zk2003 - 2005-11-25 15:42:00
各位老师,这是什么病毒,每次杀毒都出现,怎么能彻底杀掉,谢谢!
附件:
20611120051125154204.JPG
BlackStone - 2005-11-25 15:45:00
灰鸽子
用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)
工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼
zk2003 - 2005-11-25 16:09:00
【回复“BlackStone”的帖子】
是这个吗?
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ 3721 File not found: C:\WINDOWS\system32\vcdplay.exe
+ 8751bol File not found: C:\Program Files\8751ip\8751ip.exe
+ BigDogPath Still Image (STI) Driver VM. c:\windows\vm_sti.exe
+ HotKey c:\windows\wasay\hotkey.exe
+ jj77 File not found: C:\Program Files\171call\171call.exe
+ MpsOnn Canon MP Printer Driver CANON INC. c:\windows\system32\spool\drivers\w32x86\3\mpsonn.exe
+ MS-4011 Memory Patch RavSasser Beijing Rising Tech. Co., Ltd. e:\程序备份\ravsasser.exe
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ nwiz NVIDIA nView Wizard, Version 41.04 NVIDIA Corporation c:\windows\system32\nwiz.exe
+ RavMon RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmon.exe
+ RavTimer RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtimer.exe
+ RfwMain Rising Personal FireWall Main Program Beijing Rising Technology Corporation Limited c:\program files\rising\rfw\rfwmain.exe
+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exe
+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_02\bin\jusched.exe
+ SysExplr d:\郝影新\v8\sysexplr.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ XPCSpy Start File not found: C:\Program Files\XPCSpy\XPCSpy.exe auto
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ Adobe Gamma Loader.exe.lnk Adobe Gamma Loader Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ 3721 File not found: C:\WINDOWS\system32\vcdplay.exe
+ cu File not found: C:\Program Files\SeeYou\cu.exe
+ DrvMon.exe Drive Monitor Alcor Micro, Corp. c:\windows\system32\drvmon.exe
HKLM\System\CurrentControlSet\Services
+ C-DillaCdaC11BA Macrovision RTS Service Macrovision c:\windows\system32\drivers\cdac11ba.exe
+ EPSONStatusAgent2 EPSON Printer Status Agent SEIKO EPSON CORPORATION c:\program files\common files\epson\ebapi\sagent2.exe
+ Network Provisioning Servic 为自动网络提供管理基于域的 XML 配置. c:\windows\svchost.exe
+ NVSvc NVIDIA Driver Helper Service, Version 41.04 NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ RfwService Rising Personal Firewall Service Beijing Rising Technology Corporation Limited c:\program files\rising\rfw\rfwsrv.exe
+ RpcPatch 维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。如果服务停止,列表不会被更新或维护。如果服务被禁用,任何直接依赖于此服务的服务将无法启动。 File not found: C:\WINDOWS\System32\wins\DLLHOST.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ MsInfo.Dll File not found: C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.Dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll
+ Google Toolbar Helper Google IE 客户端工具栏 Google Inc. c:\program files\google\googletoolbar2.dll
+ ltmenu Class menu Module 北京莲塘软件技术有限公司 c:\program files\ltucx\1002\c0.dll
+ MemoryManager Class cytdcom Module 北京创原天地科技有限公司 c:\windows\downloaded program files\cytdcli.dll
+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 c:\program files\tencent\qq\qqiehelper.dll
+ Router Layer File not found: C:\WINDOWS\System32\aclayer.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ &NetAnts NetAnts c:\program files\netants\netants.exe
+ 豪杰超级解霸V8 d:\郝影新\v8\sthsdvd.exe
+ 视频聊天 File not found: http://www.liantang.net
+ 腾讯QQ QQ TENCENT c:\program files\tencent\qq\qq.exe
+ 中学作业 File not found: http://www.xunlun.com
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ admire spi v2 layered UDP/IP over [MSAFD Tcpip [UDP/IP]] File not found: C:\Program Files\CoCo Messenger\nspdll.dll
+ admire spi v2 udp layer File not found: C:\Program Files\CoCo Messenger\nspdll.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ adimon Heidi? OLE to ADI Port Monitor Autodesk, Inc. c:\windows\system32\adimon.dll
+ Canon MultiPASS Language Monitor Language Monitor Canon Information Systems c:\windows\system32\mpassmon.dll
+ EPSON V5 2KMonitor EPSON Bidirectional Monitor SEIKO EPSON CORPORATION c:\windows\system32\ebpmon2.dll
批着羊皮的狼 - 2005-11-25 16:17:00
建议你用微点主动防御软件试试,这款软件对查杀灰鸽子这种变种特别多的木马效果非常不错。
http://www.micropoint.com.cn
BlackStone - 2005-11-25 17:12:00
HKLM\System\CurrentControlSet\Services
+ Network Provisioning Servic 为自动网络提供管理基于域的 XML 配置. c:\windows\svchost.exe
删除启动项
重启
删除c:\windows\svchost.exe
shengye - 2005-11-25 17:17:00
想请教BlackStone这个软件又是怎么看的呢`我还不会看这个软件`
ヘ网络农民ヘ - 2005-11-25 17:17:00
用最新版Hijackthis1.99.1扫描一个log贴上来。
hijackThis下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
灰鸽子的删除方法建议参考
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
和http://forum.ikaka.com/topic.asp?board=28&artid=5666824
瑞星前段时间推出了"灰鸽子专杀工具"你下载试试看。.
© 2000 - 2026 Rising Corp. Ltd.