1   1  /  1  页   跳转

中毒

收藏
huoshen
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2005-05-05
  • 来自:
发表于: 2005-09-22 20:36 | 只看楼主 短消息 资料
字号: 1楼

中毒

开机就有这个病毒Backdoor.Gpigeon.kc防火墙可以清除,但一开机还有,请教如何查杀
附扫描日志
Logfile of HijackThis v1.99.1
Scan saved at 20:35:44, on 2005-9-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
e:\program files\瑞星\防火\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\wsearch\mupdate.exe
e:\program files\瑞星\防火\rising\rfw\RfwCfg.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lenovo\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINDOWS\system32\rtsapi16.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\金山快译2005\IEBand.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\瑞星\防火\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [木马专家] E:\Program Files\木马\木马专家 2005\mmzj.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\迅雷\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - E:\PROGRA~1\酷狗\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra 'Tools' menuitem: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://61.129.90.99:1995/VTrans.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.129.90.99:1995/talk.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60A06420-E360-4619-A5FB-FF3CF35E2EC4}: NameServer = 211.98.4.1 211.98.2.4
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe

最后编辑2005-09-24 19:49:46
分享到:
gototop
 
子阳
头像
雄霸杖朝狮
  • 帖子:14755
  • 注册: 2004-04-13
  • 来自:
发表于: 2005-09-23 16:29 | 短消息 资料
字号: 2楼

引用:
【huoshen的贴子】开机就有这个病毒Backdoor.Gpigeon.kc防火墙可以清除,但一开机还有,请教如何查杀
附扫描日志
Logfile of HijackThis v1.99.1
Scan saved at 20:35:44, on 2005-9-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
e:\program files\瑞星\防火\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\wsearch\mupdate.exe
e:\program files\瑞星\防火\rising\rfw\RfwCfg.exe
D:\Program Files\Tencent\TT\TTraveler.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lenovo\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINDOWS\system32\rtsapi16.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\金山快译2005\IEBand.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\瑞星\防火\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [木马专家] E:\Program Files\木马\木马专家 2005\mmzj.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\迅雷\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - E:\PROGRA~1\酷狗\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra ''Tools'' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra ''Tools'' menuitem: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra ''Tools'' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra ''Tools'' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra ''Tools'' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra ''Tools'' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra ''Tools'' menuitem: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra ''Tools'' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://61.129.90.99:1995/VTrans.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.129.90.99:1995/talk.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60A06420-E360-4619-A5FB-FF3CF35E2EC4}: NameServer = 211.98.4.1 211.98.2.4
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe


...........................

O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe鸽子

修复方法请参考:
http://forum.ikaka.com/topic.asp?board=28&artid=6202404

            主题: 关于查杀“灰鸽子2005”的一点建议
gototop
 
huoshen
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2005-05-05
  • 来自:
发表于: 2005-09-23 19:08 | 只看楼主 短消息 资料
字号: 3楼

奇怪没找到C:\WINDOWS\G_Server2.0.exe
gototop
 
huoshen
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2005-05-05
  • 来自:
发表于: 2005-09-23 19:24 | 只看楼主 短消息 资料
字号: 4楼

新的日Logfile of HijackThis v1.99.1
Scan saved at 19:22:34, on 2005-9-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
C:\Program Files\wsearch\mupdate.exe
e:\program files\瑞星\防火\rising\rfw\RfwMain.exe
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\RavStub.exe
e:\program files\瑞星\防火\rising\rfw\RfwCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\lenovo\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\System32\stdup.dll
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - C:\Program Files\LtUcx\1002\c0.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: InsIII - {DDDE2452-AF9E-4577-AE6C-465DBCB54D49} - C:\WINDOWS\system32\rtsapi16.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 完美网译通 - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\金山快译2005\IEBand.dll
O3 - Toolbar: i&Bar搜索引擎 - {2E7D3330-EB94-4518-B0FE-E05379A5C1DA} - C:\PROGRA~1\iBar\10002\iBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\瑞星\杀毒\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "E:\Program Files\瑞星\防火\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [木马专家] E:\Program Files\木马\木马专家 2005\mmzj.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\Program Files\迅雷\getAllurl.htm
O8 - Extra context menu item: 使用Kugoo下载 - E:\PROGRA~1\酷狗\KuGoo2\KugooDownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {367E0A21-8601-4986-9C9A-153BF5ACA118} - (no file)
O9 - Extra button: 常用网址 - {36B39F01-7B48-44AD-A165-5849CD8EF562} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra 'Tools' menuitem: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 网上购物 - {EE60714F-AC27-427e-861A-FD60CBDF119A} - http://www.imhero.com/popup/url.aspx?id=1 (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://61.129.90.99:1995/VTrans.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.129.90.99:1995/talk.cab
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) - http://download.ourgame.com/IEDown4.cab
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\瑞星\防火\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\瑞星\杀毒\RISING\RAV\Ravmond.exe
gototop
 
命运里の金色
头像
社区嘉宾
  • 帖子:11442
  • 注册: 2005-01-01
  • 来自:
发表于: 2005-09-23 20:16 | 短消息 资料
字号: 5楼

O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
还是没搞定
修复方法请参考:
http://forum.ikaka.com/topic.asp?board=28&artid=6202404
服务名是 Gray_Pigeon_Server2.0
gototop
 
love59
头像
初生襁褓狮
  • 帖子:159
  • 注册: 2004-01-09
  • 来自:
发表于: 2005-09-23 21:01 | 短消息 资料
字号: 6楼

看如下图,都打开那三个就可以看C:\WINDOWS\G_Server2.0.exe

附件附件:

下载次数:0
文件类型:image/pjpeg
文件大小:
上传时间:2005-9-23 21:01:23
描述:
gototop
 
Mestoration
头像
叱咤花甲狮
  • 帖子:4126
  • 注册: 2005-04-07
  • 来自:BJ
发表于: 2005-09-23 21:30 | 短消息 资料
字号: 7楼

O23 - Service: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINDOWS\G_Server2.0.exe
你先删
gototop
 
huoshen
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2005-05-05
  • 来自:
发表于: 2005-09-24 19:49 | 只看楼主 短消息 资料
字号: 8楼

谢谢各位,找到该文件了,但删不了,说文件正被另一个人或程序使用,我是菜鸟不会删,
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT