瑞星卡卡安全论坛

版主。怎么打开扫描系统日至呢，谢谢

版主，帮帮忙啊我的机子种了Backdoor.GPigeon.sml
怎么办呢，
他病毒的状态是[需要解压]
你说的是[一般顺序是：
1、先用HijackThis1.99.1扫系统日志
2、请别人帮助辨认日志中的灰鸽子
3、根据日志提示的灰鸽子启动加载项和灰鸽子文件所在位置，进行手工杀毒。]
这个怎么用呢
谢谢搂主

【回复“笨鸟飞飞飞”的帖子】顶置贴《公告，######》这个贴一楼有扫描工具下载！！

谢谢搂主，那把他下载完安装之后就可以杀了吗，但是它显示的事还需要解压阿，怎么办，？？谢谢搂主

晕，那只是扫描系统用的，不是杀毒用的。你没有装WINRAR软件？？？

哦，不好意思。我不懂这个，是一楼的这个吗？[有。用SSM就可以。SSM的下载地址：http://www.hanzify.org/index.php?Go=Show::List&ID=8147]

我的瑞星防火墙最近老显示：10.0.0.1禁止ping入；还有SCO炸弹；还有UPnP服务漏洞（UDP欺骗）；BORK什么的，
这是什么意思呀，我用瑞星又查不到毒？？

帮帮我好吗？

各位大虾帮帮我好吗？我该怎么办啊，我上次一下子就杀了300多个病毒，但是到最后就只有这一个杀不掉，他病毒的状态显示是需要解压，高手们帮帮我好吗？

【回复“笨鸟飞飞飞”的帖子】病毒路径是什么

谢谢版主:

【回复“stockhwy”的帖子】
O23 - Service: Windows Professional - Unknown owner - C:\WINNT\system.exe

灰鸽子。
查杀方法可参考：http://forum.ikaka.com/topic.asp?board=28&artid=620240

------------------------------------------------------------
可是HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES下面没有SYSTEM这一项,只有(以S开头):Samss,ScardSvr,Schedule,Seclogon,SENs,Serenum,Serial,Sfloppy,Sglfb,SharedAccess,smwdm,Sparrow,Spooler,Srv,Swenum,Swidi,Sym_hi,Symc810,Sysaudio,Sysmonlog,simbad,schedulingAgent这些键值,我应该删哪一个

【回复“stockhwy”的帖子】你要找的是这项"Windows Professional"找到后删之!删了后再接着班竹说的做.

【回复“stockhwy”的帖子】你要找的是这项"Windows Professional"找到后删之!删了后再接着班竹说的做.

谢谢,我找到"Windows Professional"找到后删掉了,可是找不到SYSTEM.EXE文件,搜索也搜索不到

d:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\certutil.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\regsvc.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
d:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\system32\BCUP.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
D:\Program Files\D-Tools\daemon.exe
C:\Program Files\wsearch\Search.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
D:\Program Files\DuDu\DddClient\dudupros.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
D:\Program Files\rising\Rav\RavMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\rising\Rav\Rav.exe
D:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.578\HijackThis1991zww.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v5.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: DDDMon Class - {6BDE1669-B490-48E3-B668-456314F2D6C3} - D:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: bdbar - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINNT\system32\obdc16tg.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "d:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - 启动项HKLM\\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - 启动项HKLM\\Run: [BCUpdate] C:\WINNT\system32\BCUP.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINNT\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - 启动项HKLM\\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - 启动项HKLM\\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [Xdoc] "E:\Program Files\Xdoc\XdocStore.exe" -quiet
O4 - 启动项HKLM\\Run: [Booker] "C:\Program Files\FreshBook\FreshBook.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [RegBar] regsvr32.exe /u C:\progra~1\blogmark\bocaitoolbar.dll /s /i /n
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载 - res://D:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - IE右键菜单中的新增项目: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - IE右键菜单中的新增项目: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - IE右键菜单中的新增项目: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - IE右键菜单中的新增项目: 解霸实时播放 - C:\HEROSOFT\Hero3000\MPURLGET.HTM
O9 - 浏览器额外的按钮: 商机直通车 - {13b0c05c-ef05-4bf6-b0ea-f6111af25544} - C:\WINNT\system32\alitb\bar.dll
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的“工具”菜单项: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的按钮: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - D:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的“工具”菜单项: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - D:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - 未知的文件在 Winsock LSP: c:\winnt\system32\cdnns.dll
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563722-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E17C9EF9-7E0F-40C7-B654-BC33A49085D3}: NameServer = 202.96.104.27 202.96.104.17
O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - NT 服务: CertUtil - Unknown owner - C:\WINNT\certutil.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: QQ - Unknown owner - C:\WINNT\QQ.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

请版主帮我分析一下，不胜感激。

【回复“stockhwy”的帖子】你要找的是这项"Windows Professional"找到后删之!删了后再接着班竹说的做.

谢谢,我找到"Windows Professional"找到后删掉了,可是找不到SYSTEM.EXE文件,搜索也搜索不到

终于找到了,谢谢

楼主的帖子不错就是软件下载地址慢点
用这个吧：http://gztt.driversky.com/down/hh-official_ssm196b2-fixed2_cz.exe

嗯,好帖.

我的计算机感染了灰鸽子病毒，使用HijackThis1.99.1扫系统日志内容如下，请大家帮我分析一下，该病毒的服务的病毒文件是什么，多谢了，请大家帮帮我。

Logfile of HijackThis v1.99.1
Scan saved at 18:02:08, on 2005-9-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\racer-henan-cnc\RacerKp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\jk\桌面\155847200541134207\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: 百度搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\WINDOWS\DOWNLO~1\BaiDuBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 百度Flash搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度新闻搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: sory - Unknown owner - C:\WINDOWS\G2.0.exe

【回复“6925918”的帖子】
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe

O23 - Service: sory - Unknown owner - C:\WINDOWS\G2.0.exe

兩只鴿子

我的病毒路径是C:/Documents and Settings/TY/local Settings/temporary Internet Files/Content.IE5/CNLGMOJN/icyfox

引用:

【笨鸟飞飞飞的贴子】我的病毒路径是C:/Documents and Settings/TY/local Settings/temporary Internet Files/Content.IE5/CNLGMOJN/icyfox ...........................

關閉IE瀏覽器，清空IE臨時文件夾。

Logfile of HijackThis v1.99.1
Scan saved at 17:32:58, on 2005-9-23
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
F:\System Safety Monitor\HA_SSM196b2_CZ.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\15-1-1011\桌面\BitComet_0.56\BitComet\BitComet.exe
C:\WINNT\system32\conime.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rav\RAVMON.EXE
C:\Documents and Settings\Default User\桌面\155847200541134207\HijackThis.exe

O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\~hmtoolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\游\浩方对战平台\HFGame3\GameClient.exe
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FLASHGET.EXE
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {594BE7B2-23B0-4FAE-A2B9-0C21CC1417CE} - http://unpig.zhongsou.com/netpig/hcsearch/site/500022/search.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {D1056C7C-E30B-4234-9A4B-7E1038B167A7} (RootCertInstall Class) - https://mybank.icbc.com.cn/icbc/perbank/RootCert.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.mydrivers.com/swflash.cab
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://61.55.138.4/sso/ccitpay.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C06FA02F-FD19-45C4-A8A6-BF618A0619C4}: NameServer = 192.168.100.18
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O23 - Service: ccvvya - Unknown owner - \\192.168.1.83\E$\atapidrv.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: System Safety Monitor (SSM) - Max Computing - F:\System Safety Monitor\HA_SSM196b2_CZ.EXE
O23 - Service: tokfjdh - Unknown owner - \\192.168.1.83\E$\atapidrv.exe" -service (file missing)
O23 - Service: zmdkl - Unknown owner - \\192.168.1.51\E$\smsrv.exe" -service (file missing)

还有这个实时监控查出的:
路径：C:\WINNT\G_ServerKey.DLL
病毒名称：Backdoor.Gpigeon.shk

直接从注册表删除可以吗？若可以，怎么从注册表里找？

【回复“恶之花A”的帖子】
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe
1、在注册表的HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES分支删除GrayPigeonServer
2、重启系统。打开C:\WINNT\文件夹，删除文件名中包含G_Server的所有文件。

然后呢

【回复“笨鸟飞飞飞”的帖子】
然后呢

引用:

【笨鸟飞飞飞的贴子】【回复“笨鸟飞飞飞”的帖子】 然后呢 ...........................

什么“然后”啊？

不懂你是什么意思

这就是SSM，没听说过

好麻烦啊！有没有简单直接的方法啊！我想就用瑞星一杀就杀掉的方法！

引用:

【臭豆腐520的贴子】好麻烦啊！有没有简单直接的方法啊！我想就用瑞星一杀就杀掉的方法！ ...........................

这个帖子讲的是怎么防止灰鸽子进入系统；不是讲怎么杀灰鸽子。这都没看懂？

引用:

【lqbing的贴子】太麻烦搞不定,瑞星个人防火墙能不能阻止呢? ...........................

我个人认为，防灰鸽子楼主的方法：装ssm是目前最好的方法了！一切都逃不过它的监视。杀马还是要靠手工杀，前提是要有好的工具。没有对症的病毒库，杀软是找不到各种变种的灰鸽子，就更别说放火墙了。当然还可以用买咖啡的阻挡规则阻挡向WINDOWS文件夹写相对应的文件，但麻烦也挺大，搞不好系统会出问题。总之要想安全就不能怕麻烦，怕麻烦只能给自己找更大的麻烦！