV8\SYSEXPLR.EXE
C:\PROGRA~1\TENCENT\ADPLUS\STUP.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
; "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
"E:\BITTORRENT\BITTORRENT.EXE" --START_MINIMIZED
desktop.ini
RsAutorunsDisabled

==================================================
系统服务列表:
.NET CLR Data
.NET CLR Networking
.NETFramework
System32\DRIVERS\a320raid.sys
System32\DRIVERS\aar1210.sys
Abiosdsk
System32\DRIVERS\abp480n5.sys
System32\DRIVERS\ACPI.sys
ACPIEC
System32\DRIVERS\adpu160m.sys
System32\DRIVERS\adpu320.sys
system32\drivers\aec.sys
System32\DRIVERS\aec6210.sys
System32\DRIVERS\aec6260.sys
System32\DRIVERS\aec6280.sys
System32\DRIVERS\AEC6890.sys
System32\DRIVERS\aec68x5.sys
\SystemRoot\System32\drivers\afd.sys
System32\DRIVERS\aha154x.sys
System32\DRIVERS\aic78u2.sys
System32\DRIVERS\aic78xx.sys
system32\drivers\ALCXSENS.SYS
system32\drivers\ALCXWDM.SYS
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\alg.exe
System32\DRIVERS\aliide.sys
System32\DRIVERS\amdk7.sys
System32\DRIVERS\amsint.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
System32\DRIVERS\asc.sys
asc3350p
System32\DRIVERS\asc3550.sys
ASP.NET
ASP.NET_1.1.4322
%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
System32\DRIVERS\asyncmac.sys
System32\DRIVERS\atapi.sys
Atdisk
System32\DRIVERS\atmarpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\audstub.sys
System32\DRIVERS\BaseTDI.SYS
BattC
system32\drivers\BDGuard.SYS
Beep
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\cbidf2k.sys
cbidf2k
System32\DRIVERS\CCDECODE.sys
cd20xrnt
Cdaudio
Cdfs
System32\DRIVERS\cdrom.sys
Changer
%SystemRoot%\system32\cisvc.exe
%SystemRoot%\system32\clipsrv.exe
System32\DRIVERS\cmdide.sys
C:\Program Files\HgzServer\Hacker.dll
C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
ContentFilter
ContentIndex
System32\DRIVERS\cpqarray.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
System32\DRIVERS\dac2w2k.sys
System32\DRIVERS\dac960nt.sys
%SystemRoot%\system32\svchost -k DcomLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\disk.sys
%SystemRoot%\System32\dmadmin.exe /com
System32\drivers\dmboot.sys
System32\drivers\dmio.sys
System32\drivers\dmload.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
system32\drivers\DMusic.sys
%SystemRoot%\System32\svchost.exe -k NetworkService
System32\DRIVERS\dpti2o.sys
system32\drivers\drmkaud.sys
%SystemRoot%\System32\svchost.exe -k netsvcs

%SystemRoot%\system32\services.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
\??\C:\Program Files\Rising\Rav\ExpScan.sys
Fastfat
System32\DRIVERS\fasttrak.sys
System32\DRIVERS\fasttx2k.sys
System32\DRIVERS\fasttx2k2.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\fdc.sys
Fips
Flpydisk
system32\drivers\fltmgr.sys
System32\DRIVERS\fsvga.sys
Fs_Rec
System32\DRIVERS\ftdisk.sys
System32\DRIVERS\gameenum.sys
System32\DRIVERS\msgpc.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\Program Files\Rising\Rav\HOOKCONT.sys
\??\C:\Program Files\Rising\Rav\HookReg.sys
\??\C:\Program Files\Rising\Rav\HookSys.sys
\??\C:\Program Files\rising\Rfw\HookUrl.sys
System32\DRIVERS\hpn.sys
System32\DRIVERS\Hpt366.sys
System32\DRIVERS\HPT371.sys
System32\DRIVERS\hpt374.sys
System32\DRIVERS\hpt3xx.sys
System32\DRIVERS\hptmv.sys
System32\DRIVERS\hptpro.sys
System32\Drivers\HTTP.sys
%SystemRoot%\System32\svchost.exe -k HTTPFilter
i2omgmt
System32\DRIVERS\i2omp.sys
System32\DRIVERS\i8042prt.sys
System32\DRIVERS\ialmnt5.sys
system32\drivers\iaStor.sys
System32\DRIVERS\imapi.sys
C:\WINDOWS\System32\imapi.exe
inetaccs
System32\DRIVERS\ini910u.sys
Inport
System32\DRIVERS\intelide.sys
System32\DRIVERS\intelppm.sys
system32\drivers\ip6fw.sys
System32\DRIVERS\ipfltdrv.sys
System32\DRIVERS\ipinip.sys
System32\DRIVERS\ipnat.sys
System32\DRIVERS\ipsec.sys
System32\DRIVERS\irenum.sys
ISAPISearch
System32\DRIVERS\isapnp.sys
System32\DRIVERS\iteraid.sys
System32\DRIVERS\kbdclass.sys
System32\DRIVERS\kbfiltr.sys
system32\drivers\kmixer.sys
KSecDD
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
lbrtfdc
ldap
LicenseService
%SystemRoot%\System32\svchost.exe -k LocalService
System32\DRIVERS\m5228.sys
system32\drivers\m5281.sys
System32\DRIVERS\MegaIDE.sys
\??\C:\Program Files\Rising\Rav\MEMSCAN.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
mnmdd
C:\WINDOWS\System32\mnmsrvc.exe
Modem
System32\DRIVERS\mouclass.sys
MountMgr
\??\c:\program files\rising\rfw\mProcRs.sys
System32\DRIVERS\mraid2k.sys
System32\DRIVERS\mraid35x.sys
System32\DRIVERS\mrxdav.sys
System32\DRIVERS\mrxsmb.sys
C:\WINDOWS\System32\msdtc.exe
Msfs
C:\WINDOWS\system32\msiexec.exe /V
system32\drivers\MSKSSRV.sys
system32\drivers\MSPCLOCK.sys
system32\drivers\MSPQM.sys
System32\DRIVERS\mssmbios.sys
system32\drivers\MSTEE.sys
system32\drivers\msmpu401.sys
Mup
System32\DRIVERS\NABTSFEC.sys
NDIS
System32\DRIVERS\NdisIP.sys
System32\DRIVERS\ndistapi.sys
System32\DRIVERS\ndisuio.sys
System32\DRIVERS\ndiswan.sys
NDProxy
System32\DRIVERS\netbios.sys
System32\DRIVERS\netbt.sys
%SystemRoot%\system32\netdde.exe
%SystemRoot%\system32\netdde.exe
%SystemRoot%\System32\lsass.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
Npfs
\??\D:\Program Files\Tencent\QQ\npkcrypt.sys
Ntfs
%SystemRoot%\System32\lsass.exe
%SystemRoot%\system32\svchost.exe -k netsvcs
Null
System32\DRIVERS\nwlnkflt.sys
System32\DRIVERS\nwlnkfwd.sys
System32\DRIVERS\parport.sys
PartMgr
ParVdm
System32\DRIVERS\pci.sys
PCIDump
System32\DRIVERS\pciide.sys
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
System32\DRIVERS\perc2.sys
System32\DRIVERS\perc2hib.sys
PerfDisk
PerfNet
PerfOS
PerfProc
%SystemRoot%\system32\services.exe
System32\DRIVERS\pnp680.sys
System32\DRIVERS\pnp680r.sys
%SystemRoot%\System32\lsass.exe
System32\DRIVERS\raspptp.sys
System32\DRIVERS\processr.sys
%SystemRoot%\system32\lsass.exe
System32\DRIVERS\psched.sys
System32\DRIVERS\ptilink.sys
System32\DRIVERS\ql1080.sys
System32\DRIVERS\ql10wnt.sys
System32\DRIVERS\ql12160.sys
System32\DRIVERS\ql1240.sys
System32\DRIVERS\ql1280.sys
