现在杀出好多２０多个backdoor.gpigeon.2006.re病毒了．．
怎么越杀越多啊！都在　D盘
我是装了２个操作系统的．．d盘装的是xp
高手救命啊．．．

各位大侠进来．．看看啊。．

猫叔，顶。。。不过SSM的设置确实成问题啊。。。哎。。刚上手真的不容易设置，而且常设置出一系列问题

瑞星防火墙里总是有个svchost进程连接1027灰鸽子端口

瑞星防火墙里总是有个svchost进程连接1027灰鸽子端口，不知道是不是病毒，最近把能结束的进程都结束了，玩游戏还是不时就那么一段时间卡，怀疑是在被截取屏幕，请各位高手指点一下

svchost.exe[pid=880]
cmdline=c:\windows\system32\svchost.exe -k netsvcs
UDP
local 127.0.0.1:123
local 127.0.0.1:1026
local 127.0.0.1:1027[灰鸽子]
local 192.168.1.3:123

这是瑞星防火墙的信息

瑞星18.42.40杀毒没有结果，如果是病毒还请说明下应该怎么清除

各位高手。我的电脑中了新的灰鸽子病毒了。帮忙看看啊。谢谢！！！！！
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      16:14:54, 日期 2006-9-13
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\4.exe
C:\Program Files\svhost32.exe
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS优化大师\Womcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ntvdm.exe
D:\program files\ANTIVIVUS\Kaspersky Anti-Virus Personal\kav.exe
D:\program files\ANTIVIVUS\Kaspersky Anti-Virus Personal\kavsvc.exe
D:\绿色软件\HIJACK\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: 61.188.38.64 www.gamezt.com.cn
O1 - Hosts: 61.188.38.64 meng.nicemm.cn
O1 - Hosts: 61.188.38.64 www.hyap98.com
O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn
O1 - Hosts: 61.188.38.64 www.essonarts.com
O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com
O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com
O1 - Hosts: 61.188.38.64 woool.100888290cs.com
O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com
O1 - Hosts: 61.188.38.64 www.yowoool.com
O1 - Hosts: 61.188.38.64 13511.com
O1 - Hosts: 61.188.38.64 www.13511.com
O1 - Hosts: 61.188.38.64 ywg.cn
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\Program Files\DeskAdTop\deskipn.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yAngling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [KAVPersonal50] "D:\program files\ANTIVIVUS\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [DAEMON Tools-2052] "C:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: desktop.ini
O4 - Global Startup: desktop.ini
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\program files\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\program files\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\program files\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\program files\SendMMS.htm
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - D:\program files\ANTIVIVUS\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - NT 服务: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - NT 服务: Windows TCP/IP Socker Driver (TCPsockd) - Unknown owner - C:\Program.exe (file missing)

我的电脑中了灰鸽子。各位帮忙看看啊。谢谢

卡巴查出的病毒文件名,路径是

C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSADO.DLL
C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSADOKEY.DLL
C:\Program Files\Common Files\System\ado\msadoKey.DLL
是特洛伊木马 Backdoor.Win32.Hupigon.cge



Logfile of HijackThis v1.99.1
Scan saved at 15:45:05, on 2006-9-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\c-LanSee\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - (no file)
O23 - Service: kavsvc - Kaspersky Lab - d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows TCP/IP Socker Driver (TCPsockd) - Unknown owner - C:\Program.exe (file missing)

真是和233楼同病相怜啊

TO:234楼的

在安全模式按http://forum.ikaka.com/topic.asp?board=28&artid=8169748方法,打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索STI Simulator 　和　　TCPsockd删除
删除C:\WINDOWS\System32\PAStiSvc.exe
而C:\Program.exe (file missing)这个找不到,试下

to 235楼： 病毒 Backdoor.Win32.Hupigon.cge你的电脑搞顶没有？

讲解下IceSword的用法,不会用阿 ！！！！