瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 这些毒 烦死 了AdWare.Win32.Cinmus.cgg
パ卦°榊話李靖 - 2008-7-18 17:59:00
刚附件错了  大家再帮我看看哦 谢谢 致敬这些毒 烦死 了AdWare.Win32.Cinmus.cgg
l :AdWare.Win32.Cinmus.cgg
2:RootKit.Win32.Mie.a
3:AdWare.Win32.Stdup.w
4:Trojan.Win32.Undef.fdv
5:AdWare.Win32.Stdup.aa
6:AdWare.Win32.Stdup.aa
7.:AdWare.Win32.Stdup.ae
杀了一次 重新启动已经存在搞的一会一掉线
哥哥姐姐们]帮帮忙

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

附件: SREngLOG.log
已成过去 - 2008-7-18 18:40:00
第一:LZ你卡吗??正在运行的程序哪里我实在不知道怎么弄了。。
第二:本人已经有三个月没有看过日记了。。
第三:正因为太久没看了。。至于处理。。希望高手来吧。。我看了看日记。。把看的给贴出来吧。。。


注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  <{40940F85-F015-14F1-A05F-F69858AC6D04}><>  [N/A]
    <{71954FAC-1023-154F-895A-1458258AD817}><>  [N/A]
    <{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:\WINDOWS\TEMP\datA.tmp>  [File is missing]
    <{37FD640A-158F-48AC-FD14-1597F14A9773}><>  [N/A]
    <{6A59145F-315D-BC23-AC1F-145DF81A34A6}><>  [N/A]
    <{50AF1289-F140-A140-D012-C1458759FC05}><C:\WINDOWS\system32\ypcqdhlp.dll>  [File is missing]
    <{6490415F-65F8-B5C5-D8BA-9405FB120546}><>  [N/A]
  <{73BA45AF-FAAA-CDDD-BEEE-BCDE1234AB37}><>  [N/A]
    <{91698482-6555-3666-1222-954784129019}><>  [N/A]
    <{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4}><>  [N/A]
    <{34FAE856-AD58-20CB-A025-CD4895FA6E43}><>  [N/A]
    <{7490415F-65F8-B5C5-D8BA-9405FB120547}><>  [N/A]
    <{35694105-5108-9405-3695-954187462153}><>  [N/A]
    <{428DF602-9541-A985-210A-984A698C6F24}><>  [N/A]
    <{4A069845-2036-6084-9054-6087502480A4}><>  [N/A]
    <{8A59145F-315D-BC23-AC1F-145DF81A34A8}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ati2evxx.exe]
    <IFEO[ati2evxx.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
    <IFEO[esafe.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idag.exe]
    <IFEO[idag.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
    <IFEO[kaccore.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
    <IFEO[KPPMain.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
    <IFEO[KVFW.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE]
    <IFEO[OllyDBG.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE]
    <IFEO[OllyICE.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
    <IFEO[procexp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe]
    <IFEO[qqsc.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtool.exe]
    <IFEO[ravtool.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe]
    <IFEO[regtool.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exeFYFireWall.exe]
    <IFEO[rfwproxy.exeFYFireWall.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <IFEO[rfwstub.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinDbg.exe]
    <IFEO[WinDbg.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)M










驱动程序
[00205577 / 00205577][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\00205577.sys><N/A>
[44671 / 44671][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\44562.sys><Driver>
[48171 / 48171][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\48125.sys><Driver>
[53375 / 53375][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\53296.sys><Driver>
[Atixeve23062 / Atixeve23062][Stopped/Manual Start]
  <\??\C:\WINDOWS\TEMP\~wxp2ins.781.tmp><N/A>
[Atixeve29484 / Atixeve29484][Stopped/Manual Start]
  <\??\C:\WINDOWS\TEMP\~wxp2ins.281.tmp><N/A>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[vlga4j / vlga4jy][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vlga4jy.sys><N/A>
[wemegsi / wemegsi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\wemegsi.sys><N/A>












浏览器加载项
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {7A59145F-315D-BC23-AC1F-145DF81A34A7} <C:\WINDOWS\system32\zyzxgime.dll, N/A>
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {7A59145F-315D-BC23-AC1F-145DF81A34A7} <C:\WINDOWS\system32\zyzxgime.dll, N/A>
非拉鐵非 - 2008-7-18 19:14:00
LZ您好,我已经仔细阅读并分析过您的问题,希望通过以下步骤可以帮到您

1、你的瑞星已经被病毒劫持,很多组件已经被病毒替换,先用下【附件】,将杀毒软件升级到最新版本,断开网络连接,全盘彻底查杀病毒
2、如果无效,只能卸载当前杀软,重新安装,升级到最新版本查杀
如果没有杀软可以下载瑞星杀毒软件免费版http://rsdownload.rising.com.cn/for_down/rsfree/ravfree08.exe
3、使用卡卡上网安全助手6.0一键搞定
下载地址http://download.rising.com.cn/for_down/kakatool/KaKaSetupv6.exe

如果您的问题没有得到解决,请及时跟帖反馈,我们会在第一时间跟进您的问题
如果您的问题已经得到解决,请将问题标题前置【已解决】,感谢您的理解

附件: 修复应用程序劫持项.zip

附件: 木马群专杀及修复.zip

附件: 橙色八月专杀.zip
パ卦°榊話李靖 - 2008-7-19 19:04:00
那我试试 谢谢了:default5:
1
查看完整版本: 这些毒 烦死 了AdWare.Win32.Cinmus.cgg
© 2000 - 2026 Rising Corp. Ltd.