如何查杀灰鸽子Backdoor.GPigeon等病毒

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛如何查杀灰鸽子Backdoor.GPigeon等病毒

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

123

2 / 3 页

跳转页

神无锋芒艾服狮帖子:1938 注册: 2005-06-16 来自:	发表于： 2005-11-20 20:12 \| 短消息资料字号：小中大 11楼 D:\Program Files\Cerberus FTP Server\Cerberus.exe O4 - Startup: FTP服务器.lnk = D:\Program Files\Cerberus FTP Server\Cerberus.exe 这个是什么东西.
神无锋芒艾服狮帖子:1938 注册: 2005-06-16 来自:

Haiming0083 初生襁褓狮帖子:17 注册: 2005-09-11 来自:	发表于： 2005-11-20 20:29 \| 短消息资料字号：小中大 12楼灰鸽子手动查杀方法 http://cn.tech.yahoo.com/051101/556/27isa.html
Haiming0083 初生襁褓狮帖子:17 注册: 2005-09-11 来自:

开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:	发表于： 2005-11-20 20:33 \| 只看楼主短消息资料字号：小中大 13楼那是我的FTP服务
开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:

开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:	发表于： 2005-11-20 21:34 \| 只看楼主短消息资料字号：小中大 14楼 HijackThis_815汉化版扫描日志 V1.99.1 保存于 21:32:08, 日期 2005-11-20 操作系统： Windows 2000 SP4 (WinNT 5.00.2195) 浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106) 当前运行的进程： C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe D:\PROGRAM FILES\RISING\RAV\Ravmond.exe D:\PROGRAM FILES\RISING\RAV\RavStub.exe d:\program files\rising\rfw\rfwsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\llssrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\msdtc.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINNT\Explorer.EXE d:\program files\rising\rfw\RfwMain.exe D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE D:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\WINNT\system32\ctfmon.exe D:\Program Files\Cerberus FTP Server\Cerberus.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE D:\PROGRA~1\RISING\RAV\Rav.exe D:\PROGRA~1\RISING\RAV\RsAgent.exe C:\WINNT\msagent\AgentSvr.exe C:\DOCUME~1\zhangda1979\Local Settings\Temp\Rar$EX01.297\HijackThis1991zww.exe O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BDBar_tmp\BaiduBar.dll (file missing) O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BDBar_tmp\BaiduBar.dll (file missing) O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - 启动项HKLM\\Run: [system safety monitor] C:\Program Files\System Safety Monitor\SysSafe.exe O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Startup: FTP服务器.lnk = D:\Program Files\Cerberus FTP Server\Cerberus.exe O11 - Options group: [!CNS] 上网助手-地址栏搜索 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126832651203 O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{161F0297-56A3-4890-A89B-322036BA2EAB}: NameServer = 219.146.0.130,219.150.32.132 O17 - HKLM\System\CS1\Services\Tcpip\..\{161F0297-56A3-4890-A89B-322036BA2EAB}: NameServer = 219.146.0.130,219.150.32.132 O17 - HKLM\System\CS2\Services\Tcpip\..\{161F0297-56A3-4890-A89B-322036BA2EAB}: NameServer = 219.146.0.130,219.150.32.132 O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe 问题解决了谢谢大家的支持！！！！！！！！！！！谢谢了
开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:

开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:	发表于： 2005-11-20 21:36 \| 只看楼主短消息资料字号：小中大 15楼原来在系统文件夹里有一个受保护的W32.EXE文件，删除了就一切OK了
开拓者CN 初生襁褓狮帖子:19 注册: 2005-11-20 来自:

liuhippo1 初生襁褓狮帖子:1 注册: 2005-11-22 来自:	发表于： 2005-11-23 00:02 \| 短消息资料字号：小中大 16楼 HijackThis_815汉化版扫描日志 V1.99.1 保存于 23:38:29, 日期 2005-11-22 操作系统： Windows XP SP2 (WinNT 5.01.2600) 浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180) 当前运行的进程： C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Rising\Rfw\rfwsrv.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE C:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\Program Files\Rising\Rfw\RfwMain.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TT\TTraveler.exe C:\WINDOWS\system32\DllHost.exe C:\Documents and Settings\liuhippo\桌面\4842302005817230232\HijackThis1991zww.exe O1 - Hosts: 202.85.22.10 bbs.100free.net O1 - Hosts: 202.85.22.10 100free.net O1 - Hosts: 202.85.22.10 www.100free.net O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: TeachingHandler - {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} - C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_90.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo2\KUGOO3~1.OCX O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - 启动项HKLM\\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - 启动项HKLM\\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - 启动项HKLM\\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera O4 - 启动项HKLM\\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getallurl.htm O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo2\KuGoo3DownX.htm O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing) O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - 浏览器额外的按钮: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\WINDOWS\system32\shdocvw.dll O9 - 浏览器额外的按钮: TOL24 - {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} - http://www.TOL24.com (file missing) O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O11 - Options group: [TBH] QQ地址栏搜索插件 O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://rick.viewnetcam.com/kxhcm10.ocx O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.gamestv.com.cn/broadcast/bin/gamestv.cab O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://bbmedia.qq.com/media/QQLiveSetup.exe O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://219.117.194.183:81/SysCamInst.cab O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.76_20051110.cab O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll O23 - NT 服务: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - NT 服务: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - NT 服务: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - NT 服务: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\Rising\Rfw\rfwsrv.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - NT 服务: system32 - Unknown owner - C:\WINDOWS\system32.exe O23 - NT 服务: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 请帮帮忙
liuhippo1 初生襁褓狮帖子:1 注册: 2005-11-22 来自:

叱咤花甲狮

帖子:4210
注册: 2005-04-10
来自:怀黯

发表于： 2005-11-23 00:55 | 短消息资料

字号：小中大 17楼

引用:

【liuhippo1的贴子】
请帮帮忙

...........................

O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
修复上面几项，并删除下面的文件。
C:\WINDOWS\System32\stdup.dll

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
（O10 - Hijacked Internet access by New.Net）
这是被广告程序New.Net劫持的症状（可以通过“控制面板——添加删除”来卸载试试）祥细介绍，可以参阅下面这个链接~~~
http://it.rising.com.cn/newSite/Channels/Safety/SafetyResourse/Safe_Foundation/200408/05-170016274.htm

O23 - NT 服务: system32 - Unknown owner - C:\WINDOWS\system32.exe
鸽子
开始》运行》输入 Regedit.exe 》确定
打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \

SERVICES分支，删除左栏中的病毒服务名 system32
重启系统，
打开我的电脑》工具》文件夹选项》查看》显示所有文件，显示系统文件》确定
查找并删除以下文件
C:\WINDOWS\system32.exe
及该文件夹下以system32为文件名的DLL文件（看清文件路径~~）

liuhippo1 初生襁褓狮帖子:1 注册: 2005-11-22 来自:	发表于： 2005-11-23 12:23 \| 短消息资料字号：小中大 18楼太感谢了
liuhippo1 初生襁褓狮帖子:1 注册: 2005-11-22 来自:

奈无初生襁褓狮帖子:446 注册: 2005-11-26 来自:	发表于： 2005-11-26 23:56 \| 短消息资料字号：小中大 19楼 HijackThis_zww汉化版扫描日志 V1.99.1 保存于 1:10:58, 日期 2005-11-22 操作系统： Windows XP SP2 (WinNT 5.01.2600) 浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180) 当前运行的进程： C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINXP\system32\spoolsv.exe C:\WINXP\system32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINXP\Explorer.EXE c:\program files\rising\rfw\RfwMain.exe c:\program files\tencent\tt\ttraveler.exe C:\Program Files\HTime\HTime.exe C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE C:\WINXP\SOUNDMAN.EXE C:\PROGRA~1\RISING\RAV\RAVMON.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINXP\system32\ctfmon.exe C:\DOCUME~1\史晓浩.SXH\LOCALS~1\Temp\Rar$EX00.891\HijackThis1991zww.exe C:\Program Files\Tencent\TT\TTraveler.exe O1 - Hosts: 211.154.219.10 www.readnovel.com O1 - Hosts: 61.185.51.24 www.iciba.net O1 - Hosts: 219.238.233.202 www.rising.com.cn O1 - Hosts: 61.139.126.8 www.fainfo.com O1 - Hosts: 61.139.126.8 www.fainfo.com O1 - Hosts: 218.75.150.63 www.lxyz.net O1 - Hosts: 61.152.173.36 www.12333.gov.cn O1 - Hosts: 211.157.1.25 www.neworiental.org O1 - Hosts: 219.133.38.199 jump.qq.com O1 - Hosts: 218.242.243.26 www.cableplus.com.cn O1 - Hosts: 211.167.104.6 www.ocn.net.cn O1 - Hosts: 207.44.226.5 bbs.fazhan.com O1 - Hosts: 67.15.7.16 www.3down.com O1 - Hosts: 218.242.174.168 www.fangdi.com.cn O1 - Hosts: 218.244.110.111 www.ehomeday.com O1 - Hosts: 202.147.5.135 www.trendmicro.com O1 - Hosts: 202.106.174.19 www.sda.gov.cn O1 - Hosts: 219.237.204.99 www.cde.org.cn O1 - Hosts: 61.141.232.181 www.ccd.org.cn O1 - Hosts: 218.247.199.228 www.zybh.gov.cn O1 - Hosts: 218.244.47.203 www.tjhghg.com O1 - Hosts: 222.66.38.230 www.shanghai-air.com O1 - Hosts: 61.136.61.144 rss.chinabbs.com O1 - Hosts: 211.100.23.55 school.uland.com O1 - Hosts: 61.135.150.230 alumni.chinaren.com O1 - Hosts: 202.205.11.70 www.eol.cn O1 - Hosts: 202.120.127.203 www.shu.edu.cn O1 - Hosts: 202.121.241.7 www.shspu.edu.cn O1 - Hosts: 202.120.127.87 www.info.shu.edu.cn O1 - Hosts: 61.129.121.26 www.shmeea.com.cn O1 - Hosts: 210.34.128.137 www.jmu.edu.cn O1 - Hosts: 210.35.88.3 www.shiep.edu.cn O1 - Hosts: 128.83.40.145 www.utexas.edu O1 - Hosts: 65.163.26.153 www.keuka.edu O1 - Hosts: 218.16.122.16 www.okbt.com O1 - Hosts: 219.145.107.11 www.btgod.com O1 - Hosts: 219.133.31.26 www.szyongguang.com O1 - Hosts: 202.101.6.71 bt.chinabtbbt.com O1 - Hosts: 195.245.179.181 crdybtxzlst.blog.com O1 - Hosts: 195.245.179.181 mlkcrdylsta.blog.com O1 - Hosts: 195.245.179.181 tmfcrdyxzlst.blog.com O1 - Hosts: 222.36.40.111 www.wofei.net O1 - Hosts: 222.36.40.111 btbaby.cn O1 - Hosts: 218.94.124.36 bbs.btmyth.com O1 - Hosts: 219.153.10.57 bt.kaicn.com O1 - Hosts: 61.233.19.231 pd.oo.cn O1 - Hosts: 222.36.40.111 www.wofei.net O1 - Hosts: 210.75.23.72 bbs.itbbs.net O1 - Hosts: 61.129.77.239 bt2.cnxp.com O1 - Hosts: 61.129.75.76 www.lxy1868.cn O1 - Hosts: 67.15.7.163 emodao.com O1 - Hosts: 70.85.93.195 miksmi20.tollfreepage.com O1 - Hosts: 209.66.123.8 www.proxy4free.com O1 - Hosts: 202.85.22.10 bbs.100free.net O1 - Hosts: 202.85.22.10 100free.net O1 - Hosts: 202.85.22.10 www.100free.net O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINXP\system32\xunleibho_v4.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINXP\Downlo~1\ddtinit.dll O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file) O2 - BHO: KillObj Class - {66C28884-4E5D-494B-80C9-CAA27528FD6D} - C:\WINXP\Downlo~1\ddtkillw.ocx O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINXP\DOWNLO~1\BaiDuBar.dll O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file) O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - IE工具栏增项: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - (no file) O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O3 - IE工具栏增项: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINXP\DOWNLO~1\BaiDuBar.dll O3 - IE工具栏增项: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINXP\Downlo~1\DDTONG~1.DLL O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll O4 - 启动项HKLM\\Run: [AtiPTA] atiptaxx.exe O4 - 启动项HKLM\\Run: [HTime] C:\Program Files\HTime\HTime.exe O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINXP\system32\Rundll32.exe nmgamex.dll,LiveProcess /aa O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINXP\ime\imkr6_1\IMEKRMIG.EXE O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINXP\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINXP\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - 启动项HKLM\\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - 启动项HKLM\\Run: [StormCodec_Helper] "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - 启动项HKLM\\Run: [MINI_BFYY] D:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe O4 - 启动项HKLM\\Run: [vcdplay] C:\WINXP\system32\mvcdplay.exe O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - 启动项HKLM\\RunServices: [mmsk] D:\Program Files\木马杀客\mmsk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe O4 - HKCU\..\Run: [vcdplay] C:\WINXP\system32\mvcdplay.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - IE右键菜单中的新增项目: 添加到新浪点点通阅读器 - res://C:\WINXP\Downlo~1\RssReader.exe/RSSFEED.js O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm O8 - IE右键菜单中的新增项目: IBM 翻译设置(&U)... - C:\PROGRA~1\IBM翻~1\Setup.htm O8 - IE右键菜单中的新增项目: 使用彩信超级自写发送到手机 - http://mms.sina.com.cn/mmsnews.html O8 - IE右键菜单中的新增项目: 使用新浪下载助手下载 - C:\WINXP\Downlo~1\sinadl.htm O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - IE右键菜单中的新增项目: 发送图片到手机(&M) - http://sms.sina.com.cn/diy/send.html?from=467 O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - IE右键菜单中的新增项目: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt O8 - IE右键菜单中的新增项目: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt O8 - IE右键菜单中的新增项目: 新浪搜索 - http://cha.sina.com.cn/ddt.html O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUMP3.HTM O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUIMG.HTM O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUNEWS.HTM O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDULYRIC.HTM O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUSEARCH.HTM O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\WINXP\DOWNLO~1\BaiduBar.dll/BAIDUPOST.HTM O8 - IE右键菜单中的新增项目: 翻译全文(&R) - C:\PROGRA~1\IBM翻~1\TransAll.htm O8 - IE右键菜单中的新增项目: 翻译选中部分(&N) - C:\PROGRA~1\IBM翻~1\TransSel.htm O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINXP\system32\shdocvw.dll O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINXP\system32\shdocvw.dll O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - 浏览器额外的按钮: 易趣购物 - {DE607143-AC19-423e-860A-0D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607143-AC19-423e-860A-0D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing) O9 - 浏览器额外的按钮: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - C:\WINXP\Downlo~1\DDTONG~1.DLL O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - 浏览器额外的按钮: 翻译设置 - {8EE35810-C27A-11d3-99D9-52544C292A01} - C:\PROGRA~1\IBM翻~1\Setup.htm (file missing) (HKCU) O9 - 浏览器额外的按钮: 翻译全文 - {8EE35811-C27A-11d3-99D9-52544C292A01} - C:\PROGRA~1\IBM翻~1\TransAll.htm (file missing) (HKCU) O9 - 浏览器额外的按钮: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINXP\Downlo~1\rssband.dll (HKCU) O9 - 浏览器额外的“工具”菜单项: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - C:\WINXP\Downlo~1\rssband.dll (HKCU) O9 - 浏览器额外的按钮: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - C:\WINXP\Downlo~1\rssband.dll (HKCU)
奈无初生襁褓狮帖子:446 注册: 2005-11-26 来自:

奈无初生襁褓狮帖子:446 注册: 2005-11-26 来自:	发表于： 2005-11-26 23:58 \| 短消息资料字号：小中大 20楼 O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://sueyoshi.aa0.netvolante.jp/SysCamInst.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://210.163.212.70/kxhcm10.ocx O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINXP\system32\mbprot.dll O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: System Safety Monitor - C:\WINXP\SYSTEM32\SSMWinlogonEx.dll O23 - NT 服务: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe O23 - NT 服务: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe O23 - NT 服务: btsever - Unknown owner - C:\WINXP\btsever.exe O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINXP\system32\drivers\CDAC11BA.EXE O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - NT 服务: Server.exe - Unknown owner - C:\WINXP\Server.exe (file missing) O23 - NT 服务: System Safety Monitor (SSM) - System Safety - C:\Program Files\System Safety Monitor\SSMService.exe O23 - NT 服务: SVCH0ST.EXE - Unknown owner - C:\WINXP\SVCH0ST.exe (file missing) 请大侠帮忙看看，谢谢！
奈无初生襁褓狮帖子:446 注册: 2005-11-26 来自:

<<上一主题|下一主题>>

123

2 / 3 页

跳转页

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 如何查杀灰鸽子Backdoor.GPigeon等病毒

如何查杀灰鸽子Backdoor.GPigeon等病毒

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛如何查杀灰鸽子Backdoor.GPigeon等病毒