怎样挡住灰鸽子（Backdoor.Gpigeon） bbs.ikaka.com

风来情 - 2005-11-27 0:26:00

帮我看看灰鸽子杀完了没有

HijackThis_815汉化版扫描日志 V1.99.1
保存于 0:25:23, 日期 2005-11-27
操作系统： Windows 2000 SP4 (WinNT 5.00.2195)
浏览器： Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\UPDATE\Update.exe
C:\WINNT\system32\asd\loadqm.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\rundll32.exe
E:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINNT\SYSTEM32\stdup.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMSCMIG40W] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [VikaClient] "C:\Program Files\VIKA\vkclient.exe"
O4 - 启动项HKLM\\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE\Update.exe
O4 - 启动项HKLM\\Run: [ats] C:\WINNT\system32\asd\loadqm.exe noshow
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: Office 启动.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft 文件检索.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek 扫描仪探测器.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://219.133.60.95:1080/qqtv/QQLive1.0Beta02.exe
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.75_20051031.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF81791E-B49C-4722-A212-D55FBB534A0D}: NameServer = 202.100.192.68
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

冒牌无赖 - 2005-11-27 8:41:00

求救!!!我的瑞星防火墙发现了灰鸽子,可是不懂怎么杀,杀毒程序根本就杀不到,急啊,请问如何解决啊???

落红醉春 - 2005-11-27 8:59:00

感谢楼主！不过我有个简单的方法，去瑞星下载一个专杀灰鸽子的软件，然后杀一下就搞定。

我蛮怀 - 2005-11-27 12:07:00

楼主中文的哪下的啊？告诉我啊！谢谢！

qinyu123 - 2005-11-27 20:17:00

以下是我瑞星杀毒的记录，请帮我看看是不是灰鸽子病毒，我该怎么办
1病毒名称处理结果发现日期扫描方式路径文件病毒来源
MS-4011 Exploit 清除成功 05-11-23 09:45 实时监控    219.138.171.212:53005
Blaster Rpc Exploit 清除成功 05-11-23 09:48 实时监控    219.138.8.173:518
Blaster Rpc Exploit 清除成功 05-11-23 09:58 实时监控    219.138.135.108:32524
MS-4011 Exploit 清除成功 05-11-23 10:00 实时监控    219.138.179.46:60423
Blaster Rpc Exploit 清除成功 05-11-23 10:01 实时监控    219.138.237.37:57105
Blaster Rpc Exploit 清除成功 05-11-23 10:18 实时监控    219.138.135.108:5638
Blaster Rpc Exploit 清除成功 05-11-23 10:21 实时监控    219.138.237.37:43280
Blaster Rpc Exploit 清除成功 05-11-23 10:23 实时监控    221.235.136.135:34056
Blaster Rpc Exploit 清除成功 05-11-23 10:23 实时监控    219.138.8.173:7440
Blaster Rpc Exploit 清除成功 05-11-23 10:24 实时监控    219.138.237.37:55825
Blaster Rpc Exploit 清除成功 05-11-23 10:31 实时监控    219.138.49.149:63247
Backdoor.Poebot.e 忽略 05-11-23 10:32 实时监控 C:\WINDOWS\system32 uzrp.exe 本机
Blaster Rpc Exploit 清除成功 05-11-23 10:32 实时监控    58.52.69.142:51985
Blaster Rpc Exploit 清除成功 05-11-23 10:33 实时监控    219.139.156.80:1554
Backdoor.Poebot.e 忽略 05-11-23 10:34 实时监控 C:\WINDOWS\system32 gqiwx.exe 本机

红花科技 - 2005-11-27 20:27:00

谢谢楼主

红花科技 - 2005-11-27 20:28:00

谢谢楼主！

liuyun7500 - 2005-11-27 23:32:00

引用:

【梦想成为高手的贴子】有个问题，打开任一程序，就会出来图2样子的应用程序活动窗口，让你选择如何处理，但你怎么判定它是灰鸽子病毒呢
...........................

我也很想知道，望斑竹解答

willck - 2005-11-28 2:44:00

这个病毒杀完从起机器还在内存上~~请问高手怎么完全杀掉？

AGG123 - 2005-11-28 16:15:00

<a href=http://www.aggtv.com>免费电影</a><a href=http://www.aggtv.com>agg在线</a><a href=http://www.aggtv.com>免费电影观看</a><a href=http://www.aggtv.com>免费成人电影</a><a href=http://www.aggtv.com>免费三级电影</a><a href=http://www.aggtv.com>免费在线电视</a>
<a href=http://www.aggtv.com>免费在线电影</a><a href=http://www.aggtv.com>在线电影免费</a>
<a href=http://www.whao.cn>印刷厂</a><a href=http://www.whao.cn>商标印刷厂</a>
<a href=http://www.whao.cn>深圳印刷</a><a href=http://www.whao.cn>标签印刷</a>
<a href=http://www.whao.cn>不干胶印刷</a><a href=http://www.whao.cn>印刷</a>
<a href=http://www.whao.cn>印刷商标</a><a href=http://www.whao.cn>商标印刷</a><a href=http://www.whao.cn>商标</a>
<a href=http://gzzx.whao.cn>印刷厂</a><a href=http://gzzx.whao.cn>商标印刷厂</a>
<a href=http://gzzx.whao.cn>深圳印刷</a><a href=http://gzzx.whao.cn>标签印刷</a>
<a href=http://gzzx.whao.cn>不干胶印刷</a><a href=http://gzzx.whao.cn>印刷</a>
<a href=http://gzzx.whao.cn>印刷商标</a><a href=http://gzzx.whao.cn>商标印刷</a><a href=http://gzzx.whao.cn>商标</a>雨刮片
雨刷片
汽车配件
汽车用品
雨刮片
雨刷片
WIPER
汽车配件
汽车用品
雨刮片
雨刷片
WIPER
雨刷片
雨刮片
雨刮片
雨刷片
本站新开,新注册用户送15天,5500部的海量电影随你观看.

xyzc - 2005-11-29 11:36:00

我也中了灰鸽子,这是我扫描的日志,帮忙看看,谢谢.
Logfile of HijackThis v1.99.1
Scan saved at 11:25:34, on 2005-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\VM_STI.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Tencent\qq\QQ.exe
E:\Program Files\Tencent\qq1\TIMPlatform.exe
D:\Documents and Settings\chenrijing\桌面\155847200541134207\HijackThis.exe
D:\WINDOWS\system32\svchost.exe

R3 - URLSearchHook: QQ Search Hook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - D:\Program Files\TENCENT\AddrPlus\IEHelp3.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - D:\Program Files\TENCENT\AddrPlus\IEHelp3.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\qq1\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Super Rabbit SRRestore] E:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [IMSCMig] D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [StormCodec_Helper] ; "E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [AddrPlus3] RUNDLL32.EXE D:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32
O4 - HKLM\..\Run: [KAVPersonal50] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] ; "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Super Rabbit Desktop Search] ; E:\Program Files\Super Rabbit\MagicSet\srsearch.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SonudMan] D:\WINDOWS\WNILOGON.exe
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\Tencent\qq1\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\qq1\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\fg165\v1.65\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\fg165\v1.65\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\qq1\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\qq1\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\qq1\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\qq1\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\qq1\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\qq1\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\qq1\QQIEHelper.dll
O11 - Options group: [TBH] QQ地址栏搜索插件
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: 235780AppInit.DLL
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

应该怎么删除呢?

