为什么我每次开机扫描都有Backdoor.GPigeon.vla  ！~~~谁能帮我杀掉啊！~~谢谢了！~~


下面是扫描的日志。。。麻烦看下啊！~~这是用瑞星杀过之后的。。但每次开机扫描都会出来。。。用瑞星扫描过后。。我怀疑是鸽子。。。然后用灰鸽子专杀工具。。。没发现。。晕哦！~~~高手门看下啊！~~


Logfile of HijackThis v1.99.1
Scan saved at 12:05:57, on 2006-7-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Panda Software\熊猫卫士钛金版\Pavsrv51.exe
D:\Program Files\Panda Software\熊猫卫士钛金版\AVENGINE.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ChinaNet\VnetClient.exe
E:\网络游戏\qq\QQ.exe
E:\网络游戏\QQ\TIMPlatform.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\绿色软件\HijackThis_zww汉化版扫描日志 V1.99.1.exe

O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll (file missing)
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [NetSpeeder] ; "D:\绿色软件\网络狂飙(NetSpeeder) 3.70 \NetSpeeder.exe" hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = ?SystemRoot%\Installer\{00000804-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\网络游戏\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\网络游戏\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\网络游戏\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\网络游戏\qq\SendMMS.htm
O11 - Options group: [!CNS]  网络实名
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B4C22C8-0D93-43FE-A5F1-1FD5A90FEA6F}: NameServer = 202.102.192.68 202.102.199.68
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: bfITask Scheduler - Unknown owner - C:\WINDOWS\bf.exe
O23 - Service: ITask Scheduler - Unknown owner - C:\WINDOWS\qq.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\熊猫卫士钛金版\Pavsrv51.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

O23 - Service: bfITask Scheduler - Unknown owner - C:\WINDOWS\bf.exe
O23 - Service: ITask Scheduler - Unknown owner - C:\WINDOWS\qq.exe
1.开始-运行输入regedit,打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支，删除左栏中的病毒服务名 bfITask Scheduler 和ITask Scheduler
2.重启系统，在“文件夹选项”的“查看”面板中勾选“显示系统文件”、“显示所有的文件和文件夹”两项，点击“确定”按钮。然后在%windows%下寻找病毒文件名C:\WINDOWS\qq.exe,C:\WINDOWS\qq.dll,C:\WINDOWS\qq_Hook.dll,C:\WINDOWS\qqkey.dll,C:\WINDOWS\bf.exe,C:\WINDOWS\bf.dll,C:\WINDOWS\bf_Hook.dll,C:\WINDOWS\bfkey.dll
能找到的都删除

修复O23 - Service: bfITask Scheduler - Unknown owner - C:\WINDOWS\bf.exe
O23 - Service: ITask Scheduler - Unknown owner - C:\WINDOWS\qq.exe
删除下列文件
C:\WINDOWS\qq.exe
C:\WINDOWS\bf.exe

如何删除以前的硬件备份???帮帮忙

你家是方正的？怎么会有熊猫？去注册表找，进按全模式。

另修复
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll (file missing)
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing)

晕！~~谁说是方正的啊？！~~我自己装兼容机啊 ！~~呵呵！~~熊猫我自己装的。。。。西西。。。不过好象没用。。。

谢啦！~~呵呵。。。搞定。。。西西。。。