江湖急救。。。一操作键盘就死机 bbs.ikaka.com

无奈的受害者 - 2007-7-22 21:44:00

我现在都不敢使键盘了一操作多了就蓝平还是纯蓝屏连个字都没有杀毒也不好使请各位大大就就我那可怜的电脑吧

无奈的受害者 - 2007-7-22 21:58:00

========Content========

无奈的受害者 - 2007-7-22 22:02:00

+ 正在运行的进程
+ 00000170(368) stsystra.exe
00400000[00058000]
[AM] 33. c:\windows\stsystra.exe
SigmaTel, Inc.
Sigmatel Audio system tray application
.text,.rdata,.data,.rsrc,

10000000[0002C000]
[ M] 40. c:\windows\system32\stacapi.dll
SigmaTel, Inc.
STACAPI.DLL
.text,.rdata,.data,.rsrc,.reloc,

72C80000[00008000]
[ M] 41. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

00DA0000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 00000198(408) runiep.exe
00400000[00012000]
[AM] 35. f:\卡卡\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,

00BF0000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 000001c8(456) daemon.exe
00400000[00018000]
[AM] 37. c:\program files\d-tools\daemon.exe
DAEMON'S HOME
Virtual DAEMON Manager
.text,.rdata,.data,.rsrc,

10000000[00025000]
[ M] 43. c:\windows\daemon.dll
Virtual DAEMON control library
UPX0,UPX1,.rsrc,

00A10000[0002D000]
[ M] 44. c:\program files\d-tools\pfctoc.dll
Padus(R), Inc.
CD/DVD pre-mastering toolkit for Win32
.text,.rdata,.data,.rsrc,.reloc,

00AE0000[00005000]
[ M] 45. c:\program files\d-tools\plugins\images\bw5mount.dll
Blindwrite 5 image access library
.text,.data,.rsrc,.reloc,

00AF0000[00004000]
[ M] 46. c:\program files\d-tools\plugins\images\ccdmount.dll
GENERIC
CloneCD image access library
.text,.rsrc,.reloc,

00B00000[00006000]
[ M] 47. c:\program files\d-tools\plugins\images\mdsmount.dll
GENERIC
Media descriptor file access library
.text,.rsrc,.reloc,

00B10000[00006000]
[ M] 48. c:\program files\d-tools\plugins\images\nrgmount.dll
GENERIC
Nero image access library
.text,.rsrc,.reloc,

00B20000[00005000]
[ M] 49. c:\program files\d-tools\plugins\images\pdimount.dll
GENERIC
InstantCD/DVD image access library
.text,.rsrc,.reloc,

00D50000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 000001e0(480) MiniQQLive.exe
00400000[00043000]
[AM] 38. c:\program files\tencent\qqlive\miniqqlive.exe
Tencent
QQLive
.text,.rdata,.data,.rsrc,

10000000[0001C000]
[ M] 50. c:\program files\tencent\qqlive\proxy.dll
Tencent
Proxy DLL
.text,.rdata,.data,.rsrc,.reloc,

6BC40000[000F2000]
[ M] 51. c:\program files\tencent\qqlive\mfc42.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.rdata,.data,.rsrc,.reloc,

780C0000[00061000]
[ M] 52. c:\program files\tencent\qqlive\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,

00370000[0002D000]
[ M] 53. c:\program files\tencent\qqlive\admanage.dll
Tencent
ADManage DLL
.text,.rdata,.data,.rsrc,.reloc,

00BB0000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

00F40000[00023000]
[ M] 54. c:\program files\tencent\qqlive\p2pdownload.dll
Tencent
P2PDownload Module
.text,.rdata,.data,.rsrc,.reloc,

00FE0000[000AE000]
[ M] 55. c:\program files\tencent\qqlive\vqqsdl.dll
Tencent Technology (Shenzhen) Company Limited
VqqSpeedDl Module
.text,.rdata,.data,.rsrc,.reloc,

01190000[000C5000]
[ M] 56. c:\program files\tencent\qqlive\tnproxy.dll
Tencent Technology(Shenzhen) Company Limited
TNProxy Module
.text,.rdata,.data,.rsrc,.reloc,

01410000[0000B000]
[ M] 57. c:\program files\tencent\qqlive\liveapi.dll
Tencent
LiveAPI Module
.text,.rdata,.data,.rsrc,.reloc,

+ 00000254(596) smss.exe

+ 00000280(640) ctfmon.exe
10000000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 0000028c(652) csrss.exe

+ 000002a8(680) winlogon.exe
72C80000[00008000]
[ M] 41. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 000002d4(724) services.exe

+ 000002e8(744) lsass.exe

+ 00000388(904) Ati2evxx.exe
00400000[00062000]
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,

003E0000[0000F000]
[ M] 58. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,

+ 00000398(920) svchost.exe

+ 000003e8(1000) svchost.exe

+ 00000494(1172) svchost.exe
50E60000[0000C000]
[ M] 59. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,

+ 000004d4(1236) svchost.exe

+ 0000055c(1372) svchost.exe

+ 000005e4(1508) Explorer.EXE
10000000[0001B000]
[AM] 31. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

00CD0000[00011000]
[AM] 32. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,

72C80000[00008000]
[ M] 41. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

01290000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

23700000[0001A000]
[ M] 60. f:\新建文件夹 (3)\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

72C60000[00007000]
[ M] 61. c:\windows\system32\msadp32.acm
Microsoft Corporation
Microsoft ADPCM CODEC for MSACM
.text,.data,.rsrc,.reloc,

+ 00000674(1652) spoolsv.exe

+ 00000750(1872) RavStub.exe
00400000[00018000]
[ M] 62. f:\新建文件夹 (3)\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,

10000000[0001B000]
[ M] 63. f:\新建文件夹 (3)\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,

23700000[0001A000]
[ M] 60. f:\新建文件夹 (3)\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

+ 0000087c(2172) alg.exe

+ 00000aec(2796) wuauclt.exe
50E60000[0000C000]
[ M] 59. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,

10000000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

+ 00000b90(2960) iexplore.exe
10000000[00032000]
[AM] 25. f:\迅雷\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,

00F00000[00019000]
[AM] 26. f:\迅雷\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,

00F20000[0006D000]
[AM] 27. f:\bbt\bitcomet\tools\bitcometbho_1.1.6.14.dll
BitComet
BitCometBHO
.text,.rdata,.data,.rsrc,.reloc,

011D0000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

30000000[002EF000]
[ M] 64. c:\windows\system32\macromed\flash\flash9d.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r46
.text,.rdata,.data,.rsrc,.reloc,

72C80000[00008000]
[ M] 41. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,

+ 00000e2c(3628) Ras.exe
00400000[0013F000]
[ M] 65. f:\卡卡\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,

10000000[000A3000]
[ M] 66. f:\卡卡\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,

01510000[0001B000]
[ M] 42. f:\卡卡\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,

无奈的受害者 - 2007-7-22 22:03:00

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Ati HotKey Poller
[AM] 1. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,

ATI Smart
[A ] 2. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,

RsCCenter
[A ] 3. f:\新建文件夹 (3)\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,

RsRavMon
[A ] 4. f:\新建文件夹 (3)\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 5. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,

cercsr6
[A ] 6. c:\windows\system32\drivers\cercsr6.sys
Adaptec, Inc.
DELL CERC SATA1.5/6ch Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

d347bus
[A ] 7. c:\windows\system32\drivers\d347bus.sys

PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

d347prt
[A ] 8. c:\windows\system32\drivers\d347prt.sys

SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,

EagleNT
[A ] 9. c:\windows\system32\drivers\eaglent.sys

ExpScaner
[A ] 10. f:\新建文件夹 (3)\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HDAudBus
[A ] 11. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

HookCont
[A ] 12. f:\新建文件夹 (3)\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookReg
[A ] 13. f:\新建文件夹 (3)\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,

HookSys
[A ] 14. f:\新建文件夹 (3)\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,

lcqimbl
[A ] 15. c:\windows\system32\drivers\lcqimbl.sys
北京三七二一科技有限公司
sys 应用程序
.text,.rdata,.data,INIT,.rsrc,.reloc,

MEMSCAN
[A ] 16. f:\新建文件夹 (3)\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

npkcrypt
[A ] 17. f:\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

npkcusb
[A ] 18. f:\qq\npkcusb.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,page,init,.rdata,.data,INIT,.rsrc,.reloc,

RsAntiSpyware
[A ] 19. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

RsNTGDI
[A ] 20. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,

RSPPSYS
[A ] 21. f:\新建文件夹 (3)\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,

Secdrv
[A ] 22. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,

STHDA
[A ] 23. c:\windows\system32\drivers\sthda.sys
SigmaTel, Inc.
NDRC
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 24. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 25. f:\迅雷\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,

{39F7E361-828A-4B5A-BCAF-5B79BFDFEA60}
[AM] 26. f:\迅雷\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
[AM] 27. f:\bbt\bitcomet\tools\bitcometbho_1.1.6.14.dll
BitComet
BitCometBHO
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 28. d:\新建文件夹 (2)\浩方对战平台\gameclient.exe
上海浩方在线信息技术有限公司
浩方对战平台
.text,.rdata,.data,.rsrc,

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
KuGoo3
[A ] 29. f:\酷狗\kugoo3\inextend\kugoo3downxcontrol.ocx
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 30. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,

RISING
[AM] 31. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 31. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,

{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 32. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,

+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
[AM] 33. c:\windows\stsystra.exe
SigmaTel, Inc.
Sigmatel Audio system tray application
.text,.rdata,.data,.rsrc,

ATIPTA
[A ] 34. c:\program files\ati technologies\ati control panel\atiptaxx.exe
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,

runeip
[AM] 35. f:\卡卡\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,

RavTask
[A ] 36. f:\新建文件夹 (3)\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,

DAEMON Tools-1033
[AM] 37. c:\program files\d-tools\daemon.exe
DAEMON'S HOME
Virtual DAEMON Manager
.text,.rdata,.data,.rsrc,

miniqqlive
[AM] 38. c:\program files\tencent\qqlive\miniqqlive.exe
Tencent
QQLive
.text,.rdata,.data,.rsrc,

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 39. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,

瑞星卡卡安全论坛