瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 我中了Backdoor.Gpigeon.shk病毒 看不懂注册表能指点一下吗

1   1  /  1  页   跳转

我中了Backdoor.Gpigeon.shk病毒 看不懂注册表能指点一下吗

我中了Backdoor.Gpigeon.shk病毒 看不懂注册表能指点一下吗

按照其他帖子里高手教的方法,为什么我找不到LDDE? 能帮我看看我的这个病毒是删什么文件吗,不进安全模式也可以删吗 万分万分感谢!!

“1.开始-运行输入regedit,到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名
Local DDE (ldde)
2.重启系统,在“文件夹选项”的“查看”面板中勾选“显示系统文件”、“显示所有的文件和文件夹”两项,点击“确定”按钮。然后在windows下寻找病毒文件名DDN.exe,DDN.dll,DDN_Hook.dll,DDNkey.dll,能找到的都删除



Logfile of HijackThis v1.99.1
Scan saved at 20:02:27, on 2005-8-4
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\Rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
D:\Program Files\rising\rfw\rfwcfg.exe
D:\PROGRA~1\RISING\RAV\Rav.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\regedit.exe
D:\Program Files\WinRAR\WinRAR.exe
E:\TEMP\Rar$EX00.037\HijackThis.exe

O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - D:\WINDOWS\System32\NaviHelper.dll (file missing)
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2} - D:\WINDOWS\System32\51.net\diybar\diybar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 虎翼DIY吧! - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - D:\WINDOWS\System32\51.net\diybar\diybar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RavTimer] D:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RavMon] D:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\RunServices: [RavMon] D:\PROGRA~1\rising\Rav\RavMon.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to &Teleport - E:\xp下软件\离线\teleport.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\xp下软件\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\xp下软件\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\xp下软件\qq\SendMMS.htm
O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - D:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\xp下软件\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\xp下软件\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://218.251.120.24/kxhcm10.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} (DIYBAR) - http://pi.51.net/download/diybar2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099742477217
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFDB562B-352D-49E3-B699-9FF84AC7189A}: NameServer = 210.22.70.227 210.22.70.3
O23 - Service: - - Unknown owner - D:\WINDOWS\-.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe


最后编辑2005-08-04 22:36:02
分享到:
gototop
 

......
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT