紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 12:03 \| 只看楼主短消息资料字号：小中大 1楼紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。以下是扫描日志： Logfile of HijackThis v1.99.0 Scan saved at 11:39:06, on 2006-07-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\windows\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\Rising\Rav\RavTask.exe C:\windows\system32\ctfmon.exe C:\windows\System32\nvsvc32.exe C:\windows\System32\svchost.exe C:\Program Files\Maxthon\Maxthon.exe C:\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\giacij.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINDOWS\system32\ThunderBHO_v07.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing) O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\聊天软件\QQ\QQIEHelper.dll O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll (file missing) O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL (file missing) O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing) O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file) O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll O2 - BHO: google bar - {F651FCAA-F826-4922-8990-C6F99CC67AFC} - C:\WINDOWS\Win32ef.dll (file missing) O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll (file missing) O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\下载软件\下载工具\BT\BitComet\BitCometBar\BitCometBar0.6.dll (file missing) O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install O4 - HKLM\..\Run: [Knight V] rem O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "F:\聊天软件\skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O8 - Extra context menu item: &使用迅雷下载 - F:\下载软件\下载工具\迅雷\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\下载软件\下载工具\迅雷\Thunder\getAllurl.htm O8 - Extra context menu item: VeryCD搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\聊天软件\QQ\AddToNetDisk.htm O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - F:\下载软件\下载工具\emule\ed2k.html O8 - Extra context menu item: 添加到QQ自定义面板 - F:\聊天软件\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\聊天软件\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\聊天软件\QQ\SendMMS.htm O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUMP3.HTM O8 - Extra context menu item: 百度--图片搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUIMG.HTM O8 - Extra context menu item: 百度--地图搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_MAP.HTM O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUNEWS.HTM O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDULYRIC.HTM O8 - Extra context menu item: 百度--知道搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_DISK.HTM O8 - Extra context menu item: 百度--站内搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_SITE.HTM O8 - Extra context menu item: 百度--网页搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUSEARCH.HTM O8 - Extra context menu item: 百度--词典搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_DIC.HTM O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUPOST.HTM O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{67313A49-9888-4D4E-9C28-C411F2AFE3A0}: NameServer = 202.96.128.86 202.96.128.166 O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing) O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Te1net - Unknown - C:\WINDOWS\System32\VIPTray.exe (file missing) O23 - Service: Vista - Unknown - C:\WINDOWS\Hacker.com.cn.ini 2006-07-22 21:56:47
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	分享到：

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 12:04 \| 只看楼主短消息资料字号：小中大 2楼我是外行，请告知详细操作，不胜感激！！
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 12:05 \| 只看楼主短消息资料字号：小中大 3楼请问有高手在线急诊吗？
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 12:19 \| 只看楼主短消息资料字号：小中大 4楼高手啊，你在哪里？
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-07-22 12:47 \| 短消息资料字号：小中大 5楼修复 F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\giacij.exe O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing) O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll (file missing) O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll (file missing) O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL (file missing) O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing) O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file) O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll O2 - BHO: google bar - {F651FCAA-F826-4922-8990-C6F99CC67AFC} - C:\WINDOWS\Win32ef.dll (file missing) O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll (file missing) O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\下载软件\下载工具\BT\BitComet\BitCometBar\BitCometBar0.6.dll (file missing) O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O4 - HKLM\..\Run: [Knight V] rem O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe 删除 C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\giacij.exe C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll C:\Progra~1\NetMeeting C:\WINDOWS\system32\WinSC64.dll C:\WINDOWS\system32\flash8.dll C:\WINDOWS\system32\CoolBho.dll C:\WINDOWS\svchost.exe O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing) O23 - Service: Te1net - Unknown - C:\WINDOWS\System32\VIPTray.exe (file missing) O23 - Service: Vista - Unknown - C:\WINDOWS\Hacker.com.cn.ini 鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索Crypkey License , Te1net , Vista 删除.. 删除 C:\WINDOWS\Hacker.com.cn.ini http://www.pctutu.com/srmsdown.asp 下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 14:48 \| 只看楼主短消息资料字号：小中大 6楼谢谢啊，可是我找不到下面这些要求删除的文件啊…… C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll C:\Progra~1\NetMeeting C:\WINDOWS\system32\WinSC64.dll C:\WINDOWS\system32\flash8.dll C:\WINDOWS\system32\CoolBho.dll C:\WINDOWS\svchost.exe
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

卡卡技术团队

帖子:17737
注册: 2005-12-06
来自:New York

发表于： 2006-07-22 15:01 | 短消息资料

字号：小中大 7楼

引用:

【huandia的贴子】谢谢啊，可是我找不到下面这些要求删除的文件啊……
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll
C:\Progra~1\NetMeeting
C:\WINDOWS\system32\WinSC64.dll
C:\WINDOWS\system32\flash8.dll
C:\WINDOWS\system32\CoolBho.dll
C:\WINDOWS\svchost.exe

...........................

用 WINRAR 查找...
删除...
如果不能删除建议到安全模式下删除..

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 16:12 \| 只看楼主短消息资料字号：小中大 8楼用 WINRAR 查找依然找不到，用超级兔子清理王后重新扫描，报告如下。不知是否已经彻底清除“灰鸽子”？ Logfile of HijackThis v1.99.0 Scan saved at 15:59:27, on 2006-07-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\windows\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\Rising\Rav\RavTask.exe C:\windows\system32\ctfmon.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Maxthon\Maxthon.exe C:\windows\System32\svchost.exe C:\HijackThis.exe F2 - REG:system.ini: UserInit=C:\windows\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "F:\聊天软件\skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: &使用迅雷下载 - F:\下载软件\下载工具\迅雷\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\下载软件\下载工具\迅雷\Thunder\getAllurl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\聊天软件\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - F:\聊天软件\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\聊天软件\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\聊天软件\QQ\SendMMS.htm O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll (file missing) O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll (file missing) O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 18:37 \| 只看楼主短消息资料字号：小中大 9楼？？？
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:

mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York	发表于： 2006-07-22 18:47 \| 短消息资料字号：小中大 10楼修复 F2 - REG:system.ini: UserInit=C:\windows\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe 删除 C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe
mopery 卡卡技术团队帖子:17737 注册: 2005-12-06 来自:New York

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	发表于： 2006-07-22 12:03 \| 只看楼主短消息资料字号：小中大 1楼紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。以下是扫描日志： Logfile of HijackThis v1.99.0 Scan saved at 11:39:06, on 2006-07-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\windows\System32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\Rising\Rav\RavTask.exe C:\windows\system32\ctfmon.exe C:\windows\System32\nvsvc32.exe C:\windows\System32\svchost.exe C:\Program Files\Maxthon\Maxthon.exe C:\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\giacij.exe O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F57} - C:\WINDOWS\system32\ThunderBHO_v07.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing) O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4613.dll O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\聊天软件\QQ\QQIEHelper.dll O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll (file missing) O2 - BHO: MSHlper Class - {721E6521-4CAD-4A8D-A7F1-4E230B31EF19} - C:\WINDOWS\system32\MSHLP.DLL (file missing) O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll (file missing) O2 - BHO: IEHlprObj Class - {999ADFA2-8AD1-47ff-97FC-69FB847458F4} - C:\Progra~1\NetMeeting\nmview.dll O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\WinSC64.dll O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file) O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll O2 - BHO: google bar - {F651FCAA-F826-4922-8990-C6F99CC67AFC} - C:\WINDOWS\Win32ef.dll (file missing) O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll (file missing) O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - F:\下载软件\下载工具\BT\BitComet\BitCometBar\BitCometBar0.6.dll (file missing) O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] rem RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install O4 - HKLM\..\Run: [Knight V] rem O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "F:\聊天软件\skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O8 - Extra context menu item: &使用迅雷下载 - F:\下载软件\下载工具\迅雷\Thunder\geturl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\下载软件\下载工具\迅雷\Thunder\getAllurl.htm O8 - Extra context menu item: VeryCD搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\聊天软件\QQ\AddToNetDisk.htm O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - F:\下载软件\下载工具\emule\ed2k.html O8 - Extra context menu item: 添加到QQ自定义面板 - F:\聊天软件\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - F:\聊天软件\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\聊天软件\QQ\SendMMS.htm O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUMP3.HTM O8 - Extra context menu item: 百度--图片搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUIMG.HTM O8 - Extra context menu item: 百度--地图搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_MAP.HTM O8 - Extra context menu item: 百度--新闻搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUNEWS.HTM O8 - Extra context menu item: 百度--歌词搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDULYRIC.HTM O8 - Extra context menu item: 百度--知道搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_ZHIDAO.HTM O8 - Extra context menu item: 百度--硬盘搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_DISK.HTM O8 - Extra context menu item: 百度--站内搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_SITE.HTM O8 - Extra context menu item: 百度--网页搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUSEARCH.HTM O8 - Extra context menu item: 百度--词典搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDU_DIC.HTM O8 - Extra context menu item: 百度--贴吧搜索 - RES://C:\Progra~1\Baidu\bar\baidubar.dll/BAIDUPOST.HTM O9 - Extra button: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 迅雷 - {1FBA04EE-3024-11D2-8F1F-000019796948}} - F:\下载软件\下载工具\迅雷\Thunder\Thunder.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\聊天软件\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\聊天软件\QQ\QQIEHelper.dll O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=50 (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{67313A49-9888-4D4E-9C28-C411F2AFE3A0}: NameServer = 202.96.128.86 202.96.128.166 O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing) O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: Rising Process Communication Center - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Te1net - Unknown - C:\WINDOWS\System32\VIPTray.exe (file missing) O23 - Service: Vista - Unknown - C:\WINDOWS\Hacker.com.cn.ini 2006-07-22 21:56:47
huandia 初生襁褓狮帖子:15 注册: 2006-07-21 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。

紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。

紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛紧急求救：中了Backdoor.Gpigeon.uql病毒，这是扫描日志。