我的IE被“植入”了灰鸽子,我找不到其它被感染的地方了!!!
我用瑞星扫描C盘,发现中了“灰鸽子”病毒了,请看记录:
Backdoor.GPigeon.up 清除成功 05-10-11 23:28 手动扫描 IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE\瑞星提示已经清除了,可是既然已经被“灰鸽子”感染了,电脑上应该不止一处地方吧,我应该如何去找其它的地方呢?请高手指教,以下是HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 20:46:30, on 2005-10-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\RISING\RAV\Ravmond.exe
C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
C:\WINNT\system32\svchost.exe
C:\RISING\RAV\CCENTER.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SkyNet\Firewall\pfw.exe
C:\RISING\RAV\RAVTIMER.EXE
C:\RISING\RAV\RAVMON.EXE
F:\GREENS~1\Timer\Timer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\1By1\1by1.exe
F:\GreenSoft\Maxthon\Maxthon.exe
C:\WINNT\system32\mmc.exe
F:\GreenSoft\hijackthis1991\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\GreenSoft\flashget\jccatch.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O4 - HKLM\..\Run: [SKYNET Personal FireWall] C:\PROGRA~1\SkyNet\Firewall\pfw.exe
O4 - HKLM\..\Run: [RavTimer] C:\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [定时器] F:\GREENS~1\Timer\Timer.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用网际快车下载 - F:\GreenSoft\flashget\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\GreenSoft\flashget\jc_all.htm
O8 - Extra context menu item: 使用超级解霸播放 - C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\GreenSoft\QQ2004II\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\GreenSoft\QQ2004II\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\GreenSoft\QQ2004II\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\GreenSoft\flashget\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\GreenSoft\flashget\flashget.exe
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C82026E5-E33C-4943-B636-54D4C42BCD27}: NameServer = 211.136.18.171,211.136.20.203
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll (file missing)
O23 - Service: Antiy live update (Alive Auto-Update Service) - Unknown owner - C:\Program Files\Antiy Labs\Alive\AliveCenter.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\RISING\RAV\Ravmond.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
O23 - Service: VNN Client Service (VNNC) - Unknown owner - C:\Program Files\VNN\VNN Client 3.0\VNNClientC.exe" -service (file missing)
