瑞星卡卡安全论坛

电脑老是自动弹出一个Lsass.exe出错的窗口,关也关不掉,放那又碍事,怀疑是不是中了毒,所以下了瑞星查了下毒发现是名叫Trojan.PSW.Lmir的病毒,我是菜鸟,对电脑懂得不多,希望能有高手帮助我,在这里先谢谢了!

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

用刚刚下载的瑞星共测版本杀了下毒,发现名称是Trojan.PSW.Misc.gen发现6个病毒,C盘5个D盘1个,原来D盘得用右键才能打开,现在浏览器也变成这样了

用左键打开浏览器的时候会出现
WINDOWS无法找到INTEXPLORE.COM该程序用与打开INTERNET EXPLORET类型的文件  这是怎么回事啊??

启动项目


注册表

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(ScanRegistry)(C:\WINDOWS\scanregw.exe /autorun) [Microsoft Corporation]
(TaskMonitor)(C:\WINDOWS\taskmon.exe) [Microsoft Corporation]
(internat.exe)(internat.exe) [Microsoft Corporation]
(SystemTray)(SysTray.Exe) [Microsoft Corporation]
(LoadPowerProfile)(Rundll32.exe powrprof.dll,LoadCurrentPwrScheme) [Microsoft Corporation]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
(LoadPowerProfile)(Rundll32.exe powrprof.dll,LoadCurrentPwrScheme) [Microsoft Corporation]
(SchedulingAgent)(C:\WINDOWS\SYSTEM\mstask.exe) [Microsoft Corporation]
(RsCcenter)("C:\Program Files\Rising\Rav\CCenter.exe") [Beijing Rising Technology Co., Ltd.]
(RavMond)("C:\Program Files\Rising\Rav\RavMond.exe") [Beijing Rising Technology Co., Ltd.]
(RavMon)("C:\Program Files\Rising\Rav\RavMon.exe" -system) [Beijing Rising Technology Co., Ltd.]




--------------------------------------------------------------------------------

启动文件夹

[河南网通宽带用户客户端]
(C:\WINDOWS\Start Menu\Programs\启动\河南网通宽带用户客户端.lnk)(N)



--------------------------------------------------------------------------------

浏览器加载项

[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL, Amaze Soft)
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINDOWS\SYSTEM\XUNLEIBHO_V3.DLL, ()
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} (C:\WINDOWS\SYSTEM\KAKATOOL.DLL, Beijing Rising Technology Co., Ltd.)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE, Amaze Soft)
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} (http://www.rising.com.cn/?u=RSTB, N/A)
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} (http://www.ikaka.com/?u=RSTB, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9.OCX, Adobe Systems, Inc.)
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} (C:\WINDOWS\SYSTEM\IUCTL.DLL, Microsoft Corporation)
[&使用迅雷下载]
(C:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\geturl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\getAllurl.htm, N/A)
[使用网际快车下载]
(C:\PROGRAM FILES\FLASHGET\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\PROGRAM FILES\FLASHGET\jc_all.htm, N/A)



--------------------------------------------------------------------------------

浏览器加载项

[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL, Amaze Soft)
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} (C:\WINDOWS\SYSTEM\XUNLEIBHO_V3.DLL, ()
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} (C:\WINDOWS\SYSTEM\KAKATOOL.DLL, Beijing Rising Technology Co., Ltd.)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE, Amaze Soft)
[访问瑞星网站]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} (http://www.rising.com.cn/?u=RSTB, N/A)
[访问卡卡社区]
{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} (http://www.ikaka.com/?u=RSTB, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9.OCX, Adobe Systems, Inc.)
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} (C:\WINDOWS\SYSTEM\IUCTL.DLL, Microsoft Corporation)
[&使用迅雷下载]
(C:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\geturl.htm, N/A)
[&使用迅雷下载全部链接]
(C:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\getAllurl.htm, N/A)
[使用网际快车下载]
(C:\PROGRAM FILES\FLASHGET\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\PROGRAM FILES\FLASHGET\jc_all.htm, N/A)



--------------------------------------------------------------------------------

正在运行的进程

[PID: 4294956949][C:\WINDOWS\SYSTEM\MPREXE.EXE] (Microsoft Corporation)(4.10.1998)
[PID: 4294963225][C:\WINDOWS\SYSTEM\MSTASK.EXE] (Microsoft Corporation)(4.71.1959.1)
[PID: 4294853965][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 3)
[C:\PROGRAM FILES\RISING\RAV\EXTOLE.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 6)
[C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 15)
[C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 8)
[C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 7)
[C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 9)
[C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 11)
[C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 28)
[C:\PROGRAM FILES\RISING\RAV\RSUNPACK.DLL] (Beijing Rising Technology Co., Ltd.)(1, 0, 0, 12)
[C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL] (N/A)(18, 0, 0, 6)
[C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 28)
[C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL] (Rising)(18, 1, 0, 9)
[C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 18)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] (rising)(18, 0, 0, 1)
[PID: 4294855061][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE] (Beijing Rising Technology Co

Ltd.)(18, 0, 1, 22)
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 5)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] (rising)(18, 0, 0, 1)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[PID: 4294868637][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE] (Beijing Rising Technology Co., Ltd.)(18, 0, 1, 19)
[C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 16)
[C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 24)
[C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH9.OCX] (Adobe Systems, Inc.)(9,0,16,0)
[C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL] (Amaze Soft)(1, 1, 4, 0)
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL] (N/A)(N/A)
[C:\PROGRAM FILES\WINRAR\RAREXT.DLL] (N/A)(N/A)
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] (N/A)(N/A)
[C:\WINDOWS\SYSTEM\NETBIOS.DLL] (N/A)(N/A)
[C:\WINDOWS\SYSTEM\RAVEXT.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 19)
[PID: 4294840593][C:\WINDOWS\EXPLORER.EXE] (Microsoft Corporation)(4.72.3110.1)

PID: 4294796373][C:\WINDOWS\SYSTEM\RPCSS.EXE] (Microsoft Corporation)(4.71.2900)
[PID: 4294736625][C:\WINDOWS\TASKMON.EXE] (Microsoft Corporation)(4.10.1998)
[PID: 4294705665][C:\WINDOWS\SYSTEM\INTERNAT.EXE] (Microsoft Corporation)(4.10.2222)
[PID: 4294737377][C:\WINDOWS\SYSTEM\SYSTRAY.EXE] (Microsoft Corporation)(4.10.2222)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL] (rising)(18, 0, 0, 1)
[C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 10)
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 2)
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 4)
[PID: 4294759285][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE] (Beijing Rising Technology Co., Ltd.)(18, 0, 0, 22)
[C:\PROGRAM FILES\RACER-HENAN-CNC\NSS4.DLL] (北京普天润汇科技有限公司)(1, 0, 0, 3)
[C:\PROGRAM FILES\RACER-HENAN-CNC\WPCAP.DLL] (Politecnico di Torino)(3, 0, 0, 18)
[C:\PROGRAM FILES\RACER-HENAN-CNC\PACKET.DLL] (Politecnico di Torino)(3, 0, 0, 18)
[C:\PROGRAM FILES\RACER-HENAN-CNC\PTHREADVC.DLL] (N/A)(N/A)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\RACER_NSS4_COMP.DLL] (Putian Runway)(2,0,47,87)
[C:\PROGRAM FILES\RACER-HENAN-CNC\DHCPPLUS.DLL] (北京润汇科技有限公司)(0, 13, 21, 45)
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] (N/A)(N/A)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\RACER_ACCESS_DHCPPLUS.DLL] (Putian Runway)(2,0,47,87)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\RACER_AD_COMP.DLL] (Putian Runway)(2,0,47,87)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\XPCOM_COMPAT_C.DLL] (Mozilla Foundation)(1.7.3: 2005040616)

[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\JAR50.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\WINDOWS\SYSTEM\DCIMAN32.DLL] (Intel(R) Corp., Microsoft Corp.)(4.03.1998)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\GKLAYOUT.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\PIPNSS.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\COMPONENTS\RACER_BASE_COMP.DLL] (Putian Runway)(2,0,47,87)
[C:\PROGRAM FILES\RACER-HENAN-CNC\RACER_BASE.DLL] (Putian Runway)(2,0,47,87)
[C:\PROGRAM FILES\RACER-HENAN-CNC\XPCOM_COMPAT.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\RWXRE.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\JS3250.DLL] (Netscape Communications Corporation)(4.0)
[C:\PROGRAM FILES\RACER-HENAN-CNC\GKGFX.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\NSS3.DLL] (Netscape Communications Corporation)(3.9.1)
[C:\PROGRAM FILES\RACER-HENAN-CNC\SOFTOKN3.DLL] (Netscape Communications Corporation)(3.9.1)
[C:\PROGRAM FILES\RACER-HENAN-CNC\XPCOM.DLL] (Mozilla Foundation)(1.7.3: 2005040616)
[C:\PROGRAM FILES\RACER-HENAN-CNC\NSPR4.DLL] (Netscape Communications Corporation)(4.5 Beta)
[PID: 4294763945][C:\PROGRAM FILES\RACER-HENAN-CNC\RACER.EXE] (Putian Runway)(2, 0, 51, 92)
[PID: 4294676449][C:\WINDOWS\SYSTEM\WMIEXE.EXE] (Microsoft Corporation)(5.00.1755.1)
[PID: 4294605693][C:\PROGRAM FILES\SANDAI TECHNOLOGIES INC\THUNDER\TDUPDATE.EXE] (N/A)(N/A)
[C:\WINDOWS\SYSTEM\DHCPCSVC.DLL] (N/A)(N/A)
[PID: 4294511497][C:\PROGRAM FILES\RACER-HENAN-CNC\RACERKP.EXE] (北京润汇科技有限公司)(1, 0, 0, 1)
[C:\WINDOWS\SYSTEM\I81XDD.DLL] (Intel Corporation)(4.11.01.1321)
[PID: 4294541457][C:\WINDOWS\SYSTEM\DDHELP.EXE] (Microsoft Corporation)(4.06.03.0518)
[PID: 4294436233][C:\WINDOWS\SYSTEM\PSTORES.EXE] (Microsoft Corporation)(5.00.1877.3)
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL] (N/A)(N/A)
[PID: 4294734589][D:\SRENG2\SRENG2\SRENG.EXE] (Smallfrogs Studio)(2.0.21.505)
[C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL] (Amaze Soft)(1, 1, 4, 0)
[C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB 文件夹\MSONSEXT.DLL] (N/A)(N/A)
[PID: 4294704725][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] (Microsoft Corporation)(5.00.2614.3500)



--------------------------------------------------------------------------------

文件关联

.TXT OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

好了,全部上传完毕!!!

等的真焦急!!!!!