梅英雄 - 2008-8-4 17:45:00
系统时间会被改, 改回正常时间, 用瑞星查了, 没有查到病毒, 到安全模式下也没有查到病毒. 现在用SRENG进行了系统扫描. 附件为LOG, 麻烦看下有没有病毒, 谢谢
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)附件:
SREngLOG.log
梅英雄 - 2008-8-4 18:58:00
谢谢, 不是电池的问题。 因为时间更改了之后, 关了我的瑞星杀毒软件
没有眼泪 - 2008-8-4 19:25:00
运行SRENG软件
删除[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]中的下面项
<{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> [File is missing]
<{4A698102-5904-AFD0-20DF-CD1A65829CA4}><C:\WINDOWS\system32\zycbdime.dll> [File is missing]
<{4F4F0064-71E0-4f0d-0017-708476C7815F}><C:\WINDOWS\system32\midimaptl.dll> [File is missing]
<{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}><C:\WINDOWS\system32\jggtsr.dll> [File is missing]
<{4F4F0064-71E0-4f0d-0023-708476C7815F}><C:\WINDOWS\system32\midimapcq.dll> [File is missing]
<{4F4F0064-71E0-4f0d-0015-708476C7815F}><C:\WINDOWS\system32\midimapmy.dll> [File is missing]
<{4F4F0064-71E0-4f0d-0022-708476C7815F}><C:\WINDOWS\system32\midimapqn3.dll> [File is missing]
<{6A041F13-A111-12A3-B0CF-F99818AA68A6}><> [N/A]
<{28EB3777-3E23-4E72-8449-A992D09D24C3}><C:\WINDOWS\system32\zefdst.dll> [File is missing]
<{6BBAA1E6-CF54-4139-AB9C-8491A9F909D7}><C:\WINDOWS\system32\wfrdvq.dll> [File is missing]
<{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll> [File is missing]
<{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><> [N/A]
<{4FD45A54-9875-698F-E56E-65102358FDF4}><C:\WINDOWS\system32\apsgdjba.dll> [File is missing]
<{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll> [File is missing]
<{011DB9B9-44B4-44D9-B17E-BC7608F2E549}><C:\WINDOWS\system32\cdwqfs.dll> [File is missing]
<{528DF602-9541-A985-210A-984A698C6F25}><> [N/A]
<{5A069845-2036-6084-9054-6087502480A5}><C:\WINDOWS\system32\ozfyebyt.dll> [File is missing]
<{4C648541-1025-9650-9057-6541258720C4}><C:\WINDOWS\system32\mndhddwd.dll> [File is missing]
和[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]里的下面项
<midimaptl><C:\WINDOWS\system32\midimaptl.dll> [File is missing]
<midimapcq><C:\WINDOWS\system32\midimapcq.dll> [File is missing]
<midimapmy><C:\WINDOWS\system32\midimapmy.dll> [File is missing]
<midimapqn3><C:\WINDOWS\system32\midimapqn3.dll> [File is missing]
运行SRENG软件
删除以下驱动
[1826b848b0ad7ea9 / 1826b848b0ad7ea9][Stopped/Manual Start]
<\??\C:\1826b848b0ad7ea9.dat><N/A>
[6884110c9caf8052 / 6884110c9caf8052][Stopped/Manual Start]
<\??\C:\6884110c9caf8052.dat><N/A>
[6a8fc7b8cf1c76d6 / 6a8fc7b8cf1c76d6][Stopped/Manual Start]
<\??\C:\6a8fc7b8cf1c76d6.dat><N/A>
[8daf3a94564eebfb / 8daf3a94564eebfb][Stopped/Manual Start]
<\??\C:\8daf3a94564eebfb.dat><N/A>
[8e8eeb0c000a48ec / 8e8eeb0c000a48ec][Stopped/Manual Start]
<\??\C:\8e8eeb0c000a48ec.dat><N/A>
[ed2774f057823563 / ed2774f057823563][Stopped/Manual Start]
<\??\C:\ed2774f057823563.dat><N/A>
[ffa8f0989281cf4e / ffa8f0989281cf4e][Stopped/Manual Start]
<\??\C:\ffa8f0989281cf4e.dat><N/A>
重启后,删除以上各对应文件,找不到就算了
以下浏览器加载项
[]
{4A698102-5904-AFD0-20DF-CD1A65829CA4} <C:\WINDOWS\system32\zycbdime.dll, N/A>
[]
{4C648541-1025-9650-9057-6541258720C4} <C:\WINDOWS\system32\mndhddwd.dll, N/A>
[]
{4FD45A54-9875-698F-E56E-65102358FDF4} <C:\WINDOWS\system32\apsgdjba.dll, N/A>
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <, >
[]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, >
[]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[]
{0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[]
{0D99625B-0619-4420-BB61-82DEE1B91D3A} <, >
[]
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, >
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, >
[]
{461CC20B-FB6E-4F16-8FE8-C29359DB100E} <, >
[]
{4A698102-5904-AFD0-20DF-CD1A65829CA4} <C:\WINDOWS\system32\zycbdime.dll, N/A>
[]
{4C648541-1025-9650-9057-6541258720C4} <C:\WINDOWS\system32\mndhddwd.dll, N/A>
[]
{4FD45A54-9875-698F-E56E-65102358FDF4} <C:\WINDOWS\system32\apsgdjba.dll, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <, >
[]
{5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A>
[]
{6A041F13-A111-12A3-B0CF-F99818AA68A6} <, >
[]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, >
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <, >
[]
{962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
这个驱动不知道是什么
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
aaccbbdd - 2008-8-4 20:18:00
建议使用XDelBox删除以下文件:(Xdelbox1.7下载地址:
http://www.qispace.com.cn/read.php/1.htm)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\1826b848b0ad7ea9.dat
C:\6884110c9caf8052.dat
C:\6a8fc7b8cf1c76d6.dat
C:\8daf3a94564eebfb.dat
C:\8e8eeb0c000a48ec.dat
C:\ed2774f057823563.dat
C:\ffa8f0989281cf4e.dat
系统时间正确后
使用这个东东
http://www.360.cn/down/soft_down13.html
© 2000 - 2026 Rising Corp. Ltd.