瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

1   1  /  1  页   跳转

电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程,不知道怎么解决,不是灰鸽子,结果是网络一段时间后掉线...
IEXPLORE.EXE的位置是正确的,不是system32 下,全盘也没有ixplore.exe这个文件,也没有psinthk.dll 文件.QQ下也没有那个 TIMPLATFROM.EXE文件,反正就是 目前所有的解决办法都不管用...
在安全模式下 用卡巴,360,ANTI-SPYWARE扫过,都没木马和毒..

希望有高手能解决..

附上sreng的扫描日志.(日志内容太多,只能做附件上传)

附件: SREngLOG.log (2008-5-25 1:18:07, 42.94 K)
该附件被下载次数 92



用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ;  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
分享到:
gototop
 

回复:电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

删除以下项:
服务:
[Remote / Remot][Stopped/Manual Start]
  <><N/A>

驱动:
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>

并删除C:\WINDOWS\system32\cdcd.sys文件,后把iexplorer.exe文件用在线www.virustotal.com检测下。
gototop
 

回复:电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.5.22.1 2008.05.23 -
AntiVir 7.8.0.19 2008.05.24 -
Authentium 5.1.0.4 2008.05.23 -
Avast 4.8.1195.0 2008.05.24 -
AVG 7.5.0.516 2008.05.24 -
BitDefender 7.2 2008.05.25 -
CAT-QuickHeal 9.50 2008.05.24 -
ClamAV 0.92.1 2008.05.25 -
DrWeb 4.44.0.09170 2008.05.25 -
eSafe 7.0.15.0 2008.05.22 -
eTrust-Vet 31.4.5817 2008.05.23 -
Ewido 4.0 2008.05.24 -
F-Prot 4.4.4.56 2008.05.23 -
F-Secure 6.70.13260.0 2008.05.23 -
Fortinet 3.14.0.0 2008.05.25 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.25 -
Kaspersky 7.0.0.125 2008.05.25 -
McAfee 5302 2008.05.23 -
Microsoft 1.3520 2008.05.25 -
NOD32v2 3128 2008.05.23 -
Norman 5.80.02 2008.05.23 -
Panda 9.0.0.4 2008.05.24 -
Prevx1 V2 2008.05.25 -
Rising 20.45.42.00 2008.05.23 -
Sophos 4.29.0 2008.05.25 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.25 -
TheHacker 6.2.92.318 2008.05.23 -
VBA32 3.12.6.6 2008.05.24 -
VirusBuster 4.3.26:9 2008.05.24 -
Webwasher-Gateway 6.6.2 2008.05.25 -
附加信息
File size: 625664 bytes
MD5...: 2d0e5592ab5a46c27daf7ccaff4f5b59
SHA1..: 0295a76d62f9bfe208fcea3655b12dfa60682d6a
SHA256: 728fb2f407ce3d5e96ff56e69f94b361e4ea6e9cd650768e738d0ad73bafa91c
SHA512: d1a0a4c93dbd98aebefedfb2e7bc9fa68133fdffd6378887e7a9d06cf8d98a51
cae6ec608c8f4f218e3685b8dd60d891bdbe8fdd424f38dcc75b9d5220be16ec
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402e45
timedatestamp.....: 0x47b3b968 (Thu Feb 14 03:45:44 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe6d9 0xe800 5.89 1864634b308ab74c3ff8897cb5968711
.data 0x10000 0xe28 0xe00 1.89 4865f51d7834fa8b1fa32c1404295c8d
.rsrc 0x11000 0x883d8 0x88400 6.87 bdc7d502d2cf485e3decd1470fc05e34
.reloc 0x9a000 0xd80 0xe00 6.39 e9ac44d80740d9d6f59cf6189fd33bd1

( 12 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueW
> KERNEL32.dll: InitializeCriticalSection, SetErrorMode, HeapSetInformation, InitializeCriticalSectionAndSpinCount, SetUnhandledExceptionFilter, DeleteCriticalSection, GetCommandLineW, LocalAlloc, ExpandEnvironmentStringsW, RaiseException, LoadLibraryA, WaitForSingleObjectEx, GetLongPathNameW, LocalFree, CompareFileTime, lstrcmpW, LoadLibraryW, GetProcAddress, CompareStringW, GetCurrentDirectoryW, WaitForSingleObject, GetSystemDefaultLCID, GetUserDefaultLCID, EnterCriticalSection, LeaveCriticalSection, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, FreeLibrary, GetLocaleInfoW, CreateFileW, LoadLibraryExW, FindResourceExW, LoadResource, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, CreateMutexW, GetLastError, CreateFileMappingW, MapViewOfFile, GetCurrentProcessId, OpenProcess, CreateEventW, GetCurrentThreadId, CreateProcessW, WaitForMultipleObjects, UnmapViewOfFile, lstrlenW, SetLastError, CloseHandle, ReleaseMutex, GetVersionExW, GetModuleFileNameW, GetFileAttributesExW
> GDI32.dll: CreateFontIndirectW, GetObjectW, DeleteObject
> USER32.dll: CharUpperW, GetUserObjectInformationW, GetThreadDesktop, SendMessageW, GetParent, DialogBoxParamW, IsDlgButtonChecked, EnableWindow, EndDialog, SetDlgItemTextW, GetDlgItem, LoadStringW, MessageBoxW, AllowSetForegroundWindow, SendDlgItemMessageW, CharNextW
> msvcrt.dll: __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, memcpy, memmove, _terminate@@YAXXZ, _controlfp, _unlock, __dllonexit, _onexit, _errno, __2@YAPAXI@Z, __3@YAXPAX@Z, wcsstr, memset, _vsnwprintf, wcsncmp, _wcsicmp, _wcsnicmp, bsearch, _wtoi, wcschr, _lock
> ntdll.dll: RtlUnwind
> SHLWAPI.dll: -, -, PathRemoveFileSpecW, PathAppendW, PathQuoteSpacesW, SHGetValueW, SHRegGetValueW, StrStrW, UrlApplySchemeW, UrlCreateFromPathW, PathCombineW, UrlCanonicalizeW, -, PathIsURLW, PathAddBackslashW, -, SHEnumValueW, -, SHQueryValueExW, SHSetValueW, StrToIntExW, SHDeleteKeyW, PathUnquoteSpacesW, PathFindFileNameW
> SHELL32.dll: -, CommandLineToArgvW
> ole32.dll: CoInitialize, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2, CoGetTreatAsClass
> urlmon.dll: -
> iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

( 0 exports ) 
以上是扫描结果,好象没什么问题.
2楼说的服务和驱动都删除了..
但是C:\WINDOWS\system32\cdcd.sys文件不存在
盼复~
gototop
 

回复:电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

有没人知道怎么会事啊
gototop
 

回复:电脑启动一段时间后,没有开IE,却有IEXPLORE.EXE进程

那就没有问题了。更新下系统补丁,安装个防火墙好些。
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT