瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 BackDoor GPigeon.tar,这是什么病毒,怎么清除了还有啊!!!

12   1  /  2  页   跳转

BackDoor GPigeon.tar,这是什么病毒,怎么清除了还有啊!!!

收藏
cookieqq
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2005-11-21
  • 来自:
发表于: 2005-11-21 14:06 | 只看楼主 短消息 资料
字号: 1楼

BackDoor GPigeon.tar,这是什么病毒,怎么清除了还有啊!!!

用瑞星杀完后,重新开机后又有了,到底怎么杀啊

IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->BackDoor.GPigeon.tar
最后编辑2005-11-23 00:14:56
分享到:
gototop
 
北京不眠夜
头像
初生襁褓狮
  • 帖子:217
  • 注册: 2004-09-15
  • 来自:
发表于: 2005-11-21 14:31 | 短消息 资料
字号: 2楼

把hijackthis的日志贴上来看看。

如果我没有及时回复,给我发送悄悄话即可。
gototop
 
cookieqq
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2005-11-21
  • 来自:
发表于: 2005-11-21 15:34 | 只看楼主 短消息 资料
字号: 3楼

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 15:39:46, on 2005-11-21
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealOne Player\realplay.exe
D:\Program Files\TT\TTraveler.exe
D:\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO:
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\My Music\eMule\eMule.exe -AutoStart
O4 - HKLM\..\RunOnce: [CnsAssecblk] regsvr32.exe /s C:\PROGRA~1\3721\Assist\assecblk.dll
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.dat
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O11 - Options group: [!CNS] 
O16 - DPF: {2761225D-F0F2-44E8-A2C9-476FB6A3316A} (QQLive TRadio Control) - http://dl_dir.qq.com/qqtools/trsetup.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0AF8A66-7523-48AB-9A77-C013BCA9FA27}: NameServer = 172.16.1.10,202.101.107.55
gototop
 
丑的惊动党中央
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2004-10-12
  • 来自:
发表于: 2005-11-21 15:37 | 短消息 资料
字号: 4楼

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Nero 7\Nero 7\InCD\InCDsrv.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
D:\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\pstray\PSTrayFactory.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\TrueImageEnterprise\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Nero 7\Nero 7\InCD\InCD.exe
D:\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\crypserv.exe
D:\Internet Download Manager\IDMan.exe
D:\DesktopSprite2\DesktopSprite.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\drivers\WDelMgr20.exe
d:\maxthon\maxthon.exe
d:\Maxthon\Maxthon.exe
d:\TC653\totalcmd\totalcmd\Totalcmd.exe
d:\Maxthon\Maxthon.exe
C:\WINDOWS\regedit.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1991zww.exe

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TeachingHandler - {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} - C:\WINDOWS\system32\TPHANDLE.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A551EA92-83F3-D3AF-4A31-C253F68EDE9D} - C:\DOCUME~1\ADMINI~1\APPLIC~1\FINDBA~1\Mail data.exe
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [Acrobat Assistant 7.0] "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - 启动项HKLM\\Run: [TrueImageMonitor.exe] D:\TrueImageEnterprise\TrueImageMonitor.exe
O4 - 启动项HKLM\\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [InCD] D:\Nero 7\Nero 7\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\RunOnce: [TrayFactory] D:\pstray\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DesktopSprite] D:\DesktopSprite2\DesktopSprite.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Support Mix Cash Tool] C:\Documents and Settings\All Users\Application Data\RefListSupportMix\Face save.exe
O4 - HKCU\..\Run: [RefBib] C:\DOCUME~1\ADMINI~1\APPLIC~1\SETTIN~1\debugdeafcamp.exe
O4 - Startup: TotalCmd (水晶 2).lnk = D:\TC653\totalcmd\tc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - IE右键菜单中的新增项目: Convert link target to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert link target to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: Convert selected links to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: Convert selected links to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: Convert selection to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert selection to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: Convert to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载 - D:\Internet Download Manager\IEExt.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载所有链接 - D:\Internet Download Manager\IEGetAll.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\flashget\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\flashget\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - NT 服务: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - D:\Nero 7\Nero 7\InCD\InCDsrv.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - NT 服务: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe
O23 - NT 服务: Windows User Mode Driver - Unknown owner - C:\WINDOWS\svchost.exe
gototop
 
北京不眠夜
头像
初生襁褓狮
  • 帖子:217
  • 注册: 2004-09-15
  • 来自:
发表于: 2005-11-21 15:41 | 短消息 资料
字号: 5楼

楼主你提取的信息不全阿
gototop
 
北京不眠夜
头像
初生襁褓狮
  • 帖子:217
  • 注册: 2004-09-15
  • 来自:
发表于: 2005-11-21 15:42 | 短消息 资料
字号: 6楼

3楼修复
O23 - NT 服务: Windows User Mode Driver - Unknown owner - C:\WINDOWS\svchost.exe
gototop
 
cookieqq
头像
初生襁褓狮
  • 帖子:19
  • 注册: 2005-11-21
  • 来自:
发表于: 2005-11-21 15:42 | 只看楼主 短消息 资料
字号: 7楼

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:48:17, 日期 2005-11-21
操作系统:  Windows XP  (WinNT 5.01.2600)
浏览器:    Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Real\RealOne Player\realplay.exe
D:\Program Files\TT\TTraveler.exe
D:\新建文件夹\HijackThis1991zww.exe

O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\RunOnce: [CnsAssecblk] regsvr32.exe /s C:\PROGRA~1\3721\Assist\assecblk.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\My Music\eMule\eMule.exe -AutoStart
O4 - Startup: 新浪UC.lnk = C:\Program Files\sina\UC\uc.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {2761225D-F0F2-44E8-A2C9-476FB6A3316A} (QQLive TRadio Control) - http://dl_dir.qq.com/qqtools/trsetup.exe
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0AF8A66-7523-48AB-9A77-C013BCA9FA27}: NameServer = 172.16.1.10,202.101.107.55
O23 - NT 服务: cmd - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
gototop
 
丑的惊动党中央
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2004-10-12
  • 来自:
发表于: 2005-11-21 15:59 | 短消息 资料
字号: 8楼

楼上的修复
O23 - NT 服务: cmd - Unknown owner - C:\WINDOWS\G_Server2.0.exe
gototop
 
jijip
头像
初生襁褓狮
  • 帖子:972
  • 注册: 2005-06-16
  • 来自:
发表于: 2005-11-21 16:09 | 短消息 资料
字号: 9楼

O23 - NT 服务: cmd - Unknown owner - C:\WINDOWS\G_Server2.0.exe
这个是灰鸽子,请参考
(endurer)http://forum.ikaka.com/topic.asp?board=28&artid=7422438
(baohe)http://forum.ikaka.com/topic.asp?board=28&artid=6202404
这2贴内容手动杀掉鸽子.
gototop
 
七彩黄花菜萱草
头像
锋芒艾服狮
  • 帖子:1312
  • 注册: 2005-08-09
  • 来自:
发表于: 2005-11-21 16:14 | 短消息 资料
字号: 10楼

引用:
【丑的惊动党中央的贴子】当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Nero 7\Nero 7\InCD\InCDsrv.exe
D:\RISING\RAV\Ravmond.exe
D:\RISING\RAV\RavStub.exe
D:\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\pstray\PSTrayFactory.exe
C:\Program Files\JJOL\IME\JJSvr.EXE
D:\RISING\RAV\RAVTIMER.EXE
D:\RISING\RAV\RAVMON.EXE
D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\TrueImageEnterprise\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Nero 7\Nero 7\InCD\InCD.exe
D:\Rising\Rfw\rfwmain.exe
C:\WINDOWS\system32\crypserv.exe
D:\Internet Download Manager\IDMan.exe
D:\DesktopSprite2\DesktopSprite.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\drivers\WDelMgr20.exe
d:\maxthon\maxthon.exe
d:\Maxthon\Maxthon.exe
d:\TC653\totalcmd\totalcmd\Totalcmd.exe
d:\Maxthon\Maxthon.exe
C:\WINDOWS\regedit.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1991zww.exe

O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TeachingHandler - {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} - C:\WINDOWS\system32\TPHANDLE.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A551EA92-83F3-D3AF-4A31-C253F68EDE9D} - C:\DOCUME~1\ADMINI~1\APPLIC~1\FINDBA~1\Mail data.exe
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [RavTimer] D:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [Acrobat Assistant 7.0] "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - 启动项HKLM\\Run: [TrueImageMonitor.exe] D:\TrueImageEnterprise\TrueImageMonitor.exe
O4 - 启动项HKLM\\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [InCD] D:\Nero 7\Nero 7\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\RunOnce: [TrayFactory] D:\pstray\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DesktopSprite] D:\DesktopSprite2\DesktopSprite.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Support Mix Cash Tool] C:\Documents and Settings\All Users\Application Data\RefListSupportMix\Face save.exe
O4 - HKCU\..\Run: [RefBib] C:\DOCUME~1\ADMINI~1\APPLIC~1\SETTIN~1\debugdeafcamp.exe
O4 - Startup: TotalCmd (水晶 2).lnk = D:\TC653\totalcmd\tc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - IE右键菜单中的新增项目: Convert link target to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert link target to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: Convert selected links to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: Convert selected links to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: Convert selection to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert selection to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: Convert to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: Convert to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载 - D:\Internet Download Manager\IEExt.htm
O8 - IE右键菜单中的新增项目: 使用 IDM 下载所有链接 - D:\Internet Download Manager\IEGetAll.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\flashget\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\flashget\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{9370724D-0F32-4B22-B011-C49AD3044E6B}: NameServer = 210.44.23.167,202.102.134.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - NT 服务: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - D:\Nero 7\Nero 7\InCD\InCDsrv.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Rising\Rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RISING\RAV\Ravmond.exe
O23 - NT 服务: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe
O23 - NT 服务: Windows User Mode Driver - Unknown owner - C:\WINDOWS\svchost.exe

...........................

O23 - NT 服务: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe
O23 - NT 服务: Windows User Mode Driver - Unknown owner - C:\WINDOWS\svchost.exe
疑似鸽子。

参考
关于查杀“灰鸽子2005”的一点建议
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
“新版灰鸽子”的一些特点及手工查杀举例
http://forum.ikaka.com/topic.asp?board=28&artid=7156227

瑞星“灰鸽子”专杀:http://it.rising.com.cn/service/technology/Ravgpk_Download.htm
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT