瑞星和上网安全助手的打不开了.. bbs.ikaka.com

newcenturymoon - 2007-5-27 10:43:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
友情提示：
扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。

如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.

痛苦32 - 2007-5-27 10:46:00

1楼的大侠.那个网站好象点不开

newcenturymoon - 2007-5-27 10:46:00

http://www.newhua.com/soft/25562.htm

痛苦32 - 2007-5-27 10:52:00

解压后的图标和瑞星一样打不开.
我哭....

痛苦32 - 2007-5-27 10:55:00

这病毒也太变态了吧...

newcenturymoon - 2007-5-27 10:55:00

把sreng改名

yqlikaka - 2007-5-27 10:58:00

又是个IFEO,这写人也不看看猫猫的帖子,就不会这样了

痛苦32 - 2007-5-27 11:01:00

把sreng改成什么．

newcenturymoon - 2007-5-27 11:01:00

随便

yqlikaka - 2007-5-27 11:02:00

哈哈,他回不回真的改成随便.EXE 哦

痛苦32 - 2007-5-27 11:03:00

改了后一点就出现了"打开方式"

newcenturymoon - 2007-5-27 11:04:00

1.scr 1.bat 都试试

痛苦32 - 2007-5-27 11:05:00

yqlikaka别说风凉话好不好，我新手．．．
５５５５５５５５５５

痛苦32 - 2007-5-27 11:06:00

行了.大哥你好厉害

yqlikaka - 2007-5-27 11:06:00

只要你发的上来日志,MOON不会让你失望的....

痛苦32 - 2007-5-27 11:09:00

日志是什么？
别笑我．虽然我什么都不知道
但是我不笨

痛苦32 - 2007-5-27 11:13:00

那么多东西怎么才能弄上来?

yqlikaka - 2007-5-27 11:26:00

复制-粘贴,可能要分几次粘贴才可以,因为这个发言有字数限制...

newcenturymoon - 2007-5-27 11:28:00

分次复制上来

痛苦32 - 2007-5-27 16:40:00

我来了.还以为你们嫌我烦呢,继续吧等我粘上来

痛苦32 - 2007-5-27 16:41:00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<xptqhhx><C:\WINDOWS\system32\kriahqe.exe> []
<loftbgv><C:\WINDOWS\system32\vftabxk.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\SVCH0ST.EXE> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

痛苦32 - 2007-5-27 16:41:00

<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

痛苦32 - 2007-5-27 16:42:00

启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Network Security / Patterns][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\dkjro.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Distributed Application Client / SHipING][Stopped/Disabled]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\XHYYE.DLL,Export 1087><N/A>
[Network Provisioning help / xphelp][Stopped/Disabled]
<C:\WINDOWS\system32\svahost.exe><N/A>
[kernl32 / kernl32][Running/Auto Start]
<C:\WINDOWS\system32\kernl32.exe><N/A>
[svchost / svchost][Running/Auto Start]
<C:\WINDOWS\svchost.exe><N/A>
[ip139 / ip139][Running/Auto Start]
<C:\WINDOWS\system32\23.exe><N/A>

痛苦32 - 2007-5-27 16:43:00

驱动程序
[General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start]
<System32\Drivers\adildr.sys><N/A>
[USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start]
<system32\DRIVERS\adiusbaw.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Philips Proteus (7134) WDM Video Capture / Cap7134][Running/Manual Start]
<system32\DRIVERS\Cap7134.sys><Philips Semiconductors>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]

痛苦32 - 2007-5-27 16:43:00

<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Philips WDM TVTuner / PhTvTune][Running/Manual Start]
<system32\DRIVERS\PhTvTune.sys><Philips Semiconductors>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Disabled]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yvdd / yvddd][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\yvddd.sys><N/A>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

痛苦32 - 2007-5-27 16:44:00

浏览器加载项
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Thunder Browser Helper]
{0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\新建文件夹\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&使用迅雷下载]
<D:\新建文件夹\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\新建文件夹\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

痛苦32 - 2007-5-27 16:44:00

正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 548][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 572][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 636][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 788][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 844][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 928][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[c:\windows\system32\dkjro.dll] [Microsoft Corporation, 5.1.2600.0]
[PID: 968][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1272][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msvclsc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 796][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2149 (xpsp_sp2_rc2.040610-1520)]
[PID: 1684][C:\WINDOWS\system32\kriahqe.exe] [N/A, ]
[PID: 1720][C:\WINDOWS\system32\vftabxk.exe] [N/A, ]
[PID: 3508][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2149 (xpsp_sp2_rc2.040610-1520)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\新建文件夹 (2)\1.scr] [Smallfrogs Studio, 2.4.12.806]

瑞星卡卡安全论坛