【求助】IEXPLORE.EXE杀不掉－内附有进程高手进 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】IEXPLORE.EXE杀不掉－内附有进程高手进

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

【求助】IEXPLORE.EXE杀不掉－内附有进程高手进

浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:	发表于： 2006-09-15 08:05 \| 显示全部短消息资料字号：小中大 1楼【求助】IEXPLORE.EXE杀不掉－内附有进程高手进 2000服务器版系统开机为启动IE就有一个IE进程在任务管理器中停用后只要打开文件夹就会又自动运行 Logfile of HijackThis v1.99.1 Scan saved at 8:18:16, on 2006-9-14 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\tcpsvcs.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\System32\svchost.exe C:\Program Files\Real\Helix Server\Bin\rmserver.exe C:\WINNT\System32\llssrv.exe C:\WINNT\System32\sfmprint.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\RsFsa.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\lserver.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\dns.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\mqsvc.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINNT\System32\RsSub.exe C:\WINNT\System32\RsEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Documents and Settings\Administrator\桌面\ewido anti-spyware 4.0\ewido.exe C:\WINNT\system32\internat.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.250\HijackThis.exe O1 - Hosts: 61.188.38.64 www.gamezt.com.cn O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com O1 - Hosts: 61.188.38.64 woool.100888290cs.com O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com O1 - Hosts: 61.188.38.64 www.yowoool.com O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [wdfmgr32] C:\WINNT\system32\wdfmgr32.exe O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [Systems32] C:\WINNT\System32\Server.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Administrator\桌面\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing) O9 - Extra button: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing) O9 - Extra 'Tools' menuitem: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {4EBE8CDC-0017-4D2C-9E2B-C6368F018A70} (Office.OfficeX) - http://192.37.202.1/newab/ocx/OfficeX.CAB O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\System32\DLMain.dll (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Helix Server - RealNetworks, Inc. - C:\Program Files\Real\Helix Server\Bin\rmserver.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Serv-U FTP 服务器 (Serv-U) - Cat Soft - C:\Program Files\Serv-U\ServUDaemon.exe O23 - Service: System Event - Unknown owner - C:\WINNT\SVCH0ST.exe (file missing) 2006-09-24 09:11:40
浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:	分享到：

浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:	发表于： 2006-09-19 22:02 \| 显示全部短消息资料字号：小中大 2楼安全模式下也有IEXPLORE.EXE 停止后还会生成按照2楼的指点打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services 搜索System Event删除... 已经把System Event删除了修复 O1 - Hosts: 61.188.38.64 www.gamezt.com.cn O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com O1 - Hosts: 61.188.38.64 woool.100888290cs.com O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com O1 - Hosts: 61.188.38.64 www.yowoool.com O4 - HKLM\..\Run: [wdfmgr32] C:\WINNT\system32\wdfmgr32.exe O4 - HKLM\..\Run: [Systems32] C:\WINNT\System32\Server.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\System32\DLMain.dll (file missing) 以上也全部修复了可是IEXPLORE.EXE 依然自动生成删除 C:\WINNT\system32\wdfmgr32.exe C:\WINNT\System32\Server.exe 可是找不到wdfmgr32.exe和 Server.exe 只找到一个LServer.exe 删除后还会自动出来。
浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:

浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:	发表于： 2006-09-19 22:04 \| 显示全部短消息资料字号：小中大 3楼这是在安全模式下经过修复后的扫描记录那位在给指点一二 Logfile of HijackThis v1.99.1 Scan saved at 8:18:16, on 2006-9-14 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\Program Files\Rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\msdtc.exe C:\WINNT\System32\tcpsvcs.exe C:\Program Files\Rising\Rav\RavStub.exe C:\WINNT\System32\svchost.exe C:\Program Files\Real\Helix Server\Bin\rmserver.exe C:\WINNT\System32\llssrv.exe C:\WINNT\System32\sfmprint.exe C:\WINNT\system32\regsvc.exe C:\WINNT\System32\RsFsa.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\WINNT\System32\snmp.exe C:\WINNT\System32\lserver.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe C:\WINNT\System32\dns.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\WINNT\System32\mqsvc.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\WINNT\System32\RsSub.exe C:\WINNT\System32\RsEng.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Rising\Rav\RavTask.exe C:\Documents and Settings\Administrator\桌面\ewido anti-spyware 4.0\ewido.exe C:\WINNT\system32\internat.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.250\HijackThis.exe O1 - Hosts: 61.188.38.64 www.gamezt.com.cn O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com O1 - Hosts: 61.188.38.64 woool.100888290cs.com O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com O1 - Hosts: 61.188.38.64 www.yowoool.com O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [wdfmgr32] C:\WINNT\system32\wdfmgr32.exe O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [Systems32] C:\WINNT\System32\Server.exe O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Administrator\桌面\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: 江民在线杀毒 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://online.jiangmin.com/online.asp (file missing) O9 - Extra button: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing) O9 - Extra 'Tools' menuitem: 网址大全 - {C18CB140-0BBB-11D4-8FE8-0088CC102438} - http://www.k369.com (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {4EBE8CDC-0017-4D2C-9E2B-C6368F018A70} (Office.OfficeX) - http://192.37.202.1/newab/ocx/OfficeX.CAB O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINNT\System32\DLMain.dll (file missing) O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Helix Server - RealNetworks, Inc. - C:\Program Files\Real\Helix Server\Bin\rmserver.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Serv-U FTP 服务器 (Serv-U) - Cat Soft - C:\Program Files\Serv-U\ServUDaemon.exe O23 - Service: System Event - Unknown owner - C:\WINNT\SVCH0ST.exe (file missing)
浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:

浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:	发表于： 2006-09-24 09:03 \| 显示全部短消息资料字号：小中大 4楼哪位高手在阿？帮助解决以下阿！谢过了。
浪上飞鸿初生襁褓狮帖子:5 注册: 2006-09-15 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT