瑞星卡卡安全论坛
shaze - 2006-11-14 21:35:00
正版瑞星11月14号版本 病毒 Trojan.IMMSG.TBMsg.d
Backdoor.Gpigeon.2006.apj 求助各位大哥帮忙 瑞星杀不了我无奈了
猪知山 - 2006-11-14 21:36:00
请到我的网盘http://free5.ys168.com/?echowj下载Hijackthis
下载后运行HijackThis.rar,再运行HijackThis.exe
单击"扫描日志并保存日志"
把保存的日志复制粘贴上来. 日志一次粘不完,分次粘完,请不要修改.
查到病毒的,把病毒文件名和路径提供下。描述下故障现象
shaze - 2006-11-14 21:39:00
谢谢啊 我去44啊
猪知山 - 2006-11-14 21:43:00
请到我的网盘http://free5.ys168.com/?echowj下载Hijackthis
下载后运行HijackThis.rar,再运行HijackThis.exe
单击"扫描日志并保存日志"
把保存的日志复制粘贴上来. 日志一次粘不完,分次粘完,请不要修改.
查到病毒的,把病毒文件名和路径提供下。描述下故障现象
shaze - 2006-11-14 21:47:00
Logfile of HijackThis v1.99.1
Scan saved at 21:36:16, on 1984-9-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\Rising\Rav\Ravmond.exe
shaze - 2006-11-14 21:47:00
f:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
f:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\Rising\Rfw\rfwmain.exe
F:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\VM303_STI.EXE
F:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Tencent\TT\TTraveler.exe
F:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Tencent\TT\TCPlus.exe
E:\Program Files\Tencent\QQ\QQ.exe
e:\Program Files\Tencent\QQ\TIMPlatform.exe
F:\Program Files\Rising\Rav\RsLogVw.exe
e:\HFGameOPT\GameClient.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\solier\桌面\Hijackthis\HijackThis.exe
shaze - 2006-11-14 21:48:00
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "f:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RavTask] "f:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &使用迅雷下载 - f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - e:\HFGameOPT\GameClient.exe
shaze - 2006-11-14 21:48:00
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 易趣购物 - {DE607141-AC19-421e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607141-AC19-421e-862A-2D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {6DBB2904-082D-4DB0-944A-21C22BA121F4} (CCtInf Class) - http://www.95599.cn/perbank/BankControl.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A127E7A9-94B7-4ACA-9AAF-AB3349494FEE}: NameServer = 202.106.0.20,202.106.46.151
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: WindowsUpdate - Unknown owner - C:\WINDOWS\WindowsUpdate.exe
shaze - 2006-11-14 21:50:00
上面是大哥你的软件出来的东西
这是我扫描的
Trojan.IMMSG.TBMsg.d 删除成功 1984-09-18 16:20 手动扫描 C:\WINDOWS\system32\Com CSRSS.EXE>>uPack0.33 本机
Backdoor.Gpigeon.2006.apj 删除成功 1984-09-18 16:22 手动扫描 C:\WINDOWS WindowsUpdate.dll 本机
Backdoor.Gpigeon.2006.apj 删除成功 1984-09-18 16:22 手动扫描 C:\WINDOWS WindowsUpdateKey.DLL 本机
Trojan.IMMSG.TBMsg.d 删除成功 1984-09-18 17:37 手动扫描 C:\WINDOWS\system32\Com CSRSS.EXE>>uPack0.33 本机
Backdoor.Gpigeon.2006.apj 删除成功 1984-09-18 17:39 手动扫描 C:\WINDOWS WindowsUpdate.dll 本机
对 了我系统时间好象也改了
shaze - 2006-11-14 22:15:00
猪大哥 帮帮忙啊,,,,,
哎 前两天刚重装 真不想再装1遍啊 要是遇毒就重装 还买什么杀毒软件哦
shaze - 2006-11-14 22:45:00
在线等待
猪知山 - 2006-11-14 23:45:00
O23 - Service: WindowsUpdate - Unknown owner - C:\WINDOWS\WindowsUpdate.exe
修复 并删除 相应文件
xian98 - 2006-12-10 11:07:00
Logfile of HijackThis v1.99.1
Scan saved at 10:51:44, on 2006-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
f:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\rising\Rfw\rfwmain.exe
F:\Program Files\rising\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\rising\Rising\Rav\Ravmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WinMgmt.exe
C:\WINDOWS\system32\iexplorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\QQ\QQ.exe
F:\Program Files\rising\Rising\Rav\CCenter.exe
F:\Program Files\rising\Rising\Rav\Ravmond.exe
F:\Program Files\rising\Rising\Rav\RavStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xian98\桌面\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Ad Engine - {077FD0C3-1291-4104-A356-41E36B252682} - C:\Program Files\Yayad\AdCore.dll (file missing)
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll (file missing)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - F:\Program Files\yingyin\NXIEHelper.dll
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\system\966o3900.dll (file missing)
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RfwMain] "F:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavTask] "F:\Program Files\rising\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: >>彩信发送<< - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网络传送带下载 - F:\Program Files\yingyin\NXAddLink.html
O8 - Extra context menu item: 使用网络传送带下载全部链接 - F:\Program Files\yingyin\NXAddList.html
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://F:\PROGRA~1\office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - F:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - H:\游戏\浩方对战平台\GameClient.exe
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\QQ\QQ.EXE
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing)
O9 - Extra button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BFAA61B-5C83-4865-8281-D8BDBF863061} (PGEdit Class) - https://www.gnetpg.com/PlugIn/PG_ATL.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04E09B7D-C776-470F-A727-66F0FF12D09B}: NameServer = 202.96.128.68,211.95.193.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{04E09B7D-C776-470F-A727-66F0FF12D09B}: NameServer = 202.96.128.68,211.95.193.97
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: GrayPigeon - Unknown owner - C:\WINDOWS\lag.exe
O23 - Service: GrayPigeonServer - Unknown owner - C:\WINDOWS\System32\G_Server2006.exe
O23 - Service: NetWork Download (NetworkWUP) - Unknown owner - C:\WINDOWS\system32\WinMgmt.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - F:\Program Files\rising\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\Program Files\rising\Rising\Rav\Ravmond.exe
O23 - Service: Network Connectionzplw (Servicezplw) - Unknown owner - C:\WINDOWS\zplw\serviecs.exe (file missing)
1
© 2000 - 2026 Rising Corp. Ltd.