中毒了.大家帮我下哦 bbs.ikaka.com

远远天天 - 2006-1-13 9:09:00

中可一个叫 Trojan.PSW.Lmir.jbz 的病毒怎么杀才干净哦哦哦哦

卧龙传说 - 2006-1-13 9:14:00

扫个HJ日志上来

远远天天 - 2006-1-13 9:16:00

那个软件没装瑞星显示是这样的~~~`

附件: 588021200611391612.BMP

远远天天 - 2006-1-13 9:17:00

[img][/img]C:\Documents and Settings\liuyuan\桌面

远远天天 - 2006-1-13 9:19:00

那个HJ在哪里下载哦

附件: 588021200611391913.BMP

远远天天 - 2006-1-13 9:26:00

HJ的日志是
Logfile of HijackThis v1.99.1
Scan saved at 9:24:50, on 2006-1-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
d:\瑞星杀毒\rfw\rfwsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
D:\瑞星杀毒\RAV\CCENTER.EXE
D:\瑞星杀毒\Rav\Ravmond.exe
D:\瑞星杀毒\Rav\RavStub.exe
C:\WINDOWS\Explorer.exe
D:\瑞星杀毒\Rav\RavTask.exe
D:\瑞星杀毒\Rav\Ravmon.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
G:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\zcom\zPlatform.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\zcom\skin.dll
C:\WINDOWS\System32\conime.exe
D:\瑞星杀毒\Rav\Rav.exe
D:\Program Files\Tencent\qq\QQ.exe
D:\Program Files\Tencent\qq\TIMPlatform.exe
D:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\游戏等\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v6.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\System32\NaviHelper.dll (file missing)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: MMSAssist - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - G:\PROGRA~1\KuGoo2\KUGOO3~1.OCX
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] e:\Program Files\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=040405 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [NMGameX_AutoRun] rem C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [RavTask] "D:\瑞星杀毒\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [thunder_mini] G:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zcom] C:\Program Files\zcom\zPlatform.exe MIN
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\qq\QQ.exe
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\MMSASS~1.DLL/mms.htm
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迷你迅雷下载 - G:\Program Files\Thunder Network\ThunderMini\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - G:\PROGRA~1\KUGOO2\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - F:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - F:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - G:\BitSpirit\bsurl.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT] 中文上网
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {743640FC-F6DB-45F7-A358-1283C3BC8E0D} (FBarWebInvoke Control) - http://www.92u8.com/Download/FBarIVK.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D63F58E-7F50-4254-9B8C-D9BB91C9D255}: NameServer = 202.101.172.46 202.101.172.47
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - d:\瑞星杀毒\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\瑞星杀毒\Rav\Ravmond.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\sfmgr\sfmgr.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

远远天天 - 2006-1-13 9:28:00

大家看看哦帮我下哦谢谢大家

远远天天 - 2006-1-13 9:37:00

大虾们~``快来看看哦哦~~~~~~~~~痛苦中啊哦

BlackStone - 2006-1-13 9:40:00

看不出来

用Autoruns保存一个日志发上来看看
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

远远天天 - 2006-1-13 9:49:00

扫上来了
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CdnCtr LiveUpdate Module c:\program files\cnnic\cdn\cdnup.exe

+ CorelDRAW Graphics Suite 11b File not found: e:\Program Files\Languages\EN\Programs\Registration.exe

+ RavTask RavTimer Beijing Rising Technology Co., Ltd. d:\瑞星杀毒\rav\ravtask.exe

+ thunder_mini ThunderMini Thunder Network Technologies Inc. g:\program files\thunder network\thundermini\thundermini.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

+ zcom Zcom 互动娱乐平台 http://www.zcom.com c:\program files\zcom\zplatform.exe

C:\Documents and Settings\liuyuan\「开始」菜单\程序\启动

+ 腾讯QQ.lnk QQ TENCENT d:\program files\tencent\qq\qq.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll 3721 CNS Module 北京三七二一科技有限公司 c:\windows\downloaded program files\cnshook.dll

+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ AutoCAD 数字签名图标覆盖处理程序 AcSignIcon Module Autodesk c:\windows\system32\acsignicon.dll

+ Autodesk Drawing Preview AcThumbnail Module Autodesk c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 45.23 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 45.23 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealOne Player Shell Extensions RealNetworks c:\program files\real\realone player\rpshellext.dll

+ WinRAR shell extension g:\program files\winrar\rarext.dll

+ Yahoo Trojan Cleanner g:\program files\3721\ske\contmenu.dll

+ 我的手机 File Manager interface Sony Ericsson Mobile Communications AB d:\program files\fmgrgui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AntiFish Class AntiPhish Module Yahoo Inc. c:\program files\3721\assist\angling.dll

+ CNNIC_IDN CndnIEHelper Module c:\program files\cnnic\cdn\cdniehlp.dll

+ CnsHook Class 3721 CNS Module 北京三七二一科技有限公司 c:\windows\downloaded program files\cnshook.dll

+ IeCatch2 Class jccatch Module Amaze Soft f:\program files\flashget\jccatch.dll

+ NaviHelperObj Class File not found: C:\WINDOWS\System32\NaviHelper.dll

+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\program files\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Class xunleibho BHO c:\windows\system32\xunleibho_v6.dll

+ WMHlprObj Class WMHlpr Module c:\program files\cnnic\cdn\wmhlpr.dll

+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft f:\program files\flashget\fgiebar.dll

+ 上网助手 CoolBar 3721 c:\program files\3721\assist\asbar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet Amaze Soft f:\program files\flashget\flashget.exe

+ @shdoclc.dll,-864 c:\windows\web\related.htm

+ Yahoo 1G电邮 File not found: http://cn.mail.yahoo.com/promo/rd1

+ 清理上网记录 File not found: http://assistant.3721.com/clean1.htm?fb=Cns

+ 情景聊天 File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 上网助手 File not found: http://assistant.3721.com/index.htm?fb=Cns

+ 手机短信 File not found: http://sms.3721.com/ie/index.htm

+ 腾讯QQ QQ TENCENT d:\program files\tencent\qq\qq.exe

+ 修复浏览器 File not found: http://assistant.3721.com/security1.htm?fb=Cns

+ 寻宝乐趣多 File not found: http://hot.3721.com/rd/shop_btn.htm

HKLM\System\CurrentControlSet\Services

+ C-DillaCdaC11BA Macrovision RTS Service Macrovision c:\windows\system32\drivers\cdac11ba.exe

+ NVSvc NVIDIA Driver Helper Service, Version 45.23 NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RfwService Rising Personal Firewall Service Beijing Rising Technology Corporation Limited d:\瑞星杀毒\rfw\rfwsrv.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. d:\瑞星杀毒\rav\ccenter.exe

+ sfmgr File not found: C:\sfmgr\sfmgr.exe

+ SoundMAX Agent Service (default) SoundMAX service agent component Analog Devices, Inc. c:\program files\analog devices\soundmax\smagent.exe

HKLM\System\CurrentControlSet\Services

+ aeaudio Andrea Audio Stub Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ CdaC15BA Macrovision SECURITY Driver Macrovision Europe Ltd c:\windows\system32\drivers\cdac15ba.sys

+ cdnprot cdnprot CNNIC c:\windows\system32\drivers\cdnprot.sys

+ cdntran File not found: system32\drivers\cdntran.sys

+ FETNDIS NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5.sys

+ kmsinput c:\windows\system32\drivers\kmsinput.sys

+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. d:\program files\qq\npkcrypt.sys

+ NTGDT c:\windows\system32\drivers\ntgdt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 45.23 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ prodrv06 StarForce Protection Environment Driver Protection Technology c:\windows\system32\drivers\prodrv06.sys

+ prohlp02 StarForce Protection Helper Driver Protection Technology c:\windows\system32\drivers\prohlp02.sys

+ prosync1 StarForce Protection Synchronization Driver Protection Technology c:\windows\system32\drivers\prosync1.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ sfhlp01 StarForce Protection Helper Driver Protection Technology c:\windows\system32\drivers\sfhlp01.sys

+ smwdm SoundMAX Integrated Digital Audio Analog Devices, Inc. c:\windows\system32\drivers\smwdm.sys

+ viaagp1 VIA NT AGP Filter VIA Technologies, Inc. c:\windows\system32\drivers\viaagp1.sys

+ viasraid VIA SATA RAID DRIVER FOR WINXP VIA Technologies inc,.ltd c:\windows\system32\drivers\viasraid.sys

+ ZSMC301b Video streaming and Capture Device Driver VM c:\windows\system32\drivers\usbvm31b.sys

瑞星卡卡安全论坛