瑞星卡卡安全论坛

首页 » 技术交流区 » 系统软件 » 关于explorer.exe以及ieplore.exe
claro - 2006-10-14 0:09:00
打开回收站 我的电脑或我的文档等时出现explorer.exe遇到问题需要关闭.我们对此引起的不便表示抱歉云云,但是应用程序可以打开,比如qq.问是否发送错误报告.点不发送,除桌面和打开的窗口外全部内容消失,马上又回来了.
同样地,ieplore.exe也不断出现这种情况,ie无法打开,我现在用的是qq的浏览器tt.
而且不仅在点ie时出现,即使什么也不操作,也会间隔地跳出这个.
安全模式下一切完好.系统内rising扫描无病毒.
请问,如何解决?谢谢!
叶·幽思 - 2006-10-14 0:12:00
1、点"请单击此处"把图截上来.

2、扫SREng日志上来看看

http://www.kztechs.com/sreng/sreng2.zip
ADL - 2006-10-14 0:17:00
安全模式下杀毒!
华盟☆小敏 - 2006-10-14 6:30:00
毒在作怪]
阿诺8979 - 2006-10-14 8:21:00
看下什么文件错误,
claro - 2006-10-14 9:14:00
嗯 图片是这个
安全模式下查过了

附件: 7671282006101490604.GIF
claro - 2006-10-14 9:32:00
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <GSICONEXE><GSICON.EXE>  [GlobeSpan, Inc.]
    <DSLAGENTEXE><dslagent.exe USB>  []
    <ATIModeChange><Ati2mdxx.exe>  [ATI Technologies, Inc.]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <wdfmgr32><C:\WINDOWS\System32\wdfmgr32.exe>  []
    <RavUpes><C:\WINDOWS\System32\agetltfes.exe>  []
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
    <mmsk><D:\Program Files\木马杀客\mmsk.exe>  [木马杀客]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <9><C:\WINDOWS\System32\vpcrm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\sysldr.dll>  []
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  []
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys>  []
    <{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.tdm>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
叶·幽思 - 2006-10-14 9:41:00
用SREng删除

注册表启动项

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

<wdfmgr32><C:\WINDOWS\System32\wdfmgr32.exe> []
<RavUpes><C:\WINDOWS\System32\agetltfes.exe> []
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo! China]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<9><C:\WINDOWS\System32\vpcrm.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

<{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\sysldr.dll> []
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [Yahoo! China]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system2.sys> []
<{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.tdm> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> []

显示所有文件后删除:

C:\WINDOWS\System32\wdfmgr32.exe(如果有wdfmgr32.log也删除)
C:\WINDOWS\System32\agetltfes.exe
C:\WINDOWS\System32\vpcrm.exe
C:\WINDOWS\System32\sysldr.dll
C:\WINDOWS\DOWNLO~1\CnsHook.dll
C:\Program Files\Internet Explorer\PLUGINS\system2.sys
C:\Program Files\Internet Explorer\InfoMs.tdm
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\Program Files\Internet Explorer\IEXPLORE.Dat

如果删不了下载killbox(地址见反病毒版置顶贴)

清理流氓软件~

把日志贴全.

SREng常用操作说明:http://forum.ikaka.com/topic.asp?board=67&artid=8125594
高歌猛进 - 2006-10-14 10:06:00



    又看见一个网络实名的讨伐者,good!
1
查看完整版本: 关于explorer.exe以及ieplore.exe
© 2000 - 2026 Rising Corp. Ltd.