哪位大侠知道 Backdoor.Gpigeon.pi 这个病毒怎么删除吗?每次启动它都会在C:\Program Files\Internet Explorer 文件夹下生成一个病毒,以下是我扫描的日志:
Logfile of HijackThis v1.99.1
Scan saved at 12:46:53, on 2005-11-4
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
D:\应用程序\外星人\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
D:\应用程序\天网防火墙\pfw.exe
D:\应用程序\瑞星2005\RAVTIMER.EXE
D:\应用程序\瑞星2005\RAVMON.EXE
C:\windows\System32\ctfmon.exe
C:\Program Files\racer-henan-cnc\racer.exe
C:\Program Files\racer-henan-cnc\RacerKp.exe
F:\新建文件夹\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\program files\internet explorer\iexplore.exe
D:\应用程序\瑞星2005\CCENTER.EXE
D:\应用程序\瑞星2005\Ravmond.exe
C:\windows\System32\svchost.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - C:\Program Files\Xplus\GETIE.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O2 - BHO: IEMoni Class - {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} - C:\WINDOWS\system32\Sbhoplin.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio 属性页快捷方式] ; HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [SKYNET Personal FireWall] D:\应用程序\天网防火墙\pfw.exe
O4 - HKLM\..\Run: [StormCodec_Helper] ; "D:\应用程序\影音风暴\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [poco] ; D:\应用程序\po co\Poco2004.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [PigLocalSearch] ; D:\应用程序\网络猪\PigStart.exe
O4 - HKLM\..\Run: [RavTimer] D:\应用程序\瑞星2005\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] D:\应用程序\瑞星2005\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; D:\应用程序\超级兔子\SRRest.exe /autosave
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [Xplus] ; "C:\Program Files\Xplus\Xplus_Wait.exe" /min
O4 - Global Startup: 河南网通宽带用户客户端.lnk = C:\Program Files\racer-henan-cnc\racer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迅雷下载 - D:\应用程序\迅雷\geturl.htm
O8 - Extra context menu item: 使用Kugoo下载 - D:\应用程序\酷狗\KugooDownX.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 网络实名
O20 - Winlogon Notify: WB - D:\应用程序\外星人\fastload.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: Windows Manager Driver Extensi (DriverManager) - Unknown owner - C:\windows\Cursors\service.exe
O23 - Service: Logical System Manage (llsserver) - Unknown owner - C:\Program Files\Common Files\llserv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\应用程序\瑞星2005\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\应用程序\瑞星2005\Ravmond.exe
请求帮助,,万分感谢
