瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】恳请高手指点迷津
睡觉也疯狂 - 2005-11-20 16:32:00
Logfile of HijackThis v1.99.1
Scan saved at 16:29:58, on 2005-11-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\兔子\MagicSet\SRIECLI.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\兔子\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - C:\PROGRA~1\兔子\MagicSet\HAOKAN~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] C:\Program Files\兔子\MagicSet\SRIECLI.EXE /LOAD
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - F:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Tencent\qq\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126006967406
O17 - HKLM\System\CCS\Services\Tcpip\..\{79DDCE7B-8C58-43CD-AC62-06CBF6202DAA}: NameServer = 218.85.157.99 202.101.103.55
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\VG_Server1.2.exe
O23 - Service: Gray_Pigeon - www.huigezi.net - C:\WINDOWS\regver.exe
O23 - Service: systen - Unknown owner - C:\WINDOWS\systen

睡觉也疯狂 - 2005-11-20 16:33:00
d
神无 - 2005-11-20 16:37:00
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\VG_Server1.2.exe
O23 - Service: Gray_Pigeon - www.huigezi.net - C:\WINDOWS\regver.exe
O23 - Service: systen - Unknown owner - C:\WINDOWS\systen
恭喜连中三元,三个灰鸽子.
睡觉也疯狂 - 2005-11-20 16:37:00
zen me ban
神无 - 2005-11-20 16:39:00
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\VG_Server1.2.exe先从这个开始.

重启进安全模式,清空IE临时文件夹,打开注册表,定位到HKEY_LOCAL_MACHINE\ SYSTEM \CURRENTCONTROLSET \ SERVICES删除注册表左面菜单下的Gray_Pigeon_Server 或 GrayPigeonServer  这个服务项,整个删除.显示系统和隐藏文件,在C:\WINDOWS\文件夹中搜索VG_Server1.2.exe、VG_Server1.2.dll、VG_Server1.2_hook.dll以及VG_Server1.2Key.dll这四个文件,不一定能全找到,找到删除,.

其它两个就照这个方法杀.三个全部杀完,重启到正常模式,再扫个日志上来看看

附件: 52209820051120163950.bmp
睡觉也疯狂 - 2005-11-20 16:42:00
xiexie
保倩 - 2005-11-20 16:47:00
什么叫安全模式,什么又是正常模式?不好意思,我是新手,真的不懂。
  我不明白怎么进入安全模式?
天天泡泡 - 2005-11-20 16:48:00
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
按这个帖子的思路去处理。

PS.你的机器现在不能打出汉字吗?
睡觉也疯狂 - 2005-11-20 17:19:00
【回复“天天泡泡”的帖子】
可以打汉字了
1
查看完整版本: 【求助】恳请高手指点迷津
© 2000 - 2026 Rising Corp. Ltd.