Backdoor.Gpigeon.ywn，Backdoor.Gpigeon.uql 用瑞星删除不了，每次重启都又出现。

哪位高手帮我看看怎么弄啊，谢谢了

HijackThis_815汉化版扫描日志 V1.99.1
保存于      19:18:00, 日期 2006-7-31
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\瑞星杀毒\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\瑞星杀毒\Rising\Rav\Ravmond.exe
d:\program files\瑞星杀毒\防火墙\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\瑞星杀毒\Rising\Rav\RavStub.exe
d:\program files\瑞星杀毒\防火墙\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\瑞星杀毒\Rising\Rav\RavTask.exe
D:\Program Files\瑞星杀毒\Rising\Rav\Ravmon.exe
D:\Program Files\Gmail邮件通知\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\暴风影音\Storm Downloader\StormDownloader.exe
D:\PROGRA~1\MMT\TraCQ\TraCQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\雪狐精灵\DesktopSprite2\DesktopSprite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Thunder Network\ThunderMini\program\ThunderMini.exe
D:\Program Files\MSN\MsnShell4.2.27.8\MSNShell\BIN\MSNShell.exe
D:\Program Files\Tencent\TT\TTraveler.exe
D:\李晓明\软件\专杀工具\Hijackthis1991zww\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {2E30E260-B3FA-4BA8-AF84-857381298676} - C:\WINDOWS\system32\Cgagrw.dll (file missing)
R3 - URLSearchHook: (no name) - {7D5D55BA-4907-4CF7-A817-B1F3321D8718} - C:\WINDOWS\system32\Flls.dll (file missing)
R3 - URLSearchHook: (no name) - {C5B45697-EFE5-45C3-AD48-8B2DDAAFF9BD} - C:\WINDOWS\system32\Wmpcm.dll (file missing)
R3 - URLSearchHook: (no name) - {B979CED4-38C3-4A44-B9EE-A518C91C58B4} - C:\WINDOWS\system32\Qftch.dll (file missing)
R3 - URLSearchHook: (no name) - {07BA43B9-BE6D-44FF-B2B9-B793E3700C6E} - C:\WINDOWS\system32\Eqwd.dll (file missing)
R3 - URLSearchHook: (no name) - {41B730D5-D2E8-4E2A-A09E-68224027BA53} - C:\WINDOWS\system32\Hoyr.dll (file missing)
R3 - URLSearchHook: (no name) - {B7CD83E9-8465-4302-8A81-53D5B8551670} - C:\WINDOWS\system32\Wvtcj.dll (file missing)
R3 - URLSearchHook: (no name) - {967FCCE0-6AEE-48E2-A314-AF84B64A29DC} - C:\WINDOWS\system32\Dmaqs.dll (file missing)
R3 - URLSearchHook: (no name) - {C2095504-7A13-41AB-8146-852715D64AED} - C:\WINDOWS\system32\Jkak.dll (file missing)
R3 - URLSearchHook: (no name) - {C91773F0-8AF6-498D-BDED-E8D39AFBDACA} - C:\WINDOWS\system32\Lrzzi.dll
R3 - URLSearchHook: (no name) - {D67EE44B-F3FB-4AB4-963D-B8D5D6E73D4F} - C:\WINDOWS\system32\Mqivuj.dll
R3 - URLSearchHook: (no name) - {FBBBC45F-36AF-480E-B462-8EE2F426E0C7} - C:\WINDOWS\system32\Mnxjtn.dll
R3 - URLSearchHook: (no name) - {AB5DB088-C805-4CF6-ABD5-B47B1039E74D} - C:\WINDOWS\system32\Aerh.dll
R3 - URLSearchHook: (no name) - {2ECF0357-B3AE-4B89-A338-A749AE252686} - C:\WINDOWS\system32\Larrqn.dll
R3 - URLSearchHook: (no name) - {FB561AD3-8DFA-4C2A-833C-471AB03A9AE5} - C:\WINDOWS\system32\Kndmfg.dll
R3 - URLSearchHook: (no name) - {67F214A2-7F70-484A-95B1-A5B467B67763} - C:\WINDOWS\system32\Euhe.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: (no name) - {07BA43B9-BE6D-44FF-B2B9-B793E3700C6E} - C:\WINDOWS\system32\Eqwd.dll (file missing)
O2 - BHO: (no name) - {2E30E260-B3FA-4BA8-AF84-857381298676} - C:\WINDOWS\system32\Cgagrw.dll (file missing)
O2 - BHO: (no name) - {2ECF0357-B3AE-4B89-A338-A749AE252686} - C:\WINDOWS\system32\Larrqn.dll
O2 - BHO: (no name) - {41B730D5-D2E8-4E2A-A09E-68224027BA53} - C:\WINDOWS\system32\Hoyr.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {67F214A2-7F70-484A-95B1-A5B467B67763} - C:\WINDOWS\system32\Euhe.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {7D5D55BA-4907-4CF7-A817-B1F3321D8718} - C:\WINDOWS\system32\Flls.dll (file missing)
O2 - BHO: ThunderMiniBHO - {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} - C:\Program Files\Thunder Network\ThunderMini\ComDlls\XunLeiMiniBHO_002.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {967FCCE0-6AEE-48E2-A314-AF84B64A29DC} - C:\WINDOWS\system32\Dmaqs.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\flashget\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AB5DB088-C805-4CF6-ABD5-B47B1039E74D} - C:\WINDOWS\system32\Aerh.dll
O2 - BHO: (no name) - {B7CD83E9-8465-4302-8A81-53D5B8551670} - C:\WINDOWS\system32\Wvtcj.dll (file missing)
O2 - BHO: (no name) - {B979CED4-38C3-4A44-B9EE-A518C91C58B4} - C:\WINDOWS\system32\Qftch.dll (file missing)
