瑞星卡卡安全论坛瑞星产品区卡卡上网安全助手[已关闭] 电脑被劫持了```长官们救我一下啊!!!

12   1  /  2  页   跳转

电脑被劫持了```长官们救我一下啊!!!

电脑被劫持了```长官们救我一下啊!!!

我电脑不知道中了什么毒.我一打开卡卡没事.....可是我一想用里边的功能他就自动关闭.
现在时不时会弹出一些个网页与广告.  用全屏看电影常常被弹出来.

我一直都支持国产啊```望能人异士们帮帮我.
先行谢过了."A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
最后编辑2007-07-25 21:05:51
分享到:
gototop
 

瑞星卡卡电脑诊断日志 v1.30 (2007-7-23 10:31:51)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      aspnet_state
        [A ] 1. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe


      Autodesk Licensing Service
        [A ] 2. c:\program files\common files\autodesk shared\service\adskscsrv.exe


      C-DillaCdaC11BA
        [AM] 3. c:\windows\system32\drivers\cdac11ba.exe


      gusvc
        [A ] 4. c:\program files\google\common\google updater\googleupdaterservice.exe


      IDriverT
        [A ] 5. c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe


      mysee2_Runtime
        [A ] 6. c:\program files\gaov\mysee2\runtime.dll


      NVSvc
        [AM] 7. c:\windows\system32\nvsvc32.exe


      ose
        [A ] 8. c:\program files\common files\microsoft shared\source engine\ose.exe


      P4P Service
        [AM] 9. c:\program files\common files\sogou pxp\p2psvr.exe


      RsCCenter
        [A ] 10. c:\program files\rising\rav\ccenter.exe


      RsRavMon
        [A ] 11. c:\program files\rising\rav\ravmond.exe


      SaveApplication
        [A ] 12. c:\windows\system32\pwcjqxe.exe


      TIWLAOCQES
        [AM] 13. c:\windows\system32\iqxdm.dll


      WMPNetworkSvc
        [A ] 14. c:\program files\windows media player\wmpnetwk.exe


      WudfSvc
        [A ] 15. c:\windows\system32\wudfsvc.dll




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      acpidisk
        [A ] 16. c:\windows\system32\drivers\acpidisk.sys


