紧急求救!!!各位大侠拜托进来看看~跪求了!!

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛紧急求救!!!各位大侠拜托进来看看~跪求了!!

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 2 页

跳转页

花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:	发表于： 2005-07-30 17:45 \| 短消息资料字号：小中大 11楼【回复“疯狂de蚂蚁”的帖子】您好,请重启电脑按F8进入安全模式请修复以下: R3 - Default URLSearchHook is missing O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\Program Files\360so\360so.dll O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O4 - HKLM\..\Run: [Provan Security] psecure.exe O4 - HKLM\..\RunServices: [Provan Security] psecure.exe 删除文件: C:\Program Files\360so\360so.dll psecure.exe(开始--搜索,功能) 展开注册表到HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run删除其键Provan Security
花落花又开社区嘉宾帖子:6782 注册: 2005-04-16 来自:

疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:	发表于： 2005-07-30 17:52 \| 只看楼主短消息资料字号：小中大 12楼上面的是在安全模式下查杀的日志~~以下的是在正常情况下的日志 Logfile of HijackThis v1.99.1 Scan saved at 17:51:35, on 2005-7-30 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\RAV\CCENTER.EXE C:\Program Files\D-Tools\daemon.exe D:\Rfw\Rfw.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\assistse.exe C:\PROGRA~1\360so\360Main.exe C:\Program Files\3721\Dlaccel\YDownloader.exe D:\RAV\RAVTIMER.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\conime.exe D:\RAV\Ravmond.exe D:\RAV\RavStub.exe d:\rav\RAVMON.EXE C:\WINDOWS\System32\wuauclt.exe D:\浩方对战平台\GameClient.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\WangPei\桌面\155847200541134207\HijackThis.exe R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v6.dll O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll O2 - BHO: 360搜 - {472101C2-1109-43f4-9112-31F33E3F2127} - C:\Program Files\360so\360so.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll O2 - BHO: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll O3 - Toolbar: Infofo 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [rfw] D:\Rfw\Rfw.exe O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe" O4 - HKLM\..\Run: [360Main.exe] C:\PROGRA~1\360so\360Main.exe O4 - HKLM\..\Run: [dl_accel] C:\Program Files\3721\Dlaccel\YDownloader.exe O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [RavTimer] D:\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] D:\RAV\RAVMON.EXE -SYSTEM O4 - HKLM\..\Run: [Provan Security] psecure.exe O4 - HKLM\..\RunServices: [Provan Security] psecure.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003 O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm O8 - Extra context menu item: 使用网际快车下载 - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing) O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing) O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing) O9 - Extra button: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O9 - Extra 'Tools' menuitem: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing) O9 - Extra button: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra 'Tools' menuitem: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) O11 - Options group: [!CNS] 上网助手-地址栏搜索 O14 - IERESET.INF: START_PAGE_URL=about:blank O17 - HKLM\System\CCS\Services\Tcpip\..\{1C2058FD-BC17-4415-81D8-F96EA579A500}: NameServer = 211.97.168.129,211.97.184.100 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C2058FD-BC17-4415-81D8-F96EA579A500}: NameServer = 211.97.168.129,211.97.184.100 O17 - HKLM\System\CS2\Services\Tcpip\..\{1C2058FD-BC17-4415-81D8-F96EA579A500}: NameServer = 211.97.168.129,211.97.184.100 O23 - Service: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE (file missing) O23 - Service: Rising Process Communication Center (RsCCenter) - rising - D:\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\RAV\Ravmond.exe
疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:

疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:	发表于： 2005-07-30 17:54 \| 只看楼主短消息资料字号：小中大 13楼谢谢啦~~~~~~~~感谢感谢~~~~~花落花又开~~~~~我马上试试啊
疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:

时间time 飘泊而立狮帖子:610 注册: 2005-07-23 来自:	发表于： 2005-07-30 17:58 \| 短消息资料字号：小中大 14楼 O23 - Service: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE (file missing)你也修了吧
时间time 飘泊而立狮帖子:610 注册: 2005-07-23 来自:

社区嘉宾

帖子:6782
注册: 2005-04-16
来自:

发表于： 2005-07-30 18:02 | 短消息资料

字号：小中大 15楼

引用:

【时间time的贴子】O23 - Service: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE (file missing)你也修了吧
...........................

此项是sysinternals提供的PsShutdown关机命令PsShutdown类似Windows 2000 Resource Kit中的shutdown 工具，包括关机、重启本地和远程计算机，远程控制的东东。附PsShutdown介绍。

附——PsShutdown：
Copyright ? 2000-2004 Mark Russinovich
Last Updated: January 25, 2004 v2.41
Introduction
PsShutdown is a command-line utility similar to the shutdown utility from
the Windows 2000 Resource Kit, but with the ability to do much more. In
addition to supporting the same options for shutting down or rebooting the
local or a remote computer, PsShutdown can logoff the console user or lock
the console (locking requires Windows 2000 or higher). PsShutdown requires
no manual installation of client software.
Installation
Just copy PsShutdown onto your executable path, and type psshutdown with
command-line options defined below.
PsShutdown works on NT 4.0 and higher.
Usage
You can use PsShutdown to initiate a shutdown of the local or a remote
computer, logoff a user, lock a system, or to abort an imminent shutdown.
usage: psshutdown [[\\\\computer[,computer[,..] | @file [-u user [-p psswd]]]
-s|-r|-h|-d|-k|-a|-l|-o [-f] [-c] [-t nn|h:m] [-n s] [-e [u|p]:xx:yy] [-m
"message"]
-? Displays the supported options.
computer Perform the command on the remote computer or computers specified.
If you omit the computer name the command runs on the local system, and if
you specify a wildcard (\\\\*), the command runs on all computers in the
current domain.
@file Run the command on each computer listed in the text file specified.
-u Specifies optional user name for login to remote computer.
-p Specifies optional password for user name. If you omit this you will be
prompted to enter a hidden password.
-a Aborts a shutdown (only possible while a countdown is in progress)
-c Allow the shutdown to be aborted by the interactive user
-d Suspend the computer
-e Shutdown reason code.
Specify \'u\' for user reason codes and \'p\' for planned shutdown reason
codes.
xx is the major reason code (must be less than 256)
yy is the minor reason code (must be less than 65536)
-f Forces all running applications to exit during the shutdown instead of
giving them a chance to gracefully save their data
-h Hibernate the computer
-k Poweroff the computer (reboot if poweroff is not supported)
-l Lock the computer
-m This option lets you specify a message to display to logged-on users
when a shutdown countdown commences
-n Specifies timeout in seconds connecting to remote computers
-o Logoff the console user
-r Reboot after shutdown
-s Shutdown without poweroff
-t Specifies the countdown in seconds until the shutdown (default: 20
seconds) or the time of shutdown (in 24 hour notation)
PsTools
PsShutdown is part of a growing kit of Sysinternals command-line tools that
aid in the adminstration of local and remote Windows NT/2K systems named
PsTools.
Download PsShutdown (14KB) http://www.sysinternals.com/files/PsShutdn.zip
Download PsTools http://www.sysinternals.com/files/Pstools.zip

疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:	发表于： 2005-07-31 20:59 \| 只看楼主短消息资料字号：小中大 16楼啥也别说了～～谢谢啊～！！！
疯狂de蚂蚁初生襁褓狮帖子:9 注册: 2005-07-30 来自:

sfgsj 初生襁褓狮帖子:1 注册: 2005-08-08 来自:	发表于： 2005-08-08 11:07 \| 短消息资料字号：小中大 17楼晕。我也遇到这种病毒了！安全模式下杀毒也杀了，没有。手工改注册表都改了，第二天开机还是这个结果。请大虾帮帮忙
sfgsj 初生襁褓狮帖子:1 注册: 2005-08-08 来自:

<<上一主题|下一主题>>

2 / 2 页

跳转页

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 紧急求救!!!各位大侠拜托进来看看~跪求了!!

紧急求救!!!各位大侠拜托进来看看~跪求了!!

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛紧急求救!!!各位大侠拜托进来看看~跪求了!!