请各位老师们帮帮忙，学生在这里谢谢了！ - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请各位老师们帮帮忙，学生在这里谢谢了！

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请各位老师们帮帮忙，学生在这里谢谢了！

xiaowu888 初生襁褓狮帖子:7 注册: 2006-06-20 来自:	发表于： 2006-07-31 19:33 \| 只看楼主短消息资料字号：小中大 1楼请各位老师们帮帮忙，学生在这里谢谢了！我的电脑老是有杀不完的病毒，用瑞星杀了好几遍，还是有，每次打开因特网，刚一打开瑞星就发现病毒，每次都删除成功，可是再一打开时还有，今天电脑还老是死机，速度慢，每次打开网页时都弹出来好多网页，请各位老师帮学生看看扫描日志，教给学生一个办法，学生在这里先谢谢了！ Logfile of HijackThis v1.99.1 Scan saved at 19:13:48, on 2006-7-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe d:\Program Files\Rising\Rav\CCenter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe d:\Program Files\Rising\Rav\Ravmond.exe C:\WINDOWS\Explorer.EXE d:\Program Files\Rising\Rav\RavStub.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Rising\Rav\RavTask.exe D:\Program Files\Rising\Rav\Ravmon.exe C:\Program Files\CNNIC\Cdn\cdnup.exe C:\WINDOWS\svchost.exe E:\瑞星\迅雷\program\ThunderMini.exe C:\PROGRA~1\baigoo\bgoomain.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\drivers\WDelMgr20.exe C:\WINDOWS\System32\alg.exe D:\Program Files\Adobe\Photoshop CS\Photoshop.exe E:\瑞星\新建文件夹\QQ.exe E:\瑞星\新建文件夹\TIMPlatform.exe E:\瑞星\新建文件夹\QQ.exe E:\瑞星\新建文件夹\QQ.exe D:\Program Files\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe E:\瑞星\杀毒工具\日志扫描.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jhajm.exe O1 - Hosts: 61.152.108.119 qqq.61139.com O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v10.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4795.dll O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\瑞星\新建文件夹\QQIEHelper.dll O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll O2 - BHO: ThunderMiniBHO - {8E6C1C49-F9CE-4311-9FB4-D70E8B0AEAEB} - E:\瑞星\迅雷\ComDlls\XunLeiMiniBHO_002.dll O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll (file missing) O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll (file missing) O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\shdocvw2.dll O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINDOWS\system32\svchost.dll O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll O2 - BHO: JjrXbgqh Class - {DE2E0CCA-F6F3-4E51-F718-5BD5662BD977} - C:\WINDOWS\DOWNLO~1\buowpr.dll O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file) O3 - Toolbar: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [Thunder] "f:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s O4 - HKLM\..\Run: [bpifxhyv] RunDll32 "C:\WINDOWS\Downlo~1\repnkkp.dll",Run O4 - HKLM\..\Run: [ThunderMini] E:\瑞星\迅雷\ThunderMiniShell.exe O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe O4 - HKLM\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe O4 - HKLM\..\Run: [pbmini] "C:\Program Files\pcast\PodcastbarMini\PodcastBarMini.exe" -hide O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [sysmini] C:\WINDOWS\system32\sysmini.exe O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe O4 - HKLM\..\RunOnce: [RavStub] "d:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kugoo] D:\PROGRA~1\KUGOO2\KUGOO.EXE O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - Startup: 腾讯QQ.lnk = ? O4 - Startup: 腾讯TM.lnk = ? O4 - Startup: 地址栏搜索.lnk = C:\Documents and Settings\user\Local Settings\Temp\vzt.exe O4 - Global Startup: iMop.lnk = ?ProgramFiles%\Mop\iMop\iMop.exe O8 - Extra context menu item: &使用迷你迅雷下载 - E:\瑞星\迅雷\Program\GetUrl.htm O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\瑞星\新建文件夹\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - E:\瑞星\新建文件夹\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - E:\瑞星\新建文件夹\AddEmotion.htm O8 - Extra context menu item: 添加到雅虎收藏+ - http://myweb.cn.yahoo.com/post.html?F=D2_A O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\瑞星\新建文件夹\SendMMS.htm O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O11 - Options group: [CDNCLIENT] 中文上网 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{041A2DAB-2829-4220-961C-2500496EB604}: NameServer = 219.150.150.150 219.150.32.132 O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O20 - AppInit_DLLs: KB338448M.LOG O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file) O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe 2006-07-31 19:51:35
xiaowu888 初生襁褓狮帖子:7 注册: 2006-06-20 来自:	分享到：

baohe 大版主帖子:72578 注册: 2003-04-10 来自:	发表于： 2006-07-31 19:46 \| 短消息资料字号：小中大 2楼【回复“xiaowu888”的帖子】 C:\WINDOWS\svchost.exe C:\WINDOWS\system32\drivers\WDelMgr20.exe 请将上面两个文件打包，加密（解压密码用virus），发到：baohelin@yahoo.com.cn。 ———————————————————— R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\jhajm.exe O1 - Hosts: 61.152.108.119 qqq.61139.com O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4795.dll O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O2 - BHO: ActiveBHO Class - {63C55A7F-6E29-8D4F-5C76-4F850F28D13A} - C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC.dll (file missing) O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll (file missing) O2 - BHO: shdocvwhlp Class - {BE442802-3911-46E0-B227-076B15A4EAD3} - C:\WINDOWS\system32\shdocvw2.dll O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINDOWS\system32\svchost.dll O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\conf.dll O2 - BHO: JjrXbgqh Class - {DE2E0CCA-F6F3-4E51-F718-5BD5662BD977} - C:\WINDOWS\DOWNLO~1\buowpr.dll O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll O4 - HKLM\..\Run: [bpifxhyv] RunDll32 "C:\WINDOWS\Downlo~1\repnkkp.dll",Run O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\HuaCi\huaci\zsearch.exe O4 - HKLM\..\Run: [LetsCool] C:\Program Files\LetsCool\LetsCool.exe O4 - HKLM\..\Run: [pbmini] "C:\Program Files\pcast\PodcastbarMini\PodcastBarMini.exe" -hide O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - HKLM\..\Run: [sysmini] C:\WINDOWS\system32\sysmini.exe O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe O4 - HKCU\..\Run: [Kugoo] D:\PROGRA~1\KUGOO2\KUGOO.EXE O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe O4 - Startup: 地址栏搜索.lnk = C:\Documents and Settings\user\Local Settings\Temp\vzt.exe O18 - Filter: text/html - {E7009873-0D40-45B1-8D59-5B9AE98C7D38} - C:\Program Files\Internet Explorer\Connection Wizard\icwnet.dll O20 - AppInit_DLLs: KB338448M.LOG O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file) O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe 用HijackThis修复以上项目。重启。删除相应文件。 O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll 用LSPFix修复O10
baohe 大版主帖子:72578 注册: 2003-04-10 来自:

xiaowu888 初生襁褓狮帖子:7 注册: 2006-06-20 来自:	发表于： 2006-07-31 19:52 \| 只看楼主短消息资料字号：小中大 3楼请老师再帮帮忙，用HijackThis修复以上项目。重启。删除相应文件。 O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll 用LSPFix修复O10 请老师再帮帮忙，用HijackThis修复以上项目。重启。删除相应文件。怎么删啊？ O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wshcon32.dll 用LSPFix修复O10 还有这个，学生不知道该怎么做啊？谢谢
xiaowu888 初生襁褓狮帖子:7 注册: 2006-06-20 来自:

newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:	发表于： 2006-07-31 19:59 \| 短消息资料字号：小中大 4楼请到http://forum.ikaka.com/topic.asp?board=67&artid=5188931，下载，LSPFix.exe，WinsockXPFix这两个软件重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows 运行LSPFix.exe 删除 wshcon32.dll 附说明一份 LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名删除 c:\windows\system32\wshcon32.dll 修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下。
newcenturymoon 社区嘉宾帖子:15158 注册: 2005-08-03 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT