金山毒霸运行不了,重装失败,出现如下信息:
[2008/3/24 18:22:1] Start SetupWizard on INSTALL mode for Kingsoft Internet Security Suit.
[RegisterComponents] ...
Failed: Register C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Flash.OCX with result #5.
Successfully: Register C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEvent.DLL with result #0.
[RegisterServers_DB] ...
Successfully: Register BootClean with result #0.
Successfully: [WRITE REGISTRY] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KavPFW="C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVPFW.exe" with result #0.
Successfully: [WRITE REGISTRY] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KavStart="C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup with result #0.
Successfully: Register KISSvc server with result #0.
Successfully: Register KWatch server with result #0.
Failed: Register KPfwSvc server with result #-2147467259.
[StartService_PFW] ...
Successfully: LaunchAppEx for C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE -r successfully.
Failed: Exit code from C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE is -2147467259.
[StartService_DB] ...
Successfully: LaunchAppEx for C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE /start successfully.
Successfully: Exit code from C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE is 0.
Successfully: LaunchAppEx for C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.exe /start successfully.
Failed: Exit code from C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.exe is -2147467259.
Successfully: Launch C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KavStart.exe successfully.
处理方法(删除文件及其余处理的具体方法,参见《怎样根据SREng日志的分析报告清除病毒 》):
1、删除文件:
c:\documents and settings\user\local settings\temp\dat117.tmp
c:\documents and settings\user\local settings\temp\dat1a3.tmp
c:\documents and settings\user\local settings\temp\tmp115.tmp
c:\documents and settings\user\local settings\temp\tmp143.tmp
c:\documents and settings\user\local settings\temp\tmp1a7.tmp
c:\documents and settings\user\local settings\temp\usbcams3.sys
c:\documents and settings\user\local settings\temp\usbhcid.sys
c:\documents and settings\all users\「开始」菜单\程序\启动\atisrv.exe
c:\program files\internet explorer\plugins\newsys55.sys
c:\windows\avpsrv.exe
c:\windows\cmdbcs.exe
c:\windows\dbghlp32.exe
c:\windows\jymerhwt.exe
c:\windows\kvsc3.exe
c:\windows\msccrt.exe
c:\windows\msimms32.exe
c:\windows\shaproc.exe
c:\windows\system32\avpsrv.dll
c:\windows\system32\cedafb.dll
c:\windows\system32\d3d9_32.dll
c:\windows\system32\dbghlp32.dll
c:\windows\system32\dezodc.dll
c:\windows\system32\drivers\adprot.sys
c:\windows\system32\drivers\mselk.sys
c:\windows\system32\drivers\msosfpids32.sys
c:\windows\system32\eohsom.dll
c:\windows\system32\hfrdzx.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\kqihvi.dll
c:\windows\system32\msimms32.dll
c:\windows\system32\msosiocp.dll
c:\windows\system32\mswmgog32.dll
c:\windows\system32\pahzij.dll
c:\windows\system32\roamaf.dll
c:\windows\system32\rpxoqq.dll
c:\windows\system32\setup\en_1072.bin
c:\windows\system32\taijoad.dll
c:\windows\system32\tsqc.dll
c:\windows\system32\vfxedn.dll
c:\windows\system32\wpeocz.dll
c:\windows\system32\wpybvn.dll
c:\windows\system32\wqzymf.dll
c:\windows\system32\ygxeaq.dll
c:\windows\system32\zjydcx.dll
c:\windows\system32a2.sys
c:\windows\tciocp32.exe
c:\windows\upxdnd.exe
c:\windows\winsvr32.exe
c:\windows\wsockdrv32.exe
c:\windows\system32\dxdlg.exe
c:\windows\system32\lyleador.exe
c:\windows\system32\lyloadar.exe
c:\windows\system32\lyloadbr.exe
c:\windows\system32\lyloadhr.exe
c:\windows\system32\lyloadmr.exe
c:\windows\system32\lyloador.exe
c:\windows\system32\lyloadqr.exe
2.使用SREng修复下面各项:
启动项目 -- 注册表之如下项删除:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<kjsygmqe><C:\WINDOWS\jymerhwt.exe>
<SHAProc><C:\WINDOWS\SHAProc.exe>
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe>
<msccrt><C:\WINDOWS\msccrt.exe>
<tciocp32><C:\WINDOWS\tciocp32.exe>
<cmdbcs><C:\WINDOWS\cmdbcs.exe>
<Kvsc3><C:\WINDOWS\Kvsc3.exE>
<WINSvr32><C:\WINDOWS\WINSvr32.exE>
<upxdnd><C:\WINDOWS\upxdnd.exe>
<AVPSrv><C:\WINDOWS\AVPSrv.exE>
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe>
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DXDLG32><DXDLG.exe>
<MSDWG32><LYLoadbr.exe>
<MSDCG32 ><LYLeador.exe>
<MSDOG32><LYLoador.exe>
<MSDSG32><LYLoadar.exe>
<MSDMG32><LYLoadmr.exe>
<MSDHG32><LYLoadhr.exe>
<MSDQG32><LYLoadqr.exe> 据以前的经验,这几个LYL打头的文件可能不会都同时存在
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:\DOCUME~1\user\LOCALS~1\Temp\dat117.tmp>
<{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll>
<{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll>
<{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zjydcx.dll>
<{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll>
<{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><C:\WINDOWS\system32\hfrdzx.dll>
启动项目 -- 启动文件夹之如下项删除:
[AtiSrv] <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AtiSrv.exe>
启动项目 -- 服务-- 驱动程序之如下项删除:
[ADProt / ADProt] <\SystemRoot\system32\drivers\ADProt.sys>
[R2A / R2A] <\??\C:\WINDOWS\system32a2.sys>
[Sc Manager / Sc Manager] <\??\C:\DOCUME~1\user\LOCALS~1\Temp\usbcams3.sys>
[msert / msert] <system32\drivers\mselk.sys>
[iCafe Manager / iCafe Manager] <\??\C:\DOCUME~1\user\LOCALS~1\Temp\usbhcid.sys>
[fpids32 / fpids32] <\??\C:\WINDOWS\system32\drivers\msosfpids32.sys>
[dohs / dohs] <\??\C:\DOCUME~1\user\LOCALS~1\Temp\tmp1A7.tmp>
其中C:\DOCUME~1\user\LOCALS~1\Temp即c:\documents and settings\user\local settings\temp
如果嫌麻烦,建议先下载windows清理助手清理恶意软件清理(http://www.arswp.com/download/arswp/arswp.rar )。
另外,并不是说所有出现上面金山运行不了和安装失败的情况全是病毒引起,也可能是金山毒霸程序的问题,更新也许就解决了,当然本例的电脑中病毒、木马是不少的。
>> 除非说明均为原创,如转载请注明来源于http://www.stormcn.cn/post/50.html
