【回复“影子110”的帖子】接上
2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0016483.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0017483.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0018483.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0019483.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0020484.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0020495.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0021495.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0022496.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0022560.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0023558.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP96A0023638.exe本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:46手动扫描C:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP96A0023639.DLL本机
Backdoor.Gpigeon.xdv删除成功2006-03-29 23:47手动扫描D:\System Volume Information\_restore{2C4C57F0-7240-4065-9E2C-88CF3A417CF2}\RP95A0016460.exe>>syste.exe本机

关闭系统还原~
我的电脑》属性》系统还原》关闭所有盘的系统还原》确定
清空临时文件夹~
IE》属性》删除文件（包括脱机文件）》确定



用下面的软件扫个日志上来~~（看看鸽子的服务项~~）
HijackThis V1.99.1汉化版下载及英文原版下载地址（二楼）
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

【回复“影子110”的帖子】扫描的东西附后，现在还是把系统还原 关闭吗？
Logfile of HijackThis v1.99.1
Scan saved at 9:47:34, on 2006-3-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\VM303_STI.EXE
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
E:\tools\瑞星杀毒软件\426101200522225654\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191}? - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\tools\音乐\酷狗\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5}? - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RavTimer] ;
O4 - HKLM\..\Run: [RTHDCPL] ; RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item:  >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: &使用迅雷下载 - E:\tools\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\tools\迅雷\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\tools\音乐\酷狗\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191}? - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263}? - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}? - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\qq\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {23739A7E-5741-4D1C-88D5-D50B18F7C347} (iWebOffice Control) - http://oa.xjcng.com/gsjj/iWebOffice2003.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112018624531
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.80_20060123.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B93DD95C-8C66-4161-B5CF-C10C3A846AA7}: NameServer = 211.91.120.129 211.94.33.193
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe

【回复“影子110”的帖子】今天早上我又瑞星了下，显示无病毒

【回复“影子110”的帖子】刚才使用传家宝挂机外挂时又出现Exploit.VBS.Phel.l了，不过瑞星杀除了