萼山飞狐 - 2007-9-18 22:30:00
一个月前,我电脑中了>Backdoor.Gpigeon.uql病毒,开机瑞星显示病毒已清除,扫描显示IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Gpigeon.uql,但每次开机又有,用瑞星又始终删除不了.跪求大佬指教一下.
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
萼山飞狐 - 2007-9-18 23:17:00
瑞星卡卡电脑诊断日志 v1.30 (2007-9-18 22:51:44) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Alertera
[A ] 1. c:\program files\alertera
Messenger
[A ] 2. c:\windows\c:\windows\system32\svchost.exe -k netsvcs
ose
[A ] 3. c:\program files\common files\microsoft shared\source engine\ose.exe
RfwProxySrv
[A ] 4. c:\program files\rising\rfw\rfwproxy.exe
RfwService
[A ] 5. c:\program files\rising\rfw\rfwsrv.exe
RsCCenter
[A ] 6. d:\瑞星杀毒\rising\rav\ccenter.exe
RsRavMon
[A ] 7. d:\瑞星杀毒\rising\rav\ravmond.exe
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXWDM
[A ] 8. c:\windows\system32\drivers\alcxwdm.sys
BaseTDI
[A ] 9. c:\windows\system32\drivers\basetdi.sys
bootdrv
[A ] 10. c:\windows\system32\drivers\bootdrv.sys
ExpScaner
[A ] 11. d:\瑞星杀毒\rising\rav\expscan.sys
HookCont
[A ] 12. d:\瑞星杀毒\rising\rav\hookcont.sys
HookReg
[A ] 13. d:\瑞星杀毒\rising\rav\hookreg.sys
HookSys
[A ] 14. d:\瑞星杀毒\rising\rav\hooksys.sys
HookUrl
[A ] 15. c:\program files\rising\rfw\hookurl.sys
kmsinput
[A ] 16. c:\windows\system32\drivers\kmsinput.sys
MEMSCAN
[A ] 17. d:\瑞星杀毒\rising\rav\memscan.sys
mProcRs
[A ] 18. c:\program files\rising\rfw\mprocrs.sys
nhkepi
[A ] 19. c:\windows\system32\drivers\nhkepi.sys
npkcrypt
[A ] 20. c:\program files\tencent\qq\npkcrypt.sys
npkycryp
[A ] 21. c:\program files\tencent\qq\npkycryp.sys
nvatabus
[A ] 22. c:\windows\system32\drivers\nvatabus.sys
NVENETFD
[A ] 23. c:\windows\system32\drivers\nvenetfd.sys
nvnetbus
[A ] 24. c:\windows\system32\drivers\nvnetbus.sys
nv_agp
[A ] 25. c:\windows\system32\drivers\nv_agp.sys
PavSRK.sys
[A ] 26. c:\windows\system32\pavsrk.sys
RsAntiSpyware
[A ] 27. c:\windows\system32\drivers\rsboot.sys
RsFwDrv
[A ] 28. c:\program files\rising\rfw\rsfwdrv.sys
RsNTGDI
[A ] 29. c:\windows\system32\drivers\rsntgdi.sys
RSPPSYS
[A ] 30. d:\瑞星杀毒\rising\rav\rsppsys.sys
Secdrv
[A ] 31. c:\windows\system32\drivers\secdrv.sys
TesSafe
[A ] 32. c:\windows\system32\tessafe.sys
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
ADProt
[A ] 33. c:\windows\system32\drivers\adprot.sys
+ 系统登陆自运行
+ HKCU\Control Panel\Desktop
Scrnsave.exe
[A ] 34. c:\windows\summer.scr
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{43869BB3-22FD-4F15-9B46-238106BA2F4E}
[A ] 35. c:\program files\super rabbit\magicset\haokanbar.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3}
[A ] 35. c:\program files\super rabbit\magicset\haokanbar.dll
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[A ] 36. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
ms-itss
[A ] 37. c:\program files\common files\microsoft shared\information retrieval\msitss.dll
mso-offdap
[A ] 38. c:\program files\common files\microsoft shared\web components\10\owc10.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 39. c:\windows\system32\hticons.dll
Microsoft Office HTML Icon Handler
[A ] 40. c:\program files\microsoft office\office11\msohev.dll
Web Folders
[A ] 41. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Office Outlook Custom Icon Handler
[A ] 42. c:\program files\microsoft office\office11\olkfstub.dll
Microsoft Office Outlook Desktop Icon Handler
[A ] 43. c:\program files\microsoft office\office11\mlshext.dll
WinRAR shell extension
[A ] 44. c:\program files\winrar\rarext.dll
WinZip
[A ] 45. c:\program files\winzip\wzshlstb.dll
WinZip
[A ] 45. c:\program files\winzip\wzshlstb.dll
WinZip
[A ] 45. c:\program files\winzip\wzshlstb.dll
WinZip
[A ] 45. c:\program files\winzip\wzshlstb.dll
RISING
[A ] 46. c:\windows\system32\ravext.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 47. c:\windows\system32\shlhook.dll
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan
[AM] 48. c:\windows\soundman.exe
RavTask
[A ] 49. d:\瑞星杀毒\rising\rav\ravtask.exe
RfwMain
[AM] 50. c:\program files\rising\rfw\rfwmain.exe
runeip
[AM] 51. c:\program files\rising\antispyware\runiep.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 52. c:\program files\rising\antispyware\runonce.exe
萼山飞狐 - 2007-9-18 23:18:00
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 53. c:\windows\system32\bsmain.exe
[A ] 54. c:\windows\system32\kknative.exe
+ 映像劫持
+ HKCR\Folder\shell
Super Rabbit CDROM Eject
[A ] 55. c:\program files\super rabbit\magicset\srcd2.exe
+ HKCR\.html
htmlfile\Edit\Command
[A ] 56. c:\program files\microsoft office\office11\msohtmed.exe
htmlfile\Print\Command
[A ] 56. c:\program files\microsoft office\office11\msohtmed.exe
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 56. c:\program files\microsoft office\office11\msohtmed.exe
htmlfile\Print\Command
[A ] 56. c:\program files\microsoft office\office11\msohtmed.exe
+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Microsoft Document Imaging Writer Monitor
[AM] 57. c:\windows\system32\mdimon.dll
+ 正在运行的进程
+ 000000bc(188) runiep.exe
00400000[00013000]
[AM] 51. c:\program files\rising\antispyware\runiep.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00DC0000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
00F00000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 000000f0(240) SOUNDMAN.EXE
00400000[00015000]
[AM] 48. c:\windows\soundman.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00D80000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
00FA0000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 00000148(328) alg.exe
+ 000001d0(464) wscntfy.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00BC0000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
00BD0000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 000001f8(504) srshut.EXE
00400000[00073000]
[ M] 61. c:\program files\super rabbit\magicset\srshut.exe
73390000[00154000]
[ M] 62. c:\windows\system32\msvbvm60.dll
66630000[0001C000]
[ M] 63. c:\windows\system32\vb6chs.dll
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00FC0000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
019C0000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 0000021c(540) smss.exe
+ 00000224(548) ctfmon.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00CA0000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
00CF0000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 0000027c(636) csrss.exe
+ 00000294(660) winlogon.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
01520000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
72C80000[00008000]
[ M] 64. c:\windows\system32\msacm32.drv
+ 000002c0(704) services.exe
+ 000002cc(716) lsass.exe
+ 0000036c(876) svchost.exe
+ 000003ac(940) svchost.exe
+ 0000042c(1068) svchost.exe
+ 00000498(1176) svchost.exe
+ 00000524(1316) svchost.exe
+ 000005c4(1476) Explorer.EXE
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00D40000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
72C80000[00008000]
[ M] 64. c:\windows\system32\msacm32.drv
01C90000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 000006f0(1776) spoolsv.exe
00AE0000[00008000]
[AM] 57. c:\windows\system32\mdimon.dll
00AF0000[00008000]
[ M] 65. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 00000768(1896) RfwMain.exe
00400000[00073000]
[AM] 50. c:\program files\rising\rfw\rfwmain.exe
26600000[0007D000]
[ M] 66. c:\program files\rising\rfw\rsguilib.dll
23700000[0001A000]
[ M] 67. c:\program files\rising\rfw\rscommon.dll
10000000[0000F000]
[ M] 68. c:\program files\rising\rfw\rfwctrl.dll
23800000[0001A000]
[ M] 69. c:\program files\rising\rfw\rsxml.dll
23900000[00031000]
[ M] 70. c:\program files\rising\rfw\pngdll.dll
731B0000[0000A000]
[ M] 71. c:\program files\rising\rfw\psapi.dll
01070000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 0000085c(2140) svchost.exe
+ 00000950(2384) RsAgent.exe
00400000[0003A000]
[ M] 72. d:\瑞星杀毒\rising\rav\rsagent.exe
10000000[0001B000]
[ M] 73. d:\瑞星杀毒\rising\rav\rscommx.dll
00B60000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00E50000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
00F70000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 00000b40(2880) AgentSvr.exe
10000000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
00C30000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
72C80000[00008000]
[ M] 64. c:\windows\system32\msacm32.drv
00C90000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
+ 00000ba8(2984) Ras.exe
00400000[00160000]
[ M] 74. c:\program files\rising\antispyware\ras.exe
10000000[00013000]
[ M] 75. c:\program files\rising\antispyware\topsoft.dll
7C140000[00103000]
[ M] 76. c:\program files\rising\antispyware\mfc71.dll
7C340000[00056000]
[ M] 77. c:\program files\rising\antispyware\msvcr71.dll
7C3A0000[0007B000]
[ M] 78. c:\program files\rising\antispyware\msvcp71.dll
5D360000[0000A000]
[ M] 79. c:\windows\system32\mfc71chs.dll
00F20000[000BD000]
[ M] 80. c:\program files\rising\antispyware\rasgui.dll
01480000[0006E000]
[ M] 58. c:\windows\system32\freewb.ime
01770000[00008000]
[ M] 59. c:\program files\freewb\plugin\date.plg
01A30000[00011000]
[AM] 47. c:\windows\system32\shlhook.dll
01B90000[0001B000]
[ M] 60. c:\program files\rising\antispyware\ieprot.dll
02D30000[0002F000]
[ M] 81. c:\program files\rising\antispyware\engine.dll
02D60000[00012000]
[ M] 82. c:\program files\rising\antispyware\zip.dll
+ 00000f58(3928) RavStub.exe
00400000[00018000]
[ M] 83. d:\瑞星杀毒\rising\rav\ravstub.exe
10000000[0001B000]
[ M] 73. d:\瑞星杀毒\rising\rav\rscommx.dll
23700000[0001A000]
[ M] 84. d:\瑞星杀毒\rising\rav\rscommon.dll
没有梦想的男人 - 2007-9-18 23:23:00
这样的日志没人帮你看的,没有详细信息,发个sreng扫描日志上来吧.
下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、打开已经解压缩的SRENG文件夹,双击运行其中的SREngPS.exe;
3、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
4、把日志扩展名改为.txt.然后以附件形式传上来,请不要更改日志内容.
友情提示:
1、扫描日志前请先关闭所有打开的软件(如QQ、迅雷等程序和IE窗口,注意,是关闭而不是最小化窗口)
2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
萼山飞狐 - 2007-9-18 23:26:00
好吧,试试看了
萼山飞狐 - 2007-9-18 23:45:00
| 引用: |
【没有梦想的男人的贴子】这样的日志没人帮你看的,没有详细信息,发个sreng扫描日志上来吧.
下载 System Repair Engineer系统扫描工具软件,下载地址如下:
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法:
1、解压缩所下载的sreng2.zip压缩包;
2、打开已经解压缩的SRENG文件夹,双击运行其中的SREngPS.exe;
3、依次按“智能扫描”、“扫描”、“保存报告”,将日志保存到硬盘上;
4、把日志扩展名改为.txt.然后以附件形式传上来,请不要更改日志内容.
友情提示:
1、扫描日志前请先关闭所有打开的软件(如QQ、迅雷等程序和IE窗口,注意,是关闭而不是最小化窗口)
2、注意在没有进一步提示前,请勿用SRENG工具胡乱修复,否则系统可能变的情况更糟。
……………… |
附件:
9454612007918233414.txt
没有梦想的男人 - 2007-9-19 0:22:00
以下驱动程序可疑.请自行判断是否删除,(本人建议删除并删除文件):
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[bootdrv / bootdrv][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[nhkepi / nhkepi][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\nhkepi.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[PavSRK.sys / PavSRK.sys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PavSRK.sys><N/A>
© 2000 - 2026 Rising Corp. Ltd.