backdoor.gpigeon.iid
病毒分类 WINDOWS下的PE病毒

Trojan.DL.Small.ikr

Backdoor.Gpigeon.iid 这个病毒清除了，第2天开机又出现。晕

Trojan.DL.Small.ikr

引用:

【zzq11211的贴子】http://forum.ikaka.com/topic.asp?board=28&artid=8105899 下载HijackThis...把日志帖上来.. ………………

Logfile of HijackThis v1.99.1
Scan saved at 1:39:46, on 2006-11-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\木马杀客\mmsk.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Rising\Rav\RAVTASK.EXE
C:\Program Files\Rising\Rav\RAVMON.EXE
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Tencent\TT\TTraveler.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\Program Files\Tencent\QQ\qqpet\qqpet.exe
E:\Program Files\Tencent\QQ\QZone\QZone.exe
C:\Program Files\Tencent\TT\TCPlus.exe
E:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Iparmor\Iparmor.exe
C:\WINPENJR\Win32\CUSTOM.EXE
C:\WINPENJR\Win32\DRAWOBJ.EXE
C:\WINPENJR\Win32\PPHBUF.EXE
D:\新端星杀毒软件\HijackThis.exe

R3 - URLSearchHook: (no name) - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {029D8E13-604B-47E8-8081-6E5701F83EF1} - (no file)
O2 - BHO: (no name) - {02B99C2C-7635-43DA-B60D-47688E08DB55} - (no file)
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file)
O2 - BHO: (no name) - {0C1D287E-298A-43E8-BEB0-FF070A665B5D} - (no file)
O2 - BHO: (no name) - {0EAC6F16-8048-4419-AE80-B2062AB7239C} - (no file)
O2 - BHO: (no name) - {0EC3BA58-158A-4843-BEF2-768CFD72B841} - (no file)
O2 - BHO: (no name) - {1335DE8E-C7EA-4A36-A549-71FA91893CAC} - (no file)
O2 - BHO: (no name) - {134BC065-ACAF-4095-A43A-4C0EB1D569AF} - (no file)
O2 - BHO: (no name) - {13620451-6E00-45C7-8C1F-FC7AF22678F4} - (no file)
O2 - BHO: (no name) - {138C6011-2327-4A8A-94B8-22519D735E45} - (no file)
O2 - BHO: (no name) - {17A65461-E2A8-412E-AE2D-E92C7174D80A} - (no file)
O2 - BHO: (no name) - {17EC6CC7-2BD7-423E-B285-EA5C589ED5D7} - (no file)
O2 - BHO: (no name) - {1D727966-15D6-4D90-ADC0-CCA4457CFA84} - (no file)
O2 - BHO: (no name) - {1E037AE7-AA40-478A-82DD-FAA8E4F0B6EC} - (no file)
O2 - BHO: (no name) - {23481F70-C094-4D6B-A53B-171AA00E0616} - (no file)
O2 - BHO: (no name) - {25410F25-606E-46DA-A384-3C6CC59CC6B0} - (no file)
O2 - BHO: (no name) - {26681560-B054-4ED5-9469-36CC22AD3C03} - (no file)
O2 - BHO: (no name) - {28850271-28D4-4851-859B-F1CC4A4927FD} - (no file)
O2 - BHO: (no name) - {2A61FDD1-47B1-4373-A564-24407C3115FD} - (no file)
O2 - BHO: (no name) - {3010B822-188E-477D-9FC3-038F5BE40F43} - (no file)
O2 - BHO: (no name) - {35EB8B34-D2F5-42AB-BAC0-10708BFAF0DC} - (no file)
O2 - BHO: (no name) - {3E2D8E29-2A03-40A6-A400-2F9D5B129FC5} - (no file)
O2 - BHO: (no name) - {3FC766A8-DBD2-482A-A15E-5506D9CCBECE} - (no file)
O2 - BHO: (no name) - {440FD69A-2D2F-4D34-A0C1-F5AF27DE6437} - (no file)
O2 - BHO: (no name) - {44B80084-4225-45F3-9B41-6045763DCF8C} - (no file)
O2 - BHO: (no name) - {45F9FA66-6D90-444D-AB05-A39591FB1DB7} - (no file)
O2 - BHO: (no name) - {47C0D6E3-A08B-434B-AABD-848D10FD4E44} - (no file)
O2 - BHO: (no name) - {4D503287-BDBB-4CE8-B614-51F2C84B2190} - (no file)
O2 - BHO: (no name) - {4DDDE091-67BA-4D09-90D3-6836F482C962} - (no file)
O2 - BHO: (no name) - {51E675E4-6E9F-46B5-859D-BF735A4F61A0} - (no file)
O2 - BHO: (no name) - {57DC0762-1162-47BD-B964-34920731713D} - (no file)
O2 - BHO: (no name) - {5A76E816-BA90-4F51-A190-76212387DF0A} - (no file)
