瑞星卡卡安全论坛

开机后绿伞变成红伞  刚升完级 是绿伞  在查完毒  重起之后  绿伞就变成红伞了~ 各位高手帮助一下 谢谢了~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 17:36:44, on 2006-6-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HFEE\SVOHOST.EXE
C:\WINDOWS\Explorer.EXE
f:\软件备份\rising\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VKTServ.exe
C:\WINDOWS\system32\msime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\explorer.exe
F:\软件备份\瑞星\Rising\Rav\RavTask.exe
f:\软件备份\rising\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\ctfmon.exe
F:\软件备份\瑞星\Rising\Rav\Ravmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
F:\软件备份\广电认证.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: (no name) - {046167AA-53C2-4576-B362-291D9E852269} - C:\WINDOWS\system32\BBDown.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ腾讯\QQIEHelper.dll
O2 - BHO: Ad Class - {812886BE-AB50-4EAE-92CF-9AD63437E3EF} - C:\WINDOWS\SeAd\SeAd43a12905.dll (file missing)
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SEDMAD] D:\电影\神话\PP\tmp\dmad.exe "-sedmreg"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [explorer.exe] C:\Program Files\explorer.exe
O4 - HKLM\..\Run: [RavTask] "F:\软件备份\瑞星\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskMon] C:\WINDOWS\system32\TaskMon.exe
O4 - HKCU\..\Run: [MakeLove.exe] C:\WINDOWS\system32\MakeLove.exe
O8 - Extra context menu item: &使用迅雷下载 - F:\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\迅雷\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ腾讯\AddToNetDisk.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ腾讯\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ腾讯\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ腾讯\SendMMS.htm
O9 - Extra button: pp点点通 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - D:\电影\电影软件\VPP\Pp.exe (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ腾讯\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ腾讯\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ腾讯\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ腾讯\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.ruyi.com/plugin/PowerPlr.ocx
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O20 - AppInit_DLLs: KB49400M.LOG
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\软件备份\rising\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\软件备份\rising\rising\rfw\rfwsrv.exe

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

修复
O1 - Hosts: 202.85.22.10 bbs.100free.net
O1 - Hosts: 202.85.22.10 100free.net
O1 - Hosts: 202.85.22.10 www.100free.net
O2 - BHO: (no name) - {046167AA-53C2-4576-B362-291D9E852269} - C:\WINDOWS\system32\BBDown.dll
O2 - BHO: Ad Class - {812886BE-AB50-4EAE-92CF-9AD63437E3EF} - C:\WINDOWS\SeAd\SeAd43a12905.dll (file missing)
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O4 - HKLM\..\Run: [SEDMAD] D:\电影\神话\PP\tmp\dmad.exe "-sedmreg"
O4 - HKLM\..\Run: [explorer.exe] C:\Program Files\explorer.exe
O20 - AppInit_DLLs: KB49400M.LOG

删除
C:\WINDOWS\system32\BBDown.dll
C:\Program Files\explorer.exe
KB49400M.LOG(搜索一下 一般在C:\WINDOWS\)


O4 - HKLM\..\Run: [SEDMAD] D:\电影\神话\PP\tmp\dmad.exe "-sedmreg"
电影 不可能自启动吧 这什么玩意?

C:\WINDOWS\system32\BBDown.dll
KB49400M.LOG
这两个磁盘保护怎麽删啊    电影那是个文件夹名

C:\WINDOWS\system32\BBDown.dll
KB49400M.LOG
这两个不能删除  磁盘保护

安全模式 ...干掉他们...

KB49400M  这个还是不能删  还是红色的伞 还开启不了啊~``

还用再重装瑞星吗？

重装一次...

Logfile of HijackThis v1.99.1
Scan saved at 18:29:37, on 2006-6-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
f:\软件备份\rising\rising\rfw\rfwsrv.exe
C:\Program Files\HFEE\SVOHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\VKTServ.exe
C:\WINDOWS\system32\msime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\软件备份\瑞星\Rising\Rav\RavTask.exe
f:\软件备份\rising\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\ctfmon.exe
F:\软件备份\瑞星\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\conime.exe
D:\QQ腾讯\QQ.exe
D:\QQ腾讯\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\软件备份\广电认证.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\QQ腾讯\QQIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavTask] "F:\软件备份\瑞星\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TaskMon] C:\WINDOWS\system32\TaskMon.exe
O4 - HKCU\..\Run: [MakeLove.exe] C:\WINDOWS\system32\MakeLove.exe
O8 - Extra context menu item: &使用迅雷下载 - F:\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\迅雷\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ腾讯\AddToNetDisk.htm
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ腾讯\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ腾讯\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ腾讯\SendMMS.htm
O9 - Extra button: pp点点通 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - D:\电影\电影软件\VPP\Pp.exe (file missing)
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ腾讯\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ腾讯\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ腾讯\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\QQ腾讯\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://vod.ruyi.com/plugin/PowerPlr.ocx
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{028F1A25-6A39-48B1-A074-E9FF747D94D9}: NameServer = 210.77.192.88
O20 - AppInit_DLLs: KB49400M.LOG
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\软件备份\rising\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - f:\软件备份\rising\rising\rfw\rfwsrv.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - F:\软件备份\瑞星\Rising\Rav\Ravmond.exe

高手再看我的日志

O4 - HKCU\..\Run: [TaskMon] C:\WINDOWS\system32\TaskMon.exe
O4 - HKCU\..\Run: [MakeLove.exe] C:\WINDOWS\system32\MakeLove.exe
F2 - REG:system.ini: UserInit=userinit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe
不敢确定 ...

楼主，我的情况和你一样，
我刚刚用了大侠说的方法，瑞星监控已经好了。
你进“控制面板”“添加删除程序”找到“瑞星杀毒”的，点修复就好了。

修复后变成绿色的了，但重新启机后又变成红伞。