瑞星卡卡安全论坛

前天中了backdoor.gpigeon_hook.dll病毒,瑞星防火墙报警告诉中了木马已经清除,但是系统的所以应用程序都报出错就重启,出现了好几次,只好在安全模式下杀也无法清除,最后用最近一次你正常启动选项进入,把病毒杀了,但不是backdoor.gpigeon_hook.dll病毒,重启后进入又杀了一次才把backdoor.gpigeon_hook.dll杀了,杀毒后防火墙无法启动,实时监控的漏洞.邮件监控无法打开,只好重装,我现在都无法搞清有没有杀干净.请高手帮忙看看是否杀净
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:45:04, 日期 2005-9-17
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
d:\program files\rising\rfw\RfwMain.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
F:\Temp\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FLASHGET\FGIEBAR.DLL
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [Logitech Utility] Logi_MwX.Exe
O4 - 启动项HKLM\\Run: [IMSCMIG40W] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [WinampAgent] ; "D:\Winamp\Winampa.exe"
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: desktop.ini
O4 - Startup: Hare.lnk = D:\Program Files\Hare\Hare.exe
O4 - Global Startup: desktop.ini
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\FlashGet\jc_all.htm
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_53.cab
O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://221.208.250.138/PortalAX02.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13f9e8dcaeb8008c2a16/netzip/RdxIE601_cn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125154221812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154280105
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {86BC8440-8693-4076-A144-6BAF942B40B0} - http://mysearch.8848.com/mysearch/MySearch.CAB
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://space.fenteng.net/gameser/system/fc2boot.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.mydrivers.com/swflash.cab
O16 - DPF: {DAFEB281-4743-4E80-83A9-A2BBDA400840} (BlueskyRecorder Class) - http://202.96.140.88/vchat/blueskyrecorder.dll
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

想多了解点病毒知识,怎么没人理啦?

引用:

【网事无忧的贴子】前天中了backdoor.gpigeon_hook.dll病毒,瑞星防火墙报警告诉中了木马已经清除,但是系统的所以应用程序都报出错就重启,出现了好几次,只好在安全模式下杀也无法清除,最后用最近一次你正常启动选项进入,把病毒杀了,但不是backdoor.gpigeon_hook.dll病毒,重启后进入又杀了一次才把backdoor.gpigeon_hook.dll杀了,杀毒后防火墙无法启动,实时监控的漏洞.邮件监控无法打开,只好重装,我现在都无法搞清有没有杀干净.请高手帮忙看看是否杀净 HijackThis_zww汉化版扫描日志 V1.99.1 保存于      9:45:04, 日期 2005-9-17 操作系统：  Windows XP SP1 (WinNT 5.01.2600) 浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程：          C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\PROGRAM FILES\RISING\RAV\Ravmond.exe D:\PROGRAM FILES\RISING\RAV\RavStub.exe d:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\Explorer.EXE D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE D:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe d:\program files\rising\rfw\RfwMain.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\WINDOWS\System32\svchost.exe F:\Temp\HijackThis1991汉化版\HijackThis1991zww.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\FLASHGET\FGIEBAR.DLL O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\FastAIT 2005\IEBand.dll O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - 启动项HKLM\\Run: [Logitech Utility] Logi_MwX.Exe O4 - 启动项HKLM\\Run: [IMSCMIG40W] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log O4 - 启动项HKLM\\Run: [WinampAgent] ; "D:\Winamp\Winampa.exe" O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: desktop.ini O4 - Startup: Hare.lnk = D:\Program Files\Hare\Hare.exe O4 - Global Startup: desktop.ini O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - IE右键菜单中的新增项目: 使用网际快车下载 - F:\FlashGet\jc_link.htm O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - F:\FlashGet\jc_all.htm O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} (BlueskyVideo Control) - http://www.bluesky.cn/download/v2_53.cab O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://221.208.250.138/PortalAX02.cab O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13f9e8dcaeb8008c2a16/netzip/RdxIE601_cn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125154221812 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125154280105 O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {86BC8440-8693-4076-A144-6BAF942B40B0} - http://mysearch.8848.com/mysearch/MySearch.CAB O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://space.fenteng.net/gameser/system/fc2boot.cab O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) - http://www.mydrivers.com/swflash.cab O16 - DPF: {DAFEB281-4743-4E80-83A9-A2BBDA400840} (BlueskyRecorder Class) - http://202.96.140.88/vchat/blueskyrecorder.dll O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe ...........................

没有鸽子了.