baohe - 2005-11-29 16:31:00

【回复“xyzc”的帖子】
D:\WINDOWS\WNILOGON.exe

将此文件打包，发到：baohelin@yahoo.com.cn

kueriii - 2005-11-29 19:05:00

那个怎么变成中文阿

币币 - 2005-11-29 21:02:00

高手哈哈~~~~~~~~!!!!!!!!!!1

执子之手5257 - 2005-12-1 21:03:00

Backdoor.Gpigeon.5.dq 练就了不死之身啊
怎么搞定帮帮忙下面是我的日志

Logfile of HijackThis v1.99.1
Scan saved at 21:01:39, on 2005-12-1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rfw\RfwMain.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\Program Files\Rising\Rav\RavMon.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\program files\tencent\qq\TIMPlatform.exe
D:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\w\LOCALS~1\Temp\Rar$EX01.075\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v4.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\program files\tencent\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - d:\Program Files\BitComet\BitCometBar\BitCometBar0.2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - Startup: 瑞星个人防火墙.lnk = D:\Program Files\Rising\Rfw\rfwmain.exe
O4 - Startup: 瑞星监控中心.lnk = D:\Program Files\Rising\Rav\RavMon.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\program files\tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\program files\tencent\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\program files\tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\program files\tencent\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} (Blueskyvoice Control) - http://www.bliao.com/download/blueskyvoice_27.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F2A90C7-13F1-4A9A-A759-34735DE38FC2}: NameServer = 202.96.64.68,202.96.75.68
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server1.2.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - D:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe

C:\WINDOWS\G_Server1.2.exe
是病毒吧,还有哪个是啊,

碟舞天涯 - 2005-12-2 11:21:00

什么症状???
我不知道这个病毒在电脑表现什么症状

影子110 - 2005-12-2 17:47:00

引用:

【执子之手5257的贴子】Backdoor.Gpigeon.5.dq 练就了不死之身啊
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server1.2.exe

C:\WINDOWS\G_Server1.2.exe
是病毒吧,还有哪个是啊,
...........................

是鸽子~~~
请参照主帖查杀下~~~
或也可如下~~（也是版主的查杀方法，，
关闭IE等不必要的程序
清空临时文件夹
IE》属性》删除文件（包括脱机文件）》确定

开始》运行》输入 Regedit.exe 》确定
打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \

SERVICES分支，删除左栏中的病毒服务名 GrayPigeonServer
重启系统，
打开我的电脑》工具》文件夹选项》查看》显示所有文件，不隐藏受保护的操作系统文件》确定
我的电脑》工具》文件夹选项》查看》去掉“隐藏已知文件类型的扩展名”前的勾
查找并删除以下文件
C:\WINDOWS\G_Server1.2.exe
及该文件夹下以G_Server1.2为文件名的DLL文件
最后，再用杀软全盘查杀下~~~

physics0019 - 2005-12-2 19:11:00

帮忙看看

HijackThis_815汉化版扫描日志 V1.99.1

R3 - URLSearchHook: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - C:\WINDOWS\System32\diybar2\diybar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\陈掠玉癖彪隲\FLASHGET\fgiebar.dll (file missing)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: CopySo拷贝搜 - {40987A5C-6AB8-4977-8BE9-A8889DE2EDCC} - C:\Program Files\Copyso\CopysoIE.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - IE工具栏增项: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - C:\WINDOWS\System32\diybar2\diybar2.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - 启动项HKLM\\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RuunServices:[csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\RuunServices:[services] C:\WINDOWS\services.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe
O8 - IE右键菜单中的新增项目: !CopySo拷贝搜 - res://C:\Program Files\Copyso\CopysoIE.dll/copyso.htm
O8 - IE右键菜单中的新增项目: !全球排名 - res://C:\Program Files\Copyso\CopysoIE.dll/tops.htm
O8 - IE右键菜单中的新增项目: !反向链接 - res://C:\Program Files\Copyso\CopysoIE.dll/snapshot.htm
O8 - IE右键菜单中的新增项目: !网页快照 - res://C:\Program Files\Copyso\CopysoIE.dll/similar.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - E:\陈玉彪\FLASHGET\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - E:\陈玉彪\FLASHGET\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出当前页到超星阅览器(&A) - E:\陈玉彪\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导出选中部分到超星阅览器(&S) - E:\陈玉彪\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_3721_assist (file missing)
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\陈玉彪\FLASHGET\flashget.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\陈玉彪\FLASHGET\flashget.exe (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} (XDownload Class) - http://path.ssreader.com/ssreader/exe/ssdownload.cab
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://dl.51.net/download/diybar2.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106138520046
O16 - DPF: {8819C261-5B61-4628-908C-9BE795EABEC3} (IE Class) - http://www.95599.cn/download/ABC.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (NTKO Office Control) - http://jishubu01/module/OC/officecontrol.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {EF248BC9-F17D-4024-8868-71A5D22C667C} (Hbact.HbactObject) - http://59.36.96.15/download/updatelist/hap111.cab
O16 - DPF: {F553811C-C2CE-4A33-90B4-A6D333FDF794} (DreamSetup Control) - http://61.156.12.91/ddvod/user/help/player/DreamPlayer/DreamSetup.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.75_20051031.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{317F8C09-6F4A-4DD5-B397-C3ABDAD59FC0}: NameServer = 192.168.0.1
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: IMA_Server - Unknown owner - d:\MYOA\IMA\IMAServer.exe (file missing)
O23 - NT 服务: MeChat - Unknown owner - d:\MYOA\MeChat\MeChat.exe (file missing)
O23 - NT 服务: MySQL - Unknown owner - D:\MYOA\mysql\bin\mysqld-nt.exe (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Office_Anywhere - Unknown owner - d:\MYOA\bin\apache.exe" -k runservice (file missing)
O23 - NT 服务: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - NT 服务: System (System Info Server) - Unknown owner - C:\WINDOWS\Info.exe

小名 - 2005-12-2 22:48:00

问题怎么看啊，怎么知道是病毒呢？

老黑哥 - 2005-12-3 1:01:00

【回复“baohe”的帖子】楼主你好!我是菜鸟!我想请你在百忙中抽空帮我看看扫描日志可以吗?日志如下!
Logfile of HijackThis v1.99.0
Scan saved at 18:59:58, on 2005-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星2005杀毒软件\Ravmond.exe
D:\瑞星2005杀毒软件\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\瑞星20~1\RAVTIMER.EXE
D:\瑞星20~1\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\瑞星2005杀毒软件\CCENTER.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Donor\donor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\临时文件\Temp\Rar$EX00.266\HijackThis\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] D:\瑞星20~1\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\瑞星20~1\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmsk] D:\临时文件\Temp\Rar$EX02.500\木马杀客\mmsk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\BitSpirit\BitSpirit\bsurl.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\程序文件\GameClient.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O11 - Options group: [!CNS] 网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A43D8E-E8DE-415F-9296-12C5B93E5603}: NameServer = 202.98.160.68 202.98.161.68
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center - rising - D:\瑞星2005杀毒软件\CCENTER.EXE
O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - D:\瑞星2005杀毒软件\Ravmond.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

还有就是用用"木马杀客"扫描以后来是有这几个木马清除不掉啊!
硬盘中发现木马!-=>CNNIC.adware #3074
C:\WINDOWS\Downloaded Program Files\CnsHook.dll
木马在硬盘清除成功!
C:\WINDOWS\Downloaded Program Files\CnsHook.dll

硬盘中发现木马!-=>3721.adware #2348
C:\WINDOWS\Downloaded Program Files\CnsMin.dll
木马在硬盘清除成功!
C:\WINDOWS\Downloaded Program Files\CnsMin.dll

硬盘中发现木马!-=>3721.adware #2142
C:\WINDOWS\system32\cns.exe
木马在硬盘清除成功!
C:\WINDOWS\system32\cns.exe

硬盘中发现木马!-=>3721.adware #2357
C:\WINDOWS\system32\drivers\CnsMinKP.sys
木马在硬盘清除成功!
C:\WINDOWS\system32\drivers\CnsMinKP.s

请您多指教!谢谢!

瑞星卡卡安全论坛