      BaseTDI
        [A ] 17. c:\windows\system32\drivers\basetdi.sys


      CdaC15BA
        [A ] 18. c:\windows\system32\drivers\cdac15ba.sys


      cue126eox
        [A ] 19. c:\windows\system32\drivers\cue126eox.sys


      ExpScaner
        [A ] 20. c:\program files\rising\rav\expscan.sys


      FETNDISB
        [A ] 21. c:\windows\system32\drivers\fetnd5b.sys


      FXDRV
        [A ] 22. h:\fxdrv.sys


      HookCont
        [A ] 23. c:\program files\rising\rav\hookcont.sys


      HookReg
        [A ] 24. c:\program files\rising\rav\hookreg.sys


      HookSys
        [A ] 25. c:\program files\rising\rav\hooksys.sys


      MEMSCAN
        [A ] 26. c:\program files\rising\rav\memscan.sys


      mxdispdr
        [A ] 27. c:\windows\system32\drivers\mxdispdr.sys


      npkcrypt
        [A ] 28. d:\program files\tencent\qq\npkcrypt.sys


      npkycryp
        [A ] 29. d:\program files\tencent\qq\npkycryp.sys


      nvatabus
        [A ] 30. c:\windows\system32\drivers\nvatabus.sys


      nvax
        [A ] 31. c:\windows\system32\drivers\nvax.sys


      NVENETFD
        [A ] 32. c:\windows\system32\drivers\nvenetfd.sys


      nvnetbus
        [A ] 33. c:\windows\system32\drivers\nvnetbus.sys


      nvnforce
        [A ] 34. c:\windows\system32\drivers\nvapu.sys


      qhp6n
        [A ] 35. c:\windows\system32\drivers\qhp6n.sys


      RsAntiSpyware
        [A ] 36. c:\windows\system32\drivers\rsboot.sys


      RsNTGDI
        [A ] 37. c:\windows\system32\drivers\rsntgdi.sys


      RSPPSYS
        [A ] 38. c:\program files\rising\rav\rsppsys.sys


      Secdrv
        [A ] 39. c:\windows\system32\drivers\secdrv.sys


      sptd
        [A ] 40. c:\windows\system32\drivers\sptd.sys


      WudfPf
        [A ] 41. c:\windows\system32\drivers\wudfpf.sys


      WudfRd
        [A ] 42. c:\windows\system32\drivers\wudfrd.sys


      ZSMC303
        [A ] 43. c:\windows\system32\drivers\usbvm303.sys

"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 


  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
        [A ] 44. c:\windows\system32\kakatool.dll


      {2318C2B1-4965-11d4-9B18-009027A5CD4F}
        [AM] 45. c:\program files\google\googletoolbar1.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {00000AAA-A363-466E-BEF5-9BB68697AA7F}
        [AM] 46. c:\program files\thunder network\webthunder\webthunderbho_now.dll


      {0005A87D-D626-4B3A-84F9-1D9571695F55}
        [AM] 47. c:\windows\system32\xunleibho_v11.dll


      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
        [AM] 48. c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll


      {11F09AFD-75AD-4E51-AB43-E09E9351CE16}
        [AM] 49. c:\program files\common files\cpush\cpush.dll


      {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
        [AM] 50. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll


      {AA58ED58-01DD-4d91-8333-CF10577473F7}
        [AM] 45. c:\program files\google\googletoolbar1.dll


      {DF0D85A7-EB15-4A7E-8A9B-989CEEEA7B13}
        [AM] 51. c:\windows\system32\lsyfmu.dll




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      application/octet-stream
        [A ] 52. c:\windows\system32\mscoree.dll


      application/x-complus
        [A ] 52. c:\windows\system32\mscoree.dll


      application/x-msdownload
        [A ] 52. c:\windows\system32\mscoree.dll


      text/xml
        [A ] 53. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll



    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      msnim
        [A ] 54. c:\program files\msn messenger\msgrapp.dll


      mso-offdap
        [A ] 55. c:\program files\common files\microsoft shared\web components\10\owc10.dll


      mso-offdap11
        [A ] 56. c:\program files\common files\microsoft shared\web components\11\owc11.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 57. c:\windows\system32\hticons.dll


      WinRAR shell extension
        [A ] 58. c:\program files\winrar\rarext.dll


      Web Folders
        [A ] 59. c:\program files\common files\microsoft shared\web folders\msonsext.dll


      Microsoft Office Outlook Desktop Icon Handler
        [A ] 60. c:\program files\microsoft office\office11\mlshext.dll


      Microsoft Office Outlook Custom Icon Handler
        [A ] 61. c:\program files\microsoft office\office11\olkfstub.dll


      Microsoft Office HTML Icon Handler
        [AM] 62. c:\program files\microsoft office\office11\msohev.dll


      Fusion Cache
        [A ] 52. c:\windows\system32\mscoree.dll


      NvCpl DesktopContext Class
        [AM] 63. c:\windows\system32\nvcpl.dll


      Play on my TV helper
        [AM] 63. c:\windows\system32\nvcpl.dll


      Desktop Explorer
        [AM] 64. c:\windows\system32\nvshell.dll


      Desktop Explorer Menu
        [AM] 64. c:\windows\system32\nvshell.dll


      nView Desktop Context Menu
        [AM] 64. c:\windows\system32\nvshell.dll


      RISING
        [AM] 65. c:\windows\system32\ravext.dll


      Portable Media Devices
        [A ] 66. c:\windows\system32\audiodev.dll


      Portable Devices
        [A ] 67. c:\windows\system32\wpdshext.dll


      Portable Devices Menu
        [A ] 67. c:\windows\system32\wpdshext.dll


      AutoCAD 数字签名图标覆盖处理程序
        [AM] 68. c:\windows\system32\acsignicon.dll


      Autodesk Drawing Preview
        [A ] 69. c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 65. c:\windows\system32\ravext.dll


      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 70. c:\windows\system32\shlhook.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
      WPDShServiceObj
        [AM] 71. c:\windows\system32\wpdshserviceobj.dll


"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 


  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      RavTask
        [A ] 72. c:\program files\rising\rav\ravtask.exe


      runeip
        [AM] 73. c:\program files\rising\kakatoolbar\runiep.exe


      BigDog303
        [AM] 74. c:\windows\vm303_sti.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 75. c:\program files\rising\kakatoolbar\runonce.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 76. c:\windows\system32\bsmain.exe

        [A ] 77. c:\windows\system32\kknative.exe




  + 映像劫持
    + HKCR\.exe
      exefile\启用/禁用数字签名图标\Command
        [A ] 78. c:\windows\system32\acsignopt.exe



    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\TencentTraveler\Command
        [A ] 80. c:\program files\tencent\tt\ttraveler.exe



    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\TencentTraveler\Command
        [A ] 80. c:\program files\tencent\tt\ttraveler.exe




  + 打印机监控
    + HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
      Microsoft Document Imaging Writer Monitor
        [AM] 81. c:\windows\system32\mdimon.dll





+ 正在运行的进程
  + 00000178(376) RavStub.exe
    00400000[00018000]
      [ M] 82. c:\program files\rising\rav\ravstub.exe


    10000000[0001B000]
      [ M] 83. c:\program files\rising\rav\rscommx.dll


    23700000[0001A000]
      [ M] 84. c:\program files\rising\rav\rscommon.dll



  + 00000308(776) CDAC11BA.EXE
    00400000[00012000]
      [AM] 3. c:\windows\system32\drivers\cdac11ba.exe



  + 00000354(852) nvsvc32.exe
    00400000[00027000]
      [AM] 7. c:\windows\system32\nvsvc32.exe



  + 0000035c(860) smss.exe

  + 000003a0(928) csrss.exe

  + 000003b8(952) winlogon.exe
    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv



  + 000003e4(996) services.exe
    47260000[0000F000]
      [ M] 86. c:\windows\apppatch\acadproc.dll



  + 000003f0(1008) lsass.exe

  + 00000488(1160) svchost.exe

  + 000004c4(1220) svchost.exe

  + 000004e8(1256) p2psvr.exe
    00400000[00016000]
      [AM] 9. c:\program files\common files\sogou pxp\p2psvr.exe


    10000000[00062000]
      [ M] 87. c:\program files\sogou pxp\vodsvr.dll


    65100000[00029000]
      [ M] 88. c:\program files\sogou pxp\pxpnet.dll


    00BC0000[00040000]
      [ M] 89. c:\program files\sogou pxp\p2pclient.dll



  + 0000052c(1324) svchost.exe

  + 000005b4(1460) svchost.exe

  + 000005bc(1468) svchost.exe

  + 00000624(1572) svchost.exe

  + 000006d4(1748) Ras.exe
    00400000[0013F000]
      [ M] 90. c:\program files\rising\kakatoolbar\ras.exe


    10000000[000A3000]
      [ M] 91. c:\program files\rising\kakatoolbar\rasgui.dll


    015E0000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    02880000[00019000]
      [ M] 93. c:\program files\rising\rav\ravscrch.dll


    73900000[0002D000]
      [ M] 94. c:\windows\system32\jpwb.ime



  + 0000075c(1884) spoolsv.exe
    00D60000[00008000]
      [AM] 81. c:\windows\system32\mdimon.dll


    00DF0000[00008000]
      [ M] 95. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll



  + 000007a4(1956) VM303_STI.EXE
    00400000[00013000]
      [AM] 74. c:\windows\vm303_sti.exe


    10000000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 0000080c(2060) svchost.exe
    00AA0000[00090000]
      [AM] 13. c:\windows\system32\iqxdm.dll



  + 00000b00(2816) alg.exe

  + 00000b2c(2860) Explorer.EXE
    62830000[00026000]
      [AM] 68. c:\windows\system32\acsignicon.dll


    10000000[0001B000]
      [AM] 65. c:\windows\system32\ravext.dll


    00DE0000[00011000]
      [AM] 70. c:\windows\system32\shlhook.dll


    00F30000[00014000]
      [ M] 96. c:\windows\system32\735q9kccj.dll


    60D00000[00039000]
      [ M] 97. c:\program files\common files\autodesk shared\acsigncore16.dll


    01D90000[0000C000]
      [AM] 48. c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll


    01DA0000[00106000]
      [AM] 51. c:\windows\system32\lsyfmu.dll


    025D0000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    164A0000[00023000]
      [AM] 71. c:\windows\system32\wpdshserviceobj.dll


    109C0000[0002C000]
      [ M] 98. c:\windows\system32\portabledevicetypes.dll


    10930000[00049000]
      [ M] 99. c:\windows\system32\portabledeviceapi.dll


    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv


    03620000[00721000]
      [AM] 63. c:\windows\system32\nvcpl.dll


    01410000[00036000]
      [ M] 100. c:\windows\system32\nvrszhc.dll


    01490000[00073000]
      [AM] 64. c:\windows\system32\nvshell.dll



  + 00000bf0(3056) runiep.exe
    00400000[00012000]
      [AM] 73. c:\program files\rising\kakatoolbar\runiep.exe


    00C00000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 00000c0c(3084) ctfmon.exe
    10000000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 00000c84(3204) iexplore.exe
    62830000[00026000]
      [AM] 68. c:\windows\system32\acsignicon.dll


    10000000[0037F000]
      [AM] 45. c:\program files\google\googletoolbar1.dll


    10930000[00049000]
      [ M] 99. c:\windows\system32\portabledeviceapi.dll


    01D70000[00019000]
      [AM] 46. c:\program files\thunder network\webthunder\webthunderbho_now.dll


    01DA0000[00015000]
      [AM] 47. c:\windows\system32\xunleibho_v11.dll


    01DC0000[0000C000]
      [AM] 48. c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll


    01DD0000[0002B000]
      [AM] 49. c:\program files\common files\cpush\cpush.dll


    02150000[0002B000]
      [AM] 50. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll


    02290000[00106000]
      [AM] 51. c:\windows\system32\lsyfmu.dll


    04400000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    325C0000[00012000]
      [AM] 62. c:\program files\microsoft office\office11\msohev.dll


    05120000[00019000]
      [ M] 93. c:\program files\rising\rav\ravscrch.dll


    73900000[0002D000]
      [ M] 94. c:\windows\system32\jpwb.ime


    30000000[002EF000]
      [ M] 101. c:\windows\system32\macromed\flash\flash9c.ocx


    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv


    090E0000[00035000]
      [ M] 102. c:\windows\system32\xpsp3res.dll



  + 00000e94(3732) GoogleToolbarNotifier.exe
    00400000[0002C000]
      [ M] 103. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe


    00F00000[00042000]
      [ M] 104. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\swg.dll


    01160000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    10000000[0000E000]
      [ M] 105. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\res_zh-tw.dll




"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 


  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      RavTask
        [A ] 72. c:\program files\rising\rav\ravtask.exe


      runeip
        [AM] 73. c:\program files\rising\kakatoolbar\runiep.exe


      BigDog303
        [AM] 74. c:\windows\vm303_sti.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 75. c:\program files\rising\kakatoolbar\runonce.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 76. c:\windows\system32\bsmain.exe

        [A ] 77. c:\windows\system32\kknative.exe




  + 映像劫持
    + HKCR\.exe
      exefile\启用/禁用数字签名图标\Command
        [A ] 78. c:\windows\system32\acsignopt.exe



    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\TencentTraveler\Command
        [A ] 80. c:\program files\tencent\tt\ttraveler.exe



    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\Print\Command
        [A ] 79. c:\program files\microsoft office\office11\msohtmed.exe


      htmlfile\TencentTraveler\Command
        [A ] 80. c:\program files\tencent\tt\ttraveler.exe




  + 打印机监控
    + HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
      Microsoft Document Imaging Writer Monitor
        [AM] 81. c:\windows\system32\mdimon.dll





+ 正在运行的进程
  + 00000178(376) RavStub.exe
    00400000[00018000]
      [ M] 82. c:\program files\rising\rav\ravstub.exe


    10000000[0001B000]
      [ M] 83. c:\program files\rising\rav\rscommx.dll


    23700000[0001A000]
      [ M] 84. c:\program files\rising\rav\rscommon.dll



  + 00000308(776) CDAC11BA.EXE
    00400000[00012000]
      [AM] 3. c:\windows\system32\drivers\cdac11ba.exe



  + 00000354(852) nvsvc32.exe
    00400000[00027000]
      [AM] 7. c:\windows\system32\nvsvc32.exe



  + 0000035c(860) smss.exe

  + 000003a0(928) csrss.exe

  + 000003b8(952) winlogon.exe
    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv



  + 000003e4(996) services.exe
    47260000[0000F000]
      [ M] 86. c:\windows\apppatch\acadproc.dll



  + 000003f0(1008) lsass.exe

  + 00000488(1160) svchost.exe

  + 000004c4(1220) svchost.exe

  + 000004e8(1256) p2psvr.exe
    00400000[00016000]
      [AM] 9. c:\program files\common files\sogou pxp\p2psvr.exe


    10000000[00062000]
      [ M] 87. c:\program files\sogou pxp\vodsvr.dll


    65100000[00029000]
      [ M] 88. c:\program files\sogou pxp\pxpnet.dll


    00BC0000[00040000]
      [ M] 89. c:\program files\sogou pxp\p2pclient.dll



  + 0000052c(1324) svchost.exe

  + 000005b4(1460) svchost.exe

  + 000005bc(1468) svchost.exe

  + 00000624(1572) svchost.exe

  + 000006d4(1748) Ras.exe
    00400000[0013F000]
      [ M] 90. c:\program files\rising\kakatoolbar\ras.exe


    10000000[000A3000]
      [ M] 91. c:\program files\rising\kakatoolbar\rasgui.dll


    015E0000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    02880000[00019000]
      [ M] 93. c:\program files\rising\rav\ravscrch.dll


    73900000[0002D000]
      [ M] 94. c:\windows\system32\jpwb.ime



  + 0000075c(1884) spoolsv.exe
    00D60000[00008000]
      [AM] 81. c:\windows\system32\mdimon.dll


    00DF0000[00008000]
      [ M] 95. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll



  + 000007a4(1956) VM303_STI.EXE
    00400000[00013000]
      [AM] 74. c:\windows\vm303_sti.exe


    10000000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 0000080c(2060) svchost.exe
    00AA0000[00090000]
      [AM] 13. c:\windows\system32\iqxdm.dll



  + 00000b00(2816) alg.exe

  + 00000b2c(2860) Explorer.EXE
    62830000[00026000]
      [AM] 68. c:\windows\system32\acsignicon.dll


    10000000[0001B000]
      [AM] 65. c:\windows\system32\ravext.dll


    00DE0000[00011000]
      [AM] 70. c:\windows\system32\shlhook.dll


    00F30000[00014000]
      [ M] 96. c:\windows\system32\735q9kccj.dll


    60D00000[00039000]
      [ M] 97. c:\program files\common files\autodesk shared\acsigncore16.dll


    01D90000[0000C000]
      [AM] 48. c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll


    01DA0000[00106000]
      [AM] 51. c:\windows\system32\lsyfmu.dll


    025D0000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    164A0000[00023000]
      [AM] 71. c:\windows\system32\wpdshserviceobj.dll


    109C0000[0002C000]
      [ M] 98. c:\windows\system32\portabledevicetypes.dll


    10930000[00049000]
      [ M] 99. c:\windows\system32\portabledeviceapi.dll


    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv


    03620000[00721000]
      [AM] 63. c:\windows\system32\nvcpl.dll


    01410000[00036000]
      [ M] 100. c:\windows\system32\nvrszhc.dll


    01490000[00073000]
      [AM] 64. c:\windows\system32\nvshell.dll



  + 00000bf0(3056) runiep.exe
    00400000[00012000]
      [AM] 73. c:\program files\rising\kakatoolbar\runiep.exe


    00C00000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 00000c0c(3084) ctfmon.exe
    10000000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll



  + 00000c84(3204) iexplore.exe
    62830000[00026000]
      [AM] 68. c:\windows\system32\acsignicon.dll


    10000000[0037F000]
      [AM] 45. c:\program files\google\googletoolbar1.dll


    10930000[00049000]
      [ M] 99. c:\windows\system32\portabledeviceapi.dll


    01D70000[00019000]
      [AM] 46. c:\program files\thunder network\webthunder\webthunderbho_now.dll


    01DA0000[00015000]
      [AM] 47. c:\windows\system32\xunleibho_v11.dll


    01DC0000[0000C000]
      [AM] 48. c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll


    01DD0000[0002B000]
      [AM] 49. c:\program files\common files\cpush\cpush.dll


    02150000[0002B000]
      [AM] 50. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll


    02290000[00106000]
      [AM] 51. c:\windows\system32\lsyfmu.dll


    04400000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    325C0000[00012000]
      [AM] 62. c:\program files\microsoft office\office11\msohev.dll


    05120000[00019000]
      [ M] 93. c:\program files\rising\rav\ravscrch.dll


    73900000[0002D000]
      [ M] 94. c:\windows\system32\jpwb.ime


    30000000[002EF000]
      [ M] 101. c:\windows\system32\macromed\flash\flash9c.ocx


    72C80000[00008000]
      [ M] 85. c:\windows\system32\msacm32.drv


    090E0000[00035000]
      [ M] 102. c:\windows\system32\xpsp3res.dll



  + 00000e94(3732) GoogleToolbarNotifier.exe
    00400000[0002C000]
      [ M] 103. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe


    00F00000[00042000]
      [ M] 104. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\swg.dll


    01160000[0001B000]
      [ M] 92. c:\program files\rising\kakatoolbar\ieprot.dll


    10000000[0000E000]
      [ M] 105. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\res_zh-tw.dll




"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 

报歉,我对卡卡日志不太熟悉。

请楼主参考这个帖子,找出可疑项,并把可疑项前面的勾去掉(禁止)。

http://forum.ikaka.com/topic.asp?board=203&artid=8339804

目前搜索到的可疑插件有:

{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
[AM] 49. c:\program files\common files\cpush\cpush.dll


{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
[AM] 50. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll

{DF0D85A7-EB15-4A7E-8A9B-989CEEEA7B13}
[AM] 51. c:\windows\system32\lsyfmu.dll

+ 映像劫持
+ HKCR\.exe
exefile\启用/禁用数字签名图标\Command
[A ] 78. c:\windows\system32\acsignopt.exe

+ 00000308(776) CDAC11BA.EXE
00400000[00012000]
[AM] 3. c:\windows\system32\drivers\cdac11ba.exe
 
(MacroVision safeCast反复制保护软件)

00F30000[00014000]
[ M] 96. c:\windows\system32\735q9kccj.dll

02290000[00106000]
[AM] 51. c:\windows\system32\lsyfmu.dll
  (不确定)

有些不确定的,请楼主等待高手确认,或者参考上面的链接,判断所列出的程序有没有公司和有没有描述。"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 

c:\windows\system32\lsyfmu.dll
c:\windows\system32\hticons.dll
c:\windows\system32\735q9kccj.dll


以上文件压缩发送到http://up.rising.com.cn/webmail/uploadnew.htm
使用卡卡助手清理系统,并升级瑞星到最新版本,安全模式全盘杀毒"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 

谢谢啊```我这就试试``!!"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 

c:\windows\system32\735q9kccj.dll
无法复制和压缩"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 

c:\windows\system32\735q9kccj.dll
一直在使用状态中压缩不了"A.ûekp’@bbs.ikaka.com“µ¡Ýí<€Â¾)
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT