Backdoor.GPigeon.swn 无法删除 求助 WIN2000 无论是正常还是安全模式下都删除过可是始终无法删除 ,请教高手。谢谢!在线等
Logfile of HijackThis v1.99.1
Scan saved at 14:26:18, on 2005-11-8
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.exe
E:\Program Files\Rising\Rav\Rav.exe
E:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis.exe
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - E:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [assistse] rem "E:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [yassistse] "E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [UITray] E:\Program Files\feidian\service\UITray.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - HKLM\..\RunOnce: [RavStub] "E:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan
Object) - http://www.kaspersky.com.cn/webscanner/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128748701916
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BCE14A-5E96-4831-A1FA-6F1E4C2F8E13}: NameServer = 202.106.46.151,202.106.0.20
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NT LM_Security_Support_Provide (NLSrv) - Unknown owner - E:\WINNT\system32\NLSrv.exe
O23 - Service: NodeManagerService - Unknown owner - E:\Program Files\feidian\service\NodeManagerService.exe
O23 - Service: Sererver (onServer) - Unknown owner - E:\WINNT\Serever.exe (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
