瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » Fire!Fire!Fire! 紧急求救......
redstone2003 - 2007-3-16 8:58:00
问题表现状况:
)在打开“我的电脑“,”控制面板“,“回收站”,“网上邻居”,“图片收藏”,“我的音乐”,“我的文档”…..等文件夹时会出现这样的对话框(由于出现这样的对话框的情况下截图就近乎死机,而时得不能截图,我照对话框纪录如下):
Microsoft  visual  C++  runtime  library
Program: c:\windows\explorer.exe

This  application  on  has  requested  the  Runtime  to  terminate  it  in  an  unusual  way . 
Please  contact  the  application’s  support  team  for  more  information.
 
                            确定

单击确定后(卡了下,再点确定又卡,等了许久)又弹出:
Explorer.exe – 应用程序错误
        应用程序发生异常 unknown  software  exception (0x40000015),位置为0x023a82f6。
要终止程序,请单击“确定”。
要调试程序,请单击“取消“。
                 
                      确定        取消

①当单击“确定“后出现类似结束”explorer,exe “进程一样的效果。然后恢复正常。
②单击“取消“则卡了一下,然后弹出”drwtsn32.exe遇到问题需要关闭。“的提示。点”关闭“后,出现象①的现象,然后恢复原状态。

    在弹出以上对话框的时候,进行诸如,切换输入发法或者打开程序的操作时就回卡上一下(大概2-3秒)。
)在无法通过我的电脑访问磁盘的情况下,在IE浏览器中输入C:/进入磁盘。鼠标左键无法选中文件夹,职能用右键选中进行操作。且右键选中后无论在哪点左键都打开的是那一个文件夹。
(Ⅲ)在不进行以上的操作情况下执行任何程序电脑无异常表现。
杀毒情况:
    在出现以上情况后用升级瑞星到版本19.14.32后扫描杀毒列表如下:
病毒名称             处理结果    发现日期             路径    文件    病毒来源
Trojan.MNLess.df    清除成功    2007-03-15 17:30    AdPop.Exe>>C:\Program Files\Yayad\AdPop.Exe        本机
Trojan.MNLess.df    删除成功    2007-03-15 18:28    C:\Program Files\Yayad    AdPop.exe    本机
Trojan.MNLess.df    需要解压缩后杀毒    2007-03-15 18:38    C:\Program Files\浩方对战平台    Yayad4HaoFang070112.exe>>AdPop.exe    本机
Trojan.MNLess.df    删除成功    2007-03-15 19:19    C:\Program Files\浩方对战平台    Yayad4HaoFang070112.exe    本机
今天早上开机瑞星自动提示发现病毒:
病毒名称    处理结果    扫描方式    路径    文件
Trojan.MNLess.df    删除成功    文件监控    C:\Program Files\Yayad    AdPop.exe


请高手帮忙...等待中...








redstone2003 - 2007-3-16 13:19:00
怎么没人来帮忙呀1!!
大鸟小鸟1 - 2007-3-16 13:35:00
妈比电脑病毒真他妈缺大德了
redstone2003 - 2007-3-16 23:13:00
怎么都没人来恢复下,发了帖子等了一天就没个反映!!!!!!!!!!
郁闷呀 ... 有高手就借点时间 帮忙看一下呀,期待!!!!
redstone2003 - 2007-3-17 9:37:00
有高手么!!!今天还在等1!
riversky0604 - 2007-3-17 11:44:00
跟我的电脑中毒情形一样,急盼各位大侠执教!

E-mail:riversky0604@sohu.com
redstone2003 - 2007-3-17 12:05:00
你也这样了呀! 哎`可惜没大虾来拯救我们...............
渴望...
网络菜鸟2008 - 2007-3-17 12:09:00
.............
redstone2003 - 2007-3-17 13:58:00
??
redstone2003 - 2007-3-17 17:31:00
都没人来帮忙看一下........
redstone2003 - 2007-3-17 19:26:00
!!!!!!!!!!!!!!
sanjingshou - 2007-3-17 20:10:00
请扫个SRENG日志,贴上来
redstone2003 - 2007-3-18 16:49:00
[CODE]

2007-03-17,16:37:38

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><%SystemRoot%\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService][Stopped/Auto Start]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[winup / windowup][Stopped/Auto Start]
  <C:\WINDOWS\system32\windowsxp><N/A>
redstone2003 - 2007-3-18 16:54:00
请高手帮忙呀!
redstone2003 - 2007-3-18 18:56:00
高手来看一看呀
轩辕小聪 - 2007-3-18 19:01:00
用SREng在“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
[winup / windowup][Stopped/Auto Start]
<C:\WINDOWS\system32\windowsxp><N/A>

重启后删除:
C:\WINDOWS\system32\windowsxp

关闭瑞星监控后,在“添加/删除程序”中卸载Yayad(需联网才能卸载)并删除C:\Program Files\Yayad文件夹,最后重新开启瑞星监控。
redstone2003 - 2007-3-19 19:26:00

第15楼
轩辕小聪 
 


头衔:版主
等级:出神入化
文章:7390
注册:2006-1-9 

谢谢!!!搞定了 1
riversky0604 - 2007-3-22 22:01:00
我也遇到了同样的问题,日志如下,请高人指点!



[复制到剪贴板]
CODE:


2007-03-22,21:23:01

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <pyjj><C:\Program Files\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /installquiet>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <00THotkey><C:\WINDOWS\System32\00THotkey.exe>  [东芝公司]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TFNF5><TFNF5.exe>  [Toshiba Corp.]
    <Tpwrtray><TPWRTRAY.EXE>  [东芝公司]
    <TFncKy><TFncKy.exe /Type 20>  [N/A]
    <TosHKCW.exe><"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe">  [TOSHIBA CORPORATION]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <TouchED><C:\Program Files\TOSHIBA\TouchED\TouchED.Exe>  [东芝公司]
    <assistse><"C:\PROGRA~1\3721\assistse.exe">  [yahoo]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <Device Detector><; DevDetect.exe -autorun>  [N/A]
    <FlashGet><; C:\Program Files\FlashGet\FlashGet.exe /min>  [N/A]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <MS-4011 Memory Patch><; D:\应用程序\杀毒\RavSasser.exe -Patch>  [N/A]
    <RavTimer><; C:\Program Files\rising\Rav\RavTimer.exe>  [N/A]
    <RepliGo Assistant><; "C:\Program Files\RepliGo\RepliGoMon.exe">  [Cerience Corporation]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]

==================================
启动文件夹
[Microsoft Office OneNote 2003 快速启动]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office OneNote 2003 快速启动.lnk --> C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [Microsoft Corporation]><N>
[ADSL超频奇兵 V4.5]
  <C:\Documents and Settings\jianghaozhi\「开始」菜单\程序\启动\ADSL超频奇兵 V4.5.lnk --> C:\PROGRA~1\ADSL超~1.5\ADSLx2.exe [奇兵软件 Worldfax.net]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Mouse Hardware Sync / mousehs][Stopped/Auto Start]
  <C:\WINDOWS\System32\mousehs.exe><N/A>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================




1
查看完整版本: Fire!Fire!Fire! 紧急求救......
© 2000 - 2026 Rising Corp. Ltd.