瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 瑞星打不开了,请版主帮我看看日志

12   1  /  2  页   跳转

瑞星打不开了,请版主帮我看看日志

收藏
WUHAOJI88
头像
健康舞勺狮
  • 帖子:207
  • 注册: 2005-09-02
  • 来自:
发表于: 2008-05-11 14:34 | 只看楼主 短消息 资料
字号: 1楼

瑞星打不开了,请版主帮我看看日志

瑞星打不开了,请版主帮我看看日志,我的电脑昨天安装了电驴,下载了一次文件,就出现瑞星与卡卡上网安全打不开了,还有卡卡论坛也打不开,后我用360杀了一下,能打开瑞星,过了一会又打不开,开始栏上的图标也没有了.上网的时候有的下载网页打不开.请版主帮我看看我的日志.谢谢

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

附件附件:

文件名:SREngLOG.log
下载次数:95
文件类型:application/octet-stream
文件大小:
上传时间:2008-5-11 14:33:55
描述:log
分享到:
gototop
 
WUHAOJI88
头像
健康舞勺狮
  • 帖子:207
  • 注册: 2005-09-02
  • 来自:
发表于: 2008-05-11 14:59 | 只看楼主 短消息 资料
字号: 2楼

回复:瑞星打不开了,请版主帮我看看日志

版主好忙网上要求助的人太多了
gototop
 
WUHAOJI88
头像
健康舞勺狮
  • 帖子:207
  • 注册: 2005-09-02
  • 来自:
发表于: 2008-05-11 19:21 | 只看楼主 短消息 资料
字号: 3楼

回复:瑞星打不开了,请版主帮我看看日志

好心的人多有事情去了吗,急啊各位网友,帮我看看
gototop
 
hongjiaen
头像
初生襁褓狮
  • 帖子:30
  • 注册: 2008-02-25
  • 来自:
发表于: 2008-05-11 20:22 | 短消息 资料
字号: 4楼

回复:瑞星打不开了,请版主帮我看看日志

启动项目

<{6A59145F-315D-BC23-AC1F-145DF81A34A6}><C:\WINDOWS\system32\zyzxfime.dll>  [N/A]
<{22596546-2036-9451-6058-658402589722}><C:\WINDOWS\system32\opshbbty.dll>  [N/A]
<{91698482-6555-3666-1222-954784129019}><C:\WINDOWS\system32\zxptejpg.dll>  [N/A]
<{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll>  [N/A]
<{50AF1289-F140-A140-D012-C1458759FC05}><C:\WINDOWS\system32\ypcqdhlp.dll>  [N/A]
<{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4}><C:\WINDOWS\system32\oohxcbyt.dll>  [N/A]
<{47FD640A-158F-48AC-FD14-1597F14A9774}><C:\WINDOWS\system32\mndsdsrv.dll>  [N/A]
<{4319A1F1-9410-9654-3201-345FFA349134}><C:\WINDOWS\system32\zywmdime.dll>  [N/A]
<{5A041F13-A111-12A3-B0CF-F99818AA68A5}><C:\WINDOWS\system32\zxmsbwin.dll>  [N/A]
<{71954FAC-1023-154F-895A-1458258AD817}><C:\WINDOWS\system32\ypdjebmp.dll>  [N/A]
<{35671234-7890-ABCD-CDEF-567801237653}><C:\WINDOWS\system32\yxcschlp.dll>  [N/A]
<{3C8D1401-A58D-A81C-CD24-A5915C4517C3}><C:\WINDOWS\system32\mnmhcsrv.dll>  [N/A]
<{5490415F-65F8-B5C5-D8BA-9405FB120545}><C:\WINDOWS\system32\yzztemsn.dll>  [N/A]
<{34FAE856-AD58-20CB-A025-CD4895FA6E43}><C:\WINDOWS\system32\pjjxcdwd.dll>  [N/A]
<{4A069845-2036-6084-9054-6087502480A4}><C:\WINDOWS\system32\ozfydbyt.dll>  [N/A]
<{35694105-5108-9405-3695-954187462153}><C:\WINDOWS\system32\mpwdcapi.dll>  [N/A]
<{428DF602-9541-A985-210A-984A698C6F24}><C:\WINDOWS\system32\ptjhdhlp.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\45fghfd.exe]
<IFEO[45fghfd.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\5784sddfgiaa.exe]
<IFEO[5784sddfgiaa.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe]
<IFEO[appdllman.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
<IFEO[auto.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe]
<IFEO[AutoRun.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe]
<IFEO[cross.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dfcxfg.exe]
<IFEO[dfcxfg.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe]
<IFEO[Discovery.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FuckAAAAAAA.exe]
<IFEO[FuckAAAAAAA.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe]
<IFEO[guangd.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe]
<IFEO[kernelwind32.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe]
<IFEO[logogo.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe]
<IFEO[pagefile.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
<IFEO[pagefile.pif]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.Exe]
<IFEO[regedit32.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe]
<IFEO[SDGames.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe]
<IFEO[servet.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
<IFEO[sos.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSDtDiscovery.exe]
<IFEO[SSDtDiscovery.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe]
<IFEO[TNT.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe]
<IFEO[TxoMoU.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U.exe]
<IFEO[U.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe]
<IFEO[UFO.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBoot.exe]
<IFEO[USBoot.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wsyscheck.exe]
<IFEO[Wsyscheck.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe]
<IFEO[XP.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xxxdgfdfg.exe]
<IFEO[xxxdgfdfg.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe]
<IFEO[~.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]

==================================
启动文件夹
==================================
服务
[Windows jxeo RunThem / jxeo][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\eszj\ocjt.dll><N/A>
[NetBI0S / NetBI0S][Running/Auto Start]
<C:\WINDOWS\system32\d4761.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
[Portable Media Serial Number Service / WmdmPmSN][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system\mspmsnsv.dll><N/A>
==================================
驱动程序
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[inok3z / inok3z2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\inok3z2.sys><N/A>
[q6g4 / q6g4e][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\q6g4e.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[XNGAnti / XNGAnti][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys><N/A>
==================================
[]
{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
{5490415F-65F8-B5C5-D8BA-9405FB120545} <C:\WINDOWS\system32\yzztemsn.dll, N/A>
[]
{5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
{6A59145F-315D-BC23-AC1F-145DF81A34A6} <C:\WINDOWS\system32\zyzxfime.dll, N/A>
[]
{71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
[Invoke Class]
{77929B3F-50EB-449b-9982-CAD99180EC0F} <C:\WINDOWS\system32\dd41.dll, >
[]
{91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
{070CA17A-4BD2-4612-83B4-32B1B9159B47} <C:\PROGRA~1\sina\UCLive\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[]
{34FAE856-AD58-20CB-A025-CD4895FA6E43} <C:\WINDOWS\system32\pjjxcdwd.dll, N/A>
[]
{35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A>
[]
{35694105-5108-9405-3695-954187462153} <C:\WINDOWS\system32\mpwdcapi.dll, N/A>
[]
{3C8D1401-A58D-A81C-CD24-A5915C4517C3} <C:\WINDOWS\system32\mnmhcsrv.dll, N/A>
[]
{40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
{428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
{4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
{47FD640A-158F-48AC-FD14-1597F14A9774} <C:\WINDOWS\system32\mndsdsrv.dll, N/A>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[]
{4A069845-2036-6084-9054-6087502480A4} <C:\WINDOWS\system32\ozfydbyt.dll, N/A>
[]
{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
{50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
{5490415F-65F8-B5C5-D8BA-9405FB120545} <C:\WINDOWS\system32\yzztemsn.dll, N/A>
[Thunder5下载]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\ThunderBHONew64.dll, N/A>
[]
{5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
{6A59145F-315D-BC23-AC1F-145DF81A34A6} <C:\WINDOWS\system32\zyzxfime.dll, N/A>
[]
{71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
以上仅供参考
gototop
 
无敌vip
头像
快乐黄口狮
  • 帖子:169
  • 注册: 2007-12-15
  • 来自:
发表于: 2008-05-11 21:22 | 短消息 资料
字号: 5楼

回复: 瑞星打不开了,请版主帮我看看日志

楼主按以下操作:

1. 杀毒前关闭系统还原(Win2000系统可以忽略):右键 我的电脑 ,属性,系统还原,在所有驱动器上关闭系统还原 打勾即可。 
清除IE的临时文件:打开IE 点工具-->Internet选项 : Internet临时文件,点“删除文件”按钮 ,将 删除所有脱机内容 打勾,点确定删除。
关闭QQ等应用程序。进行如下操作前,请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。
2.建议使用XDelBox删除以下文件:(XDelBox1.7下载) http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\WINDOWS\system32\d4761.exe
C:\WINDOWS\system32\vistaAA.exe
C:\Program Files\Windows NT\colbi.dll
C:\WINDOWS\system32\1d1.dll
C:\WINDOWS\system32\zyzxfime.dll
C:\WINDOWS\system32\opshbbty.dll
C:\WINDOWS\system32\zxptejpg.dll
C:\WINDOWS\system32\ypcqdhlp.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\mndsdsrv.dll
C:\WINDOWS\system32\oohxcbyt.dll
C:\WINDOWS\system32\zywmdime.dll
C:\WINDOWS\system32\zxmsbwin.dll
C:\WINDOWS\system32\ypdjebmp.dll
C:\WINDOWS\system32\yxcschlp.dll
C:\WINDOWS\system32\mnmhcsrv.dll
C:\WINDOWS\system32\yzztemsn.dll
C:\WINDOWS\system32\pjjxcdwd.dll
C:\WINDOWS\system32\ozfydbyt.dll
C:\WINDOWS\system32\mpwdcapi.dll
C:\WINDOWS\system32\ptjhdhlp.dll



3.删除重启后使用SREng修复下面各项:
SREng详细操作方法: http://hi.baidu.com/peaset/blog/item/3114a7fb17dd19224e4aeadf.html
    启动项目 -- 注册表之如下项删除:

