123   2  /  3  页   跳转

XP开机后不能显示桌面【求助】

收藏
永远的世界杯
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-02
  • 来自:
发表于: 2007-02-12 16:52 | 只看楼主 短消息 资料
字号: 11楼

引用:
【烂笔头1的贴子】我以前也有打不开过,我是用sreng修复的,运行sreng2时它会提示你哪个值不正常,就照着改一下,
………………

我也试过sreng2了,提示的不正常值都改过了,但还是不行!!现在笔记本还是在家放着,为了彻底将这个问题搞清楚,所以就不重装系统,而且也想帮大家把这个事弄明白了!
gototop
 
logicl
头像
自信弱冠狮
  • 帖子:503
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-02-12 16:55 | 短消息 资料
字号: 12楼

扫份日志上来,把日志中的报告完整拷贝贴上来,不要修改.一次贴不完,分几次贴.

注意:在扫描日志之前把一些不必要程序(如:QQ,MSN,浩方等一些游戏平台)关闭.
gototop
 
永远的世界杯
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-02
  • 来自:
发表于: 2007-02-13 08:48 | 只看楼主 短消息 资料
字号: 13楼

这是用hijackthis工具搜集的日志:
Logfile of HijackThis v1.99.1
Scan saved at 上午 11:29:27, on 2007/1/31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\MKBBB1.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\sichijackthis\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: 孵俁寯蚴敜鱉9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE (file missing)
O9 - Extra 'Tools' menuitem: 孵俁寯蚴敜鱉9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE (file missing)
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: 棵啪 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~2\XDictExB.dll
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\google\google desktop search\googledesktopnetwork1.dll' missing
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {564376A6-3381-4BD3-8148-EE31B132E89A} (HyCryptoAPI Class) - http://ksfoa:7001/include/ActiveX/HyCAPI.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://www16.masterlink.com.tw/trade2000/FSCAPIATL.cab
O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/PasswordMD5ClientCOM.cab
O16 - DPF: {653C447E-F3A0-4206-BACF-37AEDDA9D2E5} (EnumCert Class) - http://132.147.70.100:7001/include/ActiveX/HyEnumCert.cab
O16 - DPF: {723D961D-E7DC-4D2B-B695-17A81663EAE8} (Crypt Class) - https://trade1.masterlink.com.tw/trade/WCrypt.cab
O16 - DPF: {8B6CF9FA-47D6-4BBC-B5F9-725391D4827C} (SignedData Class) - http://132.147.70.100:7001/include/ActiveX/P7Signing.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B7CF8DF2-672C-4F74-944D-0F4E75DE576D} (SignMessage Class) - http://132.147.70.100:7001/include/ActiveX/HySignMessage.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O17 - HKLM\Software\..\Telephony: DomainName = dxzb.tinghsin.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6C2289-F6B4-4B8D-8FD6-6838C849E1CC}: NameServer = 132.147.70.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4171E96-6FC9-4D24-BDEC-A2EF003C5C56}: NameServer = 132.147.70.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~2\XDictExB.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: OfficeScanNT 妗奀禸鏡 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 跺?滅鳶? (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT 淈泭最唗 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
gototop
 
永远的世界杯
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-02
  • 来自:
发表于: 2007-02-15 11:52 | 只看楼主 短消息 资料
字号: 14楼

谁可以分析一下日志吗?
gototop
 
zhangmaj
头像
初生襁褓狮
  • 帖子:143
  • 注册: 2007-01-26
  • 来自:
发表于: 2007-02-15 11:59 | 短消息 资料
字号: 15楼

C:\WINDOWS\TEMP\MKBBB1.EXE删除 然后用诊断模式试试 进去后清理下流氓软件 再不行扫SR2
gototop
 
永远的世界杯
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-02
  • 来自:
发表于: 2007-02-16 09:13 | 只看楼主 短消息 资料
字号: 16楼

引用:
【zhangmaj的贴子】C:\WINDOWS\TEMP\MKBBB1.EXE删除 然后用诊断模式试试 进去后清理下流氓软件 再不行扫SR2
………………

这个“C:\WINDOWS\TEMP\MKBBB1.EXE”不是病毒。是趋势科技Watchdog文件,用于终止那些尝试终止实时扫描进程的恶意进程,以保证实时扫描进程正常运行。
gototop
 
皮皮宝儿
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-11
  • 来自:
发表于: 2007-02-16 09:21 | 短消息 资料
字号: 17楼

我的电脑也,但我的不是笔记本电脑!郁闷死了!我连任务管理器都弄不出来
gototop
 
☆寒星☆
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-16
  • 来自:
发表于: 2007-02-16 10:15 | 短消息 资料
字号: 18楼

1、在“开始”“运行”处输入regedit,启动注册表,找到下面路径,如果shell下没有explorer.exe那就自己鼠标右键新建一个explorer.exe即可
路径: \HKEY_LOCAL_MACHINE\SOFTWARE\Micrososft\Windows NT\CurrentVersion\Winlogon 
看看有没有shell这个值,没有新建一个字符串命名为shell数值数据就是Explorer.exe就行
如果手动加载也不行的话,可能是Explorer.exe文件坏了,到别人的电脑上复制一个回来就行了。拷贝到c:\windows下
可以一劳永逸 PS:查了下资料,有个人说MM杀客对explorer.exe有屏蔽作用.....(我就不多说什么了,..)
用这个方法试一下有事找我QQ276592839或发邮件给我colderstars@163.com
gototop
 
☆寒星☆
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-16
  • 来自:
发表于: 2007-02-16 10:15 | 短消息 资料
字号: 19楼

顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!顶!!!!!!!!
gototop
 
☆寒星☆
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-02-16
  • 来自:
发表于: 2007-02-16 10:18 | 短消息 资料
字号: 20楼

进安全模式,点最后一次正确配置,看能不能进
或是用关盘或是U盘启动杀毒下
用系统盘修复试试。
gototop
 
<<上一主题|下一主题>>
123   2  /  3  页   跳转
页面顶部
Powered by Discuz!NT