试试看

O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe
这个是不是？

修复完了~启动后还是查杀到BackDoor.GPigeon.tar了~~怎么搞？

看了几篇帖子~看的我一头雾水~~~某帖子说在注册表找信息~我一个都没找到~！应该怎么办？老大推荐个帖子~~

修复了O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe后~~马上再次扫描~出现如下日志
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      19:32:11, 日期 2005-11-13
操作系统：  Windows 2000  (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 (6.00.2462.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
F:\RISING\RAV\Ravmond.exe
F:\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
F:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
F:\RISING\RAV\RAVTIMER.EXE
F:\RISING\RAV\RAVMON.EXE
C:\WINNT\System32\internat.exe
F:\tool.zip\瑞星\HijackThis V1.99.1 完全汉化版\HijackThis1991zww.exe

O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RavTimer] F:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] F:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: &Download by NetAnts - F:\NETANTS\NAGet.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - F:\NETANTS\NAGetAll.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Tencent\QQ\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch(&A)
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820147288
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\System32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\System32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\System32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - F:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe

突然出来这么多~吓 我一跳~再次扫描后出现如下日志
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      19:33:41, 日期 2005-11-13
操作系统：  Windows 2000  (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 (6.00.2462.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
F:\RISING\RAV\Ravmond.exe
F:\RISING\RAV\RavStub.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
F:\RISING\RAV\CCENTER.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
F:\RISING\RAV\RAVTIMER.EXE
F:\RISING\RAV\RAVMON.EXE
C:\WINNT\System32\internat.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
F:\tool.zip\瑞星\HijackThis V1.99.1 完全汉化版\HijackThis1991zww.exe

O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [SoundMan] soundman.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RavTimer] F:\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] F:\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O8 - IE右键菜单中的新增项目: &Download by NetAnts - F:\NETANTS\NAGet.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - F:\NETANTS\NAGetAll.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\Tencent\QQ\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch(&A)
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122820147288
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - F:\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\RISING\RAV\Ravmond.exe
O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe

帮忙看一下~我先去 安全模式 修复下试试~！

修复了还要删除文件啊，有些鸽子是不改注册表的，文件是关键。

O1 - Hosts: 222.89.109.112 www.99bb.com
O1 - Hosts: 222.89.109.112 99bb.com
O1 - Hosts: 222.89.109.112 www.zdao.com
O1 - Hosts: 222.89.109.112 zdao.com
O1 - Hosts: 222.89.109.112 www.aisex.com
O1 - Hosts: 222.89.109.112 aisex.com
O1 - Hosts: 222.89.109.112 www.qq190.com
O1 - Hosts: 222.89.109.112 qq190.com
O1 - Hosts: 222.89.109.112 www.wanmm.com
O1 - Hosts: 222.89.109.112 wanmm.com
O1 - Hosts: 222.89.109.112 www.qq163.com
O1 - Hosts: 222.89.109.112 qq163.com
O1 - Hosts: 222.89.109.112 www.sex141.com
O1 - Hosts: 222.89.109.112 sex141.com
O1 - Hosts: 222.89.109.112 www.my990.com
O1 - Hosts: 222.89.109.112 my990.com
O1 - Hosts: 222.89.109.112 ad.my990.com
O1 - Hosts: 222.89.109.112 www.ttjj.com
O1 - Hosts: 222.89.109.112 ttjj.com
O1 - Hosts: 222.89.109.112 www.7t7t.com
O1 - Hosts: 222.89.109.112 7t7t.com
O1 - Hosts: 222.89.109.112 www.123987.com
O1 - Hosts: 222.89.109.112 www.123987.com/7sese/
O1 - Hosts: 222.89.109.112 www.oursm.com
O1 - Hosts: 222.89.109.112 oursm.com
O1 - Hosts: 222.89.109.112 www.palacemoon.com
O1 - Hosts: 222.89.109.112 palacemoon.com
O1 - Hosts: 222.89.109.112 18dy.com
O1 - Hosts: 222.89.109.112 www.18dy.com
O1 - Hosts: 222.89.109.112 49m.cn
O1 - Hosts: 222.89.109.112 www.49m.cn
O1 - Hosts: 222.89.109.112 123.xuanji8.com
O1 - Hosts: 222.89.109.112 ohkk.xuanji8.com
O1 - Hosts: 222.89.109.112 123.52lhc.com
O1 - Hosts: 222.89.109.112 7sese.com222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao119.com
O1 - Hosts: 222.89.109.112 7sese.com
O1 - Hosts: 222.89.109.112 www.7sese.com
O1 - Hosts: 222.89.109.112 www.hao358.com
O1 - Hosts: 222.89.109.112 www.ee456.com
O1 - Hosts: 222.89.109.112 video.12san.com
O1 - Hosts: 222.89.109.112 www.eachz.com
O1 - Hosts: 222.89.109.112 www.avl.cn
O1 - Hosts: 222.89.109.112 avl.cn
O1 - Hosts: 222.89.109.112 www.98756.net
O1 - Hosts: 222.89.109.112 7sese.org
O1 - Hosts: 222.89.109.112 www.7sese.org
O1 - Hosts: 222.89.109.112 kanvcd.com
O1 - Hosts: 222.89.109.112 www.kanvcd.com
O1 - Hosts: 222.89.109.112 cn.movies.yahoo
O1 - Hosts: 222.89.109.112 www.zfvod.com
O1 - Hosts: 222.89.109.112 zfvod.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 p2p.55660.com
O1 - Hosts: 222.89.109.112 media.netandtv.com
O1 - Hosts: 222.89.109.112 www.sol.sohu.com
O1 - Hosts: 222.89.109.112 www.sexhu.cn
O1 - Hosts: 222.89.109.112 sexhu.cn
O1 - Hosts: 222.89.109.112 www.blogchina.com
O1 - Hosts: 222.89.109.112 5blogchina.com
O1 - Hosts: 222.89.109.112 www.5806.net
O1 - Hosts: 222.89.109.112 zhao999.com
O1 - Hosts: 222.89.109.112 www.zhao999.com
O1 - Hosts: 222.89.109.112 movie.xmfdc.net
O1 - Hosts: 222.89.109.112 www.movie110.com
O1 - Hosts: 222.89.109.112 movie110.com
O1 - Hosts: 222.89.109.112 www.yesky.com
O1 - Hosts: 222.89.109.112 yesky.com
O1 - Hosts: 222.89.109.112 www.178ya.com
O1 - Hosts: 222.89.109.112 178ya.com
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.hao45.com
O1 - Hosts: 222.89.109.112 hao45.com
O1 - Hosts: 222.89.109.112 www.5sese.com
O1 - Hosts: 222.89.109.112 5sese.com
O1 - Hosts: 222.89.109.112 woyy.51.net
O1 - Hosts: 222.89.109.112 3668.cn
O1 - Hosts: 222.89.109.112 www.3668.cn
O1 - Hosts: 222.89.109.112 tu68.com
O1 - Hosts: 222.89.109.112 www.tu68.com
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 18dy.net
O1 - Hosts: 222.89.109.112 www.18dy.net
O1 - Hosts: 222.89.109.112 avxiu.com
O1 - Hosts: 222.89.109.112 www.avxiu.com
O1 - Hosts: 222.89.109.112 hk.18dy.com
O1 - Hosts: 222.89.109.112 dianying.gghggh.com
O1 - Hosts: 222.89.109.112 lady3.****net
O1 - Hosts: 222.89.109.112 kan56.zj.com
O1 - Hosts: 222.89.109.112 88848.net
O1 - Hosts: 222.89.109.112 www.88848.net
O1 - Hosts: 222.89.109.112 xonline.org
O1 - Hosts: 222.89.109.112 www.xonline.org
O1 - Hosts: 222.89.109.112 dy.nuoy.com
O1 - Hosts: 222.89.109.112 www.korea-av.com
O1 - Hosts: 222.89.109.112 korea-av.com
O1 - Hosts: 222.89.109.112 movie.bucuo.org
O1 - Hosts: 222.89.109.112 mv888.com
O1 - Hosts: 222.89.109.112 www.mv888.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - (no file)
O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} - http://iebar.t2t2.com/iebar.cab
修复这几项.

O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe
这个是灰鸽子.
http://forum.ikaka.com/topic.asp?board=28&artid=6202404关于查杀“灰鸽子2005”的一点建议
http://forum.ikaka.com/topic.asp?board=28&artid=5666824灰鸽子查杀方法总结

O23 - NT 服务: Smarytcer RSVPE (RSVPE) - Unknown owner - C:\WINNT\RSVPE.exe
灰鸽子没杀掉,看看这两个帖子.
http://forum.ikaka.com/topic.asp?board=28&artid=6202404关于查杀“灰鸽子2005”的一点建议
http://forum.ikaka.com/topic.asp?board=28&artid=5666824灰鸽子查杀方法总结

文件在哪在哪啊~~~~`在安全模式下还是这个样子~昏迷ING~~

有没有显示隐藏文件夹.