偶的电脑中木马呢(高手下的套)偶跪求大侠帮助谢谢!
    偶的电脑中木马呢!工作QQ被盗!用呢木马克星和瑞星也没摆平~偶是菜鸟都急哭呢!木马克星提示:电脑有灰鸽子木马请进入安全模式杀毒~偶照办但还是没杀到灰鸽子,连路径都没有~可能灰鸽子加呢壳没有工做,木马克星查不出躲在那里!还有这些可疑的文件偶看不懂不知是不是木马:(New.sys)(这是木马克星查出来的,但是偶到那个路径就是找不到这文件,用搜索也没找到急的不知咋办C:\WINNT\system32\wodfamoh.dll 怀疑为木马.)
    偶用卡卡安全助手日志扫描请大侠帮偶分辨下偶电脑有没事!在此谢谢大侠们帮忙!
Logfile of Kaka v2. 0. 0. 6 Scan Module v2. 0. 0. 1
Scan saved at 10:47:07, on 2006-01-18
Platform: Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
MSIE: Internet Explorer v6.00 SP1;Q823353;Q867801;Q903235;Q832894;Q833989; (6.00.2800.1106)


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINNT\system32\services.exe

[lsass.exe]
CommandLine = C:\WINNT\system32\lsass.exe

[CCENTER.EXE]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\RISING\RAV\CCENTER.EXE"

[Ravmond.exe]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\rfwsrv.exe"

[svchost.exe]
CommandLine = C:\WINNT\system32\svchost -k rpcss

[svchost.exe]
CommandLine = C:\WINNT\System32\svchost.exe -k netsvcs

[WinMgmt.exe]
CommandLine = C:\WINNT\System32\WBEM\WinMgmt.exe

[RavStub.exe]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavStub.exe" /RAVMOND

[Explorer.EXE]
CommandLine = C:\WINNT\Explorer.EXE

[RfwMain.exe]
CommandLine =  -StartUp

[RavTask.exe]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\RISING\RAV\RAVTASK.EXE" -SYSTEM

[Ravmon.exe]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmon.exe" -SYSTEM

[internat.exe]
CommandLine = "C:\WINNT\system32\internat.exe"

[Iparmor.exe]
CommandLine = "D:\系统部门\杀木马部门\木马克星\Iparmor\Iparmor.exe"

[NOTEPAD.EXE]
CommandLine = C:\WINNT\system32\NOTEPAD.EXE D:\综合部门\下载部门\文件档案\综合网址.idn

[HNMainUI.exe]
CommandLine = "C:\Program Files\HelloNet\HNMainUI.exe"

[IEXPLORE.EXE]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[KkScan.exe]
CommandLine = "D:\系统部门\瑞星2005单机 完全安装版\Rising\KakaToolBar\KkScan.exe"

R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINNT\system32\KakaTool.dll
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RavTask] "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RavMon] D:\系统部门\瑞星20~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [iparmor] D:\系统部门\杀木马部门\木马克星\Iparmor\Iparmor.exe mini
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://mv.cttfz.com/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{70C1E18C-810A-419D-B13F-5C2F2D9AAC07}: NameServer = 222.47.29.118 211.98.4.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx
O20 - Winlogon Notify: wzcnotif
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe /com
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\系统部门\瑞星2005单机 完全安装版\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmond.exe"

万分感谢sanadayukimura  谢谢大侠帮偶分辨下!
2006-01-18,12:20:53

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavMon><D:\系统部门\瑞星20~1\RISING\RAV\RAVMON.EXE -SYSTEM>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"D:\系统部门\瑞星2005单机 完全安装版\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <iparmor><D:\系统部门\杀木马部门\木马克星\Iparmor\Iparmor.exe mini>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido security suite guard / ewido security suite guard]
  <><N/A>
[Rising Personal Firewall Service / RfwService]
  <d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <D:\系统部门\瑞星2005单机 完全安装版\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>


浏览器加载项
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINNT\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>

万分感谢sanadayukimura 谢谢大侠帮偶分辨下!

正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 160][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6970>
[PID: 212][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 224][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 384][D:\系统部门\瑞星2005单机 完全安装版\RISING\RAV\CCENTER.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 400][D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 7>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 4>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ExtMail.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\ScanElf.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 416][d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 29>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 11>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 19>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\ProcLib.dll]  <Beijing Rising

万分感谢sanadayukimura 谢谢大侠帮偶分辨下!

Technology Co., Ltd.><4, 0, 0, 9>
[PID: 516][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 576][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 604][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 668][D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 852][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [D:\系统部门\WinRAR 3.51 简体中文版\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  <Adobe Systems, Incorporated><7.0>
[PID: 888][d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 45>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\系统部门\瑞星2005单机 完全安装版\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 980][D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 996][D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 10>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1008][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 112][D:\系统部门\杀木马部门\木马克星\Iparmor\Iparmor.exe]  <N/A><N/A>
    [D:\系统部门\杀木马部门\木马克星\Iparmor\getportlistxp.dll]  <><1, 0, 0, 1>
    [D:\系统部门\杀木马部门\木马克星\Iparmor\socketinit.dll]  <N/A><N/A>
    [D:\系统部门\杀木马部门\木马克星\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1060][C:\WINNT\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.00.2140.1>
[PID: 716][C:\Program Files\HelloNet\HNMainUI.exe]  <N/A><2, 0, 0, 0>
    [C:\Program Files\HelloNet\HNUtils.dll]  <HelloNet><2.0.0.0>
    [C:\Program Files\HelloNet\HNKernel.dll]  <HelloNet><2.0.0.0>
    [C:\Program Files\HelloNet\plugins\Diagnose.dll]  <N/A><1.0.0.2>
[PID: 484][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\KakaTool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 6>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [D:\系统部门\瑞星2005单机 完全安装版\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1152][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 1192][D:\系统部门\系统工具\智能扫描\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

万分感谢sanadayukimura 谢谢大侠帮偶分辨下!

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


Winsock 提供者

face12]

木马克星又杀到一个(D:\Temp3721TRQua\hook.dll.malicious 发现木马:tro2005-10-12-lexplore,14336
D:\Temp3721TRQua\hook.dll.malicious木马已经清除.)

偶的电脑成呢木马贼窝呢~哭555555555哭~

请大侠们诊断医治偶的电脑~偶万分感谢!

对不起大侠们~偶跑去聊天呢~偶认真看呢~马上把压缩(New.sys)的解压用http://virusscan.jotti.org/扫描,也扫描呢(wodfamoh.dll)用http://www.virustotal.com/这个扫描后复制不下来!
-------------------------------------------------

Service load:  0%        100% 

File:  New.sys 
Status:  POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) 
MD5  79b0dd5f393c132f7a84b7dbf85a9f40 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found PossibleThreat 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing
 
-------------------------------------------------------------
Service load:  0%        100% 

File:  wodfamoh.dll 
Status:  MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) 
MD5  f6a32c18862c55630eaf35111782fbea 
Packers detected:  ASPACK
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VBA32  Found nothing

用http://www.virustotal.com/这个扫描后












不知道wodfamoh.dll和New.sys木马还有没有同党

大侠在吗~请帮帮忙吗~大侠一出马~木马全S关!~偶要紧跟大侠,天天跟着大侠奋~学大侠那招天下第一剑~剑荡秋风扫落叶~木马就成呢全落马!~魔法学徒大侠和sanadayukimura米女大侠收偶做徒弟把偶跟着你们奋!