HijackThis_815汉化版扫描日志 V1.99.1
保存于      21:11:30, 日期 2005-12-26
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\P4P\p2psvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SAV\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\sysupdate.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\mdm.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\system32\conime.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\mshta.exe
C:\WINNT\explorer.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\Program Files\ppdvdhscar\Client.exe
C:\Documents and Settings\Administrator\桌面\hlsw\hlsw.exe
C:\Program Files\Tencent\qq\tt.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Tencent\TT\TTraveler.exe
C:\Documents and Settings\Administrator\桌面\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: MyURLSearchHook Class - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - C:\Program Files\P4P\ToolBar.dll
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINNT\system32\socul.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v8.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - d:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\drivers\inf\bands.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 搜狗直通车 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [sysupdate] sysupdate.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载全部链接 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/203
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用搜狗直通车下载 - C:\Program Files\P4P\dl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 发送图片到手机 - C:\Program Files\P4P\cx.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - 浏览器额外的按钮: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的“工具”菜单项: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll
O9 - 浏览器额外的按钮: SoQ - {8F67DCF3-B1DF-4A39-A787-3775784BF737} - http://www.soq.com (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O16 - DPF: {45FEA1B3-FA37-4431-A1A9-39D024CD7A60} (sysupdate Control) - http://61.135.158.241/download/sysupdate.cab
O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://img.365ren.com/tv/cabs/EmoWebInstaller.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (QQPlayer Control) - http://219.133.62.236/QQPlayer.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.76_20051110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{877C56C7-76DD-44EC-B871-EFE120A7F1A0}: NameServer = 61.144.56.101,202.96.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{9387BCB5-403E-4907-A42E-52F07B0F1488}: NameServer = 61.144.56.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4EB220E-54E9-4C9A-B258-2A87541BB1E7}: NameServer = 61.144.56.101,202.96.128.68
O20 - AppInit_DLLs: KB2357802.LOG
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\\NavLogon.dll
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - C:\WINNT\system32\DLMain.dll
O23 - NT 服务: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINNT\G_Server1.2.exe
O23 - NT 服务: Gray_Pigeon_Server2.0 (GrayPigeonServer2.0) - Unknown owner - C:\WINNT\G_Server2.0.exe
O23 - NT 服务: Intel Alert Handler - Intel? Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - NT 服务: Intel Alert Originator - Intel? Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - NT 服务: Intel File Transfer - Intel? Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - NT 服务: Intel PDS - Intel? Corporation - C:\WINNT\system32\cba\pds.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\P4P\p2psvr.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: winServer - Unknown owner - C:\WINNT\winServer.exe

好多灰鸽子阿

开始→控制面板→管理工具→服务→查找Gray_Pigeon_Server、Gray_Pigeon_Server2.0 、winServer→右击→属性→启动类型→禁止→应用→停止→确定。

重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows

进入C:\Program Files\Desktop Media\Cast卸载桌面传媒

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选修复“Fix Checked”：

R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINNT\system32\socul.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINNT\system32\drivers\inf\bands.dll
O4 - 启动项HKLM\\Run: [sysupdate] sysupdate.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O16 - DPF: {45FEA1B3-FA37-4431-A1A9-39D024CD7A60} (sysupdate Control) - http://61.135.158.241/download/sysupdate.cab
O16 - DPF: {6BB0C189-3676-4711-AA75-E2801D6B0E27} (AvlFTP Control) - http://benchmark.avl.com.cn/cab/avlFtp.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://img.365ren.com/tv/cabs/EmoWebInstaller.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O21 - SSODL: SysTrays - {590498A3-4131-4D8F-BA4B-36791A9803B1} - C:\WINNT\system32\DLMain.dll

显示隐藏文件

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”--单击“确定”。

然后找到如下文件并删除（如果有的话）。

C:\WINNT\system32\socul.dll
C:\WINNT\system32\drivers\inf\bands.dll
sysupdate.exe（请用开始菜单中的搜索功能查找）
C:\WINNT\system32\DLMain.dll
C:\WINNT\G_Server1.2.exe
C:\WINNT\G_Server1.2.dll
C:\WINNT\G_Server1.2_hook.dll
C:\WINNT\G_Server1.2key.dll
C:\WINNT\G_Server2.0.exe
C:\WINNT\G_Server2.0.dll
C:\WINNT\G_Server2.0_hook.dll
C:\WINNT\G_Server2.0key.dll
C:\WINNT\winServer.exe
C:\WINNT\winServer.dll
C:\WINNT\winServer_hook.dll
C:\WINNT\winServerkey.dll

我的电脑里边鸽子没他多。。。  兄弟你养鸽子的吧

谢谢你  我马上去做

汗  我。。。。。惭愧。。。。。成了养鸽的了