Trojan.DL.Agent.zlu    重新启动计算机后删除文件    2006-11-23 08:51    快捷扫描    C:\WINDOWS\system32    qpzgx.dll    本机


金山的扫描处理

风险程序    2006-11-16 12:48:10    C:\WINDOWS\system32\qpzgx.dll    Win32.Adware.CurCode.a.52736    操作失败   
风险程序    2006-11-16 12:48:10    C:\WINDOWS\system32\qpzgx.dll    Win32.Adware.CurCode.a.52736    跳过，未处理


这个文件  屡杀不清  文件无法 删除 压缩 粉碎  安全模式也一样  用删除工具 延迟删除器也无效  我怀疑他在哪个地方有隐藏文件 每次开机自动生成
请高手指点 

【回复“6981313”的帖子】
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <RavTask><"E:\瑞星\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"E:\瑞星\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

【回复“6981313”的帖子】服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[File Replication / File Replication]
  <C:\WINDOWS\system32\ntfis.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
  <"E:\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"E:\瑞星\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WindowService / WindowService]
  <C:\WINDOWS\system32\Svchost.exe -k WindowService-->C:\WINDOWS\system32\drivers\Register_nos.dll><N/A>

【回复“69驱动程序
[aicy / aicyr]
  <\SystemRoot\System32\DRIVERS\aicyr.sys><N/A>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atitray / atitray]
  <\??\C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner]
  <\??\E:\瑞星\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont]
  <\??\E:\瑞星\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\E:\瑞星\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\E:\瑞星\Rising\Rav\HookSys.sys><Rising>
[KWatch3 / KWatch3]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[lpxecy2 / lpxecy26]
  <\SystemRoot\System32\DRIVERS\lpxecy26.sys><N/A>
[MegaIDE / MegaIDE]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[MEMSCAN / MEMSCAN]
  <\??\E:\瑞星\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[NPPTNT2 / NPPTNT2]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RSPPSYS / RSPPSYS]
  <\??\E:\瑞星\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[vqzugr6 / vqzugr64]
  <\SystemRoot\System32\DRIVERS\vqzugr64.sys><N/A>81313”的帖子】

【回复“6981313”的帖子】浏览器加载项
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Documents and Settings\Administrator\My Documents\新建文件夹 (2)\Thunder.exe, N/A>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.net, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\PROGRA~1\Powerise\REAL2A~1\PowerPlr.ocx, Powerise Digital>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 新萌科技(上海)有限公司>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Documents and Settings\Administrator\My Documents\新建文件夹 (2)\Components\InMedia\MediaAddin07.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <C:\Documents and Settings\Administrator\My Documents\新建文件夹 (2)\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Documents and Settings\Administrator\My Documents\新建文件夹 (2)\Program\GetAllUrl.htm, N/A>
[使用Web迅雷下载]
  <, N/A>
[使用Web迅雷下载全部链接]
  <, N/A>
[使用网际快车下载]
  <C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\绿色软件\网际快车(FlashGet) v1.65 美化特别版\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

【回复“6981313”的帖子】正在运行的进程
[PID: 600][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4118]
[PID: 732][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 924][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][E:\瑞星\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1188][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1328][E:\瑞星\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [E:\瑞星\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\瑞星\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\瑞星\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\瑞星\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [E:\瑞星\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\瑞星\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\瑞星\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\瑞星\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\瑞星\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [E:\瑞星\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\瑞星\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\瑞星\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\瑞星\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\瑞星\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\瑞星\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [E:\瑞星\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\瑞星\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [E:\瑞星\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [E:\瑞星\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\瑞星\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [E:\瑞星\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\瑞星\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\瑞星\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\瑞星\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\瑞星\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\瑞星\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\瑞星\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1456][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1544][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1020, 3054]
    [E:\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
    [E:\瑞星\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1748][E:\瑞星\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1864][C:\WINDOWS\system32\ntfis.exe]  [Microsoft Corporation, 5, 2, 3790, 1830]
[PID: 1908][c:\windows\imapi.exe]  [Microsoft Corporation, 1.0.0.1]
[PID: 504][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5160]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5160]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5160]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5160]
[PID: 532][E:\瑞星\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\瑞星\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 552][E:\瑞星\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [E:\瑞星\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [E:\瑞星\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\瑞星\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\瑞星\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 628][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
[PID: 900][C:\Program Files\VIAudioi\SBADeck\ADeck.exe]  [VIA Technologies, Inc., 6, 0, 0, 2]
[PID: 968][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1072][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\res_zh-CN.dll]  [Google Inc., 1, 2, 908, 5008]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\swg.dll]  [Google Inc., 1, 2, 908, 5008]
[PID: 316][E:\瑞星\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\瑞星\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1092][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
[PID: 708][C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.4.0.226]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 0, 0, 1]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\asyn_dns.dll]  [N/A, N/A]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 18]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 9]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 11]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Components\InMedia\iEmbed04.dll]  [　, 2, 3, 0, 37]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 10]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [E:\瑞星\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Documents and Settings\Administrator\My Documents\游戏工具\新建文件夹 (2)\Program\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 59]
    [C:\WINDOWS\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
[PID: 3284][C:\Documents and Settings\Administrator\My Documents\dddd\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

【回复“6981313”的帖子】文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM
127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM

是不是很严重啊  无药可救  ???

【回复“K歌之王中王”的帖子】Trojan.DL.Delf.edu需要解压缩后杀毒2006-11-20 09:32手动扫描C:\WINDOWS\Temp\t3ainedm.exe>>$SYSDIR\drivers\soundmix.dll本机

这是我前几天 在这个文件里成功清除的日志

引用:

【寒蜂刺股的贴子】【回复“K歌之王中王”的帖子】Trojan.DL.Delf.edu需要解压缩后杀毒2006-11-20 09:32手动扫描C:\WINDOWS\Temp\t3ainedm.exe>>$SYSDIR\drivers\soundmix.dll本机 这是我前几天 在这个文件里成功清除的日志 ………………

今天另一个文件 又发现了Trojan.DL  只是后缀不一样  不知道有没关联
请高手给点建议  谢谢