Backdoor.Gpigeon.pi 如何删除　谢谢

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛 Backdoor.Gpigeon.pi 如何删除　谢谢

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	发表于： 2006-03-31 10:58 \| 只看楼主短消息资料字号：小中大 1楼 Backdoor.Gpigeon.pi 如何删除　谢谢 Logfile of HijackThis v1.99.1 Scan saved at 10:03:12, on 2006-3-31 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe D:\Program Files\bin\JTAGServer.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Rising\Rav\RavService.exe C:\WINNT\system32\regsvc.exe C:\PROGRA~1\Rising\Rav\CCenter.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\mdm.exe C:\Program Files\Rising\Rav\RavTimer.exe D:\Program Files\Storm Downloader\StormDownloader.exe C:\Program Files\Rising\Rav\RavMon.exe C:\Program Files\Rising\Rav\RavTray.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe D:\Program Files\Storm Downloader\TDUpdate.exe C:\Foxmail\Foxmail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Microsoft Office\Office10\EXCEL.EXE D:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\BreakPoint Software\Hex Workshop 3.0\hworks32.exe C:\WINNT\NOTEPAD.EXE C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\xxk\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v4.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe O4 - HKLM\..\Run: [MINI_BFYY] D:\Program Files\Storm Downloader\StormDownloader.exe O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [ravmon] C:\Program Files\Rising\Rav\RavMon.exe -system O4 - HKLM\..\Run: [RavTray] C:\Program Files\Rising\Rav\RavTray.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Storm Downloader\geturl.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://www.byintra.com/tdbin/Spider80.ocx O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project.byintra.com/projectserver/objects/pjclient.cab O16 - DPF: {709BD39B-D554-48BC-BD45-CD07FABFCA1C} (Pj11chsC Class) - http://project.byintra.com/projectserver/objects/2052/pjcintl.cab O16 - DPF: {A89DC5B0-3F16-4B01-B493-FF0DE2D38CC7} (eProcess FCO Class) - http://www.byintra.com/snbcflow/forms/fco.dll O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O23 - Service: COM+ System Service (COMSSERV) - Unknown owner - C:\WINNT\Cursors\svchost.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - D:\Program Files\bin\JTAGServer.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRA~1\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe 2006-04-04 08:38:05
zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	分享到：

飞鲱鱼横据古稀狮帖子:6307 注册: 2005-06-29 来自:	发表于： 2006-03-31 11:08 \| 短消息资料字号：小中大 2楼 O23 - Service: COM+ System Service (COMSSERV) - Unknown owner - C:\WINNT\Cursors\svchost.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - D:\Program Files\bin\JTAGServer.exe 这两个服务可疑
飞鲱鱼横据古稀狮帖子:6307 注册: 2005-06-29 来自:

zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	发表于： 2006-03-31 11:10 \| 只看楼主短消息资料字号：小中大 3楼第２个为应用软件，应该没问题的　谢谢　　那么第一个该如何删除哪？直接修复可以吗？
zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:

岳海旭叱咤花甲狮帖子:3825 注册: 2004-07-15 来自:树洞.	发表于： 2006-03-31 11:10 \| 短消息资料字号：小中大 4楼修复 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
岳海旭叱咤花甲狮帖子:3825 注册: 2004-07-15 来自:树洞.

叱咤花甲狮

帖子:3825
注册: 2004-07-15
来自:树洞.

发表于： 2006-03-31 11:12 | 短消息资料

字号：小中大 5楼

引用:

【zmlm的贴子】第２个为应用软件，应该没问题的　谢谢　　那么第一个该如何删除哪？直接修复可以吗？
...........................

可以，它有备份功能的。还有，我说的那两个你先修复一下。

zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	发表于： 2006-04-04 08:30 \| 只看楼主短消息资料字号：小中大 6楼以为杀掉了可还是有
zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:

社区嘉宾

帖子:30678
注册: 2004-09-17
来自:蓝色星球

发表于： 2006-04-04 08:35 | 短消息资料

字号：小中大 7楼

引用:

【岳海旭的贴子】修复
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

...........................

这两项没有必要修复吧

不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球	发表于： 2006-04-04 08:38 \| 短消息资料字号：小中大 8楼【回复“zmlm”的帖子】修复 O23 - Service: COM+ System Service (COMSSERV) - Unknown owner - C:\WINNT\Cursors\svchost.exe 重启后删除 C:\WINNT\Cursors\svchost.exe 具体操作参考 http://forum.ikaka.com/topic.asp?board=28&artid=7713905
不言放弃社区嘉宾帖子:30678 注册: 2004-09-17 来自:蓝色星球

<<上一主题|下一主题>>

1 / 1 页

跳转页

zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	发表于： 2006-03-31 10:58 \| 只看楼主短消息资料字号：小中大 1楼 Backdoor.Gpigeon.pi 如何删除　谢谢 Logfile of HijackThis v1.99.1 Scan saved at 10:03:12, on 2006-3-31 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\PROGRAM FILES\RISING\RAV\Ravmond.exe C:\PROGRAM FILES\RISING\RAV\RavStub.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe D:\Program Files\bin\JTAGServer.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Rising\Rav\RavService.exe C:\WINNT\system32\regsvc.exe C:\PROGRA~1\Rising\Rav\CCenter.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\mdm.exe C:\Program Files\Rising\Rav\RavTimer.exe D:\Program Files\Storm Downloader\StormDownloader.exe C:\Program Files\Rising\Rav\RavMon.exe C:\Program Files\Rising\Rav\RavTray.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe D:\Program Files\Storm Downloader\TDUpdate.exe C:\Foxmail\Foxmail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Microsoft Office\Office10\EXCEL.EXE D:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\BreakPoint Software\Hex Workshop 3.0\hworks32.exe C:\WINNT\NOTEPAD.EXE C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\Borland\CBuilder5\Bin\bcb.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\xxk\LOCALS~1\Temp\Rar$EX00.687\HijackThis.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v4.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe O4 - HKLM\..\Run: [MINI_BFYY] D:\Program Files\Storm Downloader\StormDownloader.exe O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [ravmon] C:\Program Files\Rising\Rav\RavMon.exe -system O4 - HKLM\..\Run: [RavTray] C:\Program Files\Rising\Rav\RavTray.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Storm Downloader\geturl.htm O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://www.byintra.com/tdbin/Spider80.ocx O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://project.byintra.com/projectserver/objects/pjclient.cab O16 - DPF: {709BD39B-D554-48BC-BD45-CD07FABFCA1C} (Pj11chsC Class) - http://project.byintra.com/projectserver/objects/2052/pjcintl.cab O16 - DPF: {A89DC5B0-3F16-4B01-B493-FF0DE2D38CC7} (eProcess FCO Class) - http://www.byintra.com/snbcflow/forms/fco.dll O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll O23 - Service: COM+ System Service (COMSSERV) - Unknown owner - C:\WINNT\Cursors\svchost.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - D:\Program Files\bin\JTAGServer.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: RavService - Unknown owner - C:\Program Files\Rising\Rav\RavService.exe" /service (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRA~1\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe 2006-04-04 08:38:05
zmlm 初生襁褓狮帖子:5 注册: 2005-12-13 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Backdoor.Gpigeon.pi 如何删除 谢谢

Backdoor.Gpigeon.pi 如何删除 谢谢

Backdoor.Gpigeon.pi 如何删除 谢谢

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Backdoor.Gpigeon.pi 如何删除　谢谢

Backdoor.Gpigeon.pi 如何删除　谢谢

Backdoor.Gpigeon.pi 如何删除　谢谢