瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 救命啊,高手帮我看看怎么杀backdoor.sgigeon.sh??

12   1  /  2  页   跳转

救命啊,高手帮我看看怎么杀backdoor.sgigeon.sh??

救命啊,高手帮我看看怎么杀backdoor.sgigeon.sh??

扫描结果:
Logfile of HijackThis v1.99.1
Scan saved at 13:52:14, on 2005-7-26
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\rising\Rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\S3hotkey.exe
C:\WINNT\system32\S3tray2.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\rising\Rfw\rfwmain.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\taskmgr.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINNT\system32\RUNDLL32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Administrator\桌面\backdoor.gpigeon.sgr\155847200541134207\HijackThis.exe

O2 - BHO: EyeOnBrowser Class - {1272F701-349D-4DB3-BBCD-10CBDCD049FE} - C:\WINNT\Downlo~1\_IS_0518\_IS_WEBH.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {82925498-364E-4419-B3BF-CD12FC7A8815} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\zh-cn\msntb.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [桌面图标文字自动透明] C:\Program Files\Wom\WinMem.exe XP
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-cn\msnappau.exe"
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [电子流氓兔] E:\电子流氓兔\mashmaro.exe
O4 - HKLM\..\Run: [advapi32] RUNDLL32 C:\WINNT\Downlo~1\_IS_0518\_IS_ISC.DLL,isc
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -startup
O4 - HKCU\..\Run: [Kugoo] C:\PROGRA~1\KUGOO\kugoo.exe
O4 - HKCU\..\Run: [Vagaa] "E:\vagaa\vagaa.exe" -tray
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINNT\system32\IEPlugin.dll
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINNT\system32\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://www.xintv.com/download/ietimer.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com.cn/selftest/selftest/Prg/ESTPTest.cab
O16 - DPF: {F4B47EEA-5D5D-4055-A6B5-ED59CC3C5BB3} (Upgrade Class) - http://update.qyule.com/client.cab
O23 - Service: - - Unknown owner - C:\WINNT\winnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
最后编辑2005-07-26 22:13:03
分享到:
gototop
 

这是瑞星杀毒日志:
病毒名称                                                处理结果        扫描方式        路径            文件            病毒来源       
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        csrss.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        winlogon.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        services.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        lsass.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        rfwsrv.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        CCENTER.EXE>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        WinMgmt.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        mspmspsv.exe>>C:\WINNT\winnt_Hook.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        MsiExec.exe>>C:\WINNT\winntKey.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        msnappau.exe>>C:\WINNT\winntKey.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        MsiExec.exe>>C:\WINNT\winntKey.DLL\本机
Backdoor.GPigeon.shc                                    清除成功        手动扫描                        msnappau.exe>>C:\WINNT\winntKey.DLL\本机
Backdoor.GPigeon.shc                                    删除成功        手动扫描        C:\WINNT        winntKey.DLL\本机
Backdoor.GPigeon.shc                                    删除成功        手动扫描        C:\WINNT        winnt_Hook.DLL\本机


能不能杀干净啊?我的公司的机子不能重装系统的...为什么正版的瑞星都不能杀干净?
高手们救救我吧!
gototop
 

O23 - Service: - - Unknown owner - C:\WINNT\winnt.exe
鸽子
gototop
 

引用:
【★蓝色羽毛★的贴子】O23 - Service: - - Unknown owner - C:\WINNT\winnt.exe
鸽子
...........................


那怎么删除啊???
gototop
 

我是菜鸟,不懂怎么删除啊??
gototop
 

引用:
【★蓝色羽毛★的贴子】O23 - Service: - - Unknown owner - C:\WINNT\winnt.exe
鸽子
...........................


那服务名是什么啊??在注册表里该怎么删啊?发了这么久都没有高手回吗???
gototop
 

1.开始-运行输入regedit,打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名-
2.重启系统,在“文件夹选项”的“查看”面板中勾选“显示系统文件”、“显示所有的文件和文件夹”两项,点击“确定”按钮。然后在WINNT下寻找病毒文件名winnt.exe,winnt.dll,winnt_Hook.dll,winntkey.dll能找到的都删除
gototop
 

你还是在注册表查找winnt.exe,这个所在的项就是他的服务,把他删除
gototop
 

好像已经把病毒删了,现在开机杀毒已经查不到了,谢谢!谢谢蓝色羽毛和命运里的彩色两位大哥!万分感谢!!!
gototop
 

我还有个问题,就是在注册表里搜索“winnt.exe",还能找到有关winnt.exe,winnt.dll,winnt_hook.dll,winkey.dll,winntkey.dll的键值,这些要不要一起删除?

附件附件:

下载次数:0
文件类型:image/pjpeg
文件大小:
上传时间:2005-7-26 21:12:41
描述:



gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT