瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 大家看下是中毒了吗
偶是高达 - 2006-7-6 17:40:00
前几天用的SRE说过期了,今天又在论谈上下了个,结果一用就是偶有病毒偶晕,咋会事啊,高手看下啊谢了啊,是偶的PC有WT还是啥啊

附件: 632855200676173305.JPG
偶是高达 - 2006-7-6 17:41:00
咋会事啊??

附件: 632855200676173339.JPG
偶是高达 - 2006-7-6 17:55:00
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"="Rising Execute File Exts hook"
"{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"=""
-------------------------------------------------------------------------------
先在注册表中找到“ShellExecuteHooks”这项击右键将其项删除,再按下面的操作,
将以上全部保存为比如“ShellExecuteHooks.reg”的文件名,再将它导入你的注册表中即可修复你电脑中受损注册表的键值。

偶前几天修复过
偶是高达 - 2006-7-6 17:57:00
因为过出现错误提示:"0x........"指令引用的"0x00000000"内存,该内存不能为"read"。省略号代表可变值,所以按上面的方法修复过

附件: 632855200676174921.JPG
偶是高达 - 2006-7-6 18:59:00
大家帮忙看下谢了啊
刀刀笨贼 - 2006-7-6 19:41:00
"前几天用的SRE说过期了"旧版本的SREng于7月1号过期
http://forum.ikaka.com/topic.asp?board=28&artid=8105899用hijackthis扫描个log上来
偶是高达 - 2006-7-6 20:10:00
偶用的那个也说过期了,重下了个就这样了,报告来了
HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:01:24, 日期 2006-7-6
操作系统:  Windows XP SP2 (WinNT 5.01.2600)
浏览器:    Unable to get Internet Explorer version!

当前运行的进程:         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\conime.exe
F:\Sports Interactive\Football Manager 2006\fm.exe
C:\DOCUME~1\User\LOCALS~1\Temp\~e5.0001
C:\Program Files\Internet Explorer\iexplore.exe
D:\Sandai Technologies Inc\讯雷下载\游戏\HijackThis_815汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "D:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [DAEMON Tools] ; "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{6891F74D-B4D4-49E0-AD12-F6EC3045B351}: NameServer = 220.189.127.108 220.189.127.107
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

偶是高达 - 2006-7-6 20:50:00
大家帮忙看看谢了啊
偶是高达 - 2006-7-6 21:08:00
在线等大家帮忙啊谢了啊
mopery - 2006-7-6 21:14:00
日志正常...把值改一下就行了...
偶是高达 - 2006-7-6 21:25:00
咋改啊不会啊LS的能教下吗.谢了啊
mopery - 2006-7-6 21:28:00
打开SRE 启动项目 注册表...

UIHost  编辑
把值改成logonui.exe
偶是高达 - 2006-7-6 21:37:00
就改这一个就行了吗
mopery - 2006-7-6 21:42:00
恩 其他没问题...
偶是高达 - 2006-7-6 21:55:00
用SRE就能改了吗
mopery - 2006-7-6 22:02:00
什么用SRE 能改?
偶是高达 - 2006-7-6 22:06:00
SYSTEM REPAIR ENGINEER改的啊,偶改了啊数剧变为logonui.exe ,但还是不行啊咋会事啊
mopery - 2006-7-6 22:15:00
那也没事这个..
偶是高达 - 2006-7-6 22:22:00
不用理它吗
mopery - 2006-7-6 22:28:00
恩..
偶是高达 - 2006-7-6 22:30:00
LS的能说下UIHOST这个名字的键直是多少吗,要找到logonui.exe的路进
mopery - 2006-7-6 22:32:00
没明白你的话..
没事别管他..
偶是高达 - 2006-7-6 22:41:00
就是帮忙看下你的住册表里UIHOST这个名字的键直多少啊
偶是高达 - 2006-7-6 22:42:00
光写logonui.exe没用,要他所在的路进啊
mopery - 2006-7-6 22:45:00
没事...
别管这项...
偶是高达 - 2006-7-6 22:53:00
修好总没错帮忙看下谢了啊HEHE
偶是高达 - 2006-7-7 8:24:00
这是用AUTORUNS扫的全部起动项
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DAEMON Tools File not found: ;

+ nwiz File not found: ;

+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe

+ SoundMan File not found: ;

+ StormCodec_Helper File not found: ;

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+ RavStub Rising RavStub Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravstub.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ PicaView PicaView 系统扩展 DLL ACD Systems, Ltd. c:\program files\acdsee\picaview.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Class jccatch Module Amaze Soft c:\program files\flashget\jccatch.dll

+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Class XunLei BHO Thunder Networking Technologies,LTD c:\windows\system32\xunleibho_v14.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll

HKLM\System\CurrentControlSet\Services

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ a320raid Adaptec HostRAID for Ultra320 SCSI Adaptec, Inc. c:\windows\system32\drivers\a320raid.sys

+ aar1210 Adaptec HostRAID for Serial ATA Adaptec, Inc. c:\windows\system32\drivers\aar1210.sys

+ adpu320 Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver Adaptec, Inc. c:\windows\system32\drivers\adpu320.sys

+ aec6210 ACARD Technology Corp. c:\windows\system32\drivers\aec6210.sys

+ aec6260 ID=0006, 0007 ACARD Technology Corp. c:\windows\system32\drivers\aec6260.sys

+ aec6280 AEC6280 Miniport Driver ACARD Technology Corp. c:\windows\system32\drivers\aec6280.sys

+ AEC6890 AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver ACARD Technology Corp. c:\windows\system32\drivers\aec6890.sys

+ aec68x5 AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver ACARD Technology Corp. c:\windows\system32\drivers\aec68x5.sys

+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys

+ AliIde File not found: System32\DRIVERS\aliide.sys

+ asc AdvanSys SCSI Controller Driver Advanced System Products, Inc. c:\windows\system32\drivers\asc.sys

+ asc3550 AdvanSys Ultra-Wide PCI SCSI Driver Advanced System Products, Inc. c:\windows\system32\drivers\asc3550.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ CmdIde CMD PCI IDE Bus Driver CMD Technology, Inc. c:\windows\system32\drivers\cmdide.sys

+ dac2w2k Mylex Disk Array Controller Driver Mylex Corporation c:\windows\system32\drivers\dac2w2k.sys

+ dpti2o File not found: System32\DRIVERS\dpti2o.sys

+ dtscsi c:\windows\system32\drivers\dtscsi.sys

+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys

+ fasttrak Promise FastTrak Series Driver for WinXP Promise Technology, Inc. c:\windows\system32\drivers\fasttrak.sys

+ fasttx2k Promise Driver for Windows XP Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k.sys

+ fasttx2k2 Promise FastTrak Series Driver for WindowsXP Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k2.sys

+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5b.sys

+ GMSIPCI File not found: G:\INSTALL\GMSIPCI.SYS

+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys

+ HookReg c:\program files\rising\rav\hookreg.sys

+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys

+ HPT371 HPT3xx Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt371.sys

+ hpt374 HPT374 Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt374.sys

+ hpt3xx HPT3xx Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt3xx.sys

+ hptmv hptmv Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hptmv.sys

+ hptpro Hptpro HighPoint Technologies, Inc. c:\windows\system32\drivers\hptpro.sys

+ iaStor Intel Application Accelerator driver Intel Corporation c:\windows\system32\drivers\iastor.sys

+ iteraid ITE IT8212 ATA RAID SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteraid.sys

+ m5228 M5228 ATA RAID Controller Driver ALi Corporation. c:\windows\system32\drivers\m5228.sys

+ m5281 M5281 SATA RAID Controller Driver ALi Corporation c:\windows\system32\drivers\m5281.sys

+ MegaIDE LSI MegaRAID IDE Driver LSI Logic Corporation. c:\windows\system32\drivers\megaide.sys

+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys

+ mraid2k MEGARAID SCSI Controller Driver for Windows 2000 PAE American Megatrends, Inc. c:\windows\system32\drivers\mraid2k.sys

+ mraid35x MegaRAID RAID Controller Driver for Windows Whistler 32 American Megatrends Inc. c:\windows\system32\drivers\mraid35x.sys

+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. d:\tencent\qq\npkcrypt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.72 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ Pnp680 DMA capable ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\pnp680.sys

+ Pnp680r DMA capable ATA RAID miniport driver Silicon Image, Inc c:\windows\system32\drivers\pnp680r.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ ql1080 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql1080.sys

+ ql12160 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql12160.sys

+ ql1280 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql1280.sys

+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ SI3112 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3112.sys

+ SI3112r Serial ATA RAID Miniport Driver Silicon Image, Inc c:\windows\system32\drivers\si3112r.sys

+ SI3114 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3114.sys

+ SI3114r SATARAID Miniport Driver Silicon Image, Inc c:\windows\system32\drivers\si3114r.sys

+ SI3124 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3124.sys

+ SI3124r SATARAID miniport driver (PRE-RELEASE) Silicon Image, Inc c:\windows\system32\drivers\si3124r.sys

+ SiFilter Windows Accelerator Driver Silicon Image, Inc. c:\windows\system32\drivers\siwinacc.sys

+ SiSRaid SiS RAID Miniport Driver Silicon Integrated Systems c:\windows\system32\drivers\sisraid.sys

+ SiSRaid1 SiS RAID Miniport Driver Silicon Integrated Systems c:\windows\system32\drivers\sisraid1.sys

+ sparrow Adaptec AIC-6x60 series SCSI miniport Adaptec, Inc. c:\windows\system32\drivers\sparrow.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ sptrak Promise SuperTrak Family Driver for WindowsNT Promise Technology, Inc. c:\windows\system32\drivers\sptrak.sys

+ sym_hi Symbios Hi-Perf SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\sym_hi.sys

+ sym_u3 Symbios Ultra3 SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\sym_u3.sys

+ symc810 Symbios Logic Inc. SCSI Miniport Driver Symbios Logic Inc. c:\windows\system32\drivers\symc810.sys

+ symc8xx Symbios 8XX SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\symc8xx.sys

+ UlSata Promise Ultra/Sata Series Driver for WinXP Promise Technology, Inc. c:\windows\system32\drivers\ulsata.sys

+ ultra Promise Ultra66 Miniport 驱动程序 Promise Technology, Inc. c:\windows\system32\drivers\ultra.sys

+ viamraid VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 VIA Technologies inc,.ltd c:\windows\system32\drivers\viamraid.sys

+ viapdsk VIA VT4149 PATA Driver VIA Technologies, Inc. c:\windows\system32\drivers\viapdsk.sys

+ viaraid VT6410 RAID DRIVER FOR WINXP VIA Technologies inc,.ltd c:\windows\system32\drivers\viaraid.sys

+ viasraid VIA SATA RAID DRIVER FOR WINXP VIA Technologies inc,.ltd c:\windows\system32\drivers\viasraid.sys

+ vmscsi VMware SCSI Controller VMware, Inc. c:\windows\system32\drivers\vmscsi.sys

+ WINIO File not found: G:\winio.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * File not found: autocheck
偶是高达 - 2006-7-7 8:25:00
大家帮下忙啊谢了啊
偶是高达 - 2006-7-7 8:46:00
大家看下谢了啊
偶是高达 - 2006-7-7 9:39:00
这个键直不改过来对系统没啥影响吧
12
查看完整版本: 大家看下是中毒了吗
© 2000 - 2026 Rising Corp. Ltd.