各位大哥哥！小弟弟我出来就玩QQ就遇到了麻烦，请教怎样才能杀除这条东西啊：
对了,这个搜索蛮好用的，你看看 http://www.wrmfw.com.cn
  帮帮小弟吧！

【回复“宝贝涛涛”的帖子】
请用HijackThis扫日志贴上来

【回复“baohe”的帖子】HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:28:24, 日期 2006-1-13
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\ServeHost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\HuaCi\huaci\zsearch.exe
C:\WINNT\system32\internat.exe
C:\Program Files\HuaCi\huaci\ZsUp.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\SearchNet\SearchNet.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Sandai Technologies Inc\Thunder\Thunder.exe
D:\音乐\qq\CS\QQ.exe
D:\音乐\qq\CS\TIMPlatform.exe
D:\音乐\qq\CS\qqpet\qqpet.exe
D:\新建文件夹 (2)\HijackThis1991汉化版\HijackThis1991zww.exe
C:\WINNT\NIW.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O1 - Hosts: 218.5.77.189 www.zhao123.com
O1 - Hosts: 218.5.77.189 zhao123.com
O1 - Hosts: 218.5.77.189 www.4399.com
O1 - Hosts: 218.5.77.189 4399.com
O1 - Hosts: 218.5.77.189 www.chinagames.net
O1 - Hosts: 218.5.77.189 chinagames.net
O1 - Hosts: 218.5.77.189 www.tiexue.net
O1 - Hosts: 218.5.77.189 tiexue.net
O1 - Hosts: 218.5.77.189 www.qq163.com
O1 - Hosts: 218.5.77.189 qq163.com
O1 - Hosts: 218.5.77.189 www.tt67.com
O1 - Hosts: 218.5.77.189 tt67.com
O1 - Hosts: 218.5.77.189 www.chinamp3.com
O1 - Hosts: 218.5.77.189 chinamp3.com
O1 - Hosts: 218.5.77.189 www.pg168.com
O1 - Hosts: 218.5.77.189 pg168.com
O1 - Hosts: 218.5.77.189 www.yymp3.com
O1 - Hosts: 218.5.77.189 yymp3.com
O1 - Hosts: 218.5.77.189 www.yy138.com
O1 - Hosts: 218.5.77.189 yy138.com
O1 - Hosts: 218.5.77.189 www.dj99.com
O1 - Hosts: 218.5.77.189 dj99.com
O1 - Hosts: 218.5.77.189 www.sogua.com
O1 - Hosts: 218.5.77.189 sogua.com
O1 - Hosts: 218.5.77.189 www.snsn.net
O1 - Hosts: 218.5.77.189 snsn.net
O1 - Hosts: 218.5.77.189 www.flash8.net
O1 - Hosts: 218.5.77.189 flash8.net
O1 - Hosts: 218.5.77.189 www.mop.com
O1 - Hosts: 218.5.77.189 mop.com
O1 - Hosts: 218.5.77.189 www.tianyaclub.com
O1 - Hosts: 218.5.77.189 tianyaclub.com
O1 - Hosts: 218.5.77.189 www.xici.net
O1 - Hosts: 218.5.77.189 xici.net
O1 - Hosts: 218.5.77.189 www.ucanlove.com
O1 - Hosts: 218.5.77.189 ucanlove.com
O1 - Hosts: 218.5.77.189 www.cmfu.com
O1 - Hosts: 218.5.77.189 cmfu.com
O1 - Hosts: 218.5.77.189 www.21red.net
O1 - Hosts: 218.5.77.189 21red.net
O1 - Hosts: 218.5.77.189 www.pconline.com.cn
O1 - Hosts: 218.5.77.189 pconline.com.cn
O1 - Hosts: 218.5.77.189 www.donews.com
O1 - Hosts: 218.5.77.189 donews.com
O1 - Hosts: 218.5.77.189 www.pcauto.com.cn
O1 - Hosts: 218.5.77.189 pcauto.com.cn
O1 - Hosts: 218.5.77.189 www.265.com
O1 - Hosts: 218.5.77.189 265.com
O1 - Hosts: 218.5.77.189 www.wo99.com
O1 - Hosts: 218.5.77.189 wo99.com
O1 - Hosts: 218.5.77.189 www.familydoctor.com.cn
O1 - Hosts: 218.5.77.189 familydoctor.com.cn
O1 - Hosts: 218.5.77.189 www.flashempire.com
O1 - Hosts: 218.5.77.189 flashempire.com
O1 - Hosts: 218.5.77.189 www.showgood.tv
O1 - Hosts: 218.5.77.189 showgood.tv
O1 - Hosts: 218.5.77.189 www.flashfan.net
O1 - Hosts: 218.5.77.189 flashfan.net
O1 - Hosts: 218.5.77.189 www.long21.net
O1 - Hosts: 218.5.77.189 long21.net
O1 - Hosts: 218.5.77.189 www.sowww.com
O1 - Hosts: 218.5.77.189 sowww.com
O1 - Hosts: 218.5.77.189 www.flashhome.net
O1 - Hosts: 218.5.77.189 flashhome.net
O1 - Hosts: 218.5.77.189 www.cnflash.net
O1 - Hosts: 218.5.77.189 cnflash.net
O1 - Hosts: 218.5.77.189 www.flashsky.com
O1 - Hosts: 218.5.77.189 flashsky.com
O1 - Hosts: 218.5.77.189 www.hunansky.com
O1 - Hosts: 218.5.77.189 hunansky.com
O1 - Hosts: 218.5.77.189 www.52flash.net
O1 - Hosts: 218.5.77.189 52flash.net
O1 - Hosts: 218.5.77.189 www.flashh.com
O1 - Hosts: 218.5.77.189 flashh.com
O1 - Hosts: 218.5.77.189 www.flashsun.com
O1 - Hosts: 218.5.77.189 flashsun.com
O1 - Hosts: 218.5.77.189 www.7k7k.com
O1 - Hosts: 218.5.77.189 7k7k.com
O1 - Hosts: 218.5.77.189 www.xuanxuan.com
O1 - Hosts: 218.5.77.189 xuanxuan.com
O1 - Hosts: 218.5.77.189 www.flash88.net
O1 - Hosts: 218.5.77.189 flash88.net
O1 - Hosts: 218.5.77.189 www.91flash.com
O1 - Hosts: 218.5.77.189 91flash.com
O1 - Hosts: 218.5.77.189 www.doingflash.com
O1 - Hosts: 218.5.77.189 doingflash.com
O1 - Hosts: 218.5.77.189 www.5see.com

【回复“baO1 - Hosts: 218.5.77.189 5see.com
O1 - Hosts: 218.5.77.189 www.skyhits.com
O1 - Hosts: 218.5.77.189 skyhits.com
O1 - Hosts: 218.5.77.189 www.ting78.com
O1 - Hosts: 218.5.77.189 ting78.com
O1 - Hosts: 218.5.77.189 www.91.com
O1 - Hosts: 218.5.77.189 91.com
O1 - Hosts: 218.5.77.189 www.flashchina.net
O1 - Hosts: 218.5.77.189 flashchina.net
O1 - Hosts: 218.5.77.189 www.flash8.com.cn
O1 - Hosts: 218.5.77.189 flash8.com.cn
O1 - Hosts: 218.5.77.189 www.f130.net
O1 - Hosts: 218.5.77.189 f130.net
O1 - Hosts: 218.5.77.189 www.chinanim.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v8.dll
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINNT\system32\IEBHODLL.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp1.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\音乐\qq\CS\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: EyeOnIE Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - D:\PROGRA~1\PCDOWN~1\BhoPlugin.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINNT\downlo~1\CnsHook.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\YiSou\yisou.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - 启动项HKLM\\Run: [SysExplr] D:\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINNT\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Sandai Technologies Inc\Thunder\ThunderShell.exe" /s
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - 启动项HKLM\\Run: [cnyisou_com] http://www.zhaowo8.com
O4 - 启动项HKLM\\Run: [ppdvdpipi] F:\新建文~2\pipicn\Client.exe
O4 - 启动项HKLM\\Run: [SearchNet_Up] "C:\Program Files\SearchNet\ServeUp.exe"
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [AddrPlus3] RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook1.dll,Rundll32
O4 - HKCU\..\Run: [NIW] C:\WINNT\NIW.exe
O4 - Startup: 桌面媒体.lnk = C:\WINNT\system32\rundll32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: 划词搜索.lnk = C:\Program Files\HuaCi\huaci\zsearch.exe
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\音乐\qq\CS\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\音乐\qq\CS\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\音乐\qq\CS\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\音乐\qq\CS\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\音乐\qq\CS\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\音乐\qq\CS\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\音乐\qq\CS\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\音乐\qq\CS\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O11 - Options group: [TBH]  QQ地址栏搜索插件
O17 - HKLM\System\CCS\Services\Tcpip\..\{4590D4B5-91C6-4C9A-B310-7FE8C71642E8}: NameServer = 202.96.104.17,221.136.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF94C846-7494-4AA9-BEAB-ED5B3DC483D2}: NameServer = 202.96.104.17 202.96.104.27
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINNT\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O23 - NT 服务: .Net Boot Service - Unknown owner - C:\WINNT\system32\big5_gb2312.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINNT\G_Server2.0.exe
O23 - NT 服务: Local Network Service - Unknown owner - C:\WINNT\system32\SeedServ.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\NTS\ENTERN~1\app\pppoeservice.exe
O23 - NT 服务: Remote Log - Unknown owner - C:\WINNT\system32\ServeHost.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

ohe”的帖子】

关闭进程:C:\WINNT\system32\ServeHost.exe
在运行下输入regedit进入注册表查找ServeHost.exe 它没准在启动项里..查找一下好了..找到后 把这个文件夹删除掉

在搜索ServeHost.exe 删除这个东西


另外在修复:
O1 - Hosts: 218.5.77.189 www.zhao123.com
O1 - Hosts: 218.5.77.189 zhao123.com
O1 - Hosts: 218.5.77.189 www.4399.com
O1 - Hosts: 218.5.77.189 4399.com
O1 - Hosts: 218.5.77.189 www.chinagames.net
O1 - Hosts: 218.5.77.189 chinagames.net
O1 - Hosts: 218.5.77.189 www.tiexue.net
O1 - Hosts: 218.5.77.189 tiexue.net
O1 - Hosts: 218.5.77.189 www.qq163.com
O1 - Hosts: 218.5.77.189 qq163.com
O1 - Hosts: 218.5.77.189 www.tt67.com
O1 - Hosts: 218.5.77.189 tt67.com
O1 - Hosts: 218.5.77.189 www.chinamp3.com
O1 - Hosts: 218.5.77.189 chinamp3.com
O1 - Hosts: 218.5.77.189 www.pg168.com
O1 - Hosts: 218.5.77.189 pg168.com
O1 - Hosts: 218.5.77.189 www.yymp3.com
O1 - Hosts: 218.5.77.189 yymp3.com
O1 - Hosts: 218.5.77.189 www.yy138.com
O1 - Hosts: 218.5.77.189 yy138.com
O1 - Hosts: 218.5.77.189 www.dj99.com
O1 - Hosts: 218.5.77.189 dj99.com
O1 - Hosts: 218.5.77.189 www.sogua.com
O1 - Hosts: 218.5.77.189 sogua.com
O1 - Hosts: 218.5.77.189 www.snsn.net
O1 - Hosts: 218.5.77.189 snsn.net
O1 - Hosts: 218.5.77.189 www.flash8.net
O1 - Hosts: 218.5.77.189 flash8.net
O1 - Hosts: 218.5.77.189 www.mop.com
O1 - Hosts: 218.5.77.189 mop.com
O1 - Hosts: 218.5.77.189 www.tianyaclub.com
O1 - Hosts: 218.5.77.189 tianyaclub.com
O1 - Hosts: 218.5.77.189 www.xici.net
O1 - Hosts: 218.5.77.189 xici.net
O1 - Hosts: 218.5.77.189 www.ucanlove.com
O1 - Hosts: 218.5.77.189 ucanlove.com
O1 - Hosts: 218.5.77.189 www.cmfu.com
O1 - Hosts: 218.5.77.189 cmfu.com
O1 - Hosts: 218.5.77.189 www.21red.net
O1 - Hosts: 218.5.77.189 21red.net
O1 - Hosts: 218.5.77.189 www.pconline.com.cn
O1 - Hosts: 218.5.77.189 pconline.com.cn
O1 - Hosts: 218.5.77.189 www.donews.com
O1 - Hosts: 218.5.77.189 donews.com
O1 - Hosts: 218.5.77.189 www.pcauto.com.cn
O1 - Hosts: 218.5.77.189 pcauto.com.cn
O1 - Hosts: 218.5.77.189 www.265.com
O1 - Hosts: 218.5.77.189 265.com
O1 - Hosts: 218.5.77.189 www.wo99.com
O1 - Hosts: 218.5.77.189 wo99.com
O1 - Hosts: 218.5.77.189 www.familydoctor.com.cn
O1 - Hosts: 218.5.77.189 familydoctor.com.cn
O1 - Hosts: 218.5.77.189 www.flashempire.com
O1 - Hosts: 218.5.77.189 flashempire.com
O1 - Hosts: 218.5.77.189 www.showgood.tv
O1 - Hosts: 218.5.77.189 showgood.tv
O1 - Hosts: 218.5.77.189 www.flashfan.net
O1 - Hosts: 218.5.77.189 flashfan.net
O1 - Hosts: 218.5.77.189 www.long21.net
O1 - Hosts: 218.5.77.189 long21.net
O1 - Hosts: 218.5.77.189 www.sowww.com
O1 - Hosts: 218.5.77.189 sowww.com
O1 - Hosts: 218.5.77.189 www.flashhome.net
O1 - Hosts: 218.5.77.189 flashhome.net
O1 - Hosts: 218.5.77.189 www.cnflash.net
O1 - Hosts: 218.5.77.189 cnflash.net
O1 - Hosts: 218.5.77.189 www.flashsky.com
O1 - Hosts: 218.5.77.189 flashsky.com
O1 - Hosts: 218.5.77.189 www.hunansky.com
O1 - Hosts: 218.5.77.189 hunansky.com
O1 - Hosts: 218.5.77.189 www.52flash.net
O1 - Hosts: 218.5.77.189 52flash.net
O1 - Hosts: 218.5.77.189 www.flashh.com
O1 - Hosts: 218.5.77.189 flashh.com
O1 - Hosts: 218.5.77.189 www.flashsun.com
O1 - Hosts: 218.5.77.189 flashsun.com
O1 - Hosts: 218.5.77.189 www.7k7k.com
O1 - Hosts: 218.5.77.189 7k7k.com
O1 - Hosts: 218.5.77.189 www.xuanxuan.com
O1 - Hosts: 218.5.77.189 xuanxuan.com
O1 - Hosts: 218.5.77.189 www.flash88.net
O1 - Hosts: 218.5.77.189 flash88.net
O1 - Hosts: 218.5.77.189 www.91flash.com
O1 - Hosts: 218.5.77.189 91flash.com
O1 - Hosts: 218.5.77.189 www.doingflash.com
O1 - Hosts: 218.5.77.189 doingflash.com
O1 - Hosts: 218.5.77.189 www.5see.com

谢谢拉！大虾，小弟对你表示十分的感激！感激的我快见阎王拉！

晕..你还有灰鸽子啊


修复:
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINNT\G_Server2.0.exe

重启进入安全模式

打开注册表搜索G_Server2.0.exe  把分支  的 文件夹一块删除..

同样文件夹选项改为显示隐藏文件

搜索:
G_Server2.0.exe
G_Server2.0.dll
G_Server2.0_hook.dll
G_Server2.0key.dll


根据我上边给你的帖子 .
修复:
O23 - NT 服务: Remote Log - Unknown owner - C:\WINNT\system32\ServeHost.exe

请参考楼上朋友的意见，还有：
卸载：
雅虎助手、一搜、划词搜索；
如果楼主想用的话，请重装雅虎助手、一搜，如果不想用的话请卸载，然后去http://forum.ikaka.com/topic.asp?board=36&artid=6770535看看

修复：
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINNT\system32\IEBHODLL.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O4 - 启动项HKLM\\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - 启动项HKLM\\Run: [cnyisou_com] http://www.zhaowo8.com
O4 - HKCU\..\Run: [NIW] C:\WINNT\NIW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的“工具”菜单项: kele8 - {84920E5F-3788-49cd-A274-E365578DF174} - http://www.kele8.com/ (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)

删除：
C:\WINNT\NIW.exe
文件夹C:\$NtUninstallQ5926809$\3721.bat

还有，请楼主确认
O4 - 启动项HKLM\\Run: [SysExplr] D:\SYSEXPLR.EXE
O23 - NT 服务: .Net Boot Service - Unknown owner - C:\WINNT\system32\big5_gb2312.exe
这两个是什么，如果不知道的话请打包发至baohe斑竹邮箱baohelin@yahoo.com.cn并注明情况。

【回复“ppdog”的帖子】老大，你太厉害啊！收不收小弟啊！偶跟你拉！这个是NIW.exe 是什么病毒啊！