瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 电脑弹出广告框 关机的时候蓝屏 但瑞星检测不到有毒~~~~~
anqijjyy - 2006-8-16 23:00:00
HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 22:47:46, on 2006-8-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\Rising\Rav\Ravmond.exe
e:\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Rising\Rfw\rfwmain.exe
E:\Rising\Rav\RavTask.exe
C:\WINDOWS\VM_STI.EXE
E:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hihackthis\HijackThis.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\QQ2006\QQIEHelper.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "E:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "E:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Systray] c:\windows\system32\Systray.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: &使用迅雷下载 - E:\
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\
O8 - Extra context menu item: 使用Web迅雷下载 - E:\
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ2006\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O9 - Extra button: QQ (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5317A5-7A06-4896-87AE-628A6F9666D2}: NameServer = 220.170.0.18,220.170.0.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7416399-38FC-4328-9534-0DF5687D3B65}: NameServer = 220.170.0.38,220.170.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B5317A5-7A06-4896-87AE-628A6F9666D2}: NameServer = 220.170.0.18,220.170.0.38

将扫描日志发上,希望各位论坛的高手帮小弟解决此问题。  关机时显示蓝屏,我这几次次都是直接关的电源/~~~~~~~
琰璎 - 2006-8-16 23:02:00
哭死~~~~~~~~
跟我的一样,谁能救救我们~~~~~~~
anqijjyy - 2006-8-16 23:08:00
啊?  你也不能关机拉?

我是装了一下什么精美主题,然后就出现问题了。在网上查我的进程  有spoolsv.exe  csrss.exe    deskipn.dll  等都像是木马病毒,可我却不知道到底中了哪个
琰璎 - 2006-8-16 23:11:00
我都不知道我是中了什么,卡巴斯基根本就查不出来,头痛啊~~~
乱七八糟的弹广告,但是稍微好点的是电脑还能关得掉~~~~
哎~~~~
anqijjyy - 2006-8-16 23:25:00
A problem has been detected and windows has been shut down to prevent damage to your conputer
IRQL_NOT_LESS_RO_EQUAL
If this the first time you'er seen this stop error screen restart your computer.If this screen appers again,fllow these steps.
Check to make sure any new hardware or sftware is properly installed.If this is a new installation,ask your hardware or software manufacturer for any windows update you might need.
If problems continue,disable or remove any newly installed hardware or sfteware.Disable BIOS memory options such as caching or shadowing.

Technical information:
STOP:0X0000000A (0xB79B2000, 0x00000002,0x00000001,0x80829B46)

这个是蓝屏的提示,stop:位置出现了几种情况  还有个好像是 0FFFFFFFX0  反正我就看到很多F
希望快乐 - 2006-8-17 0:18:00
你用下TT试试会不会再跳出来``
你前一种情况应该是电脑中有恶意代码``
anqijjyy - 2006-8-17 9:19:00
问题仍然存在,有时弹出个框说我中奖了,有时弹个框又大部分是英语  重新扫个日志上来   
Logfile of HijackThis v1.99.1
Scan saved at 9:07:10, on 2006-8-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
E:\Rising\Rav\Ravmond.exe
e:\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Rising\Rav\RavTask.exe
e:\rising\rfw\RfwMain.exe
C:\WINDOWS\VM_STI.EXE
E:\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
E:\讯雷5\web\WebThunder.exe
C:\WINDOWS\system32\rundll32.exe
D:\Hihackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - Default URLSearchHook is missing
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - E:\讯雷5\web\WebThunderBHO_011.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\讯雷5\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - E:\酷狗\KuGoo3DownXControl.ocx
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\金山快译\IEBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RfwMain] "E:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "E:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Systray] c:\windows\system32\Systray.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\讯雷5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\讯雷5\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ2006\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - E:\酷狗\KuGoo3DownX.htm
O8 - Extra context menu item: 使用Web迅雷下载 - E:\讯雷5\web\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - E:\讯雷5\web\GetAllUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\QQ2006\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\QQ2006\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\QQ2006\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A}? - E:\浩方对战平台\GameClient.exe
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - E:\新浪uc\uc.exe
O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ2006\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ2006\QQ.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5317A5-7A06-4896-87AE-628A6F9666D2}: NameServer = 220.170.0.18,220.170.0.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7416399-38FC-4328-9534-0DF5687D3B65}: NameServer = 220.170.0.38,220.170.0.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B5317A5-7A06-4896-87AE-628A6F9666D2}: NameServer = 220.170.0.18,220.170.0.38
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LogicalDisk Manave - Unknown owner - C:\WINDOWS\svhost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - e:\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\Rising\Rav\Ravmond.exe

杀毒高手帮帮忙啊
反日货主义 - 2006-8-17 10:14:00
找瑞星客服吧,电话:010-82678866
anqijjyy - 2006-8-17 14:54:00
R3 - Default URLSearchHook is missing
这个要删除码?
anqijjyy - 2006-8-17 20:10:00
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5317A5-7A06-4896-87AE-628A6F9666D2}: NameServer = 220.170.0.18,220.170.0.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7416399-38FC-4328-9534-0DF5687D3B65}: NameServer = 220.170.0.38,220.170.0.18
问题仍然没解决啊~  这两项是不是有问题啊?
didibabawu - 2006-8-17 20:36:00
O23 - Service: LogicalDisk Manave - Unknown owner - C:\WINDOWS\svhost.exe
O4 - HKLM\..\Run: [Systray] c:\windows\system32\Systray.exe
anqijjyy - 2006-8-17 21:38:00
C:\WINDOWS\svhost.exe
我在百度查了下,电脑有时无法关机可能就是这个病毒在作怪,但还是不知道具体的杀毒方法~~
我又问题问dajia - 2006-8-17 21:54:00
你中了:穆尼亚Win32.Munia.a
安全模式下 杀毒!
anqijjyy - 2006-8-17 23:30:00
难道没有人来帮我解决下啊~~~?? 斑竹  帮忙指点下啊
1
查看完整版本: 电脑弹出广告框 关机的时候蓝屏 但瑞星检测不到有毒~~~~~
© 2000 - 2026 Rising Corp. Ltd.