瑞星卡卡电脑诊断日志 v1.30 (2008-4-21 1:17:56)  北京瑞星科技股份有限公司

注释:    [A]表示该文件存在自启动关联;
    [M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      Adobe LM Service
        [A ] 1. c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
          Adobe Systems
          System Level Service Utility
          .text,.rdata,.data,.rsrc,


      BoBoTurbo
        [AM] 2. c:\windows\system32\boboturbo\boboturbo.exe
          广州易播信息科技有限公司
          BoBo P2P多媒体网络点播/广播/直播系统 加速器
          .text,.rdata,.data,.rsrc,


      NVSvc
        [AM] 3. c:\windows\system32\nvsvc32.exe
          NVIDIA Corporation
          NVIDIA Driver Helper Service, Version 94.24
          .text,.rdata,.data,.rsrc,


      ose
        [A ] 4. c:\program files\common files\microsoft shared\source engine\ose.exe
          Microsoft Corporation
          Office Source Engine
          .text,.data,.rsrc,


      PnpWMmng
        [AM] 5. d:\完美卸载v2008\pnpwmmng.exe
          完美卸载
          完美卸载防毒服务
          .text,.rdata,.data,.rsrc,


      RfwProxySrv
        [AM] 6. d:\rising\rising\rfw\rfwproxy.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal Proxy Service
          .text,.rdata,.data,.rsrc,


      RfwService
        [AM] 7. d:\rising\rising\rfw\rfwsrv.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal FireWall Service
          .text,.rdata,.data,.rsrc,


      RsCCenter
        [AM] 8. d:\rising\rav\ccenter.exe
          Beijing Rising Technology Co., Ltd.
          CCenter
          .text,.rdata,.data,.rsrc,


      RsRavMon
        [AM] 9. d:\rising\rav\ravmond.exe
          Beijing Rising Technology Co., Ltd.
          Rising Realtime Moniter
          .text,.rdata,.data,.rsrc,




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      dtscsi
        [A ] 10. c:\windows\system32\drivers\dtscsi.sys


      EagleNT
        [A ] 11. c:\windows\system32\drivers\eaglent.sys


      ft2kEnum
        [A ] 12. c:\windows\system32\drivers\ic2kenum.sys
          OEM Corporation
          ic2k Bus Enumerator
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,


      GDBaseSmc
        [A ] 13. c:\windows\system32\drivers\chip_smc.sys
          OEM
          This is used by SRC 2000 Readers
          page,.text,init,.rdata,.data,INIT,.rsrc,.reloc,


      HDAudBus
        [A ] 14. c:\windows\system32\drivers\hdaudbus.sys
          Windows (R) Server 2003 DDK provider
          High Definition Audio Bus Driver v1.0a
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,


      HookCont
        [A ] 15. c:\windows\system32\drivers\hookcont.sys
          Beijing Rising Technology Co., Ltd
          HookCont
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookNtos
        [A ] 16. c:\windows\system32\drivers\hookntos.sys
          Beijing Rising Technology Co., Ltd
          HookNtos
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookReg
        [A ] 17. c:\windows\system32\drivers\hookreg.sys
          Beijing Rising Technology Co., Ltd
          HookReg
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookSys
        [A ] 18. c:\windows\system32\drivers\hooksys.sys
          Beijing Rising Technology Co., Ltd
          Hooksys
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookUrl
        [A ] 19. d:\rising\rising\rfw\hookurl.sys
          Beijing Rising Technology Co., Ltd.
          URL Filter Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      IntcAzAudAddService
        [A ] 20. c:\windows\system32\drivers\rtkhdaud.sys
          Realtek Semiconductor Corp.
          Realtek(r) High Definition Audio Function Driver
          .text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,


      JGOGO
        [A ] 21. c:\windows\system32\drivers\jgogo.sys
          JMicron
          SCSI Port upper filter driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      JRAID
        [A ] 22. c:\windows\system32\drivers\jraid.sys
          JMicron Technology Corp.
          JMicron JR036X RAID Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      KAVBootC
        [A ] 23. c:\windows\system32\drivers\kavbootc.sys
          Kingsoft Corporation
          Kingsoft Boot Clean
          .text,.data,.CRT,INIT,.rsrc,.reloc,


      PnpWmkDrv
        [A ] 24. c:\windows\system32\drivers\pnpwmkdrv.sys
          Windows (R) 2000 DDK provider
          完美卸载 Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      Reader_Device
        [A ] 25. c:\windows\system32\drivers\usbic2k.sys
          OEM
          This is used by SRC 2000 Readers
          page,.text,init,.rdata,.data,INIT,.rsrc,.reloc,


      RfwBase
        [A ] 26. c:\windows\system32\drivers\rfwbase.sys
          Beijing Rising Technology Co., Ltd.
          net base driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      RsAntiSpyware
        [A ] 27. c:\windows\system32\drivers\rsboot.sys
          Beijing Rising Technology Co., Ltd.
          Anti-RootKit Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      RsFwDrv
        [A ] 28. d:\rising\rising\rfw\rsfwdrv.sys
          Beijing Rising Technology Co., Ltd.
          Rules Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      RsNTGDI
        [A ] 29. c:\windows\system32\drivers\rsntgdi.sys
          Beijing Rising Technology Co., Ltd.
          RsNTGDI
          .text,.rdata,INIT,.rsrc,.reloc,


      RTLE8023xp
        [A ] 30. c:\windows\system32\drivers\rtenicxp.sys
          Realtek Semiconductor Corporation                         
          Realtek 10/100/1000 NDIS 5.1 Driver                       
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,


      Secdrv
        [A ] 31. c:\windows\system32\drivers\secdrv.sys
          Macrovi

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.5))

重装系统后进17173找游戏玩...结果瑞星报有木马....


Hack.Exploit.Script.JS.RealPlayer.e    直接跳过网页中的脚本    2008-4-18 1:08    网页监控    C:\Program Files\Internet Explorer\iexplore.exe     C:\DOCUME~1\lazyfree\LOCALS~1\Temp\292846217376.tmp

Hack.Exploit.Script.JS.RealPlayer.e    直接跳过网页中的脚本    2008-4-18 1:08    网页监控    C:\Program Files\Internet Explorer\iexplore.exe     C:\DOCUME~1\lazyfree\LOCALS~1\Temp\292846217376.tmp

Hack.Exploit.Script.JS.RealPlayer.e    直接跳过网页中的脚本    2008-4-18 11:48    网页监控    C:\Program Files\Internet Explorer\IEXPLORE.EXE -Embedding    C:\DOCUME~1\lazyfree\LOCALS~1\Temp\156042617112.tmp

Hack.Exploit.Script.VBS.Realplayer.a    直接跳过网页中的脚本    2008-4-20 3:18    网页监控    C:\Program Files\Internet Explorer\iexplore.exe     C:\DOCUME~1\lazyfree\LOCALS~1\Temp\250849101040.tmp

Trojan.DL.Win32.Direct.me    删除成功    2008-4-20 3:18    文件监控        C:\U.exe>>nspack>>IFTDLL

请帮帮我吧~~!!谢谢!!!

这份卡卡日志也不全啊，换sreng日志来

[CODE]

2008-04-21,14:18:55

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <ABIT uGuruIII><C:\Program Files\ABIT\uGuru\uGuru.exe>  [ABIT Computer Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"D:\Rising\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <runeip><"D:\Rising\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"d:\Storm Codec\StormSet.exe" /S /opti>  []
    <DAEMON Tools><"d:\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Rising\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><ieprot.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\lazyfree\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[BoBoTurbo / BoBoTurbo][Running/Auto Start]
  <C:\WINDOWS\system32\boboturbo\boboturbo.exe><广州易播信息科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <D:\Rising\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <D:\Rising\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Rising\Rav\CCen

斑竹...这样行吗????

我好象是中毒了

日志没看出什么异常，不知道你的感觉从何而来，有什么异常现象吗