引用:

【笨鸟飞飞飞的贴子】我的病毒路径是C:/Documents and Settings/TY/local Settings/temporary Internet Files/Content.IE5/CNLGMOJN/icyfox ...........................

關閉IE瀏覽器，清空IE臨時文件夾。

Logfile of HijackThis v1.99.1
Scan saved at 17:32:58, on 2005-9-23
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
F:\System Safety Monitor\HA_SSM196b2_CZ.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\WINNT\system32\rundll32.exe
C:\Documents and Settings\15-1-1011\桌面\BitComet_0.56\BitComet\BitComet.exe
C:\WINNT\system32\conime.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
d:\program files\rising\rav\RAVMON.EXE
C:\Documents and Settings\Default User\桌面\155847200541134207\HijackThis.exe

O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINNT\WORLD2\TOOLBAR\~hmtoolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O8 - Extra context menu item: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - Extra context menu item: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\游\浩方对战平台\HFGame3\GameClient.exe
O9 - Extra button: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra 'Tools' menuitem: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\FLASHGET.EXE
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (天下搜索) - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {594BE7B2-23B0-4FAE-A2B9-0C21CC1417CE} - http://unpig.zhongsou.com/netpig/hcsearch/site/500022/search.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {D1056C7C-E30B-4234-9A4B-7E1038B167A7} (RootCertInstall Class) - https://mybank.icbc.com.cn/icbc/perbank/RootCert.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://www.mydrivers.com/swflash.cab
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) - http://ddddl.dudu.com/ddd/update/plugin/dudumsp.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://61.55.138.4/sso/ccitpay.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://pcastdl.dudu.com/files/pCastCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C06FA02F-FD19-45C4-A8A6-BF618A0619C4}: NameServer = 192.168.100.18
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINNT\system32\mbprot.dll
O23 - Service: ccvvya - Unknown owner - \\192.168.1.83\E$\atapidrv.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: System Safety Monitor (SSM) - Max Computing - F:\System Safety Monitor\HA_SSM196b2_CZ.EXE
O23 - Service: tokfjdh - Unknown owner - \\192.168.1.83\E$\atapidrv.exe" -service (file missing)
O23 - Service: zmdkl - Unknown owner - \\192.168.1.51\E$\smsrv.exe" -service (file missing)

还有这个实时监控查出的:
路径：C:\WINNT\G_ServerKey.DLL
病毒名称：Backdoor.Gpigeon.shk

直接从注册表删除可以吗？若可以，怎么从注册表里找？

【回复“恶之花A”的帖子】
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server.exe
1、在注册表的HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES分支删除GrayPigeonServer
2、重启系统。打开C:\WINNT\文件夹，删除文件名中包含G_Server的所有文件。

然后呢

【回复“笨鸟飞飞飞”的帖子】
然后呢

引用:

【笨鸟飞飞飞的贴子】【回复“笨鸟飞飞飞”的帖子】 然后呢 ...........................

什么“然后”啊？

不懂你是什么意思

这就是SSM，没听说过

好麻烦啊！有没有简单直接的方法啊！我想就用瑞星一杀就杀掉的方法！

引用:

【臭豆腐520的贴子】好麻烦啊！有没有简单直接的方法啊！我想就用瑞星一杀就杀掉的方法！ ...........................

这个帖子讲的是怎么防止灰鸽子进入系统；不是讲怎么杀灰鸽子。这都没看懂？

引用:

【lqbing的贴子】太麻烦搞不定,瑞星个人防火墙能不能阻止呢? ...........................

我个人认为，防灰鸽子楼主的方法：装ssm是目前最好的方法了！一切都逃不过它的监视。杀马还是要靠手工杀，前提是要有好的工具。没有对症的病毒库，杀软是找不到各种变种的灰鸽子，就更别说放火墙了。当然还可以用买咖啡的阻挡规则阻挡向WINDOWS文件夹写相对应的文件，但麻烦也挺大，搞不好系统会出问题。总之要想安全就不能怕麻烦，怕麻烦只能给自己找更大的麻烦！