【求助】中了很多木马,瑞星查毒没用 bbs.ikaka.com

过客无痕 - 2007-11-2 21:37:00

瑞星卡卡电脑诊断日志 v1.30 (2007-11-2 21:17:31) 北京瑞星科技股份有限公司

注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
73905C3A
[A ] 1. c:\windows\system32\2a013a1e.exe

RsCCenter
[A ] 2. c:\program files\rising\rav\ccenter.exe

RsRavMon
[A ] 3. c:\program files\rising\rav\ravmond.exe

Wdswsdewn
[A ] 4. c:\windows\system32\serdst.exe

+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 5. c:\windows\system32\drivers\basetdi.sys

BrScnUsb
[A ] 6. c:\windows\system32\drivers\brscnusb.sys

BrSerIf
[A ] 7. c:\windows\system32\drivers\brserif.sys

BrUsbSer
[A ] 8. c:\windows\system32\drivers\brusbser.sys

ExpScaner
[A ] 9. c:\program files\rising\rav\expscan.sys

HDAudBus
[A ] 10. c:\windows\system32\drivers\hdaudbus.sys

HookCont
[A ] 11. c:\program files\rising\rav\hookcont.sys

HookReg
[A ] 12. c:\program files\rising\rav\hookreg.sys

HookSys
[A ] 13. c:\program files\rising\rav\hooksys.sys

ialm
[A ] 14. c:\windows\system32\drivers\ialmnt5.sys

MegaIDE
[A ] 15. c:\windows\system32\drivers\megaide.sys

MEMSCAN
[A ] 16. c:\program files\rising\rav\memscan.sys

RsAntiSpyware
[A ] 17. c:\windows\system32\drivers\rsboot.sys

RsNTGDI
[A ] 18. c:\windows\system32\drivers\rsntgdi.sys

RSPPSYS
[A ] 19. c:\program files\rising\rav\rsppsys.sys

Secdrv
[A ] 20. c:\windows\system32\drivers\secdrv.sys

STHDA
[A ] 21. c:\windows\system32\drivers\sthda.sys

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

过客无痕 - 2007-11-2 21:38:00

+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
[A ] 22. c:\windows\system32\igfxdev.dll

+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 23. c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll

{889D2FEB-5411-4565-8998-1DD2C5261283}
[AM] 24. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll

+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 25. c:\program files\thunder network\thunder\thunder.exe

Exec
[A ] 26. c:\program files\messenger\msmsgs.exe

+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 27. c:\windows\system32\hticons.dll

WinRAR shell extension
[AM] 28. c:\program files\winrar\rarext.dll

Shell Extensions for RealOne Player
[A ] 29. c:\program files\real\realplayer\rpshell.dll

Microsoft Office Binder Unbind
[A ] 30. c:\program files\microsoft office\office\2052\unbind.dll

Microsoft Outlook Custom Icon Handler
[A ] 31. c:\program files\microsoft office\office\olkfstub.dll

RISING
[AM] 32. c:\windows\system32\ravext.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 32. c:\windows\system32\ravext.dll

{7E32FA58-3453-FA2D-BC49-F340348ACCE7}
[AM] 33. c:\windows\system32\rsmygpm.dll

{4A321487-4977-D98A-C8D5-6488257545A4}
[AM] 34. c:\windows\system32\kapjdzy.dll

{87D81718-1314-5200-2597-587901018078}
[AM] 35. c:\windows\system32\kaqhhzy.dll

{634345F1-DACF-3452-CB7D-4620F34A1536}
[AM] 36. c:\windows\system32\rsztfpm.dll

{38907901-1416-3389-9981-372178569983}
[AM] 37. c:\windows\system32\kawdczy.dll

{3598FF45-DA60-F48A-BC43-10AC47853D53}
[AM] 38. c:\windows\system32\rarjcpi.dll

{5859245F-345D-BC13-AC4F-145D47DA34F5}
[AM] 39. c:\windows\system32\avzxemn.dll

{44783410-4F90-34A0-7820-3230ACD05F44}
[AM] 40. c:\windows\system32\raqjdpi.dll

{5A1247C1-53DA-FF43-ABD3-345F323A48D5}
[AM] 41. c:\windows\system32\avwgemn.dll

{28847374-8323-FADC-B443-4732ABCD3782}
[AM] 42. c:\windows\system32\sidjbzy.dll

{4960356A-458E-DE24-BD50-268F589A56A4}
[AM] 43. c:\windows\system32\avwldmn.dll

{6D47B341-43DF-4563-753F-345FFA3157D6}
[AM] 44. c:\windows\system32\kvmxfma.dll

{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[A ] 45. c:\windows\system32\shlhook.dll

+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
igfxtray
[A ] 46. c:\windows\system32\igfxtray.exe

igfxhkcmd
[AM] 47. c:\windows\system32\hkcmd.exe

igfxpers
[AM] 48. c:\windows\system32\igfxpers.exe

TkBellExe
[AM] 49. c:\program files\common files\real\update_ob\realsched.exe

RavTask
[A ] 50. c:\program files\rising\rav\ravtask.exe

GenProtect
[A ] 51. c:\windows\genprotect.exe

AVPSrv
[A ] 52. c:\windows\avpsrv.exe

NVDispDrv
[A ] 53. c:\windows\nvdispdrv.exe

MsPrint32D
[A ] 54. c:\windows\msprint32d.exe

DbgHlp32
[A ] 55. c:\windows\dbghlp32.exe

runeip
[AM] 56. c:\program files\rising\antispyware\runiep.exe

mppds
[A ] 57. c:\windows\mppds.exe

Kvsc3
[A ] 58. c:\windows\kvsc3.exe

cmdbcs
[A ] 59. c:\windows\cmdbcs.exe

upxdnd
[A ] 60. c:\windows\upxdnd.exe

msccrt
[A ] 61. c:\windows\msccrt.exe

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 62. c:\program files\rising\rav\ravstub.exe

KKDelay
[A ] 63. c:\program files\rising\antispyware\runonce.exe

+ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MSDEG32
[A ] 64. c:\windows\system32\lyloader.exe

MSDMG32
[A ] 65. c:\windows\system32\lyloadmr.exe

+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 66. c:\windows\system32\bsmain.exe

[A ] 67. c:\windows\system32\kknative.exe

+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 68. c:\program files\microsoft office\office\msohtmed.exe

htmlfile\Print\Command
[A ] 68. c:\program files\microsoft office\office\msohtmed.exe

+ HKCR\.htm
htmlfile\Edit\Command
[A ] 68. c:\program files\microsoft office\office\msohtmed.exe

htmlfile\Print\Command
[A ] 68. c:\program files\microsoft office\office\msohtmed.exe

+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 69. c:\program files\real\realplayer\realplay.exe

+ 程序初始化和已知动态连接库
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 34. c:\windows\system32\kapjdzy.dll

+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
OLFax Ports
[AM] 70. c:\windows\system32\olfmnt40.dll

+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Symantec Fax Starter Edition Port.lnk
[AM] 71. c:\program files\microsoft office\office\2052\olfsnt40.exe

+ c:\autorun.inf
open
[A ] 72. c:\auto.exe

shellexecute
[A ] 72. c:\auto.exe

shell\Auto\command
[A ] 72. c:\auto.exe

+ d:\autorun.inf
open
[A ] 73. d:\auto.exe

shell\open\Command
[A ] 74. d:\2008~1\lc.exe

shell\explore\Command
[A ] 74. d:\2008~1\lc.exe

shellexecute
[A ] 73. d:\auto.exe

shell\Auto\command
[A ] 73. d:\auto.exe

+ e:\autorun.inf
open
[A ] 75. e:\auto.exe

shell\open\Command
[A ] 76. e:\2008~1\lc.exe

shell\explore\Command
[A ] 76. e:\2008~1\lc.exe

shellexecute
[A ] 75. e:\auto.exe

shell\Auto\command
[A ] 75. e:\auto.exe

+ f:\autorun.inf
open
[A ] 77. f:\auto.exe

shellexecute
[A ] 77. f:\auto.exe

shell\Auto\command
[A ] 77. f:\auto.exe

过客无痕 - 2007-11-2 21:39:00

+ 正在运行的进程
+ 000000fc(252) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000170(368) QQDoctor.exe
00400000[00090000]
[ M] 79. d:\qq\qqdoctor\qqdoctor.exe

003C0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

10000000[00011000]
[ M] 80. d:\qq\qqdoctor\tseloder.dat

01BC0000[00021000]
[ M] 81. d:\qq\qqdoctor\tsengine.dat

01C00000[0000E000]
[ M] 82. d:\qq\qqdoctor\tsecd.dat

01C10000[00015000]
[ M] 83. d:\qq\qqdoctor\tsesc.dat

01D40000[0000F000]
[ M] 84. d:\qq\qqdoctor\tsvulmdw.dat

01E60000[00088000]
[ M] 85. d:\qq\qqdoctor\tsvulchk.dat

01EF0000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

02020000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

00DB0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

00DC0000[0000C000]
[AM] 35. c:\windows\system32\kaqhhzy.dll

00DD0000[0000C000]
[AM] 37. c:\windows\system32\kawdczy.dll

00DE0000[0000C000]
[AM] 39. c:\windows\system32\avzxemn.dll

00DF0000[0000C000]
[AM] 34. c:\windows\system32\kapjdzy.dll

00E00000[0000C000]
[AM] 40. c:\windows\system32\raqjdpi.dll

00E10000[0000C000]
[AM] 33. c:\windows\system32\rsmygpm.dll

00E20000[0000C000]
[AM] 42. c:\windows\system32\sidjbzy.dll

00E30000[0000C000]
[AM] 41. c:\windows\system32\avwgemn.dll

00E40000[0000C000]
[AM] 43. c:\windows\system32\avwldmn.dll

00E50000[0000C000]
[AM] 44. c:\windows\system32\kvmxfma.dll

03860000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

03870000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

03890000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

038A0000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

038B0000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

038C0000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

010C0000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

010D0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

010E0000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

010F0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

+ 00000224(548) smss.exe

+ 0000026c(620) csrss.exe
10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000284(644) winlogon.exe
004D0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

72C80000[00008000]
[ M] 98. c:\windows\system32\msacm32.drv

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 000002b4(692) services.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 000002c0(704) lsass.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 000002f4(756) hkcmd.exe
00400000[00013000]
[AM] 47. c:\windows\system32\hkcmd.exe

10000000[00013000]
[ M] 99. c:\windows\system32\hccutils.dll

00D50000[0000F000]
[ M] 100. c:\windows\system32\igfxsrvc.dll

00D70000[00014000]
[ M] 101. c:\windows\system32\igfxres.dll

01010000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00FE0000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

00B50000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00B60000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

00B70000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

00B80000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

00B90000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

00BA0000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

00BB0000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

00BC0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

00BD0000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

00BE0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

+ 00000340(832) IEXPLORE.EXE

+ 00000360(864) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 000003a4(932) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000418(1048) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000498(1176) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000520(1312) svchost.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000548(1352) realsched.exe
00400000[0002F000]
[AM] 49. c:\program files\common files\real\update_ob\realsched.exe

00ED0000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00B80000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

10000000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00B90000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

00BA0000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

00BB0000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

00BC0000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

00BD0000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

00BE0000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

00BF0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

00C00000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

00C10000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

+ 00000558(1368) igfxpers.exe
00400000[0001E000]
[AM] 48. c:\windows\system32\igfxpers.exe

10000000[0000F000]
[ M] 100. c:\windows\system32\igfxsrvc.dll

00F90000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00F60000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

00B50000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00B60000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

00B70000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

00B80000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

00B90000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

00BA0000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

00BB0000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

00BC0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

00BD0000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

00BE0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

+ 00000684(1668) spoolsv.exe
003C0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

1D040000[0001C000]
[AM] 70. c:\windows\system32\olfmnt40.dll

1D000000[00006000]
[ M] 102. c:\windows\system32\spool\prtprocs\w32x86\olfpnt40.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 000006e0(1760) RavStub.exe
00400000[00018000]
[AM] 62. c:\program files\rising\rav\ravstub.exe

10000000[0001B000]
[ M] 103. c:\program files\rising\rav\rscommx.dll

23700000[0001A000]
[ M] 104. c:\program files\rising\rav\rscommon.dll

00990000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

+ 00000804(2052) runiep.exe
00400000[00013000]
[AM] 56. c:\program files\rising\antispyware\runiep.exe

00BF0000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00F90000[0000C000]
[AM] 35. c:\windows\system32\kaqhhzy.dll

01130000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

01240000[0000C000]
[AM] 33. c:\windows\system32\rsmygpm.dll

01350000[0000C000]
[AM] 39. c:\windows\system32\avzxemn.dll

01460000[0000C000]
[AM] 37. c:\windows\system32\kawdczy.dll

01570000[0000C000]
[AM] 34. c:\windows\system32\kapjdzy.dll

01680000[0000C000]
[AM] 40. c:\windows\system32\raqjdpi.dll

01790000[0000C000]
[AM] 42. c:\windows\system32\sidjbzy.dll

018A0000[0000C000]
[AM] 41. c:\windows\system32\avwgemn.dll

019B0000[0000C000]
[AM] 43. c:\windows\system32\avwldmn.dll

01AC0000[0000C000]
[AM] 44. c:\windows\system32\kvmxfma.dll

01BD0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

00E30000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

10000000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00D20000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

01D70000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

过客无痕 - 2007-11-2 21:40:00

01D80000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

01D90000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

01DA0000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

01DB0000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

01DC0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

01DD0000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

01DE0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

+ 0000086c(2156) ctfmon.exe
003D0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

10000000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00AF0000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

00C00000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

00C10000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00C30000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

00C40000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

00C50000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

00C60000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

00C70000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

00C80000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

00C90000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

00CA0000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

+ 000009cc(2508) OLFSNT40.EXE
01000000[00009000]
[AM] 71. c:\program files\microsoft office\office\2052\olfsnt40.exe

008A0000[0000C000]
[AM] 35. c:\windows\system32\kaqhhzy.dll

10000000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

00FE0000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

00FC0000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

00FD0000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

01210000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

01220000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

01230000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

01240000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

01250000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

01260000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

01270000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

01280000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

+ 00000a54(2644) alg.exe

+ 00000afc(2812) Ras.exe
00400000[00170000]
[ M] 105. c:\program files\rising\antispyware\ras.exe

780C0000[00061000]
[ M] 106. c:\program files\rising\antispyware\msvcp60.dll

10000000[00013000]
[ M] 107. c:\program files\rising\antispyware\topsoft.dll

7C140000[00103000]
[ M] 108. c:\program files\rising\antispyware\mfc71.dll

7C340000[00056000]
[ M] 109. c:\program files\rising\antispyware\msvcr71.dll

7C3A0000[0007B000]
[ M] 110. c:\program files\rising\antispyware\msvcp71.dll

003E0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

00DF0000[000BD000]
[ M] 111. c:\program files\rising\antispyware\rasgui.dll

01370000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

01640000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

01650000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

01660000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

01670000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

01680000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

01790000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

018C0000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

015F0000[0000C000]
[AM] 44. c:\windows\system32\kvmxfma.dll

01620000[0000C000]
[AM] 43. c:\windows\system32\avwldmn.dll

01630000[0000C000]
[AM] 41. c:\windows\system32\avwgemn.dll

过客无痕 - 2007-11-2 21:40:00

018E0000[0000C000]
[AM] 42. c:\windows\system32\sidjbzy.dll

01AB0000[0000C000]
[AM] 33. c:\windows\system32\rsmygpm.dll

01AC0000[0000C000]
[AM] 40. c:\windows\system32\raqjdpi.dll

01AD0000[0000C000]
[AM] 34. c:\windows\system32\kapjdzy.dll

01AE0000[0000C000]
[AM] 35. c:\windows\system32\kaqhhzy.dll

01AF0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

01B00000[0000C000]
[AM] 39. c:\windows\system32\avzxemn.dll

03670000[0000C000]
[AM] 37. c:\windows\system32\kawdczy.dll

03870000[0001F000]
[ M] 112. c:\program files\rising\antispyware\secscan.dll

03960000[00015000]
[ M] 113. c:\program files\rising\antispyware\secex.dll

01590000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

015D0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

02870000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

02880000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

022E0000[0002F000]
[ M] 114. c:\program files\rising\antispyware\engine.dll

01A90000[00012000]
[ M] 115. c:\program files\rising\antispyware\zip.dll

+ 00000c38(3128) svchost.exe
003C0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

+ 00000e0c(3596) k11940087182.exe
00400000[00017000]
[ M] 116. c:\windows\system32\k11940087182.exe

003C0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

72C80000[00008000]
[ M] 98. c:\windows\system32\msacm32.drv

10000000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

+ 00000e54(3668) explorer.exe
003D0000[0000C000]
[AM] 38. c:\windows\system32\rarjcpi.dll

10000000[0000D000]
[ M] 78. c:\windows\system32\ed4cbdb4.dll

016F0000[00009000]
[ M] 87. c:\windows\system32\genprotect.dll

01660000[0001B000]
[ M] 86. c:\program files\rising\antispyware\ieprot.dll

72C80000[00008000]
[ M] 98. c:\windows\system32\msacm32.drv

01DE0000[0000C000]
[AM] 36. c:\windows\system32\rsztfpm.dll

01DF0000[0000C000]
[AM] 35. c:\windows\system32\kaqhhzy.dll

01E00000[0000C000]
[AM] 39. c:\windows\system32\avzxemn.dll

01E70000[0000C000]
[AM] 37. c:\windows\system32\kawdczy.dll

01E80000[0000C000]
[AM] 33. c:\windows\system32\rsmygpm.dll

02470000[0000C000]
[AM] 34. c:\windows\system32\kapjdzy.dll

024C0000[0000C000]
[AM] 40. c:\windows\system32\raqjdpi.dll

02510000[0000C000]
[AM] 42. c:\windows\system32\sidjbzy.dll

02560000[0000C000]
[AM] 41. c:\windows\system32\avwgemn.dll

025B0000[0000C000]
[AM] 43. c:\windows\system32\avwldmn.dll

02600000[0000C000]
[AM] 44. c:\windows\system32\kvmxfma.dll

60E00000[0001B000]
[ M] 117. d:\qq\qdshm.dll

60A80000[000F2000]
[ M] 118. d:\qq\mfc42.dll

02820000[0002B000]
[AM] 28. c:\program files\winrar\rarext.dll

02670000[0001B000]
[AM] 32. c:\windows\system32\ravext.dll

23700000[0001A000]
[ M] 104. c:\program files\rising\rav\rscommon.dll

22E50000[0000D000]
[ M] 119. c:\program files\thunder network\thunder\components\resworker\dsbho_00.dll

22E20000[0000D000]
[ M] 120. c:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll

01BE0000[0000F000]
[ M] 121. c:\windows\system32\lymangr.dll

02D80000[00009000]
[ M] 88. c:\windows\system32\ededzu.dll

01F30000[0000B000]
[ M] 89. c:\windows\system32\mppds.dll

01CB0000[0000B000]
[ M] 90. c:\windows\system32\avpsrv.dll

01F60000[00008000]
[ M] 91. c:\windows\system32\dbghlp32.dll

02E70000[0000A000]
[ M] 92. c:\windows\system32\kvsc3.dll

03080000[00008000]
[ M] 93. c:\windows\system32\nvdispdrv.dll

01F20000[0000B000]
[ M] 94. c:\windows\system32\cmdbcs.dll

019C0000[00008000]
[ M] 95. c:\windows\system32\msprint32d.dll

019F0000[00009000]
[ M] 96. c:\windows\system32\upxdnd.dll

01A30000[0000B000]
[ M] 97. c:\windows\system32\msccrt.dll

02130000[0005F000]
[AM] 23. c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll

02190000[00029000]
[AM] 24. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll

过客无痕 - 2007-11-2 21:45:00

用卡卡查出好多木马,杀不了,\\

我这电脑还有个盗版的瑞星杀毒也没用

并且那个瑞星杀毒软件开机会自动弹出IE黑白名单

那个名单里又没有什么内容,可是却关不了,关了又会自动弹出来

哪位高手可以帮帮看看\\

另外还有一点:不能查看隐藏文件显示所有文件没用

谢谢啦.....

changderen - 2007-11-2 23:45:00

用什么盗版啊。搞个正版瑞星08的，升级到最新后再查杀看看！

过客无痕 - 2007-11-3 12:53:00

正版的不是要钱嘛

我自己的办公电脑是正版的

不过这个日志别人办公室电脑里的

我没办法呀

是帮别人看的

你们高手就帮帮忙吧

newcenturymoon - 2007-11-3 12:58:00

下载 System Repair Engineer，
http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把日志中的报告以附件的形式传上来

瑞星卡卡安全论坛