中了个灰鸽子很烦人重起后又有,帮忙高手附带日志
HijackThis_815汉化版扫描日志 V1.99.1
保存于      0:02:35, 日期 2006-11-16
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thunder\Program\Thunder5.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\黑客工具\HijackThis 1[1].99.1 汉化\HijackThis1991zww.exe
C:\Program Files\Internet Explorer\iexplore.exe

O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder\Thunder.exe" /s
O4 - 启动项HKLM\\Run: [LiveUpatePower] rem MyUpdate.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\GetAllUrl.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder\Thunder.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{003013E4-2705-4EDC-9B0A-83D7398CCA03}: NameServer = 202.96.128.86,202.96.128.166
O17 - HKLM\System\CCS\Services\Tcpip\..\{00F66B19-BB41-4CCD-AD14-EA8006F8F9B2}: NameServer = 61.232.206.103 61.232.206.102
O17 - HKLM\System\CS1\Services\Tcpip\..\{003013E4-2705-4EDC-9B0A-83D7398CCA03}: NameServer = 202.96.128.86,202.96.128.166
O21 - SSODL: MediaCheck - {D1F73845-4BAB-4061-A46B-FCF7ECC19217} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\cmspl.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: KVWSC - Unknown owner - E:\软件\KV2006\kvwsc.exe (file missing)
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: ClipManage (WalALET) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - NT 服务: Windows XP Lenovo (Windows XP system) - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini

开始 运行 regedit 展开
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

查找
WalALET
Windows XP system
删除
WalALET和Windows XP system服务
重启后删除 C:\WINDOWS\Hacker.com.cn.ini

Windows XP system服务
具体是删除什么啊～～
　　我真个被这个病毒弄的烦死了

运行HijackThis，在这项点勾选修复
O23 - NT 服务: Windows XP Lenovo (Windows XP system) - Unknown owner - C:\WINDOWS\Hacker.com.cn.ini
然后找到这个文件删除C:\WINDOWS\Hacker.com.cn.ini