用瑞星查杀内存,发现名为“Backdoor.GPigeon.up ”的病毒,文件路径“IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE”
HijackThis_扫描日志 V1.99.1
保存于 16:53:42, 日期 2005-10-17
操作系统: Windows XP SP2 (WinNT 5.01.2600)
浏览器: Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\rising\Rfw\rfwmain.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
D:\RJG\优化\HB_Hijackthis1991\HijackThis1991汉化版\HijackThis1991zww.exe
O2 - BHO: URLMonitor Class - {3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} - C:\WINDOWS\system32\hap.dll
O2 - BHO: DownloadValue Class - {616D4040-5712-4F0F-BCF1-5C6420A99E14} - C:\WINDOWS\system32\winhtp.dll
O3 - IE工具栏增项: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\system32\bocaitoolbar.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\RJG\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\RJG\上传下载\BitComet\BitCometBar\BitCometBar0.1.dll (file missing)
O3 - IE工具栏增项: (no name) - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - (no file)
O3 - IE工具栏增项: (no name) - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - (no file)
O3 - IE工具栏增项: (no name) - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - (no file)
O3 - IE工具栏增项: 卡卡安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adsl.bat
O8 - IE右键菜单中的新增项目: POTU:订阅RSS地址频道 - D:\RJG\上传下载\RssReader\common\geturl.htm
O8 - IE右键菜单中的新增项目: POTU:订阅选定的RSS地址频道 - D:\RJG\上传下载\RssReader\common\getselect.htm
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\RJG\上传下载\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\RJG\上传下载\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\RJG\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\RJG\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\RJG\媒体相关\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\RJG\媒体相关\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用 Jerk Flash 提取该网页的 Flash - D:\RJG\媒体相关\Jerk Flash\JerkFlashPickUp.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\RJG\媒体相关\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607144-AC19-424e-863A-3D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - 浏览器额外的“工具”菜单项: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - 浏览器额外的按钮: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn (file missing)
O9 - 浏览器额外的按钮: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com (file missing)
O12 - IE插件,支持文件类型.pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://202.101.62.195:1995/VTrans.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer
Object) - http://www.xintv.com/download/ietimer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120941650546
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A290E29-85B8-41DC-AFF0-35A6B885BE0E}: NameServer = 202.102.152.3 202.102.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4B77738-C76D-431A-8F29-4979BDDA4053}: NameServer = 10.67.12.130,210.52.207.2
O23 - NT 服务: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: Networki Dervice Host (virtuai) - Unknown owner - C:\Program Files\Internet Explorer\cooliop.exe
O23 - NT 服务: Netwrk Derve Hsto (virtuarl) - Unknown owner - C:\Program Files\Internet Explorer\szpierootep.exe
O23 - NT 服务: VNN Client Service (VNNC) - Unknown owner - C:\Program Files\VNN\VNN Client 3.0\VNNClientC.exe" -service (file missing)
以上是我用HijackThis扫描的结果,求教各位高手这里面哪个是灰鸽子?该如何杀之?越具体越好,
,
因为我是新手而且第一此中招。
