Logfile of HijackThis v1.99.1
Scan saved at 9:07:14, on 2006-7-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NIW.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wincup\wincup.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatform.exe
C:\WINDOWS\system32\SVOHOST.exe
D:\TT\TTraveler.exe
C:\WINDOWS\regedit.exe
C:\Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - _{0005A87D-D626-4B3A-84F9-1D9571695F55} - (no file)
O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: (no name) - _{492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: stdup - _{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~2\FLASHGET\jccatch.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [YDTMain.exe] rem C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [SEDMAD] rem C:\WINDOWS\system32\dmad.exe "-sedmreg"
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NIW] C:\WINDOWS\system32\NIW.exe
O4 - Startup: 腾讯QQ.lnk = D:\QQ\QQ.exe
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra button: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} - http://zs.kingsoft.com/KOSInit.cab
O16 - DPF: {74447F9C-5691-4A9A-8BE4-564092E40B03} (VnetAnprIns Class) - http://plugin.vnet.cn/VnetPluginIns.CAB
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://imgcache.qq.com/qzone/photo/QzoneMediaTools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E4C5C7-CAE5-4775-932C-9F45621A83EA}: NameServer = 202.96.209.134 202.96.209.6
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: SysTime - {724C75F1-B757-408D-A50A-4CF99DA35D73} - C:\PROGRA~1\winkld\winkld.dll
O23 - Service:    (  ) - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)
O23 - Service: Application COM+ Event (Application COM+ Eve) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: APPlication Layer Gateway Serv - Unknown owner - C:\WINDOWS\SVOCHOST.bat
O23 - Service: COM+ Event Application - Unknown owner - C:\WINDOWS\gg.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: expl0rer (exp10rer) - Unknown owner - C:\WINDOWS\expl0rer.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe (file missing)
O23 - Service: GrayPigeon_Hacker.com.cn - Unknown owner - C:\WINDOWS\server.exe (file missing)
O23 - Service: lsass - Unknown owner - C:\WINDOWS\system\lsass.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Updata_Server.. - Unknown owner - C:\Program.exe (file missing)
O23 - Service: win32Sserver - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)
O23 - Service: Windows XP Vista        - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini
O23 - Service: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe

那个是灰鸽子病毒啊?????????

我是新手哈 水平有限  我只能给你说O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini这个好象是吧  详细的请看 http://forum.ikaka.com/topic.asp?board=28&artid=8105899  嘿嘿`

没想到你中了这么多……
修复O23 - Service: expl0rer (exp10rer) - Unknown owner - C:\WINDOWS\expl0rer.exe
O23 - Service: ( ) - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)

O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe (file missing)
O23 - Service: GrayPigeon_Hacker.com.cn - Unknown owner - C:\WINDOWS\server.exe (file missing)
O23 - Service: lsass - Unknown owner - C:\WINDOWS\system\lsass.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Updata_Server.. - Unknown owner - C:\Program.exe (file missing)
O23 - Service: win32Sserver - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)
O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini这一项参考楼上帖子中给的办法。
关于O23 - Service: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe的处理请参考
http://forum.ikaka.com/topic.asp?board=28&artid=8120559

O23 - Service: APPlication Layer Gateway Serv - Unknown owner - C:\WINDOWS\SVOCHOST.bat的修复请参考
http://forum.ikaka.com/topic.asp?board=28&artid=8077323

【回复“侃侠”的帖子】
楼上的请问是不是修复这些就可以了啊
要不要删掉什么啊?????

O23 - Service: WinWrCup - MsWinCup - C:\WINDOWS\wincup\wincup.exe
参考顶置..

连杀软都不装...鸽子窝..

O23 - Service: ( ) - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)
O23 - Service: Application COM+ Event (Application COM+ Eve) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: APPlication Layer Gateway Serv - Unknown owner - C:\WINDOWS\SVOCHOST.bat
O23 - Service: COM+ Event Application - Unknown owner - C:\WINDOWS\gg.dll (file missing)
O23 - Service: expl0rer (exp10rer) - Unknown owner - C:\WINDOWS\expl0rer.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe (file missing)
O23 - Service: GrayPigeon_Hacker.com.cn - Unknown owner - C:\WINDOWS\server.exe (file missing)
O23 - Service: lsass - Unknown owner - C:\WINDOWS\system\lsass.exe
O23 - Service: Updata_Server.. - Unknown owner - C:\Program.exe (file missing)
O23 - Service: win32Sserver - Unknown owner - C:\WINDOWS\G_Server2006.exe (file missing)
O23 - Service: Windows XP Vista - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini
鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索
( )
Application COM+ Eve
APPlication Layer Gateway Serv
COM+ Event Application
exp10rer
GrayPigeonServer
GrayPigeon_Hacker.com.cn
lsass
Updata_Server..
win32Sserver
Windows XP Vista
删除...这些项..

删除
C:\WINDOWS\SVOCHOST.bat
C:\WINDOWS\expl0rer.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\Hacker.com.cn.ini

修复
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - _{0005A87D-D626-4B3A-84F9-1D9571695F55} - (no file)
O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: (no name) - _{492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: stdup - _{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll

O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
参考：http://forum.ikaka.com/topic.asp?board=28&artid=7971417

http://www.pctutu.com/srmsdown.asp
下载超级兔子..用超级兔子清理王卸载流氓软件...(安全模式...)

【回复“mopery”的帖子
请问楼上的,所有的操作一定要在电脑是安全模式的情况下才能操作吗??

可在正常模式删除注册表后 重启 来删除文件..

O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
为什么这几个修复不了