我用17.53.41扫描发现中了backdoor.gpigeon.5.ek,瑞星提示为:IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE 成功清除,重启后再扫描,结果一样.下载ravgpk,关闭瑞星杀毒软件监控和防火墙的自启动功能，重启系统后使用灰鸽子专杀工具查杀病毒,哈哈!居然没有发现病毒!再用17.53.41查杀病毒仍然提示:IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE 成功清除.
再进入安全模式,重复以上操作,无效!
再进入安全模式,显示隐藏文件,用手工查找,还是不行!

Logfile of HijackThis

v1.99.1
Scan saved at 4:43:16, on

2001-1-1
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer

v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32

\winlogon.exe
C:\WINDOWS\system32

\services.exe
C:\WINDOWS\system32

\lsass.exe
C:\WINDOWS\system32

\Ati2evxx.exe
C:\WINDOWS\system32

\svchost.exe
C:\WINDOWS\System32

\svchost.exe
c:\program

files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32

\spoolsv.exe
C:\WINDOWS\system32

\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\program

files\rising\rfw\RfwMain.exe
C:\PROGRA~1

\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1

\RISING\RAV\RAVMON.EXE
C:\Program Files\Common

Files\Real\Update_OB\realsch

ed.exe
C:\Program

Files\Adobe\Photoshop Album

Starter Edition\3.0

\Apps\apdproxy.exe
C:\WINDOWS\system32

\ctfmon.exe
C:\PROGRAM

FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM

FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\system32

\svchost.exe
C:\PROGRAM

FILES\RISING\RAV\RavStub.exe
C:\PROGRA~1

\RISING\RAV\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.

exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINDOWS\system32

\RUNDLL32.exe
C:\WINDOWS\system32

\RUNDLL32.exe
C:\PROGRA~1

\RISING\RAV\Rav.exe
C:\Documents and

Settings\Administrator\桌面

\gate\tool\HijackThis.exe

R3 - URLSearchHook:

MyURLSearchHook Class -

{982CB676-38F0-4D9A-BB72-

D9371ABE876E} - d:\Program

Files\P4P\ToolBar.dll
O2 - BHO: AcroIEHlprObj

Class - {06849E9F-C8D7-4D59

-B87D-784B7D6BE0B3} -

F:\Program

Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper -

{0CA51D02-7739-43EA-8D9A-

1E8AD4327B03} - d:\Program

Files\P4P\sodaie.dll
O2 - BHO:

QQBrowserHelperObject Class

- {54EBD53A-9BC1-480B-966A-

843A333CA162} - F:\Program

Files\QQIEHelper.dll
O2 - BHO: IeCatch2 Class -

{A5366673-E8CA-11D3-9CD9-

0090271D075B} - C:\PROGRA~1

\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar -

{E0E899AB-F487-11D5-8D29-

0050BA6940E3} - C:\PROGRA~1

\FLASHGET\fgiebar.dll
O3 - Toolbar: 搜狗直通车 -

{DBBB7978-AF21-4EF4-9AD1-

B2F4BC75696C} - d:\Program

Files\P4P\ToolBar.dll
O3 - Toolbar: Yahoo! 导航条

- {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program

Files\Yahoo!

\Companion\Installs\cpn\yt.d

ll
O4 - HKLM\..\Run:

[IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run:

[PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/SYNC
O4 - HKLM\..\Run:

[PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE

/IMEName
O4 - HKLM\..\Run:

[StormCodec_Helper]

"F:\Program Files\Ringz

Studio\Storm

Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavTimer]

C:\PROGRA~1

\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon]

C:\PROGRA~1

\RISING\RAV\RAVMON.EXE -

SYSTEM
O4 - HKLM\..\Run:

[TkBellExe] "C:\Program

Files\Common

Files\Real\Update_OB\realsch

ed.exe"  -osboot
O4 - HKLM\..\Run: [Adobe

Photo Downloader]

"C:\Program

Files\Adobe\Photoshop Album

Starter Edition\3.0

\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RfwMain]

"C:\Program

Files\Rising\Rfw\rfwmain.exe

" -startup
O4 - HKCU\..\Run:

[ctfmon.exe]

C:\WINDOWS\system32

\CTFMON.EXE
O4 - HKCU\..\Run: [bgswitch]

C:\WINDOWS\system32

\bgswitch.exe
O4 - HKCU\..\Run:

[DrvMon.exe]

C:\WINDOWS\system32

\DrvMon.exe
O8 - Extra context menu

item: 使用搜狗直通车下载 -

d:\Program Files\P4P\dl.htm
O8 - Extra context menu

item: 使用网际快车下载 -

C:\Program

Files\FlashGet\jc_link.htm
O8 - Extra context menu

item: 使用网际快车下载全部链

接 - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu

item: 发送图片到手机 -

d:\Program Files\P4P\cx.htm
O8 - Extra context menu

item: 添加到QQ自定义面板 -

F:\Program

Files\AddPanel.htm
O8 - Extra context menu

item: 添加到QQ表情 -

F:\Program

Files\AddEmotion.htm
O8 - Extra context menu

item: 用QQ彩信发送该图片 -

F:\Program Files\SendMMS.htm
O9 - Extra button: 网址大全

- {1FBA04EE-3024-11D2-8F1F-

0000F87ABD18} -

http://www.coc.cc (file

missing)
O9 - Extra button: SoQ -

{8F67DCF3-B1DF-4A39-A787-

3775784BF737} -

http://www.soq.com (file

missing)
O9 - Extra button: QQ -

{c95fe080-8f5d-11d2-a20b-

00aa003c157b} - F:\Program

Files\QQ.EXE
O9 - Extra 'Tools' menuitem:

腾讯QQ - {c95fe080-8f5d-

11d2-a20b-00aa003c157b} -

F:\Program Files\QQ.EXE
O9 - Extra button: FlashGet

- {D6E814A0-E0C5-11d4-8D29-

0050BA6940E3} - C:\PROGRA~1

\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem:

&FlashGet - {D6E814A0-E0C5-

11d4-8D29-0050BA6940E3} -

C:\PROGRA~1

\FLASHGET\flashget.exe
O9 - Extra button: (no name)

- {DEDEB80D-FA35-45d9-9460-

4983E5A8AFE6} - F:\Program

Files\QQIEHelper.dll
O9 - Extra 'Tools' menuitem:

QQ炫彩工具条设置 -

{DEDEB80D-FA35-45d9-9460-

4983E5A8AFE6} - F:\Program

Files\QQIEHelper.dll
O9 - Extra button: Messenger

- {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-

11D3-9466-00A0C9700498}

(Yahoo! Audio Conferencing)

-

http://us.chat1.yimg.com/us.

yimg.com/i/chat/applet/v45/y

acscom.cab
O16 - DPF: {5EC7C511-CD0F-

42E6-830C-1BD9882F3458}

(PowerPlayer Control) -

http://tv.chinaren.com/SohuP

layer.cab
O16 - DPF: {6414512B-B978-

451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.micr

osoft.com/v5consumer/V5Contr

ols/en/x86/client/wuweb_site

.cab?1111376230712
O17 -

HKLM\System\CCS\Services\Tcp

ip\..\{78C605E2-AFF6-4C95-

A2BD-C44E48C6125D}:

NameServer = 211.92.8.161

211.92.8.165
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-

8E305202313F} -

"C:\PROGRA~1\MSNMES~1

\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:

C:\WINDOWS\system32

\SoDAHK.DLL
O23 - Service: Ati HotKey

Poller - ATI Technologies

Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart -

Unknown owner -

C:\WINDOWS\system32

\ati2sgag.exe
O23 - Service: Macromedia

Licensing Service - Unknown

owner - C:\Program

Files\Common

Files\Macromedia

Shared\Service\Macromedia

Licensing.exe
O23 - Service: P4P Service -

Sohu.com Inc. - d:\Program

Files\P4P\p2psvr.exe
O23 - Service: Rising

Personal Firewall Service

(RfwService) - Beijing

Rising Technology

Corporation Limited -

c:\program

files\rising\rfw\rfwsrv.exe
O23 - Service: Rising

Process Communication Center

(RsCCenter) - rising -

C:\PROGRAM

FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon

Service (RsRavMon) - Beijing

Rising Technology Co., Ltd.

- C:\PROGRAM

FILES\RISING\RAV\Ravmond.exe
O23 - Service: svchost -

Unknown owner -

C:\WINDOWS\svchost.exe

刚下的HijackThis ，您给瞧瞧！

要进注册表删掉他吗？

再罗嗦一下，为什么C:\WINDOWS\文件夹中只有一个应用程序svchost，不象鸽子那样有svchost_hook.dll svchost.dll svchost.exe？