瑞星每次开启后都查出Backdoor.Gpigeon.ftq这个病毒杀了后还有...
主页被恶意改为http://www.7939.com/用魔法兔子都改不回来...(瑞星注册表监控一直蹦提示)
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <Super Rabbit IEPro><E:\Program Files\Super Rabbit\IEG\SRIECLI.EXE /LOAD>  []
    <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <NSP><C:\WINDOWS\system32\NSP.exe>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Realplayer.exe><C:\WINDOWS\system32\Realplayer.exe>  []
    <Super Rabbit Desktop Set><E:\Program Files\Super Rabbit\IEG\DS.EXE /Load>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Realplayer.exe><; C:\WINDOWS\system32\Realplayer.exe>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
服务
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Distributed Link Tracking Fat / TrkwysFat]
  <C:\WINDOWS\Fat32server.exe><N/A>

==================================
正在运行的进程
[PID: 308][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 356][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 380][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 424][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 436][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 600][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 652][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 768][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 816][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 844][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 860][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 14>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanElf.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 892][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1064][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1140][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.346 (srv03_gdr.050610-1523)>
[PID: 1172][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
[PID: 1272][C:\WINDOWS\system32\cisvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1292][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1324][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1600][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1712][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\brlmon.dll]  <N/A><N/A>
[PID: 1900][C:\WINDOWS\system32\NSP.exe]  <><1, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
[PID: 1916][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
[PID: 1928][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 32>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
[PID: 2000][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
[PID: 1604][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.4.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
[PID: 1704][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 1344][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 2164][C:\WINDOWS\system32\cidaemon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 3100][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 3296][C:\Documents and Settings\Administrator\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  <Tencent><4, 2, 2, 21>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

兄弟，我和你一个毛病
就TMD这个鸟网站！！！
求救ING·

解决方法
解决方法如下
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
ALT+CTRL+DELETE调出任务管理器,终止explorer.exe 还有Realplayer.exe的进程
点“文件”“新任务”“浏览”找到C:\WINDOWS\system32\Realplayer.exe
删除Realplayer.exe
点“文件”“新任务”“浏览”找到C:\WINDOWS\explorer.exe,双击打开
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
删除
C:\WINDOWS\system32\brlmon.dll
把主页改回来。
引用我无邪朋友的方法

HijackThis_815汉化版扫描日志 V1.99.1
保存于      15:47:26, 日期 2006-8-28
操作系统：  Windows 2003  (WinNT 5.02.3790)
浏览器：    Internet Explorer v6.00 (6.00.3790.0000)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NSP.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis1991zww.exe

O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NSP] C:\WINDOWS\system32\NSP.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nsp.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{97A0D745-3AE4-46A1-ABC0-9BE126BB7863}: NameServer = 219.150.32.132,202.99.224.68
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Distributed Link Tracking Fat (TrkwysFat) - Unknown owner - C:\WINDOWS\Fat32server.exe

感谢二楼的朋友,

貌似我不止中一个病毒....

感谢二楼的朋友,

貌似我不止中一个病毒....

以上是IE反劫持的方法.如果你想问病毒的话,去病毒论坛发表一下,那边多高手

这个问题已经有很多人发贴处理了。我也处理了几个，这里是处理结果http://www.45it.com/Article/pcedu/Safety/200608/10517.htm你可以参考解决，基本能完全解决了