菜鸟来需求帮助 - 2009-2-28 14:43:00
电脑的用户权限被限制,瑞星无发起动,帮帮我改怎么办啊!
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
帅哥阿福 - 2009-2-28 14:44:00
确认系统是通过administrator用户名登陆的。
如果瑞星无法打开,可下载木马群专杀和橙色八月专杀工具以及建立安全环境工具来查杀和修复。
这几个工具一方面可以杀毒,另一方面也有修复瑞星的功能。
使用这几个专杀工具查杀后,瑞星可以打开。
打开瑞星升级至最新版本,断网杀毒,问题可解决。
专杀工具下载地址为:
http://dl.rising.com.cn/DownLoadInfo/VirusTools_More.shtml下载“建立安全环境工具”链接地址为:
http://bbs.ikaka.com/showtopic-8547280.aspx
菜鸟来需求帮助 - 2009-2-28 14:51:00
QQ连接都打不开
菜鸟来需求帮助 - 2009-2-28 15:11:00
菜鸟来需求帮助 - 2009-2-28 15:29:00
点极应用程序弹出(嘿 你还没指定要运行的文件呢)这样一段话 ,
木马群专杀点了没反应
菜鸟来需求帮助 - 2009-2-28 15:32:00
弹出的话好奇怪哟
帅哥阿福 - 2009-2-28 15:51:00
找到键值HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image Files Execution option
将其删除后,应用程序应该会打开的。
如果却如此,可能是应用程序劫持项。
之后扫SRENG日志发这论坛来
下载SRENG2.6版工具:
http://www.kztechs.com/sreng/download.htmlSRENG工具的扫描日志操作,看这贴2楼:
http://bbs.ikaka.com/showtopic-8442813.aspx
北极等待 - 2009-2-28 17:00:00
证明你现在这个用户不再是管理员了,你可以重新建一个帐号,假如不行的话,可以试一下在安全模式 下建立
再不是用光盘里的pe
菜鸟来需求帮助 - 2009-2-28 18:13:00
重新装了系统:default7:
菜鸟来需求帮助 - 2009-2-28 19:24:00
重装后,瑞星又被破坏,变成了全英文
菜鸟来需求帮助 - 2009-2-28 19:29:00
卡卡和防火墙可以用
菜鸟来需求帮助 - 2009-2-28 19:51:00
用瑞星就死机
菜鸟来需求帮助 - 2009-2-28 19:55:00
日志
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rfw\RfwMain.exe
d:\StormII\stormliv.exe
C:\WINDOWS\system32\HZ_CommSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Rising\Rav\RavTask.exe
d:\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
d:\Rising\Rav\RsTray.exe
d:\Rising\Rav\RsMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Rising\AntiSpyware\rstray.exe
D:\360safe\safemon\360Tray.exe
D:\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\360Safebox\safeboxTray.exe
d:\WinRAR\WinRAR.exe
C:\DOCUME~1\BRYCE~1.ICB\LOCALS~1\Temp\Rar$EX02.718\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - f:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - f:\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360safe\safemon\safemon.dll
O2 - BHO: ChinaVnet Class - {D6FD53F5-D461-4af4-9C8D-7CADC342EFC8} - C:\PROGRA~1\ChinaNet\VNETTR~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runeip] "d:\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [360Safetray] D:\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [360Safebox] "d:\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTray] "d:\Rising\Rav\RsTray.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - f:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Thunder\Thunder.exe
O9 - Extra button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - d:\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - d:\uusee\UUSeePlayer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - d:\StormII\stormliv.exe
O23 - Service: HDZB Comm Service For V2.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 - C:\WINDOWS\system32\HZ_CommSrv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\ChinaNet\AWIFI\Atheros\WinXp\AppFile\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Unknown owner - d:\Rising\Rav\RavTask.exe" RavTask (file missing)
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rfw\rfwProxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rav\ScanFrm.exe
菜鸟来需求帮助 - 2009-2-28 19:56:00
刚才的不全
Logfile of HijackThis v1.99.1
Scan saved at 19:56:14, on 2009-2-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Rising\Rav\RavMonD.exe
d:\Rising\Rfw\rfwsrv.exe
d:\Rising\Rfw\rfwProxy.exe
d:\Rising\Rfw\rfwstub.exe
C:\WINDOWS\Explorer.EXE
D:\Rising\Rav\rsnetsvr.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rfw\RfwMain.exe
d:\StormII\stormliv.exe
C:\WINDOWS\system32\HZ_CommSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Rising\Rav\RavTask.exe
d:\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
d:\Rising\Rav\RsTray.exe
d:\Rising\Rav\RsMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Rising\AntiSpyware\rstray.exe
D:\360safe\safemon\360Tray.exe
D:\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\360Safebox\safeboxTray.exe
d:\WinRAR\WinRAR.exe
C:\DOCUME~1\BRYCE~1.ICB\LOCALS~1\Temp\Rar$EX02.718\HijackThis.exe
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - f:\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - f:\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360safe\safemon\safemon.dll
O2 - BHO: ChinaVnet Class - {D6FD53F5-D461-4af4-9C8D-7CADC342EFC8} - C:\PROGRA~1\ChinaNet\VNETTR~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [runeip] "d:\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [360Safetray] D:\360safe\safemon\360Tray.exe /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [360Safebox] "d:\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [RfwMain] "d:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTray] "d:\Rising\Rav\RsTray.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 使用迅雷下载 - f:\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Thunder\Thunder.exe
O9 - Extra button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - d:\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - d:\uusee\UUSeePlayer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - d:\StormII\stormliv.exe
O23 - Service: HDZB Comm Service For V2.0 (HZ_CommSrv) - 华大智宝电子系统有限公司 - C:\WINDOWS\system32\HZ_CommSrv.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\ChinaNet\AWIFI\Atheros\WinXp\AppFile\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Unknown owner - d:\Rising\Rav\RavTask.exe" RavTask (file missing)
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rfw\rfwProxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - D:\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - d:\Rising\Rav\ScanFrm.exe
菜鸟来需求帮助 - 2009-2-28 19:57:00
现在重装后,开机瑞星被破坏,管理员权限会丢失
© 2000 - 2025 Rising Corp. Ltd.