瑞星卡卡安全论坛

请高人指点啊．．下面有图片一张提示．．．

附件: 8780762007522153840.bmp

不像好东西，手动能删掉吗？

用杀毒工具杀又没有是怎么一回事．可是卡卡一查就出来了．．．我的是最新．１９．２４杀毒版本．．

引用:

【xin01的贴子】请高人指点啊．．下面有图片一张提示．．． ………………

中“灰鸽子”了。
手工杀毒流程一般是：
1、扫系统日志（用SRENG、HijackThis均可），确认鸽子的服务项。
2、删除鸽子的服务项。
3、重启。显示隐藏文件。找到并删除鸽子的文件。

没有发现。。。。

附件: 8780762007522161151.bmp

这有啥用


照猫猫的搞吧

瑞星的这个功能怎么没见过？

查杀未知病毒的功能在哪儿？

怎么这没高人指点啊～～！！要怎么才能册掉可疑的文件啊？？？？？？？？？？？？？？？？？？？

呵呵！！！

3楼最高的都说了，这楼主只管喊。

引用:

【日不懂啊的贴子】瑞星的这个功能怎么没见过？ 查杀未知病毒的功能在哪儿？ ………………

有啊。

设置里慢慢找。

我不常用，记不得了。

引用:

【xin01的贴子】没有发现。。。。 ………………

这种所谓“专杀”——————没什么用（事实如此，没有鄙视的意思）。
还是好好看看3楼的回复，贴日志上来看看吧。

是高人就贴上来．教教我？？？？？？

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/download.html

正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2004][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
[PID: 124][e:\瑞星杀毒\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [e:\瑞星杀毒\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [e:\瑞星杀毒\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\瑞星杀毒\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\瑞星杀毒\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\瑞星杀毒\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [e:\瑞星杀毒\rising\rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 264][C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe]  [Conexant, 1, 3, 7, 0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\CONEXANT\SmartAudio\dll\res0804.dll]  [Conexant, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 296][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 308][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 340][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 436][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 448][C:\WINDOWS\FixCamera.exe]  [, 1, 0, 0, 8]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 456][C:\WINDOWS\tsnpstd3.exe]  [, 1, 1, 3, 6]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\vsnpstd3.dll]  [ , 1, 0, 5, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 508][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 6, 0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 536][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 364][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 7, 2, 107]
    [C:\Program Files\Thunder Network\WebThunder\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 7, 2, 107]
    [C:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [C:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 79]
    [C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Thunder Network\WebThunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [C:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll]  [　, 1, 0, 0, 17]
    [C:\Program Files\Thunder Network\WebThunder\iEmbed09.dll]  [　, 3, 3, 0, 78]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
[PID: 648][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
[PID: 1176][C:\WINDOWS\system32\HPZipm12.exe]  [HP, 9, 0, 0, 0]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 9, 0, 0, 0]
[PID: 1460][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\hpzidr12.dll]  [HP, 9, 0, 0, 0]
    [C:\WINDOWS\system32\hpzipr12.dll]  [HP, 9, 0, 0, 0]
    [C:\Program Files\HP\Digital Imaging\bin\hpodev08.dll]  [Hewlett-Packard Co.,

50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll]  [Hewlett-Packard Co., 50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hposcn08.dll]  [Hewlett-Packard Co., 50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpoSCN08.rsc]  [Hewlett-Packard Co., 50.0.214.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 2232][E:\新建文件夹 (2)\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\新建文件夹 (2)\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [E:\新建文件夹 (2)\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [E:\新建文件夹 (2)\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\新建文件夹 (2)\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\新建文件夹 (2)\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\新建文件夹 (2)\LoginCtrl.dll]  [N/A, ]
    [E:\新建文件夹 (2)\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\新建文件夹 (2)\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\新建文件夹 (2)\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQMainFrame.dll]  [N/A, ]
    [E:\新建文件夹 (2)\CQQApplication.dll]  [N/A, ]
    [E:\新建文件夹 (2)\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQAllInOne.dll]  [N/A, ]
    [E:\新建文件夹 (2)\GroupLive.dll]  [N/A, ]
    [E:\新建文件夹 (2)\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\新建文件夹 (2)\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\新建文件夹 (2)\QQSpace.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\新建文件夹 (2)\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\新建文件夹 (2)\QQAvatar.dll]  [N/A, ]
    [E:\新建文件夹 (2)\QRingMng.dll]  [N/A, ]
    [E:\新建文件夹 (2)\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQPlugin.dll]  [N/A, ]
    [E:\新建文件夹 (2)\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\新建文件夹 (2)\QQPet.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\新建文件夹 (2)\QQSysMsgMng.dll]  [N/A, ]
    [E:\新建文件夹 (2)\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\新建文件夹 (2)\VqqModule.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [E:\新建文件夹 (2)\QQSceneMng.dll]  [N/A, ]
    [E:\新建文件夹 (2)\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\新建文件夹 (2)\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [E:\新建文件夹 (2)\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\BQQApplication.dll]  [N/A, ]
    [E:\新建文件夹 (2)\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [E:\新建文件夹 (2)\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\新建文件夹 (2)\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [E:\新建文件夹 (2)\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 92]
[PID: 2384][E:\新建文件夹 (2)\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\新建文件夹 (2)\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2388][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe]  [Hewlett-Packard Co., 053.000.013.000]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_960b30d4\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e8e1f911\system.windows.forms.dll]  [N/A, ]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_c162a552\system.drawing.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_10c5557f\system.dll]  [N/A, ]
    [c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqimzone.resources.dll]  [ , 50.0.120.0]

[C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e8e119ee\system.xml.dll]  [N/A, ]
    [c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll]  [LEAD Technologies, Inc., 13.0.0.098]
    [c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqtray.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\HP\Digital Imaging\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\hpqmirsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqmirsc.resources.dll]  [ , 50.0.120.0]
    [c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqedit.resources.dll]  [ , 50.0.131.0]
    [c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcc2.resources.dll]  [ , 50.0.120.0]
    [c:\program files\hp\digital imaging\bin\zh-chs\hpqvideo.resources.dll]  [ , 50.0.127.0]
    [c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqprrsc.resources.dll]  [ , 53.0.6.0]
    [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_zh-chs_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll]  [ , 3.0.0.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcprsc.resources.dll]  [Hewlett-Packard Co., 50.0.145.0]
    [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqisrtb.resources.dll]  [Hewlett-Packard Co., 53.0.13.0]
    [c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll]  [Hewlett-Packard Co., 053.000.013.000]
    [c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqbakup.resources.dll]  [ , 50.0.154.0]
    [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll]  [Hewlett-Packard Co., 053.000.013.000]
[PID: 2452][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\system32\hpzipr12.dll]  [HP, 9, 0, 0, 0]
    [C:\WINDOWS\system32\hpzidr12.dll]  [HP, 9, 0, 0, 0]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 1484][C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 956][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
[PID: 3340][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3892][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.828\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\G_Server2007.DLL]  [N/A, ]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：NtQuerySystemInformation (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：EnumServicesStatusA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：EnumServicesStatusW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：FindNextFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)
入口点错误：FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\G_Server2007.DLL)

==================================
隐藏进程
    [1240] C:\WINDOWS\G_Server2007.exe

==================================


[/CODE]

【回复“xin01”的帖子】
C:\WINDOWS\G_Server2007.DLL——————鸽子的库文件已经插入了N多进程中。不清理被插进程，无法杀掉！！

俺要看SRENG日志中的“服务”啊！老大！！

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wallpaper><c:\windows\system32\壁纸自动换.exe>  []
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SmartAudio><C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c>  [Conexant]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <FixCamera><C:\WINDOWS\FixCamera.exe>  []
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe>  []
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [N/A]
    <WebThunder><"C:\Program Files\Thunder Network\WebThunder\WebThunder.exe">  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
    <RfwMain><"E:\瑞星杀毒\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\梦幻水~1.SCR>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]

==================================
启动文件夹
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[HP Image Zone 快速启动 ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Image Zone 快速启动 .lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\TENCENT\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\新建文~2\QQ.exe [TENCENT]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\瑞星杀毒\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\瑞星杀毒\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\瑞星杀毒\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\新建文件夹 (2)\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[saoaj / saoaj][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\saoaj.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\新建文件夹 (2)\QQ.EXE, TENCENT>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <E:\新建文件夹 (2)\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <E:\新建文件夹 (2)\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\新建文件夹 (2)\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\新建文件夹 (2)\SendMMS.htm, N/A>

【回复“xin01”的帖子】
未见鸽子的服务项。
这样试试吧：

用IceSword，先解决下列病毒：

1、禁止进程创建。
2、删除下列注册表内容：
注册表
启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<?{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><> [N/A]
驱动项
[saoaj / saoaj][Stopped/Boot Start]
<\SystemRoot\System32\drivers\saoaj.sys><N/A>
3、删除相应文件
4、取消“禁止进程创建。重启。

重启后，进行以下操作：

1、打开注册表编辑器。以C:\WINDOWS\G_Server2007.exe为关键字搜索，删除找到的注册表项。
2、重启。
3、删除
C:\WINDOWS\G_Server2007.exe

C:\WINDOWS\G_Server2007.dll

重启后．在那里打开注册表．．？？？？？？？？？？？？？？

开始 运行 regedit

编辑 查找

学习ING..

呵呵，搂主小菜，应该好好谢谢各位大虾那么耐心 呵呵

呵呵，搂主小菜，应该好好谢谢各位大虾那么耐心 呵呵

灰鸽子很难清,楼主中了这么个毒,同情