<{6A59145F-315D-BC23-AC1F-145DF81A34A6}><C:\WINDOWS\system32\zyzxfime.dll>  [N/A]
    <{22596546-2036-9451-6058-658402589722}><C:\WINDOWS\system32\opshbbty.dll>  [N/A]
    <{91698482-6555-3666-1222-954784129019}><C:\WINDOWS\system32\zxptejpg.dll>  [N/A]
    <{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll>  [N/A]
    <{50AF1289-F140-A140-D012-C1458759FC05}><C:\WINDOWS\system32\ypcqdhlp.dll>  [N/A]
    <{4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4}><C:\WINDOWS\system32\oohxcbyt.dll>  [N/A]
    <{47FD640A-158F-48AC-FD14-1597F14A9774}><C:\WINDOWS\system32\mndsdsrv.dll>  [N/A]
    <{4319A1F1-9410-9654-3201-345FFA349134}><C:\WINDOWS\system32\zywmdime.dll>  [N/A]
    <{5A041F13-A111-12A3-B0CF-F99818AA68A5}><C:\WINDOWS\system32\zxmsbwin.dll>  [N/A]
    <{71954FAC-1023-154F-895A-1458258AD817}><C:\WINDOWS\system32\ypdjebmp.dll>  [N/A]
    <{35671234-7890-ABCD-CDEF-567801237653}><C:\WINDOWS\system32\yxcschlp.dll>  [N/A]
    <{3C8D1401-A58D-A81C-CD24-A5915C4517C3}><C:\WINDOWS\system32\mnmhcsrv.dll>  [N/A]
    <{5490415F-65F8-B5C5-D8BA-9405FB120545}><C:\WINDOWS\system32\yzztemsn.dll>  [N/A]
    <{34FAE856-AD58-20CB-A025-CD4895FA6E43}><C:\WINDOWS\system32\pjjxcdwd.dll>  [N/A]
    <{4A069845-2036-6084-9054-6087502480A4}><C:\WINDOWS\system32\ozfydbyt.dll>  [N/A]
    <{35694105-5108-9405-3695-954187462153}><C:\WINDOWS\system32\mpwdcapi.dll>  [N/A]
    <{428DF602-9541-A985-210A-984A698C6F24}><C:\WINDOWS\system32\ptjhdhlp.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\45fghfd.exe]
    <IFEO[45fghfd.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\5784sddfgiaa.exe]
    <IFEO[5784sddfgiaa.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe]
    <IFEO[appdllman.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe]
    <IFEO[AutoRun.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe]
    <IFEO[cross.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dfcxfg.exe]
    <IFEO[dfcxfg.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe]
    <IFEO[Discovery.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FuckAAAAAAA.exe]
    <IFEO[FuckAAAAAAA.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe]
    <IFEO[guangd.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe]
    <IFEO[kernelwind32.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe]
    <IFEO[logogo.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe]
    <IFEO[pagefile.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit32.Exe]
    <IFEO[regedit32.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SDGames.exe]
    <IFEO[SDGames.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe]
    <IFEO[servet.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSDtDiscovery.exe]
    <IFEO[SSDtDiscovery.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TNT.Exe]
    <IFEO[TNT.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TxoMoU.Exe]
    <IFEO[TxoMoU.Exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U.exe]
    <IFEO[U.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UFO.exe]
    <IFEO[UFO.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBoot.exe]
    <IFEO[USBoot.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wsyscheck.exe]
    <IFEO[Wsyscheck.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\XP.exe]
    <IFEO[XP.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xxxdgfdfg.exe]
    <IFEO[xxxdgfdfg.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe]
    <IFEO[~.exe]><C:\WINDOWS\system32\vistaAA.exe>  [N/A]

启动项目 -- 服务 -- Win32服务应用程序之如下项删除:

[NetBI0S / NetBI0S][Running/Auto Start]
  <C:\WINDOWS\system32\d4761.exe><Microsoft Corporation>

启动项目 -- 服务-- 驱动程序之如下项删除:
[HapDrv32 / HapDrv32][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\hapdrv2.sys><N/A>
[inok3z / inok3z2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\inok3z2.sys><N/A>
[q6g4 / q6g4e][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\q6g4e.sys><N/A>
[XNGAnti / XNGAnti][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys><N/A>

系统修复-- 浏览器加载项之如下项删除:
[]
  {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {5490415F-65F8-B5C5-D8BA-9405FB120545} <C:\WINDOWS\system32\yzztemsn.dll, N/A>
[]
  {5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
  {6A59145F-315D-BC23-AC1F-145DF81A34A6} <C:\WINDOWS\system32\zyzxfime.dll, N/A>
[]
  {71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
[Invoke Class]
  {77929B3F-50EB-449b-9982-CAD99180EC0F} <C:\WINDOWS\system32\dd41.dll, >
[]
  {91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
[]
  {22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
  {34FAE856-AD58-20CB-A025-CD4895FA6E43} <C:\WINDOWS\system32\pjjxcdwd.dll, N/A>
[]
  {35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A>
[]
  {35694105-5108-9405-3695-954187462153} <C:\WINDOWS\system32\mpwdcapi.dll, N/A>
[]
  {3C8D1401-A58D-A81C-CD24-A5915C4517C3} <C:\WINDOWS\system32\mnmhcsrv.dll, N/A>
[]
  {40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
  {428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
  {4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
  {47FD640A-158F-48AC-FD14-1597F14A9774} <C:\WINDOWS\system32\mndsdsrv.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[]
  {4A069845-2036-6084-9054-6087502480A4} <C:\WINDOWS\system32\ozfydbyt.dll, N/A>
[]
  {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {5490415F-65F8-B5C5-D8BA-9405FB120545} <C:\WINDOWS\system32\yzztemsn.dll, N/A>
[]
  {5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
  {6A59145F-315D-BC23-AC1F-145DF81A34A6} <C:\WINDOWS\system32\zyzxfime.dll, N/A>
[]
  {71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
[Invoke Class]
  {77929B3F-50EB-449B-9982-CAD99180EC0F} <C:\WINDOWS\system32\dd41.dll, >
[]
  {91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>

