l8zm.exe和ras.exe，开机查看任务管理器发现l8zm.exe程序运行。占用5MB内存，怀疑，用卡卡助手和 Ice Sword 查看进程，发现系统中这两个运行的程序模块几乎一样，唯一区别就是一个是l8zm.exe，x：\Program Files\Rising\AntiSpyware\l8zm.exe,一个是ras.exe，x：\Program Files\Rising\AntiSpyware\ras.exe,结束l8zm.exe进程，卡卡助手也会同时结束进程，就像孪身兄弟，l8zm.exe文件在系统分区\window\system32\下，且无法删除，刷新后重现，疑是病毒，请回复，静候中！！

HijackThis1.99.1
扫描日志上来
中文版：
http://free5.ys168.com/?ufwihgu168

[Ras.exe]
PID = 0x384
CommandLine = "G:\kill\Rising\AntiSpyware\Ras.exe"
Ras.exe
0x400000
G:\kill\Rising\AntiSpyware\Ras.exe
1, 0, 0, 41
Beijing Rising Technology Co., Ltd.
Ras Microsoft 基础类应用程序
2006-11-17 16:25:02

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2004-08-04 08:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2004-08-04 08:52:14

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\SHLWAPI.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Shell Light-weight Utility Library
2004-08-04 08:52:24

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2004-08-04 08:52:20

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
GDI Client DLL
2004-08-04 08:52:12

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP USER API Client DLL
2004-08-04 08:52:26

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2004-08-04 08:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2004-08-04 08:52:24

WININET.dll
0x76680000
C:\WINDOWS\system32\WININET.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Internet Extensions for Win32
2004-08-04 08:52:28

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Crypto API32
2004-08-04 08:52:08

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
ASN.1 Runtime APIs
2004-08-04 08:52:16

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
Microsoft Corporation

2004-08-04 08:52:22

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft OLE for Windows
2004-08-04 08:52:22

MFC42.DLL
0x73d30000
C:\WINDOWS\system32\mfc42.dll
6.02.4131.0
Microsoft Corporation
MFCDLL Shared Library - Retail Version
2004-08-04 08:52:16

comdlg32.dll
0x76320000
C:\WINDOWS\system32\comdlg32.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Dialogs DLL
2004-08-04 08:52:08

COMCTL32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Controls Library
2004-08-04 08:52:08

SHELL32.dll
0x4d0000
C:\WINDOWS\system32\shell32.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Shell Common Dll
2004-08-04 08:52:24

WSOCK32.dll
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 32-Bit DLL
2004-08-04 08:52:28

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2004-08-04 08:52:28

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2004-08-04 08:52:28

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Net Win32 API DLL
2004-08-04 08:52:20

iphlpapi.dll
0x76d30000
C:\WINDOWS\system32\iphlpapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
IP Helper API
2004-08-04 08:52:14

MSVCIRT.dll
0x370000
C:\WINDOWS\system32\msvcirt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT IOStreams DLL
2004-08-04 08:52:20

VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Version Checking and File Installation Libraries
2004-08-04 08:52:26

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP IMM32 API Client DLL
2004-08-04 08:52:12

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2004-08-04 08:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2004-08-04 08:52:26

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
6.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
User Experience Controls Library
2004-08-04 08:50:56

MFC42LOC.DLL
0x61be0000
C:\WINDOWS\system32\mfc42loc.dll
6.00.8665.0
Microsoft Corporation
MFC Language Specific Resources
2004-06-06 14:13:30

UxTheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft UxTheme Library
2006-11-14 20:33:08

l8vm.sys
0x2750000
C:\WINDOWS\system32\drivers\l8vm.sys



2004-08-04 08:52:26

d0re1.dll
0x2ba0000
C:\WINDOWS\system32\d0re1.dll



2004-08-04 08:52:26

RasGui.dll
0x10000000
G:\kill\Rising\AntiSpyware\RasGUI.dll
1, 0, 0, 15
Beijing Rising Technology Co., Ltd.
RasGUI
2006-11-15 22:33:45

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Text Frame Work Service IME
2004-08-04 08:51:20

advapi.dll
0x3270000
C:\WINDOWS\system32\advapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2004-08-04 08:52:06

DNSAPI.dll
0x76ef0000
C:\WINDOWS\system32\dnsapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
DNS Client API DLL
2004-08-04 08:52:10

rasadhlp.dll
0x76f90000
C:\WINDOWS\system32\rasadhlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Access AutoDial Helper
2004-08-04 08:52:22

CLBCATQ.DLL
0x76fa0000
C:\WINDOWS\system32\clbcatq.dll
2001.12.4414.258
Microsoft Corporation

2004-08-04 08:52:08

COMRes.dll
0x77020000
C:\WINDOWS\system32\comres.dll
2001.12.4414.258
Microsoft Corporation

2004-08-04 08:52:08

shdocvw.dll
0x3490000
C:\WINDOWS\system32\SHDOCVW.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Shell Doc Object and Control Library
2004-08-04 08:52:24

CRYPTUI.dll
0x75430000
C:\WINDOWS\system32\cryptui.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Trust UI Provider
2004-08-04 08:52:08

WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Trust Verification APIs
2004-08-04 08:52:28

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Image Helper
2004-08-04 08:52:12

WLDAP32.dll
0x76f30000
C:\WINDOWS\system32\wldap32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Win32 LDAP API DLL
2004-08-04 08:52:28

Secur32.dll
0x39c0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Security Support Provider Interface
2004-08-04 08:52:24

urlmon.dll
0x75c60000
C:\WINDOWS\system32\URLMON.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
OLE32 Extensions for Win32
2004-08-04 08:52:26

SXS.DLL
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Fusion 2.5
2004-08-04 08:52:26

shdoclc.dll
0x20000000
C:\WINDOWS\system32\shdoclc.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Shell Doc Object and Control Library
2004-08-04 08:51:40

xpsp2res.dll
0x41a0000
C:\WINDOWS\system32\xpsp2res.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Service Pack 2 Messages
2004-08-04 08:51:48

mlang.dll
0x74cf0000
C:\WINDOWS\system32\mlang.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Multi Language Support DLL
2004-08-04 08:52:16

mswsock.dll
0x719c0000
C:\WINDOWS\system32\mswsock.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Windows Sockets 2.0 Service Provider
2004-08-04 08:52:20

hnetcfg.dll
0x60fd0000
C:\WINDOWS\system32\hnetcfg.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Home Networking Configuration Manager
2004-08-04 08:52:12

wshtcpip.dll
0x71a00000
C:\WINDOWS\system32\wshtcpip.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Sockets Helper DLL
2004-08-04 08:52:28

Mshtml.dll
0x7cc80000
C:\WINDOWS\system32\MSHTML.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft (R) HTML Viewer
2004-08-04 08:52:18

msls31.dll
0x74620000
C:\WINDOWS\system32\msls31.dll
3.10.349.0
Microsoft Corporation
Microsoft Line Services library file
2004-06-06 14:13:38

msimtf.dll
0x74650000
C:\WINDOWS\system32\MSIMTF.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Active IMM Server DLL
2004-08-04 08:52:18

MSCTF.dll
0x74680000
C:\WINDOWS\system32\MSCTF.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
MSCTF Server DLL
2004-08-04 08:52:16

SETUPAPI.dll
0x76060000
C:\WINDOWS\system32\setupapi.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Setup API
2004-08-04 08:52:24

appHelp.dll
0x76d70000
C:\WINDOWS\system32\apphelp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Application Compatibility Client Library
2004-08-04 08:52:06

engine.dll
0x40d0000
G:\kill\Rising\AntiSpyware\engine.dll
19, 0, 0, 17
Beijing Rising Technology Co., Ltd.
kaka engine
2006-11-20 13:30:51

zip.dll
0x4100000
G:\kill\Rising\AntiSpyware\Zip.dll
13, 0, 0, 1
rising
zip
2006-11-15 22:33:46

[l8zm.exe]
PID = 0x70c
CommandLine = "G:\kill\Rising\AntiSpyware\Ras.exe"
l8zm.exe
0x1000000
C:\WINDOWS\system32\l8zm.exe
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Run a DLL as an App
2004-08-04 08:52:38

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
NT Layer DLL
2004-08-04 08:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT BASE API Client DLL
2004-08-04 08:52:14

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT CRT DLL
2004-08-04 08:52:20

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
GDI Client DLL
2004-08-04 08:52:12

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP USER API Client DLL
2004-08-04 08:52:26

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows NT Image Helper
2004-08-04 08:52:12

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows XP IMM32 API Client DLL
2004-08-04 08:52:12

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Advanced Windows 32 Base API
2004-08-04 08:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Remote Procedure Call Runtime
2004-08-04 08:52:24

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Language Pack
2004-08-04 08:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Uniscribe Unicode script processor
2004-08-04 08:52:26

l8vm.sys
0x8e0000
C:\WINDOWS\system32\drivers\l8vm.sys



2004-08-04 08:52:26

WSOCK32.DLL
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 32-Bit DLL
2004-08-04 08:52:28

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 32-Bit DLL
2004-08-04 08:52:28

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Socket 2.0 Helper for Windows NT
2004-08-04 08:52:28

SHELL32.DLL
0x1010000
C:\WINDOWS\system32\shell32.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Windows Shell Common Dll
2004-08-04 08:52:24

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\SHLWAPI.DLL
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Shell Light-weight Utility Library
2004-08-04 08:52:24

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
6.0 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
User Experience Controls Library
2004-08-04 08:50:56

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Common Controls Library
2004-08-04 08:52:08

UxTheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft UxTheme Library
2006-11-14 20:33:08

d0re1.dll
0xdb0000
C:\WINDOWS\system32\d0re1.dll



2004-08-04 08:52:26

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft Text Frame Work Service IME
2004-08-04 08:51:20

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Microsoft Corporation
Microsoft OLE for Windows
2004-08-04 08:52:22

我不会贴图上来,抱歉,上面是l8zm.exe和ras.exe两个程序的进程信息,希望大虾给予帮助啊!!

l8zm.exe 的进程如图