【求助】中了两种病毒:trojan.psw.qqpass和lmir,怎么彻底根除? - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛【求助】中了两种病毒:trojan.psw.qqpass和lmir,怎么彻底根除?

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

1 / 2 页

跳转页

【求助】中了两种病毒:trojan.psw.qqpass和lmir,怎么彻底根除?

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 12:28 \| 显示全部短消息资料字号：小中大 1楼【求助】中了两种病毒:trojan.psw.qqpass和lmir,怎么彻底根除? 请求帮助: 附件: 文件名:661270200695122036.JPG 下载次数:266 文件类型:image/pjpeg 文件大小: 上传时间:2006-9-5 12:28:37 描述: 2006-09-05 16:30:33
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	分享到：

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 12:31 \| 显示全部短消息资料字号：小中大 2楼我用贵站的专杀工具,杀了2遍,怎还有?请求帮助!
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 12:36 \| 显示全部短消息资料字号：小中大 3楼 Logfile of HijackThis v1.99.1 Scan saved at 12:26:20, on 2006-9-5 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\CCenter.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Rising\Rav\Ravmond.exe d:\program files\rising\rfw\rfwsrv.exe C:\windows\system32\spoolsv.exe C:\Program Files\Rising\Rav\RavStub.exe C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe C:\windows\Explorer.EXE C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe E:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\flexnet\i486_nt\obj\ptc_d.exe C:\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE E:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe d:\program files\rising\rfw\RfwMain.exe C:\windows\System32\alg.exe C:\Program Files\Rising\Rav\RavTask.exe C:\Program Files\Rising\Rav\Ravmon.exe C:\windows\system32\ctfmon.exe F:\gongxiang\ttt\killer\orangeaug.com C:\windows\system32\conime.exe C:\windows\system32\svchost.exe C:\Program Files\Maxthon\Max.exe C:\windows\system32\cmd.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\WINDOWS\msagent\AgentSvr.exe F:\gongxiang\qingxiao\HijackThis.exe R3 - URLSearchHook: bho Class - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\windows\system32\explore.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\justDo\FlashSaver\Jd2002.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - f:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) O2 - BHO: update wnwb - {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} - C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - f:\Program Files\CyberArticle\CAExp.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Program Files\ICQToolbar\toolbaru.dll O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Progra~1\Baidu\bar\BaiDuBar.dll O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [StormCodec_Helper] "f:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 保存: 完整网页... - f:\Program Files\CyberArticle\script\Save.htm O8 - Extra context menu item: 保存: 更多保存内容... - f:\Program Files\CyberArticle\script\SaveAuto.htm O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\cn_spiex.dll O16 - DPF: {3359C0B1-2363-40B3-AFCA-1ABC799AC486} (SSReaderPlug Control) - http://reg.ssreader.com/ssreaderplug.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150703545988 O17 - HKLM\System\CCS\Services\Tcpip\..\{0E61471D-4BC9-4F32-9F17-B91F6C26E6F9}: NameServer = 60.191.134.196,60.191.134.206 O17 - HKLM\System\CCS\Services\Tcpip\..\{7D3A6CF3-3A5B-4E77-9A56-51F94F158017}: NameServer = 60.191.134.197 60.191.134.204 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E61471D-4BC9-4F32-9F17-B91F6C26E6F9}: NameServer = 60.191.134.196,60.191.134.206 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - E:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 12:37 \| 显示全部短消息资料字号：小中大 4楼 C:\windows\system32\winlogon.exe C:\windows\system32\lsass.exe 估计这2项有问题?
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 13:53 \| 显示全部短消息资料字号：小中大 5楼怎么解决?新贴子太多了!自己顶
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 14:35 \| 显示全部短消息资料字号：小中大 6楼在下已经照做了,C:\windows\system32\explore.exe这个文件也删除了,准备重启,再查查看,
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 15:39 \| 显示全部短消息资料字号：小中大 7楼现在我用专杀工具,还是能查出来,如图所示: 这可怎么办? 附件: 文件名:661270200695153108.JPG 下载次数:207 文件类型:image/pjpeg 文件大小: 上传时间:2006-9-5 15:39:12 描述:
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 15:41 \| 显示全部短消息资料字号：小中大 8楼再来张清楚的图: 附件: 文件名:661270200695153344.JPG 下载次数:273 文件类型:image/pjpeg 文件大小: 上传时间:2006-9-5 15:41:46 描述:
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 15:44 \| 显示全部短消息资料字号：小中大 9楼图中所示的:s32\cn_api60.dll yahoo_api60.dll 有没有问题? 我看了它们的创建日期是9-5.
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:	发表于： 2006-09-05 15:47 \| 显示全部短消息资料字号：小中大 10楼新的情况:如图附件: 文件名:661270200695154014.JPG 下载次数:130 文件类型:image/pjpeg 文件大小: 上传时间:2006-9-5 15:47:00 描述:
techie3000 健康舞勺狮帖子:239 注册: 2006-02-15 来自:

<<上一主题|下一主题>>

12

1 / 2 页

跳转页

页面顶部

Powered by Discuz!NT