打开 SREng ,依次点击“系统修复”->“HOSTS文件”->重置->确定
引用:
清理系统临时文件和IE临时文件夹     
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://client.download.duba.net/KASSetup_10_1.EXE
下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip
最后编辑无敌vip 最后编辑于 2008-05-11 21:24:15
gototop
 
宝玉兰
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2008-05-12
  • 来自:
发表于: 2008-05-12 10:16 | 短消息 资料
字号: 6楼

回复:瑞星打不开了,请版主帮我看看日志

我是菜鸟,看不懂,原以为有了杀软不用愁了,可现在连杀软也病了,太痛苦了!
gototop
 
日不懂啊
头像
叱咤花甲狮
  • 帖子:14337
  • 注册: 2007-03-08
  • 来自:江苏南京
发表于: 2008-05-12 10:22 | 短消息 资料
字号: 7楼

回复 6F 宝玉兰 的帖子

他们给出的方法是手工杀毒的流程~

如果你做不来,看不懂,那么可以把系统盘的重要资料备份下,重新安装系统~

或者把硬盘拆下,挂到正常机器作为辅盘。用完好的瑞星杀软清除病毒。
你这个病毒,我在前几天已经上报给瑞星,没记错的话,20.43之后的版本都可以查杀了
友情连接:www.jiake168.com(获得国家专利的私家车车身广告官网)
邮箱:571wind@163.com(只收样本)
gototop
 
风之子0
头像
拙长孩提狮
  • 帖子:93
  • 注册: 2008-05-05
  • 来自:
发表于: 2008-05-12 10:30 | 短消息 资料
字号: 8楼

回复:瑞星打不开了,请版主帮我看看日志

看我 发的 帖子,有解决办法,试试吧。
gototop
 
WUHAOJI88
头像
健康舞勺狮
  • 帖子:207
  • 注册: 2005-09-02
  • 来自:
发表于: 2008-05-14 19:34 | 只看楼主 短消息 资料
字号: 9楼

回复:瑞星打不开了,请版主帮我看看日志

谢谢各位网友,我现在就去试
gototop
 
WUHAOJI88
头像
健康舞勺狮
  • 帖子:207
  • 注册: 2005-09-02
  • 来自:
发表于: 2008-05-14 22:56 | 只看楼主 短消息 资料
字号: 10楼

回复 1F WUHAOJI88 的帖子

各位网友,这是我现在的日志,电脑还是有毒,要解压缩后杀毒  [CODE]

2008-05-14,22:16:09

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <DAEMON Tools><"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <360Safetray><D:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [奇虎网]
    <360Antiarp><D:\Program Files\360safe\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <fmsiocps><C:\WINDOWS\fmsiocps.exe>  [N/A]
    <LoveHebeAA><C:\WINDOWS\system32\vistaAA.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <77eb><rundll32 "C:\WINDOWS\Downlo~1\77eb.dll",Run>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosdohs00.dll,ieprot.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\微软绿~1.SCR>  [Microsoft]
最后编辑WUHAOJI88 最后编辑于 2008-05-14 23:03:32
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT