瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【救命呀】关闭任何程序都弹出对话框“...该内存不能为read”

1   1  /  1  页   跳转

【救命呀】关闭任何程序都弹出对话框“...该内存不能为read”

收藏
charisdw
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2005-06-07
  • 来自:
发表于: 2006-12-19 09:42 | 显示全部 短消息 资料
字号: 1楼

【救命呀】关闭任何程序都弹出对话框“...该内存不能为read”

问题描述:

1.打开任何程序都没有问题,基本可以正常运行;

2.关闭程序时就会弹出对话框,提示如下:

“0x00000000”指令引用的“0x00000000”内存。该内存不能为“read”。
  要终止程序,请单击“确定”
  要调试程序,请单击“取消”

3.不能删除电脑文件——选中文件,按Delete或Shift+Delete,会弹出跟第2条一样的对话框,且文件不被删除。

4.关机时弹出对话框,提示如下:

  应用程序发生异常unknown software exception (0x80000004),位置为0x00000000。
        要终止程序,请单击“确定”
        要调试程序,请单击“取消”
最后编辑2006-12-19 10:51:31
分享到:
gototop
 
charisdw
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2005-06-07
  • 来自:
发表于: 2006-12-19 09:47 | 显示全部 短消息 资料
字号: 2楼

下面是几个扫描报告
1.ewido anti-spyware
2.HijackThis

---------------------------------------------------------
ewido anti-spyware - 扫描报告
---------------------------------------------------------

+ 创建时间:14:36:43 2006-12-18

+ 扫描结果:



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPNJDK10\ad[1].htm -> Downloader.Agent.m : 已清除并备份(已隔离).
C:\Program Files\Common Files\Real\CNNIC\setup-real.exe -> Dropper.Agent.ays : 已清除并备份(已隔离).
C:\Program Files\Rising\KakaToolBar\Ras.exe -> Heuristic.Win32.HostFile : 已忽略..




------------------------------
------------------------------

2.Logfile of HijackThis v1.99.1
Scan saved at 8:19:48, on 2006-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Rising\KakaToolBar\runiep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\soft\System Repair Engineer\SREng2\SREng.exe
E:\soft\系统扫描\HijackThis1.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] C:\软件安装\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\软件安装\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\自定义文件夹\g\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ewido] C:\Program Files\ewido anti-spyware 4.0\ewido.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [POPO2004] C:\软件安装\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hz0752.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148431163671
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB8949C-FA4B-43FC-82F0-55419D669FA8}: NameServer = 192.168.0.1,202.102.192.68
O23 - Service: 3 -  - (no file)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite guard - Anti-Malware Development a.s. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
charisdw
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2005-06-07
  • 来自:
发表于: 2006-12-19 10:01 | 显示全部 短消息 资料
字号: 3楼

打了魔波的补丁就行了吗?不需要做其他的了?

跟网上描述的中魔波病毒的症状比较了一下,怎么觉得跟我的电脑症状不太一样呢?
gototop
 
charisdw
头像
初生襁褓狮
  • 帖子:38
  • 注册: 2005-06-07
  • 来自:
发表于: 2006-12-19 11:00 | 显示全部 短消息 资料
字号: 4楼

还是不行,是不是我弄错了?
下面是新扫描的日志
谢谢!


Logfile of HijackThis v1.99.1
Scan saved at 10:34:09, on 2006-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Rising\KakaToolBar\runiep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
E:\soft\系统扫描\HijackThis1.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] C:\软件安装\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\软件安装\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\自定义文件夹\g\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ewido] C:\Program Files\ewido anti-spyware 4.0\ewido.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [POPO2004] C:\软件安装\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\KakaToolBar\runiep.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hz0752.net
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148431163671
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB8949C-FA4B-43FC-82F0-55419D669FA8}: NameServer = 192.168.0.1,202.102.192.68
O23 - Service: 3 -  - (no file)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ewido security suite guard - Anti-Malware Development a.s. - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT