一个月前,我电脑中了>Backdoor.Gpigeon.uql病毒,开机瑞星显示病毒已清除,扫描显示IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Gpigeon.uql,但每次开机又有,用瑞星又始终删除不了.跪求大佬指教一下.

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

瑞星卡卡电脑诊断日志 v1.30 (2007-9-18 22:51:44)  北京瑞星科技股份有限公司

注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      Alertera
        [A ] 1. c:\program files\alertera


      Messenger
        [A ] 2. c:\windows\c:\windows\system32\svchost.exe -k netsvcs


      ose
        [A ] 3. c:\program files\common files\microsoft shared\source engine\ose.exe


      RfwProxySrv
        [A ] 4. c:\program files\rising\rfw\rfwproxy.exe


      RfwService
        [A ] 5. c:\program files\rising\rfw\rfwsrv.exe


      RsCCenter
        [A ] 6. d:\瑞星杀毒\rising\rav\ccenter.exe


      RsRavMon
        [A ] 7. d:\瑞星杀毒\rising\rav\ravmond.exe




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      ALCXWDM
        [A ] 8. c:\windows\system32\drivers\alcxwdm.sys


      BaseTDI
        [A ] 9. c:\windows\system32\drivers\basetdi.sys


      bootdrv
        [A ] 10. c:\windows\system32\drivers\bootdrv.sys


      ExpScaner
        [A ] 11. d:\瑞星杀毒\rising\rav\expscan.sys


      HookCont
        [A ] 12. d:\瑞星杀毒\rising\rav\hookcont.sys


      HookReg
        [A ] 13. d:\瑞星杀毒\rising\rav\hookreg.sys


      HookSys
        [A ] 14. d:\瑞星杀毒\rising\rav\hooksys.sys


      HookUrl
        [A ] 15. c:\program files\rising\rfw\hookurl.sys


      kmsinput
        [A ] 16. c:\windows\system32\drivers\kmsinput.sys


      MEMSCAN
        [A ] 17. d:\瑞星杀毒\rising\rav\memscan.sys


      mProcRs
        [A ] 18. c:\program files\rising\rfw\mprocrs.sys


      nhkepi
        [A ] 19. c:\windows\system32\drivers\nhkepi.sys


      npkcrypt
        [A ] 20. c:\program files\tencent\qq\npkcrypt.sys


      npkycryp
        [A ] 21. c:\program files\tencent\qq\npkycryp.sys


      nvatabus
        [A ] 22. c:\windows\system32\drivers\nvatabus.sys


      NVENETFD
        [A ] 23. c:\windows\system32\drivers\nvenetfd.sys


      nvnetbus
        [A ] 24. c:\windows\system32\drivers\nvnetbus.sys


      nv_agp
        [A ] 25. c:\windows\system32\drivers\nv_agp.sys


      PavSRK.sys
        [A ] 26. c:\windows\system32\pavsrk.sys


      RsAntiSpyware
        [A ] 27. c:\windows\system32\drivers\rsboot.sys


      RsFwDrv
        [A ] 28. c:\program files\rising\rfw\rsfwdrv.sys


      RsNTGDI
        [A ] 29. c:\windows\system32\drivers\rsntgdi.sys


      RSPPSYS
        [A ] 30. d:\瑞星杀毒\rising\rav\rsppsys.sys


      Secdrv
        [A ] 31. c:\windows\system32\drivers\secdrv.sys


      TesSafe
        [A ] 32. c:\windows\system32\tessafe.sys




  + 文件系统驱动
    + HKLM\System\CurrentControlSet\Services
      ADProt
        [A ] 33. c:\windows\system32\drivers\adprot.sys




  + 系统登陆自运行
    + HKCU\Control Panel\Desktop
      Scrnsave.exe
        [A ] 34. c:\windows\summer.scr




  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {43869BB3-22FD-4F15-9B46-238106BA2F4E}
        [A ] 35. c:\program files\super rabbit\magicset\haokanbar.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {7369D35A-5B70-4A5B-B789-B25FE09B4AF3}
        [A ] 35. c:\program files\super rabbit\magicset\haokanbar.dll




