今天早上下传奇外挂.下下来以后.查毒.报毒.杀了.
然后安装..安装过后.他就关掉我的瑞星监控.我机子才重新装过不久.我开网页不到两个.就报虚拟内存不足.杀毒,杀毒软件.半个小时才查了三个文件..在安全模式下.杀毒.又没得问题.

Logfile of HijackThis v1.99.1
Scan saved at 13:10:23, on 2006-2-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwproxy.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\dll.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rising\Rav\Smartup.exe
C:\DOCUME~1\aaa\LOCALS~1\Temp\hijackthis.zip 的临时目录 1\HijackThis.exe

O1 - Hosts: 202.103.67.180 auto.search.msn.com
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - F:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - F:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq\SendMMS.htm
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising T

不言放弃..
1、结束病毒进程dll.exe和系统进程spoolsv.exe（被病毒插入）。
这个要如果操作???

我的机子.根本不能上.反映太慢了.而且他老说虚拟内存不够..我只有在网吧上.等结果了.

好难弄哦.俺都想哭了...俺都想把机子砸了.

晓得在那里关了..高兴..但是.不言放弃
http://forum.ikaka.com/topic.asp?board=28&artid=7133966

这是个后门。卡巴斯基命名为Backdoor.Win32.PcClient.ck。

查杀过程：

1、结束病毒进程dll.exe和系统进程spoolsv.exe（被病毒插入）。

2、删除下列文件：

C:\windows\system32\00007981.dll
C:\Documents and Settings\当前用户名\Local Settings\Temp\151.tmp
C:\Documents and Settings\当前用户名\Local Settings\Temp\152.tmp
C:\Documents and Settings\当前用户名\Local Settings\Temp\153.tmp
我找过这些文件夹.找不到这些文件.咋办?

加我QQ行不??12740342

还是没有找到:\windows\system32\00007981.dll
C:\Documents and Settings\当前用户名\Local Settings\Temp\151.tmp
C:\Documents and Settings\当前用户名\Local Settings\Temp\152.tmp
C:\Documents and Settings\当前用户名\Local Settings\Temp\153.

PIDCPUDescriptionCompany Name
093.94
n/aHardware Interrupts
n/aDeferred Procedure Calls
4
  456Windows NT Session ManagerMicrosoft Corporation
  5241.52Client Server Runtime ProcessMicrosoft Corporation
  548Windows NT Logon ApplicationMicrosoft Corporation
    5921.52Services and Controller appMicrosoft Corporation
    748Generic Host Process for Win32 ServicesMicrosoft Corporation
    816Generic Host Process for Win32 ServicesMicrosoft Corporation
    896CCenterBeijing Rising Technology Co., Ltd.
    920Generic Host Process for Win32 ServicesMicrosoft Corporation
    1012Generic Host Process for Win32 ServicesMicrosoft Corporation
    1120Generic Host Process for Win32 ServicesMicrosoft Corporation
    1136RavMondBeijing Rising Technology Co., Ltd.
      1624Rising RavStubBeijing Rising Technology Co., Ltd.
    1304Rising Personal Proxy ServiceBeijing Rising Technology Co., Ltd.
    1344Rising Personal FireWall ServiceBeijing Rising Technology Co., Ltd.
      1860Rising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.
    176Generic Host Process for Win32 ServicesMicrosoft Corporation
    2120Generic Host Process for Win32 ServicesMicrosoft Corporation
    3860Spooler SubSystem AppMicrosoft Corporation
    604LSA Shell (Export Version)Microsoft Corporation
1284Windows ExplorerMicrosoft Corporation
1852SiS Compatible Super VGA Keyboard DaemonSilicon Integrated Systems Corporation
220Still Image (STI) DriverVM.
404RavTimerBeijing Rising Technology Co., Ltd.
  648RavMonBeijing Rising Technology Co., Ltd.
908CTF LoaderMicrosoft Corporation
780Internet ExplorerMicrosoft Corporation
8563.03Sysinternals Process ExplorerSysinternals

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ BigDogPathStill Image (STI) DriverVM.c:\windows\vm_sti.exe

+ CmaudioCmiCnfg DLLC-Media Corporationc:\windows\system\cmicnfg.cpl

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ SiS Windows KeyHookSiS Compatible Super VGA Keyboard DaemonSilicon Integrated Systