Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\Ravmond.exe
d:\瑞星2006\瑞星2006放火墙\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\WINDOWS\system32\rundll32.exe
D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\RavTask.exe
D:\瑞星2006\瑞星2006放火墙\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\ctfmon.exe
D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\Ravmon.exe
C:\Program Files\racer-henan-cnc\racer.exe
D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\RavStub.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
G:\155847200541134207\HijackThis.exe
O2 - BHO: QQBrowserHelper
Object Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq2005\qq\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHG~1\FLASHGET\jccatch.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavTask] "D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "D:\瑞星2006\瑞星2006放火墙\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq2005\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet165\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FlashGet165\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq2005\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq2005\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq2005\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\网络游戏\浩方对战平台\浩方对战平台\GameClient.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\qq\QQIEHelper.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\瑞星2006\瑞星2006放火墙\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星2006\瑞星2006杀毒软件\Rising\Rav\Ravmond.exe
O23 - Service: Distributed Transaction (Transaction) - Unknown owner - C:\WINDOWS\windows.bat
每次用瑞星杀完,重启后仍然出现!
病毒文件名为 Backdoor.Gpigeon.ack
路径IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE
