1234   4  /  4  页   跳转

怎样才能查杀Backdoor.Gpigeon.thj!

收藏
boluomi1021
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2005-11-24
  • 来自:
发表于: 2005-11-24 10:51 | 短消息 资料
字号: 31楼

求高手赐教.谢谢

Scan saved at 10:28:35, on 2005-11-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\shadu\HijackThis.exe

O1 - Hosts: 61.129.15.77 popme.163.com
O1 - Hosts: 61.129.15.77 www.xk99.com
O1 - Hosts: 61.129.15.77 www.006.net
O1 - Hosts: 61.129.15.77 006.net
O1 - Hosts: 61.129.15.77 www.cmfu.com
O1 - Hosts: 61.129.15.77 www.free120.com
O1 - Hosts: 61.129.15.77 www.4577.com
O1 - Hosts: 61.129.15.77 www.9617.com
O1 - Hosts: 61.129.15.77 www.fjwz.com
O1 - Hosts: 61.129.15.77 partner.cpc.sohu.com
O1 - Hosts: 61.129.15.77 ad4.sina.com.cn
O1 - Hosts: 61.129.15.77 music.17o8.comer.cpc.sohu.com
O1 - Hosts: 61.129.15.77 ad.tom.com
O1 - Hosts: 61.129.15.77 search.union.3721.com
O1 - Hosts: 61.129.15.77 post.baidu.com
O1 - Hosts: 61.129.15.77 mp3.baidu.com
O1 - Hosts: 61.129.15.77 image.baidu.com
O1 - Hosts: 61.129.15.77 site.google.com
O1 - Hosts: 61.129.15.77 flash.baidu.com
O1 - Hosts: 61.129.15.77 assistant.3721.com
O1 - Hosts: 61.129.15.77 pfp.sina.com.cn
O1 - Hosts: 61.129.15.77 cn.websearch.yahoo.com
O1 - Hosts: 61.129.15.77 sms.qq.com
O1 - Hosts: 61.129.15.77 www.qq.com
O1 - Hosts: 61.129.15.77 partner.lead2.com.cn
O1 - Hosts: 61.129.15.77 ad.cn.doubleclick.net
O1 - Hosts: 61.129.15.77 auto.search.msn.com
O1 - Hosts: 61.129.15.77 www.ourgame.com
O1 - Hosts: 61.129.15.77 www.the9.com
O1 - Hosts: 61.129.15.77 www.flashempire.com
O1 - Hosts: 61.129.15.77 www.qq163.com
O1 - Hosts: 61.129.15.77 www.9sky.com
O1 - Hosts: 61.129.15.77 www.tom-1.com
O1 - Hosts: 61.129.15.77 www.17173.com
O1 - Hosts: 61.129.15.77 www.yaotou.com
O1 - Hosts: 61.129.15.77 union.3721.com
O1 - Hosts: 61.129.15.77 music.feifa.com
O1 - Hosts: 61.129.15.77 www.vodfans.com
O1 - Hosts: 61.129.15.77 www.sogua.com
O1 - Hosts: 61.129.15.77 fm974.tom.com
O1 - Hosts: 61.129.15.77 ent.tom.com
O1 - Hosts: 61.129.15.77 music.tyfo.com
O1 - Hosts: 61.129.15.77 www.wanwa.com
O1 - Hosts: 61.129.15.77 www.guang.org
O1 - Hosts: 61.129.15.77 www.wz.zj.cn
O1 - Hosts: 61.129.15.77 www.3189.net
O1 - Hosts: 61.129.15.77 music.17o8.com
O1 - Hosts: 61.129.15.77 www.99music.net
O1 - Hosts: 61.129.15.77 www.cococ.com
O1 - Hosts: 61.129.15.77 www.qqqq.cn
O1 - Hosts: 61.129.15.77 www.bnb.com.cn
O1 - Hosts: 61.129.15.77 www.z163.com
O1 - Hosts: 61.129.15.77 game.163.com
O1 - Hosts: 61.129.15.77 games.sina.com.cn
O1 - Hosts: 61.129.15.77 www.v111.com
O1 - Hosts: 61.129.15.77 music.v111.com
O1 - Hosts: 61.129.15.77 www.3tom.com
O1 - Hosts: 61.129.15.77 www.xkqq.com
O1 - Hosts: 61.129.15.77 www.verymp3.com
O1 - Hosts: 61.129.15.77 www.91look.com
O1 - Hosts: 61.129.15.77 www.168101.com
O1 - Hosts: 61.129.15.77 www.cmfu.com
O1 - Hosts: 61.129.15.77 www.woogood.com
O1 - Hosts: 61.129.15.77 www.haodx.com
O1 - Hosts: 61.129.15.77 www.yingku.com
O1 - Hosts: 61.129.15.77 www.flash51.com
