【紫①】声音 - 2006-1-1 11:02:00
每次开机都能杀到Backdoor.Gpigeon.abv
可再次开机后还是有,怎么才能清楚掉呀?谢谢
【紫①】声音 - 2006-1-1 11:12:00
Logfile of HijackThis v1.99.1
Scan saved at 11:25:19, on 2006-1-1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Sound\LOCALS~1\Temp\Rar$EX00.313\HijackThis.exe
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ\\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{38803F01-5B23-40D0-B231-91CB2D58A52B}: NameServer = 202.96.128.166 202.96.128.86
O23 - Service: Explorer (Internet Explorer) - Unknown owner - C:\WINDOWS\System32\winis.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
【紫①】声音 - 2006-1-1 11:40:00
有没人知道呀?
命运里の金色 - 2006-1-1 11:49:00
O23 - Service: Explorer (Internet Explorer) - Unknown owner - C:\WINDOWS\System32\winis.exe
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
不言放弃 - 2006-1-1 11:56:00
修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Explorer (Internet Explorer) - Unknown owner - C:\WINDOWS\System32\winis.exe
搜索winis.exe
winis.dll
winiskey.dll
winis_hook.dll
找到后全部删除
【紫①】声音 - 2006-1-1 12:00:00
我不明白要怎樣冊除他們。。。。
前幾天中了Backdoor.Gpigeon.ugu
是用以上方法搞好的,可是現在注冊表和文件也沒有那些,怎麼辦?
【紫①】声音 - 2006-1-1 12:06:00
C:\WINDOWS\System32\winis.exe这个册掉??
【紫①】声音 - 2006-1-1 12:17:00
找不着这个C:\WINDOWS\System32\winis.exe
怎么办???会解决的可以说清楚点吗?
【紫①】声音 - 2006-1-1 12:23:00
| 引用: |
【不言放弃的贴子】修复
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Explorer (Internet Explorer) - Unknown owner - C:\WINDOWS\System32\winis.exe
搜索winis.exe
winis.dll
winiskey.dll
winis_hook.dll
找到后全部删除
........................... |
做了,一个也找不到,重起后还有毒,怎么办?
冷雨夜阑 - 2006-1-1 12:40:00
进安全模式直接修复C:\WINDOWS\System32\winis.exe
【紫①】声音 - 2006-1-1 13:33:00
不行呀,开机后还是一样能查出毒来,咋办???
命运里の金色 - 2006-1-1 13:39:00
你有没看那帖子
打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名 Explorer 或者是Internet Explorer
在删除文件
【紫①】声音 - 2006-1-1 13:47:00
行了,呵呵,有的东西不知道是不是可册,不敢试,但有人说就不同的啦。。。谢谢
© 2000 - 2026 Rising Corp. Ltd.