瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 大问题了,Explorer.EXE被KO了,急、、、、(已解决)
bao教授的粉丝 - 2013-10-22 13:36:00
开机进入的桌面是非常清洁的啥都没有的桌面,连开始任务栏也没有,出了一个英文框:Buffer overrun detected  program:  c:\windows\Explorer.exe如图。能调出任务管理器,在任务管理器里,新建任务可以打开应用程序,比如IE,QQ等,上网也没问题,但调不出C:\windows\explorer.exe进程,跳出开机时那个英文框。各位大侠们,咋办。万分感谢
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:34:58, 日期 2013-10-22
操作系统:  Windows XP SP3 (WinNT 5.01.2600)
浏览器:    Internet Explorer v8.00 (8.00.6001.18702)
当前运行的进程:         
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
d:\Program Files\Rising\RAV\RavMonD.exe
D:\Program Files\Rising\RFW\Rfw\ravmond.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\HZ_CommSrv.exe
C:\Program Files\iQIYI\QiyiService.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\截图绿色小工具.exe
D:\abc\LOSTFILE\an chuan gon ji\HijackThis1991zw.exe\HijackThis1991zww.exe
O2 - BHO: Ask Toolbar BHO - {434D472D-5636-006A-76A7-7A786E7484D7} - "C:\Program
Files\AskPartnerNetwork\Toolbar\CMG-V6\Passport.dll" (file missing)
O2 - BHO: Ask Shopping Toolbar BHO - {434D4756-372D-5341-5400-7A786E7484D7} - "C:\Program
Files\AskPartnerNetwork\Toolbar\CMGV7-SAT\Passport.dll" (file missing)
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and
Settings\Administrator\Application Data\FlashGetBHO\FlashGetBHO.dll
O3 - IE工具栏增项: Ask Toolbar - {434D472D-5636-006A-76A7-7A786E7484D7} - "C:\Program
Files\AskPartnerNetwork\Toolbar\CMG-V6\Passport.dll" (file missing)
O3 - IE工具栏增项: Ask Shopping Toolbar - {434D4756-372D-5341-5400-7A786E7484D7} -
"C:\Program Files\AskPartnerNetwork\Toolbar\CMGV7-SAT\Passport.dll" (file missing)
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [RFWTRAY] "D:\Program Files\Rising\RFW\Rfw\RSTRAY.EXE" -system
O4 - 启动项HKLM\\Run: [RavTRAY] "d:\Program Files\Rising\RAV\RSTRAY.EXE" -system
O4 - 启动项HKLM\\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - 启动项HKLM\\Run: [ApnTBMon] "C:\Program
Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [FlashGet 3] "d:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe"
-minimize
O4 - HKCU\..\Run: [QiyiClient] "C:\Program Files\iQIYI\QiyiClient.exe" autostart
O8 - IE右键菜单中的新增项目: 使用快车3下载 - d:\Program Files\FlashGet Network\FlashGet 3
\BHO\fdgeturl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {01D4C318-44D5-4AB8-894F-5F95341E4459} -
https://pbank.psbc.com/pweb/ocx/psbc/PowerEnterPSBC.CAB
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} (InstallHelper Class) -
http://dl_dir.qq.com/qqtv/MMInstaller.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) -
https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} -
https://mybank.icbc.com.cn/icbc/NetSign.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?
1309670455859
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -
https://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {7978461C-CC22-48F2-BC69-02220D3E101D} (CertEnroll Class) -
https://img.alipay.com/download/itrusenroll.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) -
https://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
O16 - DPF: {93E730CA-32AA-4C56-B5FB-65932E954CFE} (IEKeyControl Class) -
https://mybank.icbc.com.cn/icbc/newperbank/ICBC_IE_FULL_SCREEN.CAB
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} -
https://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
O16 - DPF: {C7EC0B9B-074B-40FE-BF29-B135FB4F57D7} -
https://mybank.icbc.com.cn/icbc/icbc_gemplus2006dv.dll
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (QQPasswordCtrl Class) -
https://www.tenpay.com/download/qqcert.cab
O20 - Winlogon Notify: RsAutorunsDisabled - C:\windows\
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - NT 服务: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems
Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - NT 服务: Alipay security service (AlipaySecSvc) - Alipay Inc.  - C:\Program
Files\alipay\alieditplus\AlipaySecSvc.exe
O23 - NT 服务: Ask Update Service (APNMCP) - APN LLC. - C:\Program
Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - NT 服务: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation -
C:\windows\system32\bgsvcgen.exe
O23 - NT 服务: HDZB Comm Service For V2.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 -
C:\windows\system32\HZ_CommSrv.exe
O23 - NT 服务: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32
\LEXBCES.EXE
O23 - NT 服务: LightScribeService Direct Disc Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - NT 服务: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero
BackItUp\NBService.exe
O23 - NT 服务: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - NT 服务: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY
SCIENCE&TECHNOLOGY CO.,LTD. - C:\Program Files\iQIYI\QiyiService.exe
O23 - NT 服务: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. -
C:\Program Files\Rising\RSD\RsMgrSvc.exe
O23 - NT 服务: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. -
d:\Program Files\Rising\RAV\RavMonD.exe
O23 - NT 服务: RFW Service (RsRFWMon) - Beijing Rising Information Technology Co., Ltd. -
D:\Program Files\Rising\RFW\Rfw\ravmond.exe
O23 - NT 服务: Shadow System Service (ShadowSystemService) - Unknown owner -
C:\WINDOWS\system32\shadow\ShadowService.exe
O23 - NT 服务: WatchData ccb V3.2 (WDMonitorCCB) -  Beijing WatchData System Co., Ltd. -
C:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe

用户系统信息:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; (R1 1.5);  Embedded Web Browser from: http://bsalsa.com/; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

附件: hijackthis20131022.txt
networkedition - 2013-10-22 13:51:00
找一下c:\windows\system32\dllcache 目录下的explorer.exe拷贝到c:\windows目录下替换试试。
bao教授的粉丝 - 2013-10-22 13:57:00
好的,马上去试试,侍会汇报结果
天月来了 - 2013-10-22 13:59:00
你拿什么软件优化没了??

你去看看你的C:\windows\目录内到底有没有explorer.exe文件呢?
随风的风筝 - 2013-10-22 14:13:00
今早和楼主遇到一模一样的问题,现在还没有解决,期盼救星
bao教授的粉丝 - 2013-10-22 14:36:00
刚才上不了网。回复2楼大版主,c:\windows\system32\dllcache 目录下没有explorer.exe。
回复天月版主:WINDOWS下好像有explorer.exe的,不知是不是图中这个
networkedition - 2013-10-22 14:55:00
找个其它是xpsp3的系统,找到explorer.exe拷贝过来替换一下试试。
天月来了 - 2013-10-22 15:20:00
它系统里还不知道受什么影响呢,那文件可能正常的。:kaka6:
随风的风筝 - 2013-10-22 16:17:00
我从网上下载了新的explolrer.exe覆盖了windows目录下explorer.exe,但是还是不行,安全模式也是进不去,报同样的错误,求高人指教。
随风的风筝 - 2013-10-22 16:19:00
应该就是被病毒感染了,发愁啊,重装系统后一些管理软件就麻烦了。出问题前安装的瑞星没有提示任何风险啊。
networkedition - 2013-10-22 16:31:00
将报错的explolrer.exe压缩发来,扫描sreng日志一并发来。
http://www.kztechs.com/sreng/download.html
bao教授的粉丝 - 2013-10-22 17:14:00
感谢随风的风筝兄弟在我这里跟贴,感谢大版主的关注,我的可以进入安全模式,只是安全模式下也是非常环保的桌面,我在PE环景里替换了explolrer.exe,结果问题还是没解决。最近的操作就是昨晚安装了酷我K歌,爱奇艺,正常关机后今天开机就这样了,也不像中毒的现象,现在用起来机子比以前反而流畅一些:kaka6:
networkedition - 2013-10-22 17:18:00
再崩溃的时候,先不要点击确定关闭对话框,使用processxp工具提取一下explorer.exe的dmp,操作方法:找到explorer.exe右键create dump——create minidump ,把dmp保存到桌面压缩发来。
bao教授的粉丝 - 2013-10-22 17:27:00
回复大版主,原来的Explorer.EXE已经被我替换掉了。日志

附件: SREngLOG20131022.log
networkedition - 2013-10-22 17:29:00
不是还报错么,参考13楼提取一下dmp
bao教授的粉丝 - 2013-10-22 17:32:00
好的,先下载工具先
天月来了 - 2013-10-22 18:26:00
要是我呢,我就选择卸载电脑内所有娱乐类软件和安全类软件,再看情况如何
随风的风筝 - 2013-10-23 11:08:00
[CODE]

2013-10-23,10:36:00

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <QQ2009><"C:\Program Files\Tencent\QQ\QQProtect\Bin\QQProtect.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <aliim><C:\Program Files\AliWangWang\aliim.exe /run:auto>  [(Verified)TaoBao(china) Software Co., Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RSDTRAY><"C:\Program Files\Rising\RSD\popwndexe.exe">  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTRAY><"C:\Program Files\Rising\Rav\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <BaiduPinyin><"C:\Program Files\Baidu\BaiduPinyin\2.6.2.185\baidupinyin.exe"  --autorun>  [(Verified)Baidu (China) Co., Ltd.]
    <Seagull Drivers><ssdal_nc.exe startup>  [N/A]
    <Adobe ARM><"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe">  [(Verified)Adobe Systems, Incorporated]
    <KDZHJ><D:\智慧记\KDMain.exe>  [File is missing]
    <ICBCEBankAssist><"C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe">  [(Verified)Industrial and Commercial Bank of China Limited]
    <kxesc><"C:\Program Files\Kingsoft\kingsoft antivirus\kxetray.exe" -autorun>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[套接字服务器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\套接字服务器.lnk --> D:\GRASP2~1\scktsrvr.exe [Inprise Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe><Adobe Systems Incorporated>
[Alipay security service / AlipaySecSvc][Running/Auto Start]
  <"C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe"><Alipay Inc.>
[暴风移动设备识别服务 / BFAssistantSvc_13510][Running/Auto Start]
  <C:\Program Files\Baofeng\PhoneAssistant\BFAssistantSvc.exe><北京暴风科技股份有限公司>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe><N/A>
[Mozilla Maintenance Service / MozillaMaintenance][Stopped/Manual Start]
  <"C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"><Mozilla Foundation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[HyperVM / HyperVM][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\hvm.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[PassGuard / PassGuard][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PassGuard.sys><>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QMUdisk / QMUdisk][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQPCMgr\8.5.10197.217\QMUdisk.sys><N/A>
[QQProtect / QQProtect][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\QQProtect.sys><Tencent>
[rsd protect / rsdsys][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\protreg.sys><Beijing Rising Information Technology Co., Ltd.>
[rsutils / rsutils][Running/System Start]
  <system32\DRIVERS\rsutils.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sysmon / sysmon][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sysmon.sys><Beijing Rising Information Technology Co., Ltd.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

==================================
浏览器加载项
[VideoUrlSniffer Class]
  {00000ADA-7E0D-47C1-986C-F017D09C4304} <C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(321).dll, (Signed) 深圳市迅雷网络技术有限公司>
[迅雷FLV视频嗅探及下载支持]
  {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <D:\Program Files\BHO\XlBrowserAddin1.0.8.71.dll, (Signed) 深圳市迅雷网络技术有限公司>
[EyeOnIE Class]
  {20E1725C-7237-41A9-954A-04DCCB1FD16C} <C:\Program Files\Baofeng\StormPlayer\MediaLibraryIcon.dll, (Signed) 北京暴风科技股份有限公司>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\BHO\XunleiBHO7.2.13.3882.dll, (Signed) 深圳市迅雷网络技术有限公司>
[99A4FE4D-3269-71AC-1CA9-36563D66BAF7 Class]
  {99A4FE4D-3269-71AC-1CA9-36563D66BAF7} <D:\Program Files\BBInside\{99A4FE4D-3269-71AC-1CA9-36563D66BAF7}\AddressBar.dll, (Signed) >
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[]
  {14c1d00e-0b92-4379-880b-444fa2d740dd} <, >
[启动迅雷看看播放器]
  {24c1d00e-0b92-4379-880b-444fa2d740dd} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SubmitControl.dll, (Signed) >
[VideoUrlSniffer Class]
  {00000ADA-7E0D-47C1-986C-F017D09C4304} <C:\Documents and Settings\All Users\Application Data\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.0.138.(321).dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {02E2D748-67F8-48B4-8AB4-0A085374BB9A} <, >
[AliCertDOCtrl Class]
  {08D512D2-7D97-4E22-B7DB-82791106C086} <C:\Documents and Settings\Administrator\Application Data\alipay\cf\alicdo.dll, (Signed) Alipay>
[迅雷FLV视频嗅探及下载支持代理]
  {0C27ADC4-E826-4620-A3A7-990D7E05545F} <D:\Program Files\BHO\XlBrowserAddin1.0.8.71.dll, (Signed) 深圳市迅雷网络技术有限公司>
[UPEditorCtrl Class]
  {0E48410F-D1B8-472A-85DB-27F3D77284CE} <C:\WINDOWS\system32\UPEdit\UPEditor.dll, (Signed) 中国银联股份有限公司>
[迅雷FLV视频嗅探及下载支持]
  {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <D:\Program Files\BHO\XlBrowserAddin1.0.8.71.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {14C1D00E-0B92-4379-880B-444FA2D740DD} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[WWPicUploadCtrl Class]
  {1D63232D-4F15-4A42-890D-EE617AA1537D} <C:\Program Files\AliWangWang\7.21.18C\modules\1685\WWPictureUpload.dll, (Signed) Alibaba software (Shanghai) Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\3.6.0.0\pta.dll, (Signed) iTruschina Co., Ltd.>
[EyeOnIE Class]
  {20E1725C-7237-41A9-954A-04DCCB1FD16C} <C:\Program Files\Baofeng\StormPlayer\MediaLibraryIcon.dll, (Signed) 北京暴风科技股份有限公司>
[]
  {24C1D00E-0B92-4379-880B-444FA2D740DD} <, >
[]
  {29B6CFD5-0064-411A-8C42-9890C83F9921} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\BHO\ThunderAgent7.2.13.3882.dll, (Signed) 深圳市迅雷网络技术有限公司>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[AgentForAndroid Class]
  {50F4150A-48B2-417A-BE4C-C83F580FB904} <C:\Program Files\Common Files\Tencent\QQPhoneManager\1.8.101.2154\npQQPhoneManagerExt.dll, (Signed) 腾讯公司>
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <C:\Program Files\AliWangWang\7.21.18C\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
networkedition - 2013-10-23 11:12:00
参考14楼日志压缩发来,13楼的方法提取一下dmp
随风的风筝 - 2013-10-23 11:25:00
11

附件: SREngLOG.log
networkedition - 2013-10-23 13:17:00
将QQ号通过站内短消息发送给我,远程看一下。
随风的风筝 - 2013-10-23 14:07:00
11

附件: explorer.rar
networkedition - 2013-10-23 14:14:00
短消息已收到QQ,已加,请尽快通过验证。
networkedition - 2013-10-23 15:06:00
远程已解决,远程查看explorer加载了一个:C:\Program Files\Common Files\Microsoft Shared\bg\BGCloudSH.1.0.0.1.(853).dll,解决方法,先点击确定关闭报错提示,这样当前进程就没有exlorer.exe,调出任务管理器,点新建任务,点浏览,根据路径:C:\Program Files\Common Files\Microsoft Shared\bg 找到文件:BGCloudSH.1.0.0.1.(853).dll右键删除后重启电脑即可。有可能会有一个不带版本的BGCloudSH.dll都删除即可。
networkedition - 2013-10-23 15:07:00
请参考24楼解决方法试试。
bao教授的粉丝 - 2013-10-24 12:24:00
感谢大版主,感谢风筝兄弟,我的问题也解决了。昨天没空上网,刚刚有时间上网。俺也老会员了,算是一名骨灰级菜鸟了,因大学非计算机专业所以水平只停留于工作中使用的水平,一直使用瑞星将近十年了,当初自定义规则的狂热粉丝,原瑞星社区的帐号忘了,后来卡卡社区的帐号的密码也忘了。只好重新注册个帐号。一直很佩服baohe教授的手工查杀病毒,故注册名为“baohe教授的粉丝”。这几年上班忙没时间来,感觉论坛比以前冷清很多了,唉,也许网络论坛的春天已过了吧,真的有种沧海桑田的感觉。再次谢谢!
1
查看完整版本: 大问题了,Explorer.EXE被KO了,急、、、、(已解决)