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      text/xml
        [A ] 36. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll



    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      ms-itss
        [A ] 37. c:\program files\common files\microsoft shared\information retrieval\msitss.dll


      mso-offdap
        [A ] 38. c:\program files\common files\microsoft shared\web components\10\owc10.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 39. c:\windows\system32\hticons.dll


      Microsoft Office HTML Icon Handler
        [A ] 40. c:\program files\microsoft office\office11\msohev.dll


      Web Folders
        [A ] 41. c:\program files\common files\microsoft shared\web folders\msonsext.dll


      Microsoft Office Outlook Custom Icon Handler
        [A ] 42. c:\program files\microsoft office\office11\olkfstub.dll


      Microsoft Office Outlook Desktop Icon Handler
        [A ] 43. c:\program files\microsoft office\office11\mlshext.dll


      WinRAR shell extension
        [A ] 44. c:\program files\winrar\rarext.dll


      WinZip
        [A ] 45. c:\program files\winzip\wzshlstb.dll


      WinZip
        [A ] 45. c:\program files\winzip\wzshlstb.dll


      WinZip
        [A ] 45. c:\program files\winzip\wzshlstb.dll


      WinZip
        [A ] 45. c:\program files\winzip\wzshlstb.dll


      RISING
        [A ] 46. c:\windows\system32\ravext.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 47. c:\windows\system32\shlhook.dll




  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      SoundMan
        [AM] 48. c:\windows\soundman.exe


      RavTask
        [A ] 49. d:\瑞星杀毒\rising\rav\ravtask.exe


      RfwMain
        [AM] 50. c:\program files\rising\rfw\rfwmain.exe


      runeip
        [AM] 51. c:\program files\rising\antispyware\runiep.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 52. c:\program files\rising\antispyware\runonce.exe

+ 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 53. c:\windows\system32\bsmain.exe

        [A ] 54. c:\windows\system32\kknative.exe




  + 映像劫持
    + HKCR\Folder\shell
      Super Rabbit CDROM Eject
        [A ] 55. c:\program files\super rabbit\magicset\srcd2.exe



    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 56. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 56. c:\program files\microsoft office\office11\msohtmed.exe



    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 56. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 56. c:\program files\microsoft office\office11\msohtmed.exe




  + 打印机监控
    + HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
      Microsoft Document Imaging Writer Monitor
        [AM] 57. c:\windows\system32\mdimon.dll





+ 正在运行的进程
  + 000000bc(188) runiep.exe
    00400000[00013000]
      [AM] 51. c:\program files\rising\antispyware\runiep.exe


    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00DC0000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    00F00000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 000000f0(240) SOUNDMAN.EXE
    00400000[00015000]
      [AM] 48. c:\windows\soundman.exe


    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00D80000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    00FA0000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 00000148(328) alg.exe

  + 000001d0(464) wscntfy.exe
    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00BC0000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    00BD0000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 000001f8(504) srshut.EXE
    00400000[00073000]
      [ M] 61. c:\program files\super rabbit\magicset\srshut.exe


    73390000[00154000]
      [ M] 62. c:\windows\system32\msvbvm60.dll


    66630000[0001C000]
      [ M] 63. c:\windows\system32\vb6chs.dll


    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00FC0000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    019C0000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 0000021c(540) smss.exe

  + 00000224(548) ctfmon.exe
    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00CA0000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    00CF0000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 0000027c(636) csrss.exe

  + 00000294(660) winlogon.exe
    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    01520000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    72C80000[00008000]
      [ M] 64. c:\windows\system32\msacm32.drv



  + 000002c0(704) services.exe

  + 000002cc(716) lsass.exe

  + 0000036c(876) svchost.exe

  + 000003ac(940) svchost.exe

  + 0000042c(1068) svchost.exe

  + 00000498(1176) svchost.exe

  + 00000524(1316) svchost.exe

  + 000005c4(1476) Explorer.EXE
    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00D40000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    72C80000[00008000]
      [ M] 64. c:\windows\system32\msacm32.drv


    01C90000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 000006f0(1776) spoolsv.exe
    00AE0000[00008000]
      [AM] 57. c:\windows\system32\mdimon.dll


    00AF0000[00008000]
      [ M] 65. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll



  + 00000768(1896) RfwMain.exe
    00400000[00073000]
      [AM] 50. c:\program files\rising\rfw\rfwmain.exe


    26600000[0007D000]
      [ M] 66. c:\program files\rising\rfw\rsguilib.dll


    23700000[0001A000]
      [ M] 67. c:\program files\rising\rfw\rscommon.dll


    10000000[0000F000]
      [ M] 68. c:\program files\rising\rfw\rfwctrl.dll


    23800000[0001A000]
      [ M] 69. c:\program files\rising\rfw\rsxml.dll


    23900000[00031000]
      [ M] 70. c:\program files\rising\rfw\pngdll.dll


    731B0000[0000A000]
      [ M] 71. c:\program files\rising\rfw\psapi.dll


    01070000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 0000085c(2140) svchost.exe

  + 00000950(2384) RsAgent.exe
    00400000[0003A000]
      [ M] 72. d:\瑞星杀毒\rising\rav\rsagent.exe


    10000000[0001B000]
      [ M] 73. d:\瑞星杀毒\rising\rav\rscommx.dll


    00B60000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00E50000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    00F70000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 00000b40(2880) AgentSvr.exe
    10000000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    00C30000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    72C80000[00008000]
      [ M] 64. c:\windows\system32\msacm32.drv


    00C90000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll



  + 00000ba8(2984) Ras.exe
    00400000[00160000]
      [ M] 74. c:\program files\rising\antispyware\ras.exe


    10000000[00013000]
      [ M] 75. c:\program files\rising\antispyware\topsoft.dll


    7C140000[00103000]
      [ M] 76. c:\program files\rising\antispyware\mfc71.dll


    7C340000[00056000]
      [ M] 77. c:\program files\rising\antispyware\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 78. c:\program files\rising\antispyware\msvcp71.dll


    5D360000[0000A000]
      [ M] 79. c:\windows\system32\mfc71chs.dll


    00F20000[000BD000]
      [ M] 80. c:\program files\rising\antispyware\rasgui.dll


    01480000[0006E000]
      [ M] 58. c:\windows\system32\freewb.ime


    01770000[00008000]
      [ M] 59. c:\program files\freewb\plugin\date.plg


    01A30000[00011000]
      [AM] 47. c:\windows\system32\shlhook.dll


    01B90000[0001B000]
      [ M] 60. c:\program files\rising\antispyware\ieprot.dll


    02D30000[0002F000]
      [ M] 81. c:\program files\rising\antispyware\engine.dll


    02D60000[00012000]
      [ M] 82. c:\program files\rising\antispyware\zip.dll



  + 00000f58(3928) RavStub.exe
    00400000[00018000]
      [ M] 83. d:\瑞星杀毒\rising\rav\ravstub.exe


    10000000[0001B000]
      [ M] 73. d:\瑞星杀毒\rising\rav\rscommx.dll


    23700000[0001A000]
      [ M] 84. d:\瑞星杀毒\rising\rav\rscommon.dll

好吧,试试看了

引用:

【没有梦想的男人的贴子】这样的日志没人帮你看的,没有详细信息,发个sreng扫描日志上来吧. 下载 System Repair Engineer系统扫描工具软件，下载地址如下： http://www.kztechs.com/sreng/download.html 扫描和上传日志的方法： 1、解压缩所下载的sreng2.zip压缩包； 2、打开已经解压缩的SRENG文件夹，双击运行其中的SREngPS.exe； 3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上； 4、把日志扩展名改为.txt.然后以附件形式传上来,请不要更改日志内容. 友情提示： 1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等程序和IE窗口,注意，是关闭而不是最小化窗口） 2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。 ………………