瑞星卡卡安全论坛

用卡卡扫描发现有一盗号木马病毒，立马清除，但重起后又出现，再杀，重起，还在，用瑞星杀毒没有发现病毒，还在我无语了。望哪位大侠出手相助。
这是用瑞星听诊器扫描的文件

未知家族病毒分析
扫描结果:

无可疑文件

系统活动进程
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE

E:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\BOBOTURBO\BOBOTURBO.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

D:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE

E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE

E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\ICPB.DLL
C:\WINDOWS\SYSTEM32\IRMON64.DLL
C:\WINDOWS\SYSTEM32\WUPS2.DLL

C:\WINDOWS\USNSVC.EXE

C:\WINDOWS\TELEM32.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE

E:\PROGRAM FILES\RISING\RAV\BWLIST.DLL
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
E:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
E:\PROGRAM FILES\RISING\RAV\RSLOG.DLL
E:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
E:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
E:\PROGRAM FILES\RISING\RAV\HOOKREG.DLL
E:\PROGRAM FILES\RISING\RAV\HOOKNTOS.DLL
E:\PROGRAM FILES\RISING\RAV\RSWALMON.DLL
E:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
E:\PROGRAM FILES\RISING\RAV\REFS.DLL
E:\PROGRAM FILES\RISING\RAV\FFR.DLL
E:\PROGRAM FILES\RISING\RAV\RSSTORE.DLL
E:\PROGRAM FILES\RISING\RAV\HOOKCONT.DLL
E:\PROGRAM FILES\RISING\RAV\FAKESCAN.DLL
E:\PROGRAM FILES\RISING\RAV\SCANNER.DLL
E:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
E:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL
E:\PROGRAM FILES\RISING\RAV\NVFILE.DLL
E:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL
E:\PROGRAM FILES\RISING\RAV\UNEXE.DLL
E:\PROGRAM FILES\RISING\RAV\SCANEX.DLL
E:\PROGRAM FILES\RISING\RAV\PEARC.DLL
E:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL
E:\PROGRAM FILES\RISING\RAV\SCANPACK.DLL
E:\PROGRAM FILES\RISING\RAV\REVM.DLL
E:\PROGRAM FILES\RISING\RAV\URUTILS.DLL
E:\PROGRAM FILES\RISING\RAV\UR000.DAT
E:\PROGRAM FILES\RISING\RAV\SCRIPTCI.DLL
E:\PROGRAM FILES\RISING\RAV\UROUTINE.DLL
E:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL

E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE

C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
E:\PROGRAM FILES\RISING\RFW\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RFW\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
E:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
E:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
E:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
E:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
E:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_CTRL.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
E:\PROGRAM FILES\RISING\RFW\UNVDET.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\MPORTS.DLL

E:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE

C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
E:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
E:\PROGRAM FILES\RISING\RFW\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RFW\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
E:\PROGRAM FILES\RISING\RFW\URLRULE.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
E:\PROGRAM FILES\RISING\RFW\MONMID.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
C:\WINDOWS\SYSTEM32\SYSWINDRV.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\OFFICE2003\MSOHEV.DLL

C:\WINDOWS\SYSTEM32\ALG.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RFW\RFWSTUB.EXE

C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
E:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE

C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
E:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
E:\PROGRAM FILES\RISING\RFW\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RFW\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RFW\RSAPPMGR.DLL
E:\PROGRAM FILES\RISING\RFW\CFGDLL.DLL
E:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
E:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL
E:\PROGRAM FILES\RISING\RFW\RSXML.DLL
E:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
E:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL

E:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE

E:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
E:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

E:\PROGRAM FILES\RISING\RAV\RAVMON.EXE

C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
E:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
E:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
E:\PROGRAM FILES\RISING\RAV\REFS.DLL
E:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
E:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
E:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
E:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
E:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
E:\PROGRAM FILES\RISING\RAV\RSXML.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINDOWS\SYSTEM32\CONIME.EXE

C:\WINDOWS\SYSTEM32\UXTHEME.DLL

E:\PROGRAM FILES\RISING\卡卡上网助手\RAS.EXE

E:\PROGRAM FILES\RISING\卡卡上网助手\MFC71.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\MSVCR71.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\MSVCP71.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\TOPSOFT.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\NCOMM.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL
E:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
E:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\RASGUI.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\RSXML.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\KTROJAN.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\ENGINE.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\RSDIALOG.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\SCANUNV.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\SECSCAN.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\SECEX.DLL
E:\PROGRAM FILES\RISING\卡卡上网助手\ZIP.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
E:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9F.OCX

F:\RSDETECT.EXE

E:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
E:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINDOWS\SYSTEM32\UXTHEME.DLL

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

RfwMain = "E:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
RavTask = "E:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
runeip = "E:\PROGRAM FILES\RISING\卡卡上网助手\RUNIEP.EXE" /STARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

KKDelay = E:\PROGRAM FILES\RISING\卡卡上网助手\RUNONCE.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE

系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\office2003\WinWord.exe" "%1"

其它启动项
WIN.INI

无信息

SYSTEM.INI

SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO

Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{69A8E9C9-296D-4407-85E9-C30A56B4F679}] SEQPACKET 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{69A8E9C9-296D-4407-85E9-C30A56B4F679}] DATAGRAM 7 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E6DA0EB-B549-4D2D-B372-FC9FACFB0999}] SEQPACKET 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E6DA0EB-B549-4D2D-B372-FC9FACFB0999}] DATAGRAM 6 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FED4C748-5B61-4650-95E2-B2AB0807711F}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FED4C748-5B61-4650-95E2-B2AB0807711F}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F45CF7BB-0330-4FEB-B2CC-5CFC7D5AB3C9}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F45CF7BB-0330-4FEB-B2CC-5CFC7D5AB3C9}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DAD106C-F0F0-48A2-A0AE-CE02D21F5B33}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DAD106C-F0F0-48A2-A0AE-CE02D21F5B33}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFA59FDB-091B-4FD6-8E58-CACF5DF91A4D}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AFA59FDB-091B-4FD6-8E58-CACF5DF91A4D}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{95BF1F70-466F-4645-9853-2BFCB3086C7D}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{95BF1F70-466F-4645-9853-2BFCB3086C7D}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD92FC1E-5C93-4E59-A1E7-C6A726CBAF9D}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{FD92FC1E-5C93-4E59-A1E7-C6A726CBAF9D}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BlueSoleil Hid Service = D:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
BoBoTurbo = C:\WINDOWS\SYSTEM32\BOBOTURBO\BOBOTURBO.EXE
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ccosm = C:\PROGRAM FILES\STORMII\STORMLIV.EXE /ASSERVICE
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
IPRIP = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Irmon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RfwProxySrv = E:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = E:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RpcUsnsvc = C:\WINDOWS\USNSVC.EXE
RsCCenter = "E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "E:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{EA188233-0B22-4617-8E3B-7BC35EBFD857}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
uploadmgr = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WbWin = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AmdK8 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS
apcdli = C:\PROGRAM FILES\MICROSOFT OFFICE\SYSTEM\APCDLI.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BlueletAudio = C:\WINDOWS\SYSTEM32\DRIVERS\BLUELETAUDIO.SYS
BT = C:\WINDOWS\SYSTEM32\DRIVERS\BTNETDRV.SYS
Btcsrusb = C:\WINDOWS\SYSTEM32\DRIVERS\BTCUSB.SYS
BTHidEnum = C:\WINDOWS\SYSTEM32\DRIVERS\VBTENUM.SYS
BTHidMgr = C:\WINDOWS\SYSTEM32\DRIVERS\BTHIDMGR.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
dtscsi = C:\WINDOWS\SYSTEM32\DRIVERS\DTSCSI.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HDAudBus = C:\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS
hidusb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKCONT.SYS
HookNtos = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKNTOS.SYS
HookReg = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKREG.SYS
HookSys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HookUrl = E:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntcAzAudAddService = C:\WINDOWS\SYSTEM32\DRIVERS\RTKHDAUD.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
mouhid = C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
MTsensor = C:\WINDOWS\SYSTEM32\DRIVERS\ASACPI.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
ntptdb = C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\OFFICE\SYSTEM\NTPTDB.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
nvata = C:\WINDOWS\SYSTEM32\DRIVERS\NVATA.SYS
NVENETFD = C:\WINDOWS\SYSTEM32\DRIVERS\NVENETFD.SYS
nvnetbus = C:\WINDOWS\SYSTEM32\DRIVERS\NVNETBUS.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
QKeyService = C:\WINDOWS\SYSTEM32\KEYCRYPT.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RfwBase = C:\WINDOWS\SYSTEM32\DRIVERS\RFWBASE.SYS
ROOTMODEM = C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS
RsAntiSpyware = C:\WINDOWS\SYSTEM32\DRIVERS\RSBOOT.SYS
RsFwDrv = E:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
rspp = C:\WINDOWS\SYSTEM32\DRIVERS\RSPP.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
sptd = C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
TesSafe = C:\WINDOWS\SYSTEM32\TESSAFE.SYS
UnlockerDriver5 = C:\PROGRAM FILES\UNLOCKER\UNLOCKERDRIVER5.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
usbohci = C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
VComm = C:\WINDOWS\SYSTEM32\DRIVERS\VCOMM.SYS
VcommMgr = C:\WINDOWS\SYSTEM32\DRIVERS\VCOMMMGR.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
wgj980d5i = C:\WINDOWS\SYSTEM32\DRIVERS\WGJ980D5I.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
x4t9ld3l = C:\WINDOWS\SYSTEM32\DRIVERS\X4T9LD3L.SYS
ZD1211BU(TP-LINK) = C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211BU.SYS

卡卡上网助手不是杀毒软件，不含病毒库

杀毒要用杀毒软件的

我知道，但卡卡当时杀掉了木马，开机后又出现了，问怎样才能彻底清除？（别说重装系统这种没技术含量的话）

不会看破卡卡的日志
弄SREng的！

扫日志前关闭无用进程，如QQ

到大的软件站，如天空，太平洋，下载2.5版的SReng（推荐）

地址http://www.skycn.com/soft/45002.html#download
SREng/智能扫描

等扫描完成,保存日志(LOG格式)
(如无法打开主程序，将主程序SRENGXX.exe改名为小狮子.bat)
日志以附件上传
贴到反病毒区或流行病毒区

C:\WINDOWS\ICPB.DLL
C:\WINDOWS\SYSTEM32\SYSWINDRV.DLL
听诊信息看起来还是有可疑项的，建议用杀毒软件全盘杀一次病毒。
如果有问题，按照反病毒版的置顶贴发日志上来再详细看吧。