今天用瑞星杀毒发现(BacKdoor.Gpigeon.us)病毒,提示清除成功.可是重启机子后再杀还有.我怀疑是前两天下载了个浏览器所致,并已经卸载,请朋友们帮助看看日志,有什么问题.谢谢了.
HijackThis_815汉化版扫描日志 V1.99.1
保存于      22:34:30, 日期 2005-10-5
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Tencent\qq\TMDlls\TM.exe
C:\Program Files\Tencent\qq\TMDlls\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\扫描日志工具\4842302005817230232\HijackThis1991zww.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - IE工具栏增项: (no name) - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - IE工具栏增项: (no name) - {FEDF637B-F631-4583-A210-33CC828D42DB} - (no file)
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O12 - IE插件，支持文件类型.spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D54FBC4-1515-4F57-A11D-95F89E792FEB}: NameServer = 202.99.160.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - NT 服务: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - NT 服务: Windows Internet/Server (Internet) - Unknown owner - C:\WINDOWS\system32\RavExt\winlogo.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

谢谢,我在C:\WINDOWS\system32\RavExt\winlogo.exe里就找到了一个这样的文件,注册表里没有winlogo.exe.

谢谢热心的朋友,我刚刚重新启机子了,用瑞星杀了一遍没有再提示有病毒,感激中!
再帮看看日志还有问题吗?
HijackThis_815汉化版扫描日志 V1.99.1
保存于      23:35:00, 日期 2005-10-5
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\扫描日志工具\4842302005817230232

\HijackThis1991zww.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-

0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-

8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1

\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1

\RISING\RAV\RAVTIMER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O8 - IE右键菜单中的新增项目: 使用网际快车下载 -

C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 -

C:\Program Files\FlashGet\jc_all.htm
O12 - IE插件，支持文件类型.spop: C:\Program

Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D54FBC4-1515-

4F57-A11D-95F89E792FEB}: NameServer = 202.99.160.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32

\igfxsrvc.dll
O23 - NT 服务: ewido security suite control - ewido

networks - C:\Program Files\ewido\security

suite\ewidoctrl.exe
O23 - NT 服务: ewido security suite guard - ewido

networks - C:\Program Files\ewido\security

suite\ewidoguard.exe
O23 - NT 服务: Rising Personal Firewall Service

(RfwService) - Beijing Rising Technology Corporation

Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center

(RsCCenter) - rising - C:\PROGRAM

FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing

Rising Technology Co., Ltd. - C:\PROGRAM

FILES\RISING\RAV\Ravmond.exe