瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 求救!!!!!今天碰到病毒!自己无法解决!
songyue3 - 2007-5-23 15:37:00
首先声明我是瑞星正版用户
今天早上上网本准备下个单机游戏玩的在迅雷里搜索后随便点了个网页
一点出问题了,跳出瑞星的拦截对话框并拌有屏幕画面快速闪动,一看有拦截病毒我就点了清除病毒(平时这样的拦截也见过很多),点完后我发现右下角任务栏的防火墙不见了,于是用鼠标移过去看看果然没了,我想坏了先杀毒吧,这时我发现右下角任务栏的实时监控也没了!!我赶紧双击桌面的瑞星杀毒,可是没反映!!!双击防火墙也没反应!!我想难道桌面被锁了???于是进到瑞星的安装目录一打开瑞星的文件夹就会自动关闭当前窗口!!连瑞星的文件夹都进不去!!郁闷 我想我还有办法我在线杀毒!!!于是我来到瑞星官方主页!!可是我一点在线杀毒--电脑就重起了
重新启动后我发现本应自动打开的防火墙和监控都没有了!!!任我怎么双击瑞星也没反映!!在线杀毒也不行!!!我想到了最后的办法--- 我进安全模式杀
于是重起机器,按F5进安全模式,郁闷的事来了!!!在进安全模式前不是有段很快的类似硬件扫描的信息吗????在那之后才进安全模式的,可是我的在那之后就重起机器!!!我反复试了一上午!!就是那样我郁闷啊 !!从来没碰到过这事,我自己不算什么老鸟,但我自己的电脑买了5-6年了自己一直在用的,总不算菜鸟吧!!
我只好上同事的机器来求救了!!!!请高手们帮看下这是怎么回事!!!!!!!
songyue3 - 2007-5-23 16:00:00
自己顶!!!!!
怎么没人来啊 这里是瑞星社区没官方的人来吗??????????
songyue3 - 2007-5-23 17:23:00
怎么没人啊!!!!!!!!!!!!!!
newcenturymoon - 2007-5-23 17:23:00
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
友情提示:
扫描前关闭所有手工打开的软件和窗口,扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前,勿要胡乱修复,否则系统可能变的情况更糟。
         
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.
songyue3 - 2007-5-23 17:36:00
【回复“newcenturymoon”的帖子】
先发上面一半!!(声明:我刚刚双击过瑞星等软件但都提示路径不对不知道算不算手动开启的进程,还有我现在在用的是小红伞杀的毒,因为就它能双击使用)
[CODE]

2007-05-23,17:17:39

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><G:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><; G:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <ISUSPM Startup><; "G:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><; "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [Macrovision Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <avgnt><"G:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min>  [Avira GmbH]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"c:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <CCenterInst><"d:\Program Files\Rising\Rav\CCenter.exe" -install>  [Beijing Rising Technology Co., Ltd.]
    <Rav><"d:\Program Files\Rising\Rav\Update\setup.exe" /FIRST /ONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><G:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><G:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
  <"G:\Program Files\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
  <"G:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[DCOM Launcher / DCOM Launcher][Stopped/Auto Start]
  <G:\Program Files\Outlook Express\oemig.exe><N/A>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[H0tKey Poller / H0tKey Poller][Stopped/Auto Start]
  <G:\WINDOWS\hktw><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <G:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <G:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Std pssx Service / pssx][Stopped/Auto Start]
  <G:\WINDOWS\System32\rundll32.exe G:\PROGRA~1\hkks\uxxc.dll,Service -s><Microsoft Corporation>
[Rising Personal Firewall Service / RfwService][Stopped/Disabled]
  <d:\program files\rising\rfw\rfwsrv.exe><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Vsn vyyg Service / vyyg][Stopped/Auto Start]
  <G:\WINDOWS\System32\rundll32.exe G:\PROGRA~1\COMMON~1\beem\illt.dll,Service><Microsoft Corporation>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[avgntdd / avgntdd][Running/System Start]
  <SYSTEM32\DRIVERS\avgntdd.sys><AVIRA GmbH>
[avgntmgr / avgntmgr][Running/Boot Start]
  <\SystemRoot\SYSTEM32\DRIVERS\avgntmgr.sys><AVIRA GmbH>
[avipbb / avipbb][Running/System Start]
  <System32\DRIVERS\avipbb.sys><Avira GmbH>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdspacex / cdspacex][Stopped/Manual Start]
  <System32\DRIVERS\CDSPACEX.sys><N/A>
[ElbyCDFL / ElbyCDFL][Running/Manual Start]
  <System32\Drivers\ElbyCDFL.sys><SlySoft, Inc.>
[ElbyCDIO Driver / ElbyCDIO][Running/Auto Start]
  <System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[fcdabus / fcdabus][Running/Manual Start]
  <System32\DRIVERS\fcdabus.sys><FarStone Inc.>
[FVDSCSI / FVDSCSI][Running/Manual Start]
  <System32\DRIVERS\fvdscsi.sys><FarStone Inc.>
[HOOKAPI / HOOKAPI][Stopped/Disabled]
  <\??\G:\PROGRAM FILES\RAV\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netpas Win32 Virtual Network Adapter / netpasadapter1][Stopped/Manual Start]
  <System32\DRIVERS\netpas.sys><Netpas>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\e:\冒险岛online\npkcrypt.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\G:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\G:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><N/A>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[ssmdrv / ssmdrv][Running/System Start]
  <System32\DRIVERS\ssmdrv.sys><Avira GmbH>
[SVKP / SVKP][Running/Auto Start]
  <\??\G:\WINDOWS\System32\SVKP.sys><AntiCracking>
[Two Rabbits Live Bus / TwoRabts][Stopped/Manual Start]
  <System32\DRIVERS\TwoRabts.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\F:\共享拷贝\网络工具\按键精灵5(1)\按键精灵5\winio.sys><N/A>
[XDva008 / XDva008][Stopped/Manual Start]
  <\??\G:\WINDOWS\System32\XDva008.sys><N/A>
[586843 / 586843][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\c:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\c:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
songyue3 - 2007-5-23 17:37:00
再来下面一半


=================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}? <D:\Program Files\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[相关站点]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <G:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <G:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <G:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <G:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Program\GetUrl.htm, N/A>

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 640][\??\G:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664][\??\G:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [G:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [G:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 708][G:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][G:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 880][G:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 916][G:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 976][G:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 992][G:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1068][G:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1164][G:\Program Files\AntiVir PersonalEdition Classic\avguard.exe]  [Avira GmbH, 7.00.00.52]
    [G:\Program Files\AntiVir PersonalEdition Classic\avevtlog.dll]  [Avira GmbH, 7.00.00.18]
    [G:\Program Files\AntiVir PersonalEdition Classic\guardmsg.dll]  [Avira GmbH, 7.00.10.01]
    [G:\Program Files\AntiVir PersonalEdition Classic\sqlite3.dll]  [, 3, 3, 10, 0]
    [G:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [G:\Program Files\AntiVir PersonalEdition Classic\AVPREF.DLL]  [Avira GmbH, 7.00.02.01]
    [G:\Program Files\AntiVir PersonalEdition Classic\SMTPLIB.DLL]  [Avira GmbH, 1.2.0.13]
    [G:\Program Files\AntiVir PersonalEdition Classic\AVEWIN32.DLL]  [Avira GmbH, 7.4.0.27]
[PID: 1612][G:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [G:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [G:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [G:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [G:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [G:\WINDOWS\System32\nvapi.dll]  [N/A, ]
    [G:\WINDOWS\System32\nvshell.dll]  [, ]
    [G:\Program Files\AntiVir PersonalEdition Classic\shlext.dll]  [Avira GmbH, 7.00.00.10]
    [G:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [G:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [G:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 496][G:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 572][G:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe]  [Avira GmbH, 7.00.04.05]
    [G:\Program Files\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Program Files\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [G:\Program Files\AntiVir PersonalEdition Classic\avgcmxp.dll]  [Avira GmbH, 7.00.04.00]
    [G:\Program Files\AntiVir PersonalEdition Classic\AVWINLL.DLL]  [Avira GmbH, 1.0.0.7]
[PID: 580][G:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 772][G:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [G:\WINDOWS\System32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
    [D:\office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [G:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [G:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [G:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [G:\WINDOWS\Downloaded Program Files\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [G:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [G:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [G:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [G:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [G:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [G:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [G:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [G:\Program Files\Rising\RavWeb\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 27]
    [G:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [G:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [G:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [G:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 54]
    [G:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [G:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [G:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [G:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [G:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [G:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [G:\Program Files\Rising\RavWeb\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [G:\Program Files\Rising\RavWeb\RsVM.dll]  [, 19, 0, 0, 18]
    [G:\Program Files\Rising\RavWeb\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [G:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [G:\Program Files\Rising\RavWeb\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [G:\Program Files\Rising\RavWeb\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [G:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\sreng2\SREng.scr]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["G:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
songyue3 - 2007-5-23 17:39:00
另外我说下刚刚上面的这个SREng.exe 我双击也是无法指定路径
我改成.scr才好用的
songyue3 - 2007-5-23 17:43:00
小红伞杀毒软件名字是:AntiVir PersonalEdition Classic
newcenturymoon - 2007-5-23 17:43:00
安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng (就是你扫日志的软件)

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
DCOM Launcher / DCOM Launcher
H0tKey Poller / H0tKey Poller
Std pssx Service / pssx
Vsn vyyg Service / vyyg


双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
然后删除G:\Program Files\Outlook Express\oemig.exe
G:\WINDOWS\hktw
G:\PROGRA~1\hkks
G:\PROGRA~1\COMMON~1\beem
newcenturymoon - 2007-5-23 17:43:00
引用:
【songyue3的贴子】自己顶!!!!!
怎么没人来啊 这里是瑞星社区没官方的人来吗??????????
………………

这里的确没有官方的人来
newcenturymoon - 2007-5-23 17:44:00
然后用autoruns处理一下 IFEO的问题
songyue3 - 2007-5-23 17:50:00
【回复“newcenturymoon”的帖子】
显示隐藏文件不行应用之后没反映
再进去看自己变成不显示了 反复操作仍然不行
还有我的系统盘(XP系统盘是G盘)刚刚好几次莫名其妙的提示空间不足!!里面的可用空间自己在变少但是看不到里面有什么别的文件??
newcenturymoon - 2007-5-23 17:51:00
引用:
【songyue3的贴子】【回复“newcenturymoon”的帖子】
显示隐藏文件不行应用之后没反映
再进去看自己变成不显示了 反复操作仍然不行
还有我的系统盘(XP系统盘是G盘)刚刚好几次莫名其妙的提示空间不足!!里面的可用空间自己在变少但是看不到里面有什么别的文件??
………………


把下面的 代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

双击1.reg把这个注册表项导入
songyue3 - 2007-5-23 18:01:00
可以显示隐藏文件了我把盘的情况给你看看


附件: 8783712007523175109.bmp
newcenturymoon - 2007-5-23 18:01:00
看这个没用...
songyue3 - 2007-5-23 18:02:00
别的盘也是

附件: 8783712007523175206.bmp
songyue3 - 2007-5-23 18:02:00
~

附件: 8783712007523175236.bmp
songyue3 - 2007-5-23 18:03:00
C盘以前是装的98


附件: 8783712007523175324.bmp
songyue3 - 2007-5-23 18:05:00
【回复“newcenturymoon”的帖子】
系统盘下面的  hiberfil.sys和pagefile.sys
文件有没有问题
songyue3 - 2007-5-23 18:11:00
你让删的下面的
G:\Program Files\Outlook Express\oemig.exe
G:\WINDOWS\hktw
G:\PROGRA~1\hkks
G:\PROGRA~1\COMMON~1\beem
只有G:\WINDOWS\hktw 有
别的都找不到!!!!
songyue3 - 2007-5-23 18:41:00
还有一个严重问题就是进不去安全模式!!!
按F8  一选安全模式它自行扫描大概1-2秒 然后就重起了 又没提示说是系统文件损坏什么的
反复无效
songyue3 - 2007-5-23 18:43:00
怎么没回声了啊???
哎~~~算了 我把盘格了算了白搞一天!!
moneycindy - 2007-5-25 0:22:00
解决方法,感谢 孤独更可靠 提供
http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/230a82af1f6619cd7cd92a9d.html
scz888 - 2007-5-25 2:06:00
老兄,你中了和我前些天一样的毒,你没发现你每个盘里都有个回收站图标,那是怎么也删不掉的,即使格式化硬盘了只要你点开盘符马上又可以看到,不信你就试试吧!!!
很多人说那不是病毒或者木马,那是他没中过!
   
    我的处理办法:
1、断开网络,放入启动光盘后,重新启动;
2、设置从光盘启动,格式化C盘,重装系统;
3、装好系统后马上进入安全模式,分别将其他盘格式化,这里有个很关键的地方:“在所有格式化没有完成前,千万不要点开任何硬盘区,一点就白辛苦了,又得重来”,此毒只要一个盘里有,你点其他任何盘都会复制过去。

他NND,病毒真害人。。。
日光灯 - 2007-5-25 10:11:00
解决方法:开始---程序---瑞星个人防火墙---右击“瑞星个人防火墙主程序”--选择“属性”---查找目标---复制RFWCFG.EXE---在此文件夹下点粘贴---双击打开刚才复制的文件----现在就可以打开防火墙---点“启动选项”---空白处点右键----取消右键菜单中所有的小勾---在“显示应用程序劫持项”前打勾---取消方所有方框中的小勾即可

现在就可以打开瑞星杀毒即可
lf心滩 - 2007-5-25 10:57:00
楼上的,问题是你复制再多的文件,还是打不开
1
查看完整版本: 求救!!!!!今天碰到病毒!自己无法解决!