在安全模式下，按照楼上的方法做了，也按照7楼和8楼的方法清理了注册表，现在重新扫描上来日志了，发现灰鸽子还是在，郁闷～～
这个日志是在正常模式下一进入系统就扫描了的，没有杀进程

Logfile of HijackThis v1.99.1
Scan saved at 15:49:20, on 2006-8-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Netease\popo2004\popo.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Opera\Opera.exe
C:\Documents and Settings\kaven\桌面\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - D:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://neverforever1900.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AC6EE63-724F-4C92-9D6C-2CDF2EF0484D}: NameServer = 202.106.46.151,202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AC6EE63-724F-4C92-9D6C-2CDF2EF0484D}: NameServer = 202.106.46.151,202.106.0.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AC6EE63-724F-4C92-9D6C-2CDF2EF0484D}: NameServer = 202.106.46.151,202.106.0.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Gray_Pigeon_Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\WINDOWS\G_Server1.23.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

另外，楼上所说的那些要删除的文件，还是有一大部分在相应的路径下找不到或者删除不了～～
木马杀客还是查出来原来那些木马～～
落雪专杀一点击查杀，还是自动重启～～

symantec还是继续报错～～

Scan type:  Realtime Protection Scan
Event:  Virus Found!
Virus name: Downloader
File:  D:\Program Files\Temporary Internet Files\Content.IE5\8DY78TMJ\c[1].gif
Location:  D:\Program Files\Temporary Internet Files\Content.IE5\8DY78TMJ
Computer:  KAVEN-057D71F59
User:  kaven
Action taken:  Clean failed : Quarantine failed : Access denied
Date found: 2006年8月10日  15:53:36

引用:

【十剑飘香的贴子】注册表展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 删除GrayPigeonServer1.23 重新启动计算机 删除如下文件（有的就删） G_Server1.23.exe（可能不存在，但保险点） G_Server1.23.dll G_Server1.23_hook.dll G_Server1.23Key.dll ………………

没有G_Server1.23，但是有G_Server2006，算是吗？

引用:

【十剑飘香的贴子】 算是!! ………………

高人，你确定？真的确定？那我删了～～
G_Server2006.EXE.sbk和G_Server2006Key.log

引用:

【★蓝色羽毛★的贴子】O23 - Service: Gray_Pigeon_Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\WINDOWS\G_Server1.23.exe (file missing) 鸽子文件被干掉了，但服务还开着，去服务那，把它设为禁用 ………………

引用:

【十剑飘香的贴子】 运行services.msc即可调出＂服务＂ ………………

感谢二位，已经将它设置为禁用了  ^_^
终于搞定一个，俺要再接再厉～～

引用:

【GHRH的贴子】有些毒很狡猾 你用杀毒工具杀了系统里面的毒 病毒特性 接触它的EXE或别的文件就进行传播绑定 建议你用那东西杀了之后 删除 在下个新的试试 ………………

现在木马杀客是更新过了的，可是还是重新启动就又查杀出来原来那些木马了
而且落雪专杀一点查杀就机器重启，不知道什么地方出问题了