瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 大家帮帮忙! 机器总是启动iexplore.exe或IEXPLORE.EXE这两个进程
japangmw - 2007-1-11 0:46:00
大家帮帮忙! 机器总是启动iexplore.exe或IEXPLORE.EXE这两个进程,怎么办啊!!!!!

附件: 818085200711103708.JPG
UFO不幸外人 - 2007-1-11 0:55:00
请用SRE扫描 把日志发布上来
下载地址http://www.skycn.com/soft/23312.html
japangmw - 2007-1-11 1:13:00
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <StormCodec_Helper><"C:\Program Files\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <AudioHQ><C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE>  [Creative Technology Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <main><rundll32.exe "C:\program files\internet explorer\use070108.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
UFO不幸外人 - 2007-1-11 1:17:00
用冰刃结束两个IE进程

在注册表中找到HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
删除<main><rundll32.exe "C:\program files\internet explorer\use070108.dll" mymain>

强制删除文件:C:\program files\internet explorer\use070108.dll
japangmw - 2007-1-11 1:21:00
【回复“UFO不幸外人”的帖子】
"冰刃"是?
UFO不幸外人 - 2007-1-11 1:22:00
冰刃下载地址:http://www.ttian.net/website/2005/0829/391.html
japangmw - 2007-1-11 1:30:00
是删"main"那一行吗?

附件: 818085200711112151.JPG
UFO不幸外人 - 2007-1-11 1:33:00
队的
UFO不幸外人 - 2007-1-11 1:33:00
用冰刃,别用注册表编辑器
1
查看完整版本: 大家帮帮忙! 机器总是启动iexplore.exe或IEXPLORE.EXE这两个进程
© 2000 - 2026 Rising Corp. Ltd.