瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 管理员进,我机子出事情了。。
明朗少年 - 2007-5-4 9:41:00
最近每次开机都提示
RavTask.exe 遇到问题需要关闭。我们对此引起的不便表示抱歉。
然后再打开瑞星就得重装。这样我都重装了10几遍了哇,是怎么回事?我最近用过WINDOWS清理助手是不是和这个有关??
newcenturymoon - 2007-5-4 9:50:00
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
明朗少年 - 2007-5-4 9:52:00
对了我记起来了,我再用WINDOWS清理助手得时候有些木马,好像他是有提示说可能要影响你得杀毒软件,当初没在意就继续了
明朗少年 - 2007-5-4 10:00:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <ExploreUpdate><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <5cfi.exe><; C:\WINDOWS\system32\5cfi.exe C:\WINDOWS\system32\drivers\nmprt.sys Rundll32>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; ?粓帼
?>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <shualai><; C:\WINDOWS\shualai.exe /i>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[8C987D3D / 8C987D3D][Stopped/Auto Start]
  <C:\WINDOWS\system32\8C987D3D.EXE -service><N/A>
[IPSEC Client / BKMARKS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\OICFZP87.DLL,Export 1087><N/A>
[Alternative User Input Services / CtfmonSrver][Running/Auto Start]
  <C:\WINDOWS\system32\office\ctfmon.exe -auto><N/A>
[Remote Registry Protect / Hardware][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\rgkjgz97.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod 服务 / iPodService][Running/Manual Start]
  <"D:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"F:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWM.EXE><N/A>
明朗少年 - 2007-5-4 10:17:00
我也伤得不清那,谁过来9我~~~
明朗少年 - 2007-5-4 10:24:00
要死拉哇~~
大怪怪框框 - 2007-5-4 10:40:00
病毒好多哦

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<5cfi.exe><; C:\WINDOWS\system32\5cfi.exe C:\WINDOWS\system32\drivers\nmprt.sys Rundll32> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; ?粓帼
? > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]


[8C987D3D / 8C987D3D][Stopped/Auto Start]
<C:\WINDOWS\system32\8C987D3D.EXE -service><N/A>
[Alternative User Input Services / CtfmonSrver][Running/Auto Start]
<C:\WINDOWS\system32\office\ctfmon.exe -auto><N/A>
[WinWLServiceNow / WinWLServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWL.EXE><N/A>
[WinWMServiceNow / WinWMServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVWM.EXE><N/A>

日志也没有贴完,怀疑有流氓
姑苏残月 - 2007-5-4 10:54:00
重做系统吧,问题太多了
明朗少年 - 2007-5-4 11:15:00
晕,你们见死不9啊,正因为不想重装所以才来问个。。。关键是我杀毒软件开不起来哇,流氓软件差不多我都查掉了得
他人很好 - 2007-5-4 11:33:00
日志没贴完?用SRE把服务
[8C987D3D / 8C987D3D][Stopped/Auto Start]
<C:\WINDOWS\system32\8C987D3D.EXE -service><N/A>
[IPSEC Client / BKMARKS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\OICFZP87.DLL,Export 1087><N/A>
[Alternative User Input Services / CtfmonSrver][Running/Auto Start]
<C:\WINDOWS\system32\office\ctfmon.exe -auto><N/A>
[Remote Registry Protect / Hardware][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\rgkjgz97.dll><N/A>
停掉,找到对应文件删除。
打开注册表,找到
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<5cfi.exe><; C:\WINDOWS\system32\5cfi.exe C:\WINDOWS\system32\drivers\nmprt.sys Rundll32> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; ?粓帼
?> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
删除。找到对应文件删除。
  完了再扫份日志上来。
1
查看完整版本: 管理员进,我机子出事情了。。
© 2000 - 2026 Rising Corp. Ltd.