O2 - BHO: (no name) - {C2095504-7A13-41AB-8146-852715D64AED} - C:\WINDOWS\system32\Jkak.dll (file missing)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {C5B45697-EFE5-45C3-AD48-8B2DDAAFF9BD} - C:\WINDOWS\system32\Wmpcm.dll (file missing)
O2 - BHO: (no name) - {C91773F0-8AF6-498D-BDED-E8D39AFBDACA} - C:\WINDOWS\system32\Lrzzi.dll
O2 - BHO: (no name) - {D67EE44B-F3FB-4AB4-963D-B8D5D6E73D4F} - C:\WINDOWS\system32\Mqivuj.dll
O2 - BHO: (no name) - {FB561AD3-8DFA-4C2A-833C-471AB03A9AE5} - C:\WINDOWS\system32\Kndmfg.dll
O2 - BHO: (no name) - {FBBBC45F-36AF-480E-B462-8EE2F426E0C7} - C:\WINDOWS\system32\Mnxjtn.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\flashget\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RfwMain] "D:\Program Files\瑞星杀毒\防火墙\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\瑞星杀毒\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Gmail邮件通知\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - 启动项HKLM\\Run: [iTunesHelper] "d:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "D:\Program Files\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [MINI_BFYY] D:\Program Files\暴风影音\Storm Downloader\StormDownloader.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [EPSON ME 1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P10 "EPSON ME 1" /O6 "USB001" /M "ME 1"
O4 - 启动项HKLM\\Run: [tracq] D:\PROGRA~1\MMT\TraCQ\TraCQ.exe
O4 - 启动项HKLM\\Run: [RemoteControl] "D:\Program Files\PowerDVD\PDVDServ.exe"
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - 启动项HKLM\\Run: [ThunderMini] C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe
O4 - 启动项HKLM\\Run: [eBill Express] D:\Program Files\中信银行电子对账系统\eBill Express.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "D:\Program Files\瑞星杀毒\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DesktopSprite] D:\Program Files\雪狐精灵\DesktopSprite2\DesktopSprite.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSNShell] D:\Program Files\MSN\MsnShell4.2.27.8\MSNShell\BIN\MSNShell.exe autorun
O4 - Global Startup: 壁纸自动换.lnk = C:\WINDOWS\system32\bgswitch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - IE右键菜单中的新增项目: &使用暴风下载器下载 - D:\Program Files\暴风影音\Storm Downloader\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - C:\Program Files\Thunder Network\ThunderMini\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\flashget\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\flashget\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O8 - IE右键菜单中的新增项目: 设为 Messenger Live 头像 - D:\Program Files\MSN\MsnShell4.2.27.8\MSNShell\BIN\SetMSNDP.htm
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的按钮: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - D:\Program Files\MSN\MsnShell4.2.27.8\MSNShell\Bin\MSNShell.exe
O9 - 浏览器额外的“工具”菜单项: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - D:\Program Files\MSN\MsnShell4.2.27.8\MSNShell\Bin\MSNShell.exe
O9 - 浏览器额外的按钮: enet硅谷动力 - {1522439E-756F-4A1C-B61D-D281AC1814C8} - http://www.enet.com.cn/ (file missing)
O9 - 浏览器额外的按钮: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\flashget\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\flashget\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: 易趣购物 - {DE607145-AC19-425e-867A-7D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607145-AC19-425e-867A-7D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://memotime-cn.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://cache10.itv.mop.com/pCastCtl-1.0.0.88_signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{088F68B1-B85B-4B6B-8CC0-64241D8B9E6A}: NameServer = 192.168.1.1
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: KB6087692.LOG
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: internet - Unknown owner - C:\WINDOWS\internet.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\瑞星杀毒\防火墙\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\瑞星杀毒\防火墙\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\瑞星杀毒\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\瑞星杀毒\Rising\Rav\Ravmond.exe
O23 - NT 服务: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe
O23 - NT 服务: Windows XP Vista        - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini

在线等高手帮忙

开始 运行 输入 services.msc 找到internet，Windows XP Vista 双击 停止并且将启动类型改为 已禁用
开始 运行 输入regedit 分别定位到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services
查找internet，Windows XP Vista  目录，查到的清删除整个目录
重启计算机
显示所有文件并且显示隐藏的系统文件
删除如下文件C:\WINDOWS\internet.exe
C:\WINDOWS\Hacker.com.cn.ini

我也中了，老大帮我看看那个是鸽子啊？
谢谢~~~~~
Logfile of HijackThis v1.99.1
Scan saved at 19:53:39, on 2006-7-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
D:\Rising\Rav\Ravmond.exe
d:\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\rising\rfw\RfwMain.exe
D:\Rising\Rav\RavTask.exe
D:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\qq\QQ.exe
D:\qq\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mt\桌面\hijackthis\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v4.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq\QQIEHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &IE修复专家 - {123249EB-F891-44C4-946F-450064F9080E} - C:\PROGRA~1\IE修复~1\IERBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RavTask] "D:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{45B36B80-3A7F-4219-8053-9C9D82F2C209}: NameServer = 219.150.32.132 202.96.64.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: internet - Unknown owner - C:\WINDOWS\internet.exe
O23 - Service: Messenger - Unknown owner - C:\WINDOWS\Messenger
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Rising\Rav\Ravmond.exe

【回复“崩溃了！”的帖子】
开始 运行 输入 services.msc 找到internet，Messenger 双击 停止并且将启动类型改为 已禁用
开始 运行 输入regedit 分别定位到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services
查找internet，Messenger 目录，查到的清删除整个目录
重启计算机
显示所有文件并且显示隐藏的系统文件
删除如下文件C:\WINDOWS\G_Server2.0.exe
C:\WINDOWS\Messenger
另外请把C:\WINDOWS\Messenger
文件夹发到 newcenturymoon@126.com谢谢

C:\WINDOWS\G_Server2.0.exe
没找到...MESSENGER删除了。用瑞星查内存没有毒了。

可是我想找传说中的DLL文件和EXE文件 老大指点下。
东西发过去了。

dll文件就是C:\WINDOWS\G_Server2.0.dll
和C:\WINDOWS\G_Server2.0key.dll

找了，没有。有没有可能是别的名字？

收到没？