求助：老大们，我的IE也被抢了，帮忙分析一下 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛求助：老大们，我的IE也被抢了，帮忙分析一下

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

求助：老大们，我的IE也被抢了，帮忙分析一下

kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:	发表于： 2006-06-21 16:26 \| 只看楼主短消息资料字号：小中大 11楼 2006-06-21,16:17:37 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (Internat.exe)(internat.exe) [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] (load)() [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (Synchronization Manager)(mobsync.exe /logon) [Microsoft Corporation] (avast!)(C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe) [] (NeroFilterCheck)(C:\WINNT\system32\NeroCheck.exe) [Ahead Software Gmbh] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] (UserInit)(usrinit.exe) [] (WinAutoUp)(C:\WINNT\AutoUp.exe) [] (adsnt)(C:\WINNT\AdsNT.exe) [] (AlxInit)(C:\WINNT\system32\AlxUp.exe) [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [Microsoft Corporation] (Userinit)(C:\WINNT\system32\userinit.exe,) [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)() [] -------------------------------------------------------------------------------- 启动文件夹 [Microsoft Office] (C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk)(N) [Windows Update] (C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Windows Update.URL)(N) -------------------------------------------------------------------------------- 服务 [avast! iAVS4 Control Service / aswUpdSv] ("C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe")(N/A) [avast! Antivirus / avast! Antivirus] ("C:\Program Files\Alwil Software\Avast4\ashServ.exe")(N/A) [avast! Mail Scanner / avast! Mail Scanner] ("C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service)(ALWIL Software) [avast! Web Scanner / avast! Web Scanner] ("C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service)(ALWIL Software) [Logical Disk Manager Administrative Service / dmadmin] (C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.) -------------------------------------------------------------------------------- 浏览器加载项 [ThunderIEHelper Class] {0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINNT\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD) [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.) [&使用迅雷下载] (C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A) [&使用迅雷下载全部链接] (C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A) [上传到QQ网络硬盘] (C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A) [添加到QQ自定义面板] (C:\Program Files\Tencent\QQ\AddPanel.htm, N/A) [添加到QQ表情] (C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:

kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:	发表于： 2006-06-21 16:27 \| 只看楼主短消息资料字号：小中大 12楼正在运行的进程 [PID: 140][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.00.2195.6601) [PID: 164][\??\C:\WINNT\system32\csrss.exe] (Microsoft Corporation)(5.00.2195.6601) [PID: 184][\??\C:\WINNT\system32\winlogon.exe] (Microsoft Corporation)(5.00.2195.6997) [PID: 212][C:\WINNT\system32\services.exe] (Microsoft Corporation)(5.00.2195.7035) [C:\WINNT\system32\dmserver.dll] (VERITAS Software Corp.)(2195.6605.297.3) [PID: 224][C:\WINNT\system32\lsass.exe] (Microsoft Corporation)(5.00.2195.7011) [PID: 400][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1) [PID: 424][C:\WINNT\system32\spoolsv.exe] (Microsoft Corporation)(5.00.2195.7013) [C:\WINNT\system32\AdobePDF.dll] (Adobe Systems Incorporated.)(6.0.000) [C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS] (N/A)(N/A) [C:\WINNT\system32\spool\PRTPROCS\W32X86\vprproc.dll] (Windows (R) 2000 DDK provider)(5.00.2195.1620) [PID: 476][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] (N/A)(N/A) [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0) [PID: 492][C:\Program Files\Alwil Software\Avast4\ashServ.exe] (N/A)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] (ALWIL Software)(4, 6, 763, 0) [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] (ALWIL Software)(4, 6, 665, 0) [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] (N/A)(N/A) [C:\Program Files\Alwil Software\Avast4\AhResJs.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] (ALWIL Software)(4, 6, 763, 0) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) [PID: 512][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1) [PID: 572][C:\WINNT\system32\regsvc.exe] (Microsoft Corporation)(5.00.2195.6701) [PID: 596][C:\WINNT\system32\MSTask.exe] (Microsoft Corporation)(4.71.2195.6972) [PID: 648][C:\WINNT\System32\WBEM\WinMgmt.exe] (Microsoft Corporation)(1.50.1085.0100) [PID: 708][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1) [PID: 884][C:\WINNT\Explorer.EXE] (Microsoft Corporation)(5.00.3700.6690) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) [C:\WINNT\system32\xunleibho_v14.dll] (Thunder Networking Technologies,LTD)(4, 6, 0, 62) [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll] (Adobe Systems Incorporated)(6.0.0.2003051500) [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] (Thunder Networking Technologies,LTD)(5, 0, 0, 1) [PID: 948][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] (ALWIL Software)(4, 7, 835, 0) [C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0) [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0) [PID: 996][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0) [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0) [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\aswScan.dll] (ALWIL Software)(4, 7, 835, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) [PID: 1116][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] (N/A)(5, 0, 0, 0) [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] (ALWIL Software)(4, 7, 824, 0) [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] (ALWIL Software)(4, 7, 844, 0) [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] (ALWIL Software)(4, 7, 824, 0) [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] (ALWIL Software)(4, 7, 800, 0) [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] (ALWIL Software)(4, 7, 844, 0) [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] (ALWIL Software)(4, 6, 763, 0) [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll] (ALWIL Software)(4, 7, 800, 0) [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll] (ALWIL Software)(4, 7, 824, 0) [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] (ALWIL Software)(4, 7, 835, 0) [c:\program files\alwil software\avast4\ahruijs.dll] (N/A)(4, 7, 844, 0) [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] (ALWIL Software)(4, 7, 844, 0) [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] (Codejock Software)(1, 9, 4, 0) [c:\program files\alwil software\avast4\ahruimai.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruimes.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruins.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruiout.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruip2p.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruistd.dll] (ALWIL Software)(4, 7, 844, 0) [c:\program files\alwil software\avast4\ahruiws.dll] (ALWIL Software)(4, 7, 844, 0) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) [PID: 1104][C:\WINNT\system32\internat.exe] (Microsoft Corporation)(5.00.2920.0000) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) [PID: 1272][E:\SREng2-v2.021\SREng.exe] (Smallfrogs Studio)(2.0.21.505) [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] (ALWIL Software)(4, 6, 763, 0) --------------------------------------------------------------------------------
kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:

两个铁球叱咤花甲狮帖子:3107 注册: 2006-01-19 来自:新疆叶城	发表于： 2006-06-21 18:22 \| 短消息资料字号：小中大 13楼不太在行，只觉得楼主的机子乱的可以。我的如这样很可能急坏了。学习中。
两个铁球叱咤花甲狮帖子:3107 注册: 2006-01-19 来自:新疆叶城

kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:	发表于： 2006-06-21 18:34 \| 只看楼主短消息资料字号：小中大 14楼是吧，我感觉还不算太乱啊
kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:

我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林	发表于： 2006-06-21 21:52 \| 短消息资料字号：小中大 15楼 ALT+CTRL+DELETE调出任务管理器,终止所有AutoUp.exe，AdsNT.exe，AlxUp.exe的进程运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项 C:\WINNT\AutoUp.exe C:\WINNT\AdsNT.exe C:\WINNT\system32\AlxUp.exe 双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名删除 C:\WINNT\AutoUp.exe C:\WINNT\AdsNT.exe C:\WINNT\system32\AlxUp.exe 上回我也要求你这样做，请问你做了吗？能删除吗？
我无邪高贵耄耋狮帖子:20720 注册: 2004-06-10 来自:广西玉林

kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:	发表于： 2006-06-22 09:17 \| 只看楼主短消息资料字号：小中大 16楼上次我也这么做了，今天在文件夹中已经找不到这几个文件了，而且重启也没有IE打开，昨天怎么重启都有打开。
kevinchu 初生襁褓狮帖子:13 注册: 2006-06-20 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT