Q:
【求助】被IEXPLORER.exe搞住了!刪不掉啊!
被IEXPLORER.exe搞住了!刪不掉啊!不到5秒再殺。又出來了!!
A:
請用 System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來
1. 下載 System Repair Engineer 2 ,並儲存到桌面
2. 解開壓縮包裝,執行SREng.exe
3. 按 智慧式掃瞄 ,確保智慧式掃瞄下的專案已經全部打勾,再按 掃瞄
4. 掃瞄完成後,按 儲存報告 ,把報告儲存到桌面
5. 開啟SREngLOG.log報告,把報告所有內容複製 + 貼上來
Q:
2006-07-05,22:59:34
System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (
http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理權限用戶 - 完整功能
以下內容被選中:
所有的啟動專案(包括註冊表、啟動資料夾、服務等)
瀏覽器載入項
正在執行的工作行程(包括工作行程模塊訊息)
文件關聯
啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<pyjj><E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<KvMonXP><"D:\KV2006\KVMonXP_2.kxp" /auto> [Jiangmin Co.Ltd]
<SKYNET Personal FireWall><E:\安全\FIREWALL\pfw.exe> [廣州眾達天網技術有限公司]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<><; > []
<CSPContext><; C:\WINDOWS\system32\CSPContext.exe> [中文之星]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> []
<ATIPTA><; ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> []
<IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NVMixerTray><; "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<pyjj><; E:\濾鏡\加加\jj4\jjsvr4.exe> [加加開發組]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<rundll31><; C:\WINDOWS\system32\IEXPLORER.exe> []
<TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> []
<Update><; > []
==================================
啟動資料夾
服務
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP]
<D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC]
<"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>
==================================
瀏覽器載入項
[解霸]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[聯想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <
http://www.lenovo.com, N/A>
[訊息檢索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FlashGet-v1.71\flashget.exe, Amaze Soft>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[江民殺毒工具欄]
{B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <E:\圖像\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[&Save Flash]
{4064EA35-578D-4073-A834-C96D82CBCF40} <E:\濾鏡\Save Flash\SaveFlash.dll, TODO: <Company name>>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Alexa Web Search]
<CDB6E-AE6D-11CF-96B8-444553540000}, N/A>
[Get Alexa Data]
<, N/A>
[Mail to a Friend...]
<, N/A>
[See Related Links]
<, N/A>
[Write a Review...]
<, N/A>
[上傳到QQ網路硬碟]
<, N/A>
[使用網際快車下載]
<E:\FlashGet-v1.71\jc_link.htm, N/A>
[使用網際快車下載全部鏈接]
<E:\FlashGet-v1.71\jc_all.htm, N/A>
[定位檢視 GPS 衛星地圖]
<E:\濾鏡\Opanda\IExif 2.25\IExifMap.htm, N/A>
[檢視 Exif/GPS/IPTC 訊息]
<E:\濾鏡\Opanda\IExif 2.25\IExifCom.htm, N/A>
[新增到QQ自定義面板]
<, N/A>
[新增到QQ表情]
<, N/A>
[用QQ彩信發送該圖片]
<, N/A>
==================================
正在執行的工作行程
[PID: 508][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <ATI Technologies Inc.><6.14.10.4124>
[PID: 648][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 660][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[PID: 828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1356][C:\WINDOWS\system32\Ati2evxx.exe] <ATI Technologies Inc.><6.14.10.4124>
[C:\WINDOWS\system32\Ati2edxx.dll] <ATI Technologies, Inc.><6, 14, 10, 2499>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1420][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[D:\KV2006\KvShell.dll] <Jiangmin Co.Ltd><9, 0, 5, 830>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\APIImpl.dll] <JiangMin Ltd.><9.0.0.500>
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] <><1, 0, 0, 1>
[PID: 1432][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1588][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\KVMonXP_2.kxp] <Jiangmin Co.Ltd><9, 2, 0, 60103>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\Kvxp0804_1.lng] <N/A><N/A>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KvMemory.dll] <Jiangmin Co. Ltd.><9, 0, 6, 0214>
[D:\KV2006\KvOffice.dll] <JiangMin New Tech.><9.0.0.1213>
[D:\KV2006\lang\KVOffice0804.lng] <N/A><N/A>
[D:\KV2006\VirusUpload.dll] <N/A><2, 0, 0, 0>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[PID: 1612][C:\WINDOWS\system32\IEXPLORER.exe] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1632][E:\濾鏡\加加\jj4\jjsvr4.exe] <加加開發組><4.0.0.18>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1740][D:\KV2006\KVSrvXP.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\SvcSafe.dll] <Jiangmin Co. Ltd><9, 2, 0, 51107>
[D:\KV2006\lang\SvcSafe0804.lng] <N/A><N/A>
[D:\KV2006\RegProt.dll] <Jiangmin Co.Ltd><9, 0, 5, 1212>
[D:\KV2006\Scan.dll] <Jiangmin Co., Ltd.><1.0.6.05190>
[D:\KV2006\FileGD.dll] <Jiangmin Co.Ltd><9.2.0.50809>
[D:\KV2006\KvSPI.dll] <Jiangmin Co. Ltd.><1.0.6.06030>
[D:\KV2006\lang\KVSpi0804.lng] <N/A><N/A>
[D:\KV2006\ScanHost.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVWPSet_1.dll] <Jiangmin Co.Ltd><9, 0, 0, 60220>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\KVEnhS.dll] <Jiangmin Co., Ltd.><9, 2, 6, 02040>
[D:\KV2006\KVEnhJ.dll] <Jiangmin Co.Ltd><9, 1, 0, 50822>
[D:\KV2006\KVExtCab.dll] <JiangMin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KvExtZip.dll] <JiangMin Co Ltd.><9, 2, 0, 50822>
[D:\KV2006\KVExtZ.dll] <Jiangmin Co. Ltd><9.2.0.503>
[D:\KV2006\KVExtTar.dll] <Jiangmin Co. Ltd><9, 2, 0, 50822>
[D:\KV2006\KVExtLZH_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 0316>
[D:\KV2006\KvExtRar_1.dll] <JiangMin Co. Ltd.><9, 2, 6, 04020>
[D:\KV2006\KVExtGz_1.dll] <Jiangmin Co. Ltd><9, 0, 6, 04200>
[D:\KV2006\KVExtEml.dll] <Jiangmin Co. Ltd.><9, 2, 0, 51207>
[D:\KV2006\lang\KVExtEml0804.lng] <N/A><N/A>
[D:\KV2006\KVEnhK.dll] <Jiangmin Co.Ltd><9, 1, 0, 51209>
[D:\KV2006\Fix.dll] <Jiangmin Co.Ltd><9, 2, 0, 51011>
[D:\KV2006\KvCkMail.dll] <N/A><9, 0, 6, 605>
[D:\KV2006\lang\KvMailRes0804.lng] <N/A><N/A>
[PID: 1764][D:\KV2006\kvwsc.exe] <Jiangmin Co.Ltd><9, 0, 5, 908>
[D:\KV2006\EngPS.dll] <Jiangmin Co.Ltd><9, 2, 0, 50817>
[D:\KV2006\EngFace.dll] <Jiangmin Co.Ltd><9.0.0.50809>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[PID: 1828][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1856][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[D:\KV2006\TrojDie.kxp] <Jiangmin Co.Ltd><9.0.6.0413>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\lang\TrojDie0804.lng] <Jiangmin Co.Ltd><9.0.0.0813>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[D:\KV2006\PProtect.dll] <Jiangmin Co. Ltd.><9.0.0.921>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[PID: 1724][D:\KV2006\KRegEx.exe] <Jiangmin Co.Ltd><9.0.6.210>
[D:\KV2006\KRegEx.dll] <Jiangmin Co. Ltd.><9.0.6.0119>
[D:\KV2006\KRegTrust.dll] <Jiangmin Co. Ltd.><9.0.0.825>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 1932][D:\KV2006\UIHost.exe] <Jiangmin Co. Ltd><9.2.0.50822>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[D:\KV2006\UpdateX.dll] <JiangMin Co.Ltd.><9, 0, 5, 831>
[D:\KV2006\ComUI.dll] <Jiangmin Ltd.><9. 0. 0.509>
[D:\KV2006\ComUIPS.dll] <Jiangmin Ltd.><9. 5. 5. 20>
[D:\KV2006\GUIExt.dll] <Jiangmin Co.Ltd><9, 0, 5, 927>
[D:\KV2006\lang\GUIExt0804.lng] <JiangMin Ltd.><7, 1, 0, 200>
[PID: 2696][E:\圖像\TheWorld-v1.26\TheWorld.exe] <Phoenix Studio><1, 2, 3, 5>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3036][E:\安全\FireWall\PFW.exe] <廣州眾達天網技術有限公司><2.7.7.1000>
[E:\安全\FireWall\SKYMISC.DLL] <N/A><N/A>
[E:\安全\FireWall\COMPRESSWRAP.DLL] <N/A><N/A>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
[PID: 3108][E:\安全\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[D:\KV2006\KVHookG_2.dll] <Jiangmin Co.Ltd><9.0.0.1226>
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG Error. ["regedit.exe" "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
==================================
A:
1. 使用SREng (相關操作說明)
-刪除以下的啟動項
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<rundll31><C:\WINDOWS\system32\IEXPLORER.exe> []
2. 重新啟動,按F8進入安全模式,刪除以下檔案 (看注1)
C:\WINDOWS\system32\IEXPLORER.exe
注1: 如果找不到以上檔案,先作出以下設定
a) 在 我的電腦 ,點擊 工具--->資料夾選項
b) 點 檢視 選擇項,然後去掉 隱藏受保護的操作系統文件 前的勾,點選 顯示所有文件和資料夾 ,最後 確定