瑞星卡卡安全论坛

我家机器里发现了Backdoor.Gpigeon.pd这版本的，如何办？

瑞星灰鸽子专杀工具:
http://it.rising.com.cn/service/technology/Ravgpk_Download.htm



http://forum.ikaka.com/topic.asp?board=28&artid=6202404

            主题： 关于查杀“灰鸽子2005”的一点建议

引用:

【子阳的贴子】瑞星灰鸽子专杀工具: http://it.rising.com.cn/service/technology/Ravgpk_Download.htm http://forum.ikaka.com/topic.asp?board=28&artid=6202404             主题： 关于查杀“灰鸽子2005”的一点建议 ..HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 19:50:05, on 2005-12-8 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE c:\program files\rising\rfw\rfwsrv.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\Antiy Labs\Alive\AliveCenter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\CHIN@D~1\Cns.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\dudupros.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\DuDuAcc.exe C:\Downloads\hijackthis1.97_qoo\HijackThis.exe R3 - URLSearchHook: O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - D:\dddiemon.dll O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O3 - Toolbar: ????? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE webcom USB PC Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Chinaddr] C:\PROGRA~1\CHIN@D~1\Cns.exe -nosplash O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O4 - Startup: regproduct.ini O4 - Startup: Rcache.ini O4 - Global Startup: ntuser.dat O4 - Global Startup: ntuser.dat.LOG O4 - Global Startup: Nokia PC Suite 6.60.18.LOG O4 - Global Startup: Nokia Connectivity Cable Driver 1.00.150.6.LOG O8 - Extra context menu item: &使用DuDu 加速器下载 - res://D:\dddmext.dll/202 O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FLASHGET\jc_all.htm O8 - Extra context menu item: 用比特精灵下载(&B) - D:\ O8 - Extra context menu item: 访问 3721中文网址 - C:\PROGRA~1\CHIN@D~1\cnsgo_936.htm 大虾帮我看看O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [!CNS] O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O17 - HKLM\System\CCS\Services\Tcpip\..\{2042E96E-E43E-43C1-941A-436A9BA497BE}: NameServer = 220.189.127.108 220.189.127.107 O17 - HKLM\System\CS1\Services\Tcpip\..\{2042E96E-E43E-43C1-941A-436A9BA497BE}: NameServer = 220.189.127.108 220.189.127.107 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system3.........................

引用:

【子阳的贴子】瑞星灰鸽子专杀工具: http://it.rising.com.cn/service/technology/Ravgpk_Download.htm http://forum.ikaka.com/topic.asp?board=28&artid=6202404             主题： 关于查杀“灰鸽子2005”的一点建议 ..HijackThis@Qoo的扫描日志 V1.97.7 Scan saved at 19:50:05, on 2005-12-8 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE c:\program files\rising\rfw\rfwsrv.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe c:\program files\rising\rfw\RfwMain.exe C:\Program Files\Antiy Labs\Alive\AliveCenter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\CHIN@D~1\Cns.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE D:\dudupros.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\DuDuAcc.exe C:\Downloads\hijackthis1.97_qoo\HijackThis.exe R3 - URLSearchHook: O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - D:\dddiemon.dll O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O3 - Toolbar: ????? - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE webcom USB PC Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Chinaddr] C:\PROGRA~1\CHIN@D~1\Cns.exe -nosplash O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: NTUSER.DAT O4 - Startup: ntuser.dat.LOG O4 - Startup: ntuser.ini O4 - Startup: regproduct.ini O4 - Startup: Rcache.ini O4 - Global Startup: ntuser.dat O4 - Global Startup: ntuser.dat.LOG O4 - Global Startup: Nokia PC Suite 6.60.18.LOG O4 - Global Startup: Nokia Connectivity Cable Driver 1.00.150.6.LOG O8 - Extra context menu item: &使用DuDu 加速器下载 - res://D:\dddmext.dll/202 O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FLASHGET\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FLASHGET\jc_all.htm O8 - Extra context menu item: 用比特精灵下载(&B) - D:\ O8 - Extra context menu item: 访问 3721中文网址 - C:\PROGRA~1\CHIN@D~1\cnsgo_936.htm 大虾帮我看看O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O11 - Options group: [!CNS] O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/ O17 - HKLM\System\CCS\Services\Tcpip\..\{2042E96E-E43E-43C1-941A-436A9BA497BE}: NameServer = 220.189.127.108 220.189.127.107 O17 - HKLM\System\CS1\Services\Tcpip\..\{2042E96E-E43E-43C1-941A-436A9BA497BE}: NameServer = 220.189.127.108 220.189.127.107 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system3.........................

楼主的HijackThis版本低了,下个1.99.1
HijackThis1.99.1可以到【公告】反病毒论坛暂行条例（2005.11.26更新）及本版常用小工具(http://forum.ikaka.com/topic.asp?board=28&artid=6979213)1楼中下载
或.（反浏览器劫持版）置顶贴[必读]本版说明及常用小软件下载
(http://forum.ikaka.com/topic.asp?board=67&artid=5188931中下载

引用:

【七彩黄花菜萱草的贴子】楼主的HijackThis版本低了,下个1.99.1 HijackThis1.99.1可以到【公告】反病毒论坛暂行条例（2005.11.26更新）及本版常用小工具(http://forum.ikaka.com/topic.asp?board=28&artid=6979213)1楼中下载 或.（反浏览器劫持版）置顶贴[必读]本版说明及常用小软件下载 (http://forum.ikaka.com/topic.asp?board=67&artid=5188931中下载 谢谢我就去下一个...........................