O2 - BHO: (no name) - {5B9837AB-5BD8-46F4-9116-763F03B02388} - (no file)
O2 - BHO: (no name) - {616BA5A0-44D6-4874-8414-BC2960AD8C51} - (no file)
O2 - BHO: (no name) - {6AC1A4E5-3C90-4E76-9599-CBA49E154781} - (no file)
O2 - BHO: (no name) - {6C077017-E688-490F-AD73-37C96915B477} - (no file)
O2 - BHO: (no name) - {6CCD20CD-E204-4640-BDC4-2461FA2F9256} - (no file)
O2 - BHO: (no name) - {73FEA417-A6AC-4303-B959-5086B7FB3139} - (no file)
O2 - BHO: (no name) - {7660B4AB-5033-46CB-8BEA-86728BFAA283} - (no file)
O2 - BHO: (no name) - {76963505-E59D-44A2-A2FC-911072EADA90} - (no file)
O2 - BHO: ltmenu Class - {78C21EFD-53BA-406C-AF1A-33A38ABD3958} - (no file)
O2 - BHO: (no name) - {7A785430-2D14-4A9E-8C49-53DD0DF080A9} - (no file)
O2 - BHO: (no name) - {7BB5F32F-EAC2-42DF-B20A-6A0257C79298} - (no file)
O2 - BHO: (no name) - {7C10467A-6ACD-4449-87E9-8D3465959938} - (no file)
O2 - BHO: (no name) - {7C901C24-632F-437D-9D88-B9DC8AE56A0E} - (no file)
O2 - BHO: (no name) - {84B7F314-CE27-4A4D-BBF4-5CA977213E92} - (no file)
O2 - BHO: (no name) - {85913801-DA8E-4995-92F8-DC05B3400ED6} - (no file)
O2 - BHO: (no name) - {8715065F-CC7E-4529-8983-4A818FF1272A} - (no file)
O2 - BHO: (no name) - {873D8839-8434-4579-9CF1-888F3DAE803C} - (no file)
O2 - BHO: (no name) - {8C4421BE-0D64-4B8F-B4D8-A53CBAD5D859} - (no file)
O2 - BHO: (no name) - {93429A25-42DF-45BC-AEA1-2323F0D1AEEB} - (no file)
O2 - BHO: (no name) - {93DF687B-BA1B-4DCC-9E36-061D7CFFD2A4} - (no file)
O2 - BHO: (no name) - {9AE25896-C8A5-4500-8CA5-3DFA92A13988} - (no file)
O2 - BHO: (no name) - {9D6D3746-E006-47CA-A406-7EF820FFCAB3} - (no file)
O2 - BHO: (no name) - {9E2768B4-6B67-48D4-9762-E4C274D51973} - (no file)
O2 - BHO: (no name) - {A18662EA-7F0B-4F96-BF41-287B11E2E9AD} - (no file)
O2 - BHO: (no name) - {A58D5250-6295-42C3-B2C7-272682B3F243} - (no file)
O2 - BHO: (no name) - {A87762D8-E3C7-4BAF-92FA-8A4F0C1219FF} - (no file)
O2 - BHO: (no name) - {AB708464-A660-45E7-819F-1DF5AA4F2980} - (no file)
O2 - BHO: (no name) - {AB8AC9ED-C890-4980-9D69-DBC7C38D5446} - (no file)
O2 - BHO: (no name) - {B3E52A7D-580A-4BF7-8EF3-099677DB70B8} - (no file)
O2 - BHO: (no name) - {B43BA2F5-57BB-48BD-B29E-0FB606803955} - (no file)
O2 - BHO: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O2 - BHO: (no name) - {BAD01956-1B7F-47A3-BC45-C58E1678DA44} - (no file)
O2 - BHO: (no name) - {BB50E2C5-15B5-4377-9391-04EFA646C8B0} - (no file)
O2 - BHO: (no name) - {BC61E70C-3F29-4ABD-B69C-F0C4866A58D3} - (no file)
O2 - BHO: MSN 搜索工具栏 Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BE291BAE-B3C9-4C10-821D-DC0E2A5B020B} - (no file)
O2 - BHO: (no name) - {BE9E0B29-8B92-4A79-B397-E42EF54DD1EB} - (no file)
O2 - BHO: (no name) - {C0005080-5FB7-42CC-8B61-09A4479B9D83} - (no file)
O2 - BHO: (no name) - {C10EFD31-12FD-4760-9614-E702060CD885} - (no file)
O2 - BHO: (no name) - {C33DEEE6-EE8C-4F01-B1BD-C4B39CF520B7} - (no file)
O2 - BHO: (no name) - {C5AC79DF-5F12-44B3-9AD2-7C449F3D354D} - (no file)
O2 - BHO: (no name) - {C6DD7850-2FA9-47F5-BDF5-BBCA047F7748} - (no file)
O2 - BHO: (no name) - {CB8CA90B-BCA2-4E82-95CD-EB5FB9418C74} - (no file)
O2 - BHO: (no name) - {CC80CD4F-744D-48F5-975C-D6744E3186ED} - (no file)
O2 - BHO: (no name) - {CD8D7A5E-0057-488B-A8EB-0D8907D8E312} - (no file)
O2 - BHO: (no name) - {CED82E38-4FDA-4D8E-B2D5-3F66F8C2ED43} - (no file)