System32\DRIVERS\rasacd.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\rasl2tp.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\raspppoe.sys
System32\DRIVERS\raspti.sys
System32\DRIVERS\rdbss.sys
System32\DRIVERS\RDPCDD.sys
RDPDD
System32\DRIVERS\rdpdr.sys
RDPNP
RDPWD
C:\WINDOWS\system32\sessmgr.exe
System32\DRIVERS\redbook.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k LocalService
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
%SystemRoot%\System32\locator.exe
%SystemRoot%\system32\svchost -k rpcss
"C:\Program Files\Rising\Rav\CCenter.exe"
\??\C:\Program Files\rising\Rfw\RsFwDrv.sys
RSGatherer
RSGTHRSVC
RSIndex
"C:\Program Files\Rising\Rav\Ravmond.exe"
RSSearch
%SystemRoot%\System32\rsvp.exe
System32\DRIVERS\Rtlnicxp.sys
System32\DRIVERS\RTL8139.SYS
%SystemRoot%\system32\lsass.exe
%SystemRoot%\System32\SCardSvr.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\drivers\scsiport.sys
System32\DRIVERS\secdrv.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\system32\svchost.exe -k netsvcs
System32\DRIVERS\serenum.sys
System32\DRIVERS\serial.sys
Sfloppy
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\SI3112.sys
system32\drivers\SI3112r.sys
System32\DRIVERS\SI3114.sys
System32\DRIVERS\SI3114R.sys
System32\DRIVERS\SI3124.sys
System32\DRIVERS\SI3124R.sys
System32\DRIVERS\SiWinAcc.sys
Simbad
System32\DRIVERS\SiSRaid.sys
System32\DRIVERS\SiSRaid1.sys
System32\DRIVERS\SLIP.sys
System32\DRIVERS\sparrow.sys
system32\drivers\splitter.sys
%SystemRoot%\system32\spoolsv.exe
System32\DRIVERS\sptrak.sys
\SystemRoot\System32\DRIVERS\sr.sys
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\srv.sys
%SystemRoot%\System32\svchost.exe -k LocalService
system32\drivers\SSProt.sys
%SystemRoot%\System32\svchost.exe -k imgsvc
System32\DRIVERS\StreamIP.sys
System32\DRIVERS\swenum.sys
system32\drivers\swmidi.sys
C:\WINDOWS\System32\dllhost.exe /Processid:{F4005E0E-2FEA-4506-BAED-97356A37FAED}
swwd
System32\DRIVERS\symc810.sys
System32\DRIVERS\symc8xx.sys
System32\DRIVERS\sym_hi.sys
System32\DRIVERS\sym_u3.sys
system32\drivers\sysaudio.sys
%SystemRoot%\system32\smlogsvc.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\tcpip.sys
TDPIPE
TDTCP
System32\DRIVERS\termdd.sys
%SystemRoot%\System32\svchost -k DComLaunch
%SystemRoot%\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\tlntsvr.exe
TosIde
%SystemRoot%\system32\svchost.exe -k netsvcs
TSDDD
Udfs
System32\DRIVERS\ulsata.sys
System32\DRIVERS\ultra.sys
System32\DRIVERS\update.sys
%SystemRoot%\System32\svchost.exe -k LocalService
%SystemRoot%\System32\ups.exe
System32\DRIVERS\usbehci.sys
System32\DRIVERS\usbhub.sys
system32\DRIVERS\USBSTOR.SYS
System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\drivers\vga.sys
System32\DRIVERS\viaagp.sys
System32\DRIVERS\viaide.sys
System32\DRIVERS\viapdsk.sys
System32\DRIVERS\viaraid.sys
system32\drivers\viasraid.sys
system32\drivers\vmscsi.sys
VolSnap
%SystemRoot%\System32\vssvc.exe
VXD
%SystemRoot%\System32\svchost.exe -k netsvcs
W3SVC
System32\DRIVERS\wanarp.sys
WDICA
system32\drivers\wdmaud.sys
%SystemRoot%\System32\svchost.exe -k LocalService
%systemroot%\system32\svchost.exe -k netsvcs
Winsock
WinSock2
WinTrust
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
WmiApRpl
C:\WINDOWS\System32\wbem\wmiapsrv.exe
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\DRIVERS\WSTCODEC.SYS
%systemroot%\system32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
%SystemRoot%\System32\svchost.exe -k netsvcs
System32\Drivers\usbVM31b.sys
{B85C4C83-3DFE-415B-B4A3-FA198104E93C}
{C4D4F181-79F5-4B6E-A1F0-BFF384D749D1}
C:\WINDOWS\svchost.cmd