O1 - Hosts: 61.129.15.77 www.17haha.com
O1 - Hosts: 61.129.15.77 www.432.cn
O1 - Hosts: 61.129.15.77 www.cnxp.com
O1 - Hosts: 61.129.15.77 www.hjsm.net
O1 - Hosts: 61.129.15.77 music.8wa.com
O1 - Hosts: 61.129.15.77 www.66vv.com
O1 - Hosts: 61.129.15.77 www.musicfbi.com
O1 - Hosts: 61.129.15.77 www.vv66.com
O1 - Hosts: 61.129.15.77 www.139mm.com
O1 - Hosts: 61.129.15.77 www.130wg.com
O1 - Hosts: 61.129.15.77 www.flashsea.com
O1 - Hosts: 61.129.15.77 movie.59178.com
O1 - Hosts: 61.129.15.77 www.wo123.com
O1 - Hosts: 61.129.15.77 www.1ya.cn
O1 - Hosts: 61.129.15.77 www.happy8.cn
O1 - Hosts: 61.129.15.77 www.s6.cn
O1 - Hosts: 61.129.15.77 www.hao123.com
O1 - Hosts: 61.129.15.77 www.qqee.com
O1 - Hosts: 61.129.15.77 imgu.21cn.com
O1 - Hosts: 61.129.15.77 www.sohu123.com
O1 - Hosts: 61.129.15.77 www.chinamp3.com
O1 - Hosts: 61.129.15.77 www.18z.net
O1 - Hosts: 61.129.15.77 www.ssxs.com
O1 - Hosts: 61.129.15.77 www.fjwz.net
O1 - Hosts: 61.129.15.77 www.wo365.com
O1 - Hosts: 61.129.15.77 www.zhao99.com
O1 - Hosts: 61.129.15.77 www.cn808.net
O1 - Hosts: 61.129.15.77 www.tt55.net
O1 - Hosts: 61.129.15.77 www.mp3tt.com
O1 - Hosts: 61.129.15.77 www.yi5.com
O1 - Hosts: 61.129.15.77 www.haozs.com
O1 - Hosts: 61.129.15.77 www.77ttt.com
O1 - Hosts: 61.129.15.77 www.77xi.com
O1 - Hosts: 61.129.15.77 13258.com
O1 - Hosts: 61.129.15.77 www.13258.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\aa\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: ShowBarObject Class - {850B69E4-90DB-4F45-8621-891BF35A5B53} - C:\WINDOWS\System32\alitb\__new\bar.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: IE伴郎 - {B225B89D-5E95-4194-98E8-149993071B31} - C:\PROGRA~1\NETMEE~1\CALLCO~1.DLL
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [thunder_mini] C:\Program Files\Maxthon\Thundermini\ThunderMini.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [Timplatform] C:\Documents and Settings\JOTA\Timplatform.exe
O4 - HKLM\..\Run: [迅雷4] C:\Program Files\Sandai Technologies Inc\Thunder\MediaIssue\TDUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [3e55004d0d14f4009287983275fd0788] "C:\KAV2005\Setup\Duba2005IS.801.5.EXE" -t 801.5
O4 - Startup: 桌面媒体.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\zsearch.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL/mms.htm
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Sandai Technologies Inc\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Sandai Technologies Inc\Thunder\getAllurl.htm
O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Maxthon\Thundermini\geturl.htm
O8 - Extra context menu item: 使用Kugoo下载 - C:\PROGRA~1\KUGOO2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ2\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ2\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ2\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - F:\BT\BitSpirit\bsurl.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
gototop
 
boluomi1021
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2005-11-24
  • 来自:
发表于: 2005-11-24 10:53 | 短消息 资料
字号: 32楼

O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - C:\WINDOWS\System32\alitb\__new\bar.dll
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE (file missing)
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - Extra button: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bbsky.wuhan.net.cn/nettv/plugin/PowerPlr.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O23 - Service: Download Service - Unknown owner - C:\WINDOWS\System32\SeedServ.exe
O23 - Service: Event Client - Unknown owner - C:\Program Files\zsxz\UrlService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: NETSERVICE - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: U8管理软件 (UFNet) - Unknown owner - C:\WINDOWS\system32\ServerNT.EXE
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-11-24 11:26 | 短消息 资料
字号: 33楼

【回复“boluomi1021”的帖子】
“网络猪”的项目、“划词搜索”、“MMSAssist”,如果楼主不想使用,请到开始-->设置-->控制面板-->添加删除程序, 卸载

重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

开始→控制面板→性能和维护→管理工具→服务→查找Download Service、Event Client、NETSERVICE→右击→属性→启动类型→禁止→应用→停止→确定。

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)

所有01项

O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll (file missing)
O2 - BHO: ShowBarObject Class - {850B69E4-90DB-4F45-8621-891BF35A5B53} - C:\WINDOWS\System32\alitb\__new\bar.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: IE伴郎 - {B225B89D-5E95-4194-98E8-149993071B31} - C:\PROGRA~1\NETMEE~1\CALLCO~1.DLL
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\zsearch.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL/mms.htm
O9 - Extra button: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - C:\WINDOWS\System32\alitb\__new\bar.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~4.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除:(如果有的话)
C:\WINDOWS\SYSTEM32\stdup.dll
C:\WINDOWS\System32\qylhelper.dll
C:\PROGRA~1\NETMEE~1\CALLCO~1.DLL
C:\WINDOWS\System32\SeedServ.exe
C:\Program Files\zsxz\UrlService.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.dll
C:\WINDOWS\svchost_hook.dll
C:\WINDOWS\svchostkey.dll
删除文件夹C:\PROGRA~1\MMSASS~1
删除文件夹C:\WINDOWS\System32\alitb
删除文件夹C:\WINDOWS\WORLD2
删除文件夹C:\Program Files\wsearch
删除文件夹C:\Program Files\HuaCi
gototop
 
wangxing
头像
初生襁褓狮
  • 帖子:0
  • 注册: 2005-11-24
  • 来自:
发表于: 2005-11-24 21:11 | 短消息 资料
字号: 34楼

你好我的电脑也中了BACKDOOR.GPIGEON.THJ病毒,请高手帮忙好吗?
Logfile of HijackThis v1.99.1
Scan saved at 20:58:02, on 2005-11-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\System32\RunDll32.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\Program Files\Rising\Rfw\RfwMain.exe
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\SeedServ.exe
C:\Program Files\zsxz\UrlService.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\zsxz\IEUrldrive.exe
D:\新建文件夹\HijackThis.exe

R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: CopySo拷贝搜 - {40987A5C-6AB8-4977-8BE9-A8889DE2EDCC} - C:\Program Files\Copyso\CopysoIE.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\IEBAR2~1.DLL
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "d:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: 桌面媒体.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://C:\Herosoft\HeroV8\DVDSkin\defskin\HTML\swflash.cab
O23 - Service: Applicatiomn - Unknown owner - C:\WINDOWS\Systemn.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Download Service - Unknown owner - C:\WINDOWS\System32\SeedServ.exe
O23 - Service: Event Client - Unknown owner - C:\Program Files\zsxz\UrlService.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
gototop
 
飞跃迷离
头像
社区嘉宾
  • 帖子:7351
  • 注册: 2004-10-15
  • 来自:
发表于: 2005-11-24 21:29 | 短消息 资料
字号: 35楼

【回复“wangxing”的帖子】
重新启动到安全模式(进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。)

开始→控制面板→性能和维护→管理工具→服务→查找Applicatiomn、Download Service、Event Client→右击→属性→启动类型→禁止→应用→停止→确定。

请关闭所有IE界面,重新使用HijackThis扫描一次,选中下面建议修复的项目,让HijackThis修复,修复前请允许HijackThis保留备份。(如果楼主知道是安全的可以不必勾选)
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 天下搜索 - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\IEBAR2~1.DLL
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件(推荐)和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除:(如果有的话)
C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll
C:\WINDOWS\DOWNLO~1\CONFLICT.1\IEBAR2~1.DLL
C:\Program Files\zsxz\UrlService.exe
C:\Program Files\zsxz\IEUrldrive.exe
C:\WINDOWS\Systemn.exe
C:\WINDOWS\Systemn.dll
C:\WINDOWS\Systemn_hook.ddll
C:\WINDOWS\Systemnkey.dll
C:\WINDOWS\System32\SeedServ.exe

关于O10 - Hijacked Internet access by New.Net
可以在控制面版中卸载NewDotNet
gototop
 
斌临陈下
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-11-21
  • 来自:
发表于: 2005-11-25 16:35 | 短消息 资料
字号: 36楼

HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:34:09, 日期 2005-11-25
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\Tencent\QQ\QQ.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo\KUGOO3~1.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\PROGRA~1\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\PROGRA~1\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 反向链接 - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 类似网页 - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IE右键菜单中的新增项目: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O9 - 浏览器额外的按钮: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - 浏览器额外的按钮: JUJU猫 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.jujumao.net (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119938873765
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - D:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
gototop
 
斌临陈下
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2005-11-21
  • 来自:
发表于: 2005-11-25 16:36 | 短消息 资料
字号: 37楼

望高人指教,谢谢!
gototop
 
花落花又开
头像
社区嘉宾
  • 帖子:6782
  • 注册: 2005-04-16
  • 来自:
发表于: 2005-11-25 16:42 | 短消息 资料
字号: 38楼

【回复“斌临陈下”的帖子】
您的电脑出了什么问题?请另开新帖.谢谢配合.
gototop
 
<<上一主题|下一主题>>
1234   4  /  4  页   跳转
页面顶部
Powered by Discuz!NT