图片放不上来,一点插入图片窗口就死了,
中了威金的......
结束以下进程,注册表中搜索删除这些文件对应的项目,并删除这些文件: C:\PROGRA~1\svhost32.exe C:\WINDOWS\system32\svch0st.exe(数字0哟) C:\WINDOWS\system32\11660880782.exe C:\WINDOWS\wuauclt.exe 修复: O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKCU\..\Run: [kavshell] C:\WINDOWS\system32\svch0st.exe 修复O20 - AppInit_DLLs: 49400M.BMP,搜索删除49400M.BMP文件; 用SREng删除服务O23 - Service: msndns - Unknown owner - C:\WINDOWS\msn.exe 注册表搜索删除C:\WINDOWS\msn.exe的项目,最后删除些文件; 同样处理O23 - Service: Windows_rejoice - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe
谢谢啦,,我按你说的删了几个,修复了,还用橙色八月杀了11个毒,那些软件可以打开了。弹网页的还是会出来,用了360,兔子,还有ewdio卸载都没用, 重新扫了个日志,帮看下,,谢谢! 注明:20项 49400.bmp修复失败
还有注册表里找不到 C:\WINDOWS\msn.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe
20项 49400.bmp修复失败-----注册表搜索AppInit_DLLs,删除对应的49400.bmp值; 还有注册表里找不到 C:\WINDOWS\msn.exe(找不到就拉倒:lol ) C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe(服务删除先) 然后再扫SREng日志看看
:'( 你还笑的出来又发作了,我都不敢开网页啦, SREng日志扫了,等我发你,服务都删了,
2006-12-14,22:01:16
System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) www.dngz.net Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation] <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.] <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.] <Ljx2><C:\WINDOWS\inf\rundll32.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> [N/A] <IceSword><C:\WINDOWS\system32\ipocnfig.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows],
<AppInit_DLLs><49400M.BMP> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller] <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart] <C:\WINDOWS\system32\ati2sgag.exe><> [E861F2CC / E861F2CC] <C:\WINDOWS\system32\E861F2CC.EXE -service><Microsoft Corporation> [Human Interface Device Access / HidServ] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [SoundMAX Agent Service / SoundMAX Agent Service (default)] <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.> [Windows DHCP Service / WinDHCPsvc] <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation> ================================== 驱动程序 [aeaudio / aeaudio] <system32\drivers\aeaudio.sys><Andrea Electronics Corporation> [ati2mtag / ati2mtag] <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [Rising TDI Base Driver / BaseTDI] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [GWIOPM / GWIOPM] <\?\D:\Windows优化大师\GWIOPM.sys><N/A> [HookUrl / HookUrl] <\?\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [MidiSyn / MidiSyn]dngz.net
<system32\drivers\MidiSyn.sys><Analog Devices Inc> [mProcRs / mProcRs] <\?\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [Netgroup Packet Filter / NPF] <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt] <\?\D:\QQ\npkcrypt.sys><N/A> [Direct Parallel Link Driver / Ptilink] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware] <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising> [RsFwDrv / RsFwDrv] <\?\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [Secdrv / Secdrv] <system32\DRIVERS\secdrv.sys><N/A> [smwdm / smwdm] <system32\drivers\smwdm.sys><Analog Devices, Inc.> [System SSDP Services / SysDrver] <\?\C:\WINDOWS\system32\oQtGnAbL.sys><N/A> ================================== 浏览器加载项 [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A> [MallObj Class] {3B30B48F-617D-4F73-A20F-D3D54357F103} <C:\WINDOWS\system32\mallgoo2.dll, 上海奥德易海科技> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.> [] {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} <C:\WINDOWS\system32\cnwin.dll, N/A> ================================== 正在运行的进程 [PID: 600][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 本文来自(www.dngz.net) [PID: 664][\?\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 692][\?\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4110] [C:\WINDOWS\system32\httppai.dll] [N/A, N/A] [PID: 744][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 756][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 928][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 948][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1144][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1200][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1284][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1404][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33] [C:\WINDOWS\49400M.BMP] [N/A, N/A].
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21] [c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4] [c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 1520][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 1636][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\WINDOWS\system32\httppai.dll] [N/A, N/A] [PID: 1844][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 244][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 644][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 1648][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 欢迎来到(www.dngz.net) [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1360][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1500][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 112][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 4, 0, 4, 11] [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Device, Inc., 1, 0, 22, 26] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1332][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 2372][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [C:\WINDOWS\system32\mallgoo2.dll] [上海奥德易海科技, 1, 0, 2, 0] [PID: 632][H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172] [H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 824][C:\WINDOWS\regedit.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 2604][C:\Documents and Settings\wx\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] [C:\WINDOWS\49400M.BMP] [N/A, N/A] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] ; .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ==================================气死了,好容易写完了,发表结果找不到服务器:Q ,气死了
不是吧,好多?直接发我QQ上也可以的撒,191248617
注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]中删除这项: <Ljx2><C:\WINDOWS\inf\rundll32.exe> [N/A](并删除对应文件,下同) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> [N/A] <IceSword><C:\WINDOWS\system32\ipocnfig.exe> [N/A](竟然标Icesword,查却没有) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><49400M.BMP> [N/A] 保险起见,注册表完整搜索以上对应文件,如有也删除; 此二服务删除: [E861F2CC / E861F2CC] <C:\WINDOWS\system32\E861F2CC.EXE -service><Microsoft Corporation>(同样删除对应文件及其注册表项目) [Windows DHCP Service / WinDHCPsvc] <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation> (参看http://www.dngz.net/bbs/thread-126466-1-0.html) 驱动没完全仔细看,就这个觉得可疑: [System SSDP Services / SysDrver] <\?\C:\WINDOWS\system32\oQtGnAbL.sys><N/A> 本文来自(www.dngz.net) 同样删除对应文件及其注册表项目,可能要用到Icesword; 这三个文件: [C:\WINDOWS\system32\httppai.dll] [N/A, N/A](我机器上没有) [C:\WINDOWS\49400M.BMP] (已经知道了吧) [C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A](上边链接里提到了) 修复文件关联错误: .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1]
好郁闷。icesword删不了,还要找工具删他们