【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 2 页

跳转页

【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 04:01 \| 只看楼主短消息资料字号：小中大 1楼【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!! 前几天打开瑞星发现了病毒名为:Backdoor.Gpigeon.2006.bbs/Backdoor.Gpigeon.2006.bac,瑞星自动查杀此病毒,可是没完全杀完,不过一会又出现病毒......真是郁闷!!!!!我是没办法了,杀了N多个专杀工具,可是查不到也杀不完,跪求哥哥姐姐们帮我一把......感激不尽!!!!!! 以下是我System Repair Engineer扫描的结果: 2007-02-04,02:42:50 System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] (load)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (RavTask)("d:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Corporation] (Userinit)(C:\WINDOWS\system32\userinit.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (UIHost)(logonui.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk) [N/A] ({2D49692C-A5FD-4E29-A3CD-37E9B182FCC6})(C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys) [N/A] ({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (CONFIG)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\ii.exe) [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation] (Mixerbar)(; C:\WINDOWS\system32\Mixerbar.exe) [Creative Technology Ltd. ] (MYIE2)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\wl.exe) [N/A] (PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation] (PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (q)(; C:\WINDOWS\iexpl0re.exe) [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (RfwMain)(; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.] (StormCodec_Helper)(; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) [N/A] 2007-02-05 00:27:27.560000000
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	分享到：

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 04:03 \| 只看楼主短消息资料字号：小中大 2楼启动文件夹 N/A -------------------------------------------------------------------------------- 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] (C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A) [PCTEL Speaker Phone / Pctspk][Running/Auto Start] (C:\WINDOWS\system32\pctspk.exe)(PCtel, Inc.) [Rising Proxy Service / RfwProxySrv][Stopped/Manual Start] (d:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.) [Rising Personal Firewall Service / RfwService][Running/Auto Start] (d:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.) [Rising Process Communication Center / RsCCenter][Running/Auto Start] ("d:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.) [RsRavMon Service / RsRavMon][Running/Auto Start] ("d:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.) [Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start] (C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input)(Microsoft Corporation) -------------------------------------------------------------------------------- 驱动程序 [Rising TDI Base Driver / BaseTDI][Running/Auto Start] (System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.) [ExpScaner / ExpScaner][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\ExpScan.sys)() [HookCont / HookCont][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising) [HookReg / HookReg][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HookReg.sys)() [HookSys / HookSys][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HookSys.sys)(Rising) [HookUrl / HookUrl][Running/Auto Start] (\??\d:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.) [MEMSCAN / MEMSCAN][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司) [mProcRs / mProcRs][Running/Auto Start] (\??\d:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.) [npkcrypt / npkcrypt][Running/Auto Start] (\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.) [NSC Infrared Device Driver / NSCIRDA][Running/Manual Start] (system32\DRIVERS\nscirda.sys)(National Semiconductor Corporation) [Direct Parallel Link Driver / Ptilink][Running/Manual Start] (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [PCTEL Serial Device Driver for PCI / Ptserlp][Running/Manual Start] (system32\DRIVERS\ptserlp.sys)(PCTEL, INC.) [RsFwDrv / RsFwDrv][Running/Auto Start] (\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.) [RsNTGDI / RsNTGDI][Running/Boot Start] (\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.) [RSPPSYS / RSPPSYS][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising) [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] (system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation) [Creative SB AudioPCI Driver (WDM) / sbpci][Running/Manual Start] (system32\drivers\ev19x8mp.sys)(Creative Technology Ltd.) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(N/A) [Tridkb / Tridkb][Running/Manual Start] (system32\DRIVERS\tridkbm.sys)(Trident Microsystems Inc.) [XP Vmodem / Vmodem][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vmodem.sys)(PCTEL, INC.) [XP Vpctcom / Vpctcom][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vpctcom.sys)(PCtel, Inc.) [XP Vvoice / Vvoice][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vvoice.sys)(PCtel, Inc.) -------------------------------------------------------------------------------- 浏览器加载项 [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.) [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation) [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.) [导出到 Microsoft Excel(&x)] (res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000, N/A)
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 04:04 \| 只看楼主短消息资料字号：小中大 3楼正在运行的进程 [PID: 448][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 520][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 544][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 588][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 600][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 748][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 832][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 876][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 952][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1060][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1172][d:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43] [d:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [d:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [d:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [d:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [d:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [d:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20] [d:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0] [d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12] [d:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [d:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [d:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [d:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12] [d:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [d:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [d:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0] [d:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6] [d:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25] [d:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8] [d:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [d:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40] [d:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25] [d:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [d:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13] [d:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15] [d:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21] [d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [d:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18] [d:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [PID: 1488][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1632][C:\WINDOWS\system32\pctspk.exe] [PCtel, Inc., 4.00] [PID: 872][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1380][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33] [d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3] [d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2] [d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10] [d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4] [d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5] [d:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 2236][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 2172][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, N/A] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 2404][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70] [d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 2532][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 2556][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45] [D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 4068][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3452][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 3980][D:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 1, 5462] [D:\Program Files\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 12] [D:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 100] [D:\Program Files\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 2233] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [D:\Program Files\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 9] [D:\Program Files\Maxthon2\maxzlib.dll] [N/A, 1.2.3] [D:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1] [D:\Program Files\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 45] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A] [PID: 1968][C:\Documents and Settings\VoVo123\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 04:04 \| 只看楼主短消息资料字号：小中大 4楼文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock 提供者 N/A -------------------------------------------------------------------------------- Autorun.inf N/A -------------------------------------------------------------------------------- HOSTS 文件 127.0.0.1 localhost -------------------------------------------------------------------------------- API HOOK 警告！System Repair Engineer 提醒你下面的函数内容与预期值不符，他们可能被一些恶意的软件所修改：入口点错误：NtQuerySystemInformation 入口点错误：NtTerminateProcess 入口点错误：ZwTerminateProcess 入口点错误：RegEnumKeyExA 入口点错误：RegEnumKeyExW RVA 错误： GetVersion RVA 错误： GetVersionExA RVA 错误： GetVersionExW RVA 错误： DeleteFileA RVA 错误： DeleteFileW RVA 错误： FindFirstFileA RVA 错误： FindFirstFileExA RVA 错误： FindFirstFileExW RVA 错误： FindFirstFileW RVA 错误： FindNextFileA RVA 错误： FindNextFileW RVA 错误： LoadLibraryW RVA 错误： Process32First RVA 错误： Process32FirstW RVA 错误： Process32Next RVA 错误： Process32NextW RVA 错误： Module32First RVA 错误： Module32FirstW RVA 错误： Module32Next RVA 错误： Module32NextW RVA 错误： MoveFileA RVA 错误： MoveFileExA RVA 错误： MoveFileExW RVA 错误： MoveFileW RVA 错误： TerminateThread RVA 错误： Thread32First RVA 错误： Thread32Next RVA 错误： CreateFileW RVA 错误： Thread32First RVA 错误： Thread32Next RVA 错误： CopyFileA RVA 错误： CopyFileExA RVA 错误： CopyFileExW RVA 错误： CopyFileW RVA 错误： CreateFileMappingA RVA 错误： CreateFileMappingW RVA 错误： CreateRemoteThread RVA 错误： CreateThread RVA 错误： CreateToolhelp32Snapshot RVA 错误： ExitProcess RVA 错误： ExitThread RVA 错误： FindCloseChangeNotification RVA 错误： FindFirstChangeNotificationA RVA 错误： FindFirstChangeNotificationW RVA 错误： FreeLibrary RVA 错误： GetCurrentProcess RVA 错误： GetCurrentProcessId RVA 错误： GetCurrentThread RVA 错误： GetCurrentThreadId RVA 错误： GetFileSize RVA 错误： GetFileSizeEx RVA 错误： GetFileInformationByHandle RVA 错误： GetFileAttributesA RVA 错误： GetFileAttributesExA RVA 错误： GetFileAttributesExW RVA 错误： GetFileAttributesW RVA 错误： GetModuleFileNameA RVA 错误： GetModuleFileNameW RVA 错误： Toolhelp32ReadProcessMemory 附件: 文件名:83752520072440121.bmp 下载次数:259 文件类型:application/octet-stream 文件大小: 上传时间:2007-2-4 4:04:56 描述:
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

applechen 飘泊而立狮帖子:619 注册: 2006-06-04 来自:	发表于： 2007-02-04 06:39 \| 短消息资料字号：小中大 5楼册除启动项 (CONFIG)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\ii.exe MYIE2)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\wl.exe) (q)(; C:\WINDOWS\iexpl0re.exe) [N/A] 册除服务 (C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input)(Microsoft Corporation) 册除文件 C:\WINDOWS\iexpl0re.exe C:\DOCUME~1\VoVo123\LOCALS~1\Temp\清空这个文件夹搜索windhcp.ocx册除
applechen 飘泊而立狮帖子:619 注册: 2006-06-04 来自:

初生襁褓狮

帖子:15
注册: 2007-02-04
来自:

发表于： 2007-02-04 14:23 | 只看楼主 短消息资料

字号：小中大 6楼

引用:

【applechen的贴子】册除启动项
(CONFIG)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\ii.exe
MYIE2)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\wl.exe)
(q)(; C:\WINDOWS\iexpl0re.exe) [N/A]
册除服务
(C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input)(Microsoft Corporation)
册除文件
C:\WINDOWS\iexpl0re.exe
C:\DOCUME~1\VoVo123\LOCALS~1\Temp\清空这个文件夹
搜索windhcp.ocx册除
………………

我都照册了,可是还是出现,怎么办呢????~?急啊......我重扫了一下,再帮帮我,谢谢..

启动项目

注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(RavTask)("d:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(Mixerbar)(; C:\WINDOWS\system32\Mixerbar.exe) [Creative Technology Ltd. ]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
(PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(RfwMain)(; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(StormCodec_Helper)(; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk) [N/A]
({2D49692C-A5FD-4E29-A3CD-37E9B182FCC6})(C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys) [N/A]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
({99F1D023-7CEB-4586-80F7-BB1A98DB7602})(C:\Program Files\Internet Explorer\IEXPLORE.Sys) [N/A]
({FEB94F5A-69F3-4645-8C2B-9E71D270AF2E})(C:\Program Files\Internet Explorer\IEXPLORE.Dat) [N/A]
({923509F1-45CB-4EC0-BDE0-1DED35B8FD60})(C:\Program Files\Internet Explorer\IEXPLORE.win) [N/A]

--------------------------------------------------------------------------------

启动文件夹

N/A

--------------------------------------------------------------------------------

服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[PCTEL Speaker Phone / Pctspk][Running/Auto Start]
(C:\WINDOWS\system32\pctspk.exe)(PCtel, Inc.)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(d:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(d:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("d:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[RsRavMon Service / RsRavMon][Running/Auto Start]
("d:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[服务名 / svcname][Stopped/Auto Start]
(C:\WINDOWS\system32\fushun02.exe)(N/A)
[System / msaddsr][Stopped/Manual Start]
(2 - 系统找不到指定的文件。
)(N/A)

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 14:25 \| 只看楼主短消息资料字号：小中大 7楼驱动程序 [Rising TDI Base Driver / BaseTDI][Running/Auto Start] (System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.) [ExpScaner / ExpScaner][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\ExpScan.sys)() [HookCont / HookCont][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising) [HookReg / HookReg][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HookReg.sys)() [HookSys / HookSys][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\HookSys.sys)(Rising) [HookUrl / HookUrl][Running/Auto Start] (\??\d:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.) [MEMSCAN / MEMSCAN][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司) [mProcRs / mProcRs][Running/Auto Start] (\??\d:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.) [npkcrypt / npkcrypt][Running/Auto Start] (\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.) [NSC Infrared Device Driver / NSCIRDA][Running/Manual Start] (system32\DRIVERS\nscirda.sys)(National Semiconductor Corporation) [Direct Parallel Link Driver / Ptilink][Running/Manual Start] (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [PCTEL Serial Device Driver for PCI / Ptserlp][Running/Manual Start] (system32\DRIVERS\ptserlp.sys)(PCTEL, INC.) [RsFwDrv / RsFwDrv][Running/Auto Start] (\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.) [RsNTGDI / RsNTGDI][Running/Boot Start] (\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.) [RSPPSYS / RSPPSYS][Running/Auto Start] (\??\d:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising) [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] (system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation) [Creative SB AudioPCI Driver (WDM) / sbpci][Running/Manual Start] (system32\drivers\ev19x8mp.sys)(Creative Technology Ltd.) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(N/A) [Tridkb / Tridkb][Running/Manual Start] (system32\DRIVERS\tridkbm.sys)(Trident Microsystems Inc.) [XP Vmodem / Vmodem][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vmodem.sys)(PCTEL, INC.) [XP Vpctcom / Vpctcom][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vpctcom.sys)(PCtel, Inc.) [XP Vvoice / Vvoice][Running/Boot Start] (\SystemRoot\system32\DRIVERS\vvoice.sys)(PCtel, Inc.) -------------------------------------------------------------------------------- 浏览器加载项 [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.) [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation) [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.) [导出到 Microsoft Excel(&x)] (res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000, N/A)
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 14:25 \| 只看楼主短消息资料字号：小中大 8楼正在运行的进程 [PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 516][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 540][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 584][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 596][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 796][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 884][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1056][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1152][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1220][d:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43] [d:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [d:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [d:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [d:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [d:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [d:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20] [d:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0] [d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12] [d:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [d:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [d:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1] [d:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12] [d:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [d:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [d:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0] [d:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6] [d:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25] [d:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8] [d:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [d:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40] [d:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25] [d:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11] [d:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13] [d:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19] [d:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15] [d:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21] [d:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18] [d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [d:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 1276][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, N/A] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 1404][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33] [d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3] [d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2] [d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10] [d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4] [d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5] [d:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 1588][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 1984][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70] [d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11] [d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 272][C:\WINDOWS\system32\pctspk.exe] [PCtel, Inc., 4.00] [PID: 784][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 1324][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45] [D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33] [D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 1820][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 1844][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3844][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\System\msadc\doc11\RDS11readme.DLL] [N/A, N/A] [C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSADC\DOC11\RDS11READMEKEY.DLL] [N/A, N/A] [PID: 4016][D:\Program Files\Rising\Rav\rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12] [D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [D:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10] [PID: 1304][D:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 1, 5462] [D:\Program Files\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 12] [D:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 100] [D:\Program Files\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 2233] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [D:\Program Files\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 9] [D:\Program Files\Maxthon2\maxzlib.dll] [N/A, 1.2.3] [D:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1] [D:\Program Files\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 45] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 2764][C:\Documents and Settings\VoVo123\桌面\sreng2\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 14:26 \| 只看楼主短消息资料字号：小中大 9楼文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock 提供者 N/A -------------------------------------------------------------------------------- Autorun.inf N/A -------------------------------------------------------------------------------- HOSTS 文件 127.0.0.1 localhost -------------------------------------------------------------------------------- API HOOK N/A
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:

UFO不幸外人特邀体验者帖子:2592 注册: 2006-11-26 来自:火星	发表于： 2007-02-04 14:32 \| 短消息资料字号：小中大 10楼你不只是种了鸽子，你还中了很多盗号木马，它给你的方法没有删除干警打开冰刃，下载地址：以下操作在冰刃下进行。打开注册表打开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks删除 ({DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk) [N/A] ({2D49692C-A5FD-4E29-A3CD-37E9B182FCC6})(C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys) [N/A] ({99F1D023-7CEB-4586-80F7-BB1A98DB7602})(C:\Program Files\Internet Explorer\IEXPLORE.Sys) [N/A] ({FEB94F5A-69F3-4645-8C2B-9E71D270AF2E})(C:\Program Files\Internet Explorer\IEXPLORE.Dat) [N/A] ({923509F1-45CB-4EC0-BDE0-1DED35B8FD60})(C:\Program Files\Internet Explorer\IEXPLORE.win) 打开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run删除 (MYIE2)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\wl.exe) [N/A] (CONFIG)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\ii.exe) 打开HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run删除 (q)(; C:\WINDOWS\iexpl0re.exe) 打开服务禁用 [Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start] (C:\WINDOWS\system32\\rundll32.exe windhcp.ocx,input)(Microsoft Corporation) [PCTEL Speaker Phone / Pctspk][Running/Auto Start] (C:\WINDOWS\system32\pctspk.exe)(PCtel, Inc.)（如果是软件安装就不用禁用，看名称和电话有关系，你是否安装了网络电话）在文件中强制删除 [C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A] [C:\Program Files\Internet Explorer\IEXPLORE.Sys] (C:\Program Files\Internet Explorer\IEXPLORE.Dat) (C:\Program Files\Internet Explorer\IEXPLORE.win) 打开我的电脑在C:\Program Files\Internet Explorer\PLUGINS\下建立SystemKb.sys文件夹并且删除QQ文件夹下所有文件，重新安装QQ 继续使用冰刃强制删除 C:\WINDOWS\iexpl0re.exe C:\DOCUME~1\VoVo123\LOCALS~1\Temp\下面的所有文件 C:\WINDOWS\system32\windhcp.ocx 并且重新启动计算机，如果还出现问题，那么使用filemon，在删除文件后，使用其监控那个文件要建立那个文件
UFO不幸外人特邀体验者帖子:2592 注册: 2006-11-26 来自:火星

<<上一主题|下一主题>>

1 / 2 页

跳转页

喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	发表于： 2007-02-04 04:01 \| 只看楼主短消息资料字号：小中大 1楼【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!! 前几天打开瑞星发现了病毒名为:Backdoor.Gpigeon.2006.bbs/Backdoor.Gpigeon.2006.bac,瑞星自动查杀此病毒,可是没完全杀完,不过一会又出现病毒......真是郁闷!!!!!我是没办法了,杀了N多个专杀工具,可是查不到也杀不完,跪求哥哥姐姐们帮我一把......感激不尽!!!!!! 以下是我System Repair Engineer扫描的结果: 2007-02-04,02:42:50 System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] (load)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (RavTask)("d:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Corporation] (Userinit)(C:\WINDOWS\system32\userinit.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)() [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (UIHost)(logonui.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({DEC39E0E-F1F2-41E5-80B8-592A67AB0AA5})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk) [N/A] ({2D49692C-A5FD-4E29-A3CD-37E9B182FCC6})(C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys) [N/A] ({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (CONFIG)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\ii.exe) [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(; C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation] (Mixerbar)(; C:\WINDOWS\system32\Mixerbar.exe) [Creative Technology Ltd. ] (MYIE2)(; C:\DOCUME~1\VoVo123\LOCALS~1\Temp\wl.exe) [N/A] (PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation] (PHIME2002ASync)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (q)(; C:\WINDOWS\iexpl0re.exe) [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] (RfwMain)(; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.] (StormCodec_Helper)(; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) [N/A] 2007-02-05 00:27:27.560000000
喵喵淘金初生襁褓狮帖子:15 注册: 2007-02-04 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

附件:

文件名:83752520072440121.bmp 下载次数:259 文件类型:application/octet-stream 文件大小: ShowFormatBytesStr(492950); 上传时间:2007-2-4 4:04:56 描述:

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛【求助】SOS!!!小弟我中了灰鸽子[Backdoor.Gpigeon]跪求救命啊!!!!

文件名:83752520072440121.bmp

下载次数:259

文件类型:application/octet-stream

文件大小:

上传时间:2007-2-4 4:04:56

描述: