瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【已解决】开机启动多个IEXPLORE.EXE和NOTEPAD.EXE
小鼠闪光 - 2007-4-22 0:23:00
大家帮忙看看吧!
现象:
      开机便在进程中自动加入多个IEXPLORE.EXE和NOTEPAD.EXE,并且不管你怎么关进程都会一直再生,只有在开机前将网线拔掉,再开启金山的“艾妮专杀”才能稍微压制住,再手动关闭进程内的IEXPLORE.EXE和NOTEPAD.EXE。
      另外,系统启动后便会在C:Program FilesCommon FilesSystem下自动生成一个directdb.exe,wab32res.exe,如果开机时网线没拔掉任由IEXPLORE.EXE和NOTEPAD.EXE运行,那么在C:Program FilesCommon FilesSystem下还会生成TEMPA.EXE,TEMPB.EXE……依次类推,再顺便生成一份directdb.dll,还在C:WINDOWSPrefetch下生成DIRECTDB.EXE-0A846530.pf文件
瑞星杀毒下载版重新装的时候就跳出一个"瑞星通用库"还是什么的安装失败,什么原因啊?而且杀毒扫描变得很快,明知道电脑里有病毒,可是什么都杀不出来
394617157 - 2007-4-22 0:25:00
恭喜你中奖拉 哈哈哈
小鼠闪光 - 2007-4-22 0:26:00
附上检查报告:
-------------------进程及其启动命令-------------------------
-
  PROCESS            PID COMMAND LINE
smss.exe            624 \SystemRoot\System32\smss.exe
csrss.exe            700 C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe        724 winlogon.exe
services.exe        772 C:\WINDOWS\system32\services.exe
lsass.exe            784 C:\WINDOWS\system32\lsass.exe
svchost.exe          940 C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe          984 C:\WINDOWS\system32\svchost -k rpcss
svchost.exe        1108 C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe        1192 C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe        1260 C:\WINDOWS\system32\svchost.exe -k LocalService
Explorer.EXE        1548 C:\WINDOWS\Explorer.EXE
spoolsv.exe        1660 C:\WINDOWS\system32\spoolsv.exe
ctfmon.exe          1900 "C:\WINDOWS\system32\ctfmon.exe"
nvsvc32.exe          380 C:\WINDOWS\system32\nvsvc32.exe
svchost.exe          456 C:\WINDOWS\system32\svchost.exe -k imgsvc
wdfmgr.exe          484 C:\WINDOWS\system32\wdfmgr.exe
IEXPLORE.EXE        1076 "C:\program files\Internet Explorer\IEXPLORE.EXE"
IEXPLORE.EXE        1096 "C:\program files\Internet Explorer\IEXPLORE.EXE"
IEXPLORE.EXE        1092 "C:\program files\Internet Explorer\IEXPLORE.EXE"
IEXPLORE.EXE        1072 "C:\program files\Internet Explorer\IEXPLORE.EXE"
notepad.exe        1556 C:\WINDOWS\system32\notepad.exe
notepad.exe        1560 C:\WINDOWS\system32\notepad.exe
notepad.exe        1272 C:\WINDOWS\system32\notepad.exe
notepad.exe        1620 C:\WINDOWS\system32\notepad.exe
notepad.exe        1700 C:\WINDOWS\system32\notepad.exe
notepad.exe        1800 C:\WINDOWS\system32\notepad.exe
alg.exe            1788 C:\WINDOWS\System32\alg.exe
IEXPLORE.EXE        2708 "C:\program files\Internet Explorer\IEXPLORE.EXE" http://w1.love9g.com/love.htm
conime.exe          2316 C:\WINDOWS\system32\conime.exe

-
-------------------注册表启动项-------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    RavTask    REG_SZ    "D:\Rising\Rav\RavTask.exe" -system
    RfwMain    REG_SZ    "D:\Rising\Rfw\rfwmain.exe" -Startup
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    cmdbcs    REG_SZ    C:\WINDOWS\cmdbcs.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe    REG_SZ    C:\WINDOWS\system32\ctfmon.exe
    EXPLORER    REG_SZ    C:\Program Files\Common Files\System\wab32res.exe
    czeg6hihh    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe
    jiky0g7ql    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe
    rcgh    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Servera.exe
    cxlz6u27g35lb4    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe
    4yw    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe
    zsh5    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe
    l70    REG_SZ    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1explore.exe

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
-
-------------------引导执行----------------------------
-
-------------------初始程序----------------------------
-
-------------------资源管理器加载项---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {AEB6717E-7E19-11d0-97EE-00C04FD91972}    REG_SZ   
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}    REG_SZ    Rising Execute File Exts hook

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    PostBootReminder    REG_SZ    {7849596a-48ea-486e-8937-a2a3009f31a9}
    CDBurn    REG_SZ    {fbeb8a05-beee-4442-804e-409d6c4515e9}
    WebCheck    REG_SZ    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    SysTray    REG_SZ    {35CEC8A3-2BE6-11D2-8773-92E220524153}

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    {438755C2-A8BA-11D1-B96B-00A0C90312E1}    REG_SZ    Browseui 预加?
    {8C7461EF-2B13-11d2-BE35-3078302C2030}    REG_SZ    组件类别
小鼠闪光 - 2007-4-22 0:27:00
-------------------IE加载项----------------------------

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}    REG_SZ   

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
-
-------------------映像劫持----------------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
-
-------------------HOSTS文件内容----------------------------
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
newcenturymoon - 2007-4-22 10:38:00
http://forum.ikaka.com/topic.asp?board=28&artid=8300791
这个帖子
小鼠闪光 - 2007-4-22 17:49:00
虽然用得不是你的办法
不过
处理掉了就算了
我游戏的EXE和电子书的EXE全部报销
要重新弄了~~~~~~~
欲哭无泪00 - 2007-4-22 19:53:00
笨蛋啊~~~~~~~

下个金山毒霸+木马克星就行了 防火墙也要开
1
查看完整版本: 【已解决】开机启动多个IEXPLORE.EXE和NOTEPAD.EXE
© 2000 - 2026 Rising Corp. Ltd.