瑞星卡卡安全论坛

在启动XPSP2系统的时候在登陆用户后。．加载个人设置的时候会出现一个对话框．．内容如下

svchost.exe应用程序出错　　＂ox*******＂指令引用＂ox*****＂内存，该内存不能为＂written＂

那位高手能给在下解决一下。．．．

1、升级你的杀毒软件至最新版本安全模式下查毒(开机按F8进入安全模式)

2、把杀毒软件所不能清除的病毒文件名与路径贴上来

3、请用 置顶处反毒工具集中的扫描一个log贴上来。
1 解压缩sreng2.zip
2 运行SREng2.exe
3 智能扫描=》扫描=》保存报告
4 把日志SREngLOG.log中的报告完整拷贝贴上来，不要修改

友情提示：
扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。但请不要用附件形式贴。

注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。

2006-11-29,22:12:48

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    正在运行的进程（包括进程模块信息）


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <LogitechSoftwareUpdate><"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot>  [N/A]
    <LDM><; >  [N/A]
    <LetsCool><; >  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Apoint><C:\Program Files\Apoint\Apoint.exe>  [(Verified)Alps Electric Co., Ltd.]
    <IntelWireless><C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless>  [Intel Corporation]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <DVDLauncher><"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <DataLayer><C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE>  [Nokia Mobile Phones Ltd.]
    <Dell QuickSet><C:\Program Files\Dell\QuickSet\Quickset.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE>  [Logitech Inc.]
    <LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe >  [Logitech Inc.]
    <LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe>  [Logitech Inc.]
    <SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe>  [N/A]
    <ThunderMini><C:\Program Files\Thunder Network\ThunderMini\ThunderMiniShell.exe>  [N/A]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [Macrovision Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  [N/A]
    <hxgame-update><; >  [N/A]
    <PCSuiteTrayApplication><; >  [N/A]
    <vtupdate><; C:\WINDOWS\>  [N/A]
    <WebThunder><; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
    <YLive.exe><; >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ImpsSensor]
    <WinlogonNotify: ImpsSensor><ImpsSensor.dll>  [China Mobile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
    <WinlogonNotify: IntelWireless><C:\Program Files\Intel\Wireless\Bin\LgNotify.dll>  [Intel Corporation]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Logitech Desktop Messenger Agent]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger Agent.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>

==================================
服务
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Broadcom ASF IP monitoring service v6.0.4 / BAsfIpM]
  <C:\WINDOWS\system32\basfipm.exe><Broadcom Corp.>
[EvtEng / EvtEng]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[MessageServices / MessageServices]
  <C:\WINDOWS\system32\Svchost.exe -k MessageServices-->C:\WINDOWS\system32\MDserivce\MDserivces\Svchost.dll><Microsoft Corporation>
[MicroMsgServices / MicroMsgServices]
  <C:\WINDOWS\system32\Svchost.exe -k MicroMsgServices-->C:\WINDOWS\system32\MicroService\svchost.dll><N/A>
[Security Machine Manager / MOVEESS]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\FWJJPL00.DLL,Export 1087><N/A>
[NICCONFIGSVC / NICCONFIGSVC]
  <C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe><Dell Inc.>
[RegSrvc / RegSrvc]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[RestoreService / RestoreService]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\service.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Logical Disk Manager Amdinistrative Serviece5 / S27335]
  <><N/A>
[SonicStage SCSI Service / SSScsiSV]
  <C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[WLANKEEPER / WLANKEEPER]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================

是有木马病毒,升级到瑞星18.55.12版本就可查杀的

驱动程序
[abp480n5 / abp480n5]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.1.0.1 / AegisP]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Aha154x / Aha154x]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[APPDRV / APPDRV]
  <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[asc / asc]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Aspi32 / Aspi32]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Aspi32.SYS><Adaptec>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme 57xx Gigabit Controller / b57w2k]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BASFND / BASFND]
  <\??\C:\WINDOWS\system32\Drivers\BASFND.sys><Broadcom Corporation>
[BM Win32 Network Adapter / bmnadapter]
  <system32\DRIVERS\bmnet.sys><The OpenVPN Project>
[cd20xrnt / cd20xrnt]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[cercsr6 / cercsr6]
  <C:\WINDOWS\SYSTEM32\DRIVERS\cercsr6.SYS><Adaptec, Inc.>
[CmdIde / CmdIde]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dbustrcm / dbustrcm]
  <\??\C:\DOCUME~1\1fenglei\LOCALS~1\Temp\dbustrcm.sys><N/A>
[dpti2o / dpti2o]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[drvmcdb / drvmcdb]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[GTIPCI21 / GTIPCI21]
  <system32\DRIVERS\gtipci21.sys><Texas Instruments>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSFHWICH / HSFHWICH]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ini910u / ini910u]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[Intel Wireless Connection Agent Miniport for Win XP / IWCA]
  <system32\DRIVERS\iwca.sys><Intel Corporation>
[Logitech USB Monitor Filter / LVUSBSta]
  <system32\drivers\lvusbsta.sys><Logitech Inc.>
[mdmxsdk / mdmxsdk]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[msqmx / msqmx]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><Microsoft Corporation>
[Nokia USB Generic / Nokia USB Generic]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent]
  <system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt]
  <\??\D:\工具\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
  <\??\D:\工具\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[obgvmh00 / obgvmh00]
  <\??\C:\WINDOWS\system32\drivers\obgvmh00.sys><Microsoft Corporation>
[OMCI WDM Device Driver / omci]
  <system32\DRIVERS\omci.sys><Dell Inc>
[oreans32 / oreans32]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PCANDIS5 Protocol Driver / PCANDIS5]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[QuickCam IM(PID_08A0) / PID_08A0]
  <system32\DRIVERS\LV302AV.SYS><Logitech Inc.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Driver for rockusb Device / rockusb]
  <system32\DRIVERS\rockusb.sys><Fuzhou Rockchip Electronics Co,Ltd.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[WLAN Transport / s24trans]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Prolific2 Serial port driver / Ser2pl]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SIS AGP Bus Filter / sisagp]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sscdbhk5 / sscdbhk5]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SigmaTel C-Major Audio / STAC97]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[symc810 / symc810]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[tfsnboio / tfsnboio]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[TosIde / TosIde]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>

==================================