详细内容2008-09-15 09:29:15, IEXPLORE.EXE>>C:\Program Files\Internet Explorer\IEXPLORE.EXE ->Backdoor.Win32.Gpigeon2008.ch

每次用瑞星防火墙和瑞星杀软手动杀毒总会杀出这个病毒，但是每次重启以后又会出现。。。。。请问高手这个应该如何清除？
下面是我用hijackThis v1.99.1 扫描的结果：

Logfile of HijackThis v1.99.1
Scan saved at 9:39:48, on 2008-9-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
d:\program files\rising\rfw\rfwproxy.exe
d:\program files\rising\rfw\rfwstub.exe
D:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Rising\Rfw\rfwmain.exe
D:\PROGRAM FILES\RISING\RAV\RavMon.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\AntiSpyware\rstray.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Rising\AntiSpyware\knownsvr.exe
D:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\supernym\桌面\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] ; C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] ; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DVDLauncher] ; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] ; C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SigmatelSysTrayApp] ; %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [360Safebox] ; "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [DAEMON Tools-2052] ; "D:\Program Files\D-Tools\daemon.exe"  -lang 2052
O4 - HKLM\..\Run: [runeip] "D:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] ; D:\Program Files\PPStream\ppsap.exe
O4 - Startup: PPS.lnk = D:\Program Files\PPStream\PPStream.exe
O4 - Startup: 彩虹QQ显IP.lnk = ?
O8 - Extra context menu item: &使用BitComet下载 - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方4.8.3(SP2) 特别版\浩方4.8.3(SP2) 特别版\GameClient.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {1DE88635-1C72-401E-B23B-93FA86D30F3B} (SSReaderPlug) - http://reg.ssreader.com/SSReaderPlug.cab
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawSetup.exe
O16 - DPF: {34E23F0A-1F7A-423B-826A-BB780154357D} (SursenReaderX Class) - http://book.du8.com/read/SursenReaderOcx.cab
O16 - DPF: {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} (ICBC Security Ctrl) - http://securitycheck.icbc.com.cn/download/NetBankSecurity_cn.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205019365000
O16 - DPF: {D82303B7-A754-4DCB-8AFC-8CF99435AACE} (KUpdateObj2 Class) - http://shadu.duba.net/html_v4/KOSInit.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} - [url=http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab]http://cu004.www.duba.net/duba/scan/Package/KOSInit.cab[/url]
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} - http://xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: kmon.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; MAXTHON 2.0)

灰鸽子病毒，可以使用：
1·瑞星卡卡上网安全助手清理
2·灰鸽子病毒专杀工具清理

  回复楼上的 K歌  。。我下了最新的卡卡，也在瑞星的网上下了 “灰鸽子”专用检测清除工具，但是均为查出病毒。。。但是用瑞星防火墙和瑞星杀软手动查杀却报毒了。。。。

HJ日志很不全面，建议扫描上传SRENG扫描日志。

怀疑：
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

1.扫日志前建议清理助手清理系统
http://www.arswp.com/download.html
只清理高危险项目
2.扫日志前关闭无用进程，如QQ，迅雷及播放器程序

3.到官方下载SReng
下载地址
http://www.kztechs.com/sreng/download.html
SREng/智能扫描

等扫描完成,保存日志(LOG格式)

PS：如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为小狮子.bat


如还不能运行尝试该版本SRENG
http://bbs.ikaka.com/attachment.aspx?attachmentid=412527）
如2.6的能用，还是用2.6的,2.4的就免了

4.为了最大程度减少对病毒的误判，和对病毒准确定位和判断，必须同时上传金山清理专家日志
下载金山清理专家
http://www.duba.net/qing/

金山清理专家-在线系统诊断（隐藏安全项）-导出诊断报告-（全选）-导出报告



5.2份日志/报告以附件上传（点击我回的贴的右下角的“引用”，然后就应该知道怎么以附件发了），贴到反病毒区.已发帖请跟贴，勿另开新帖。
PS:
1.如想成功解决问题，请按照步骤严格操作，金山和SRENG报告一个也不能少,要同时上传
2.如都不能正常运行
应使用下列工具：http://bbs.ikaka.com/showtopic-8442813.aspx的44，45，46，47，49，50，51楼的工具扫描日志[/siez]

C:\WINDOWS\system32\oodag.exe
貌似是病毒程序