上星期中了灰鸽子，按照论坛上提供的方法清除后，今天又发现新的问题。
杀软提示：
LSASS。DLL  c\winnt  Backdoor.Gpigon.2006.du
lsasskey.dll  c:\winnt Backdoor.Gpigeon6.co
在百度里面竟然没这病毒的资料，晕。

请找到exe 和dll库文件，提供瑞星网站！

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - 启动项HKLM\\Run: [IcaBar] icabar.exe /adminonly
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [PhMain] C:\Program Files\PeanutHull3\PhMain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: 速达E3网络版服务器.lnk = ?
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\Administrator\WINDOWS\web\related.htm (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\rnr20.dll' missing
O11 - Options group: [TBH]  搜搜地址栏搜索
O17 - HKLM\System\CCS\Services\Tcpip\..\{74F93C99-CD4A-4486-974A-6E32F1B585F4}: NameServer = 202.96.134.133,202.96.128.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{D897D25C-48EB-42A2-B66F-9BB0F4138859}: NameServer = 202.96.134.133,202.96.128.166
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: MetaFrame - ctxnotif.dll (file missing)
O23 - NT 服务: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Client Network (CdmService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - NT 服务: Citrix XML Service (CtxHttp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - NT 服务: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - NT 服务: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
O23 - NT 服务: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\faxsvc.exe (file missing)
O23 - NT 服务: ICA Browser (ICABrowser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ibrowser.exe (file missing)
O23 - NT 服务: Workstation (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\llssrv.exe (file missing)
O23 - NT 服务: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)
O23 - NT 服务: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\netdde.exe (file missing)
O23 - NT 服务: Net Logon (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - NT 服务: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: PeanuthullCore - 广东网域 - C:\Program Files\PeanutHull3\PhCore.exe
O23 - NT 服务: COMEXE PIPClient (PIPClient) - Unknown owner - C:\Documents and Settings\Administrator\桌面\科迈\winpip.exe" -service (file missing)
O23 - NT 服务: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lsass.exe (file missing)
O23 - NT 服务: Program Neighborhood Service (ProgNeighborhood) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\pnsvc.exe (file missing)
O23 - NT 服务: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\regsvc.exe (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\locator.exe (file missing)
O23 - NT 服务: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\Documents.exe (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\rsvp.exe (file missing)
O23 - NT 服务: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - NT 服务: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - NT 服务: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\MSTask.exe (file missing)
O23 - NT 服务: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - NT 服务: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
O23 - NT 服务: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - NT 服务: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - NT 服务: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\termsrv.exe (file missing)
O23 - NT 服务: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lserver.exe (file missing)
O23 - NT 服务: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - NT 服务: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - NT 服务: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\UtilMan.exe (file missing)
O23 - NT 服务: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\services.exe (file missing)

这是用hijackthis扫描的结果，用专杀灰鸽子的工具扫描，提示有病毒，而且可以清除，重起后，又提示有灰鸽子，

可能鸽子变种，鸽子在电脑种了很多服务！请将可执行文件，提供瑞星！

能不能帮忙看看，哪个选项是灰鸽子

楼主是不是玩虚拟机的？！

不是，是装的WIN2000高级服务器版的系统，做财务服务器用的。

如果是菜鸟，估计自己解决困难很大，很多服务都属于病毒

【回复“轩辕小聪”的帖子】
虚拟机和这个有联系吗？