瑞星卡卡安全论坛

今天无意打开了一网页(估计有恶意代码).
瑞星注册表监控提示是否允许更改注册表,还没等我选择.提示框已自行关闭.
之后任务栏上的小绿伞也消失了,再次打开监控系统无反映.重软系统后上网下软件,又碰到了同样问题!!!!


郁闷!!切换到安全模式下查到:
c:/windows/system32 下有Trojan.PSW.ZhengTu.ct


瑞星就这么被干掉了????

帮帮忙啊!

系统活动进程
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
D:\APPLE\IPOD\BIN\IPODSERVICE.EXE
D:\APPLE\IPOD\BIN\IPODSERVICE.RESOURCES\ZH_CN.LPROJ\IPODSERVICELOCALIZED.DLL
D:\APPLE\IPOD\BIN\IPODSERVICE.RESOURCES\IPODSERVICE.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
D:\FLASHGET\JCCATCH.DLL
D:\TENCENT\QQ\QQIEHELPER.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL
D:\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
D:\RISIN\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
F:\RSDETECT.EXE
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\MESSENGER\MSGSC.DLL
D:\RISIN\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\RAVEXT.DLL

C:\WINDOWS\EXPLORER.EXE
C:\PROGRA~1\WINDOW~2\WMPBAND.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
C:\WINDOWS\SYSTEM32\WPDSHSERVICEOBJ.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICETYPES.DLL
C:\WINDOWS\SYSTEM32\PORTABLEDEVICEAPI.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
D:\FLASHGET\JCCATCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL

C:\WINDOWS\SYSTEM32\MSIME.EXE
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL

C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL

D:\RISIN\RAV\RAVTASK.EXE
D:\RISIN\RAV\RSCOMMON.DLL
D:\RISIN\RAV\RSAPPMGR.DLL
D:\RISIN\RAV\CFGDLL.DLL
D:\RISIN\RAV\RSCOMMX.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL

D:\APPLE\ITUNES\ITUNESHELPER.EXE
D:\APPLE\ITUNES\ITUNESHELPER.RESOURCES\ZH_CN.LPROJ\ITUNESHELPERLOCALIZED.DLL
D:\APPLE\ITUNES\ITUNESHELPER.RESOURCES\ITUNESHELPER.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL

C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\MESSENGER\MSGSC.DLL

D:\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
D:\LOGITECH\MOUSEWARE\SYSTEM\EVENTEX.DLL
C:\WINDOWS\SYSTEM32\COMNCTR.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\MFC42.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\CCRESRCE.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\GLBRESLT.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\DEVICES.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\CCSTMGLB.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\CCUSTOM.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\CCMSGHK.DLL
D:\LOGITECH\MOUSEWARE\SYSTEM\LGWNDHK.DLL
C:\WINDOWS\SYSTEM32\DLLZ.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\DLLZ.DLL
C:\PROGRAM FILES\COMMON FILES\LOGITECH\SCROLLING\LGMSGHK.DLL

升级到18.38.40问题已解决~
主要有这两个病毒:
1.文件名：msime.exe
病毒名：Trojan.PSW.Lmir.kto

2.文件名：rundll32.exe
病毒名：Trojan.PSW.Lineage.kzk

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..