瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » [求助]请问如何删除灰鸽子病毒?
柚子茶洁 - 2006-8-17 10:50:00
在反流氓软件论坛里高人指点,说我的电脑中了灰鸽子病毒
以下是我扫描的日志,请高人指点,该如何修复.万分感谢!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\系统工具\rising\Rfw\Rfw.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\系统工具\PDVDServ.exe
D:\系统工具\vrv\vrvnet.exe
D:\常用软件\kv2004\KV2004\KVMonXP.kxp
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\常用软件\新建文件夹 (2)\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
D:\常用软件\超级兔子魔法设置 V7.72\MagicSet\SRIECLI.EXE
D:\常用软件\kv2004\KV2004\KVSrvXp.exe
D:\系统工具\vrv\vrvmon.exe
D:\常用软件\新建文件夹 (3)\eMule\emule.exe
D:\常用软件\qq2005\QQ.exe
C:\WINDOWS\System32\rundll32.exe
D:\常用软件\TT\TT 2\TTraveler.exe
D:\常用软件\qq2005\QQPLAY~1.EXE
C:\WINDOWS\System32\svchost.exe
D:\系统工具\Foxmail\Foxmail.exe
D:\常用软件\HijackThis V1.99.1 汉化版\ha_hijackthis_1991\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\常用软件\超级兔~1.72\MAGICSET\haokanbar.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - D:\常用软件\kv2004\KV2004\KvShell.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - D:\常用软件\kv2004\KV2004\KvShell.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\常用软件\BT\BitComet\BitCometBar\BitCometBar0.2.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\常用软件\超级兔~1.72\MAGICSET\haokanbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [xysecond] D:\系统工具\vrv\vrvmon.exe
O4 - HKLM\..\Run: [rfw] D:\系统工具\rising\Rfw\Rfw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] D:\系统工具\PDVDServ.exe
O4 - HKLM\..\Run: [vrvnet] d:\系统工具\vrv\vrvnet.exe
O4 - HKLM\..\Run: [KvMonXP] D:\常用软件\kv2004\KV2004\KVMonXP.kxp /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ServiceHome] D:\常用软件\新建文件夹\PSH2.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "D:\常用软件\新建文件夹 (2)\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\常用软件\超级兔子魔法设置 V7.72\MagicSet\SRIECLI.EXE /LOAD
O4 - Startup: 腾讯QQ.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\常用软件\qq2005\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\常用软件\影音\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\常用软件\影音\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\常用软件\qq2005\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\常用软件\qq2005\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\常用软件\qq2005\SendMMS.htm
O9 - Extra button: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\常用软件\网际飞音\Donor\donor.exe
O9 - Extra 'Tools' menuitem: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385} - D:\常用软件\网际飞音\Donor\donor.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\常用软件\qq2005\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\常用软件\qq2005\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EF1B629-CE31-4E2A-BC21-06D0FA0B6054}: NameServer = 202.96.209.134 202.96.209.6
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\b0cd1f30.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DrayigeonServerae (DrayPigeanServerae) - Unknown owner - C:\WINDOWS\Saerverae.exe (file missing)
O23 - Service: KVSrvXp - JiangMin Ltd. - D:\常用软件\kv2004\KV2004\KVSrvXp.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
1
查看完整版本: [求助]请问如何删除灰鸽子病毒?
© 2000 - 2025 Rising Corp. Ltd.