O2 - BHO: (no name) - {D5AFC0AC-FC45-4503-BD51-465D82BD86BE} - (no file)
O2 - BHO: (no name) - {D5EF1845-6AEA-4A23-9A1E-6C3A783BD139} - (no file)
O2 - BHO: (no name) - {D8330196-D03D-4CD2-84EE-062E3CB5AE97} - (no file)
O2 - BHO: (no name) - {D919EFAE-513B-44C7-B418-4EB2250BB276} - (no file)
O2 - BHO: (no name) - {D92E7C77-3A78-4277-9A10-ADE02800E7EC} - (no file)
O2 - BHO: (no name) - {DCAF5EBA-7234-4721-A282-D42007A077DD} - (no file)
O2 - BHO: (no name) - {E62C3D17-8E3C-4D10-A393-A51463C5466F} - (no file)
O2 - BHO: (no name) - {E950B01F-1978-4540-A8F0-27FB4D6C0180} - (no file)
O2 - BHO: (no name) - {EB1035FE-BB69-490B-8372-A8E5ECC454D0} - (no file)
O2 - BHO: (no name) - {ED98F31A-4F5A-4660-A060-3D4A00C037CE} - (no file)
O2 - BHO: (no name) - {F9D2BB87-CB53-4F08-AA8A-2F917DD38662} - (no file)
O2 - BHO: (no name) - {FD1DAC28-7521-4964-B121-AE37C9384B9C} - (no file)
O2 - BHO: (no name) - {FECAA6CD-2CC0-4100-BE4B-DA2F1A6EC20A} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O3 - Toolbar: MSN 搜索工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 263 DoShow.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office OneNote 2003 快速启动.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: MSN 搜索(&M) - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\zh-cn\msntb.dll/search.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 在新的前台选项卡中打开 - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/230?81202e8c126f4c39a4b573ddfb56b913
O8 - Extra context menu item: 在新的后台选项卡中打开 - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\zh-cn\msntabres.dll/229?81202e8c126f4c39a4b573ddfb56b913
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra 'Tools' menuitem: 视频聊天 - {6924091F-CD97-41E1-B1D4-D9079409D413} - http://www.liantang.net (file missing)
O9 - Extra button: 寻论网--中学作业解答 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra 'Tools' menuitem: 中学作业 - {6924091F-CD97-41E1-B1D4-D9079409D423} - http://www.xunlun.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {220ED87A-CB03-45A8-A81E-1C5597E11186} (GDHidCtrl Class) - http://esales.qq.com/cab/GDHidUsr.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145194779359
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://99liao.com/talk.cab
O16 - DPF: {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} (Qzone Media Tools) - http://qz-photo.qq.com/qzone3/QzoneMediaTools.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {E2D9AF38-368E-427B-B621-80DFBF89FFCA} (Download Class) - http://client.jogo.cn/download/cnnic/online/download.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://account.qq.com/qqedit.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{904CB1C3-B08E-4920-9497-6EEC84985E15}: NameServer = 202.106.0.20 221.10.251.196
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FFB38-0541-4AEE-B494-AA768C3AA19A}: NameServer = 192.168.1.5
O20 - AppInit_DLLs: APIHookDll.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Win - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe

请高手指教！！！

开始进行全盘扫描:...
系统事件：已发现木马!
木马名称：Virtool.SVKProtector.4316
木马路径：C:\WINDOWS\system32\SVKP.sys
处理方式：删除 成功
发现日期：2006年10月6日

1、Backdoor.Gpigeon.iid
2、木马名称：Virtool.SVKProtector.4316
木马路径：C:\WINDOWS\system32\SVKP.sys
3、木马名称：Virtool.SVKProtector.4316
木马路径：C:\System Volume Information\_restore{EB64E17A-F156-4AA0-8E97-B0E43410E362}\RP229\A0072197.sys