扫描了 31个进程，
木马克星扫描结束.
没有发现木马，系统安全!



C:\WINDOWS\System32\msls31.dll怀疑为木马j77
C:\WINDOWS\system32\msls31.dll怀疑为木马j77
C:\WINDOWS\System32\msls31.dll怀疑为木马j77
C:\WINDOWS\system32\oledlg.dll怀疑为木马j77
发现可疑系统服务:C:\WINDOWS\SVCHOST.CMD
扫描浏览器插件:C:\Program Files\TENCENT\Adplus\SSAddr.dll
扫描浏览器插件:D:\PROGRA~1\sina\UC\UCddt\ddtinit.dll
发现无效的浏览器插件位置:HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsCLSID\{15DDE989-CD45-4561-BF99-D22C0D5C2B74}\InprocServer32
扫描浏览器插件:C:\Program Files\Windows Desktop Search\dsWebAllow.dll
扫描浏览器插件:D:\Program Files\Tencent\QQ\QQIEHelper.dll
扫描浏览器插件:D:\PROGRA~1\sina\UC\UCddt\ddtkillw.ocx
扫描浏览器插件:C:\PROGRA~1\baidu\bar\BaiduBar.dll
扫描浏览器插件:C:\PROGRA~1\FLASHGET\jccatch.dll
浏览器插件扫描结束.

6楼的不地道,自己发帖呀,

这是我的
Logfile of HijackThis v1.99.1
Scan saved at 2:31:41, on 2006-6-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\jmesoft\hotkey.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Herosoft\HeroV8\SysExplr.EXE
C:\PROGRA~1\jmesoft\hkload.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\EPH\eph.exe
C:\Program Files\FlashGet\flashget.exe
c:\program files\rising\rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\我的下载\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
R3 - URLSearchHook: (no name) - {21D6C651-D908-4FFD-A41B-7DD34D2E3440} - C:\WINDOWS\system32\Aiql.dll
R3 - URLSearchHook: (no name) - {3EDED7F3-F213-4738-9C8E-C025620949E6} - C:\WINDOWS\system32\Awqv.dll
R3 - URLSearchHook: (no name) - {ABEC7E7C-CAC8-4F76-ABBC-22AAF1E44B00} - C:\WINDOWS\system32\Gcsdzf.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - D:\PROGRA~1\sina\UC\UCddt\ddtinit.dll (file missing)
O2 - BHO: (no name) - {21D6C651-D908-4FFD-A41B-7DD34D2E3440} - C:\WINDOWS\system32\Aiql.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {3EDED7F3-F213-4738-9C8E-C025620949E6} - C:\WINDOWS\system32\Awqv.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - D:\PROGRA~1\sina\UC\UCddt\ddtkillw.ocx
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {ABEC7E7C-CAC8-4F76-ABBC-22AAF1E44B00} - C:\WINDOWS\system32\Gcsdzf.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL
O3 - Toolbar: 比特精灵搜索工具栏 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll

O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [jmekey] C:\Program Files\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SysExplr.EXE
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BitTorrent] "E:\BitTorrent\bittorrent.exe" --start_minimized
O4 - Global Startup: Windows 桌面搜索.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html
O8 - Extra context menu item: 使用新浪下载助手下载 - D:\PROGRA~1\sina\UC\UCddt\sinadl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - D:\Program Files\sina\UC\UC.exe
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - D:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O9 - Extra 'Tools' menuitem: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - D:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O9 - Extra button: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - D:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O11 - Options group: [TBH]  搜搜地址栏搜索
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {817C90B5-1688-42BE-9044-58422DB088B2} (PortalCom R01) - http://61.172.97.52/PortalAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EC8B81A-7C64-45DF-84B8-4818FC03CC42}: NameServer = 202.103.225.68 202.103.224.68
O20 - AppInit_DLLs: APIHookDll.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - Service: Compatibility - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Lication Management (基于COM+ 组件的配置和跟踪。) - Unknown owner - C:\WINDOWS\svchost.cmd