中了 Backdoor.Gpigeon.2006.iug  瑞星每次开机 都会显示发现该病毒，并显示以清除，但下回开机还是会有，清除不了，请问，该如何清除该病毒，该病毒有什么危害


下面是用Hijackthis扫描后的日志
Logfile of HijackThis v1.99.1
Scan saved at 20:56:32, on 2007-6-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
F:\PROGRAM FILES\RISING\RAV\Ravmond.exe
f:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
f:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Rising\AntiSpyware\runiep.exe
F:\Program Files\Rising\Rav\RavTask.exe
F:\Program Files\Rising\Rav\Ravmon.exe
F:\Program Files\Rising\Rav\rav.exe
f:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe
F:\Program Files\360safe\safemon\360Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\jj4\jiajiasr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
f:\Program Files\Tencent\QQ\TIMPlatform.exe
F:\Program Files\Internet Download Manager\IEMonitor.exe
F:\Program Files\Maxthon\Maxthon.exe
F:\Program Files\TTPlayer\TTPlayer.exe
F:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: ThunderBHO - {0055C088-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: DsHelper - {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - F:\Program Files\360safe\safemon\safemon.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "f:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "f:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [vtupdate] C:\WINDOWS\
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AntiARPStandalone] F:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe
O4 - HKLM\..\Run: [360Safetray] F:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [jiajiasr] C:\Program Files\jj4\jiajiasr.exe
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: QQ游戏启动加速程序.lnk = F:\Program Files\Tencent\QQGAME\Accel.exe
O8 - Extra context menu item: &使用BitComet下载 - res://F:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://F:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://F:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用 IDM 下载 - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: 使用 IDM 下载所有链接 - F:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: 使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://F:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 发送至 OneNote(amp;E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FB814FF-6447-4463-A25F-5F9EDE77D829}: NameServer = 202.102.152.3,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FB814FF-6447-4463-A25F-5F9EDE77D829}: NameServer = 202.102.152.3,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FB814FF-6447-4463-A25F-5F9EDE77D829}: NameServer = 202.102.152.3,192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - F:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - f:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: MS Software Shadow Copy Provid (SwPrv) - Unknown owner - C:\WINDOWS\twunk_64.exe

我同楼主是完全相同的问题，也是IE中了这个病毒，杀而不死
希望瑞星解决这个问题

我的也是,没有办法!希望解决!

扫个SRENG看看
http://www.kztechs.com/sreng/download.html
！！！关掉所有手动打开的软件！！！！

安全模式
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除C:\WINDOWS\twunk_64.exe这个东西
危害 搜索下 灰鸽子就知道了