每次重启系统时,在任务管理器中都会发现IEXPLORE.EXE这个进程,用瑞星(18.33.22)查杀说是Backdoor.Gpigeon.uql,并提示说清除成功,可是下次开机后还是有这个进程,我该怎么办啊?请各位不吝赐教,谢谢了
我用HijackThis扫描系统的时候,弹出一个窗口说“An unexpected error has occured at procedure:
modRegistry_IniGetString(sFile=system.ini,sSection=boot,sValue=Shell)
Error #70-拒绝的权限”,可是仍然生成了一个log文件,请各位帮我看看,谢谢了:
Logfile of HijackThis v1.99.1
Scan saved at 9:23:39, on 2006-6-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
d:\Rising\Rav\Ravmond.exe
d:\rising\rfw\rfwsrv.exe
d:\Rising\Rav\RavStub.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
d:\rising\rfw\RfwMain.exe
D:\Rising\Rav\RavTask.exe
D:\Rising\Rav\Ravmon.exe
D:\VStart50_PConline\VStart.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Tencent\TT\TTraveler.exe
D:\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
F:\HijackThis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RavTask] "d:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [VStart5.0] D:\VStart50_PConline\VStart.exe
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - d:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EF53B94-6862-4F1D-BB8C-810F3C51601E}: NameServer = 202.103.44.5 202.103.0.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{A36E6ADB-EC4B-4F7B-BB3C-E47F3356D6F8}: NameServer = 202.112.20.131,202.114.0.242
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~2\cpqdmi.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: System - Unknown owner - C:\WINDOWS\System.ini
O23 - Service: System Event COM+ - Unknown owner - (no file)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
