我也中了这个毒，用瑞星杀不干净不说，每次开机还会自动启动regedit，请高手指点，谢谢！
Logfile of HijackThis v1.99.1
Scan saved at 11:16:21, on 2006-2-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsLogVw.exe
C:\Documents and Settings\sap\桌面\155847200541134207\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O2 - BHO: DragSearch BHO - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - Toolbar: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 金山词霸 2006 Plus.lnk = C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=208680_1006 (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://99liao.com/talk.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AADBFE0-84EC-44B1-B077-331EE832FF36}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

病毒名称处理结果发现日期扫描方式路径文件病毒来源
Backdoor.Gpigeon.vqf删除成功2006-02-21 11:36定时扫描F:\System Volume Information\_restore{3C117C91-95A1-43BC-97CD-7192F0F63A43}\RP92A0029772.exe>>soft\yy.exe本机

我还中了一个这样的毒，也是杀不干净，不知道有没有解决的办法？

【回复“早上的月亮”的帖子】
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: CnsHook Class - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe
建议用HijackThis在关闭IE浏览器的情况下修复以上

DEL　可执行档案
C:\Program Files\Common Files\COMM\Network.exe

DEL DLL档案
C:\WINDOWS\system32\socul.dll
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm\cfsys.dll

DEL　文件夹
C:\WINDOWS\system32\msibm
C:\Program Files\Common Files\COMM

建议自己卸载3721,yahoo助手，网络实名，虽然没什么，但影响电脑性能

还有后面你提到的病毒，关闭系统还原就可以了

【回复“早上的月亮”的帖子】

结束进程：C:\Program Files\Common Files\COMM\Network.exe

谢谢各位高手了,到现在为止都没弹出杀毒的对话框了

谢谢各位了,现在都没出现了

我可还是不行，按前辈的操作方式，我用HijackThis都修复不了，请再看一次我导出的报告：Logfile of HijackThis v1.99.1
Scan saved at 16:35:04, on 2006-2-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3721\Dlaccel\YDownloader.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\P4P\p2psvr.exe
C:\Program Files\Common Files\COMM\Network.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sap\桌面\155847200541134207\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\system32\socul.dll (file missing)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v6.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\WINDOWS\Downloaded Program Files\Biamzq.dll (file missing)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.3.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [uninsrest] C:\DOCUME~1\sap\LOCALS~1\Temp\uninrest.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 金山词霸 2006 Plus.lnk = C:\Program Files\XunchiTools\Powerword 2006\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=208680_1006 (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://99liao.com/talk.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AADBFE0-84EC-44B1-B077-331EE832FF36}: NameServer = 202.96.209.6 202.96.209.133
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Network System (Universal Disk Manager) - COMENET TECHNOLOGY - C:\Program Files\Common Files\COMM\Network.exe

而且DLL，和EXE文件都是写保护的，不让我手动删除，这可怎么办哪？

【Trojan.Spy.Agent.xv杀不掉】
进程列表

[System Process]
System
C:\WINDOWS\system32\Ati2evxx.exe (Made by ATI Technologies Inc.)
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe (Made by Yahoo!)
C:\Program Files\Common Files\COMM\Network.exe (Made by COMENET TECHNOLOGY)
G:\mxxx\MxXX.EXE

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
H:\系统软件\Photoshop7.1\Photoshop\Setup.exe
E:\Program Files\《墨香》\MHClient-Connect.exe
C:\Herosoft\HeroV8\STHSDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\RavDetect.exe

December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
invalid string position
string too long
8D)wx/W
.{yL%qB
Jw:E2S/T
HdH(!>
rGetStringTypeW
LoaderDll.dll
ConnServ
h(((( H
((((( H
h(((( H
H
iciNWq
Ze2Zh@
A4x{%`
BFUa.X
w``u N
.?AVexception@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVtype_info@@
.?AVout_of_range@std@@
C:\Program Files\Internet Explorer\iexplore.exe
((((((((((((((((((((((((((
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
G:\mxxx\GameHook.DLL
8"8.878
=:>L>S>
.0=0D0
1#1Z1`1
1#2-2Q2_2j2{2
3)3B3I3y3
4)4.4E4U4`4p4{4
=_=}=W>
?#?*?1?:?S?X?e?s?
1%161C1T1e1
2 262D2O2a2
3-363{3
4'4.4W4_4e4
5#5-5?5^5g5q5x5}5
6%6,62686?6F6L6V6`6g6l6s6
7#717:7H7N7]7
=N>Y>t>{>
? ?$?(?r?x?|?
4'4/4F4T4Y4c4
5I5N5X5
5.6H6_6
7;7E7W7
8\8n8v8
;";*;I;O;Z;c;
(4]4g4
5!5/575H5R5Z5
6?6K6u6
8#80868;8D8J8
:':-:P:W:p:
3!4'414K4Q4Z4a4u4
5,575>5D5L5W5^5f5l5}5
5G6M6j6
6?7E7f7
8+8C8~8
9#9A9c9q9
:*:|:R;k;
=V=f=r=y=
>.>E>K>X>d>k>t>{>
>[?`?z?
00c0}0
1+1J1\1h1x1
5'5-52585E5b5h5s5x5
6 6&676
65:;:v:
= >,>D>[>h>
?-?J?b?y?
0)00070@0]0r0x0
1#1/1e1m1u1
222N2f2
3*3:3R3c3|3
545;5L5S5a5u5
;$;/;A;L;^;i;z;
>3>e>l>p>t>x>|>
0 0+040^0
1!2Z2`2g2m2t2z2
3,767C7`7k7
8!898Y8k8
3 4(4,44484H4P4T4\4`4l4p4|4
6@8P8x8
3\4`4h4
5 5054585P5T5X5l5|5
6T6d6x6
7$707H7T7l7
00141P1X1\1
|kernel32.dll
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
ws2_32.dll
user32.dll
oleaut32.dll
kernel32.dll
SetTimer
VariantChangeTypeEx
RaiseException
HrCg@b
rin5gX
{+$WSZ
$;=HBu,
t/`)x*
48`lIn
s COpy~
1983t,
BbxXCK
0w304K
|ot=pe
`x"t#p
EDiv yZ@
zblE:a&
r4ylXe
BFaHod
,P]xOM
u4V2PF
;A|oxr
TV0P7hH
*lD{,pY
LX24 P$p\
S'"|FX
60%?)+
Nz1=Jt
X1`of\5"
pY8m J
CLSID\
hmHg,0
y[] 9&
XnV2BT
GCR(%;
Y [e+%
n^LRS:y
([`@4vNX
@HIJKL
PQRST`U
jklmnp
stuvwxy
123456
+/= $&()p
{},;:-
BJHwe
lm|/@Z9
0\^hR0?3"s
!4``yK
A'qCak
(*zv;54
ache:
r*vB2`|
IV)$#\
r~LUpx
"'st^>
se256T
$|t`+A#
PMarnxg
keyq.i
\f6/.W
,gRv 9/;
|e>=9
JYs'{E
/`2wCy
:V5`!z@
Z_K{}B
v,z@s-}
10:Bph
P#0?sB
duct]\_
Trans`
iq=;I
7"@DIR
vd!Lii
GL w"@M
Ad>!o,
R/ nk@
(%E?>a
FRxOv:
SO-8'59
t"qRep8
dpq9jlJ
r=;[y%
d{@31;&
h&BPzg{
5jk2:`
MB)OZq*
CJ*D/S
B!1^i'=
z\{%b2
2_Acou~l9j
it&"%!
084 Dh&
"%?vW19
RA# D_l
#1dV;%D
L$SH^9
B;`W`m
MkJl+Q
.$\G7=
t^Sb3H
jaAL^r
usC) 8
"2i]fK
D=P5'T-@-
VSb:>U2f
.FIX85
(08@P`p
*l! oQ
tream;
#8"d$X
OFiYj?
IZKWH:
Lmp$0*+
tdD@4@
STWXZVd
bvp3lq
N V$jH|
5$#6H>
ern0l32.
p"CKzR
gK2yb@z
$qpR&jf|'
:vBxJzR|
'!G)g3
b?rhtxvs
(93M:V;\
)t?v]x
t#v;xDz
'+G9g:@
:&`.O6
z@|D~H
>D?L%P
"'&G*g.
/=oNtP
l*90p:
sCuawj
D0,F%8
918/S
?( ,.0
'5L`zR
gR>pLs
a,Z=uw{
h&Tu:Ea*
eRP=$[
I0FaK$
k18=1}6s
ViGtua
=cp,Ex
CfM)?ag
?brmuhSQo
C8AdPi
h6)JxYt
]/I=k1>
::Hr5kx
?m+-h}
3D`M^W8U
o'x%(&2
{l(74sHn
=zn#uQ
j[M!N
pa^VE.
]Of7*3
]w:"8A
>yp*O_v|
0WSf(?
Q)#j]'
epSp [
@$JL`G
0j`LY?
cK"-t:+CXC
O.9(|T
:vfB^=
VS_VERSION_INFO
StringFileInfo
080404b0
FileDescription
LoaderDl
FileVersion
2, 1, 0, 0
InternalName
LoaderDl
LegalCopyright
(C) 2005
OriginalFilename
LoaderDl.dll
ProductName
LoaderDl
ProductVersion
2, 1, 0, 0
VarFileInfo
Translation
C:\WINDOWS\DOWNLO~1\cnsplus.dll (made by 3721)
t9HuAV
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VWuBhxd
t.;t$$t(
VC20XC00U
PPPPPPPP
PPPPPPPP
C:\Program Files\Internet Explorer\iexplore.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
((((((((((((((((((((((((((
((((( H
C:\WINDOWS\system32\wmpdrm.dll (made by Allsum Info. Tech. Ltd.)
L$4QWR
T$0RWh
D$$QPU
R(_^[]
L$,_^[
\$$t*;
L$ _^]
9|$$t-
L$@_^]d
M|PPPPPP
U|PPPPPPP
MxQPPPR
t.;t$$t(
VC20XC00U
QQSVWd
HHt`HHt\
sVS;7|B;w
F,98uX
t!SS9]
QQSVW3
t#SSUP
t$$VSS
_^][YY
VWumh8G
PPPPPPPP
PPPPPPPP
WWWWVSW
t2WWVPVSW
HHtjHHtF
jjjjjj
jjjjjjj
.?AVCAtlException@ATL@@
msibm.dll
msibm.dll
msibm.dll
Explorer.EXE
ctfmon.exe
CONIME.EXE
hkcmd.exe
daemon.exe
ccApp.exe
taskmgr.exe
internat.exe
mprexe.exe
msgsrv32.exe
taskmon.exe
systray.exe
iexplore.exe
Maxthon.exe
tm.exe
TMShell.exe
TTraveler.exe
myie.exe
myie2.exe
firefox.exe
netscape.exe
opera.exe
qq.exe
msnmsgr.exe
Popo.exe
UC.exe
YPager.exe
Lite.exe
gaim.exe
rtxc.exe
IMU.exe
MyIM.exe
KAV32.exe
RavCopy.exe
kvolself.exe
KVSrvXP.exe
LuComServer_2_5.exe
Poco2004.exe
Thunder.exe
eph.exe
p2psrv.exe
vpp.exe
BitComet.exe
BitTorrent.exe
BitSpirit.exe
btogether.exe
kuro.exe
kugoo.exe
emule.exe
Skype.exe
Dudu.exe
baiduX.exe
abc.exe
foxmail.exe
msimn.exe
conf.exe
OUTLOOK.exe
FlashFXP.exe
CuteFTP.exe
LeapFTP.exe
NetTransport.exe
netants.exe
flashget.exe
ServUTray.exe
Apache.exe
ApacheMonitor.exe
realplay.exe
wmplayer.exe
winamp.exe
foobar2000.exe
irc.exe
mirc.exe
Aol.exe
AnyQ.exe
QQMail.exe
QQexternal.exe
QQMusic.exe
TTplayer.exe
nettv.exe
stv.exe
starTV.exe
Sentinel.exe
MeteorNetTV-hj.exe
realsched.exe
winamp.exe
Poco2004.exe
Thunder.exe
eph.exe
p2psrv.exe
vpp.exe
BitComet.exe
ctfmon.exe
explorer.exe
.?AVtype_info@@
C:\Program Files\Internet Explorer\iexplore.exe
((((((((((((((((((((((((((
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
C:\WINDOWS\system32\cdnns.dll
D$0SUV
T$@_^]
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VWuBh4T
"WWSh@T
t.;t$$t(
VC20XC00U
FNSPStartup
Rnr20.dll
C:\Program Files\Internet Explorer\iexplore.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
((((((((((((((((((((((((((
EnableIdn
Software\CNNIC\CdnClient\Console
Rnr20.dll
CNNIC Name Space Provider
C:\WINDOWS\system32\wint\wint.dll

【回复“早上的月亮”的帖子】先按下图修复我要你修复的那些项目

重起后,那些文件就可以删除了

【回复“命运里の金色”的帖子】
你说的那些文件夹里都没有unist.exe的卸载程序，但是C:\WINDOWS有很多兰色字体的unist.exe文件夹，怎么处理呀？
还有C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\system32\msibm\cfsbho.dll
C:\WINDOWS\system32\obwbkya.dll 都没有找见．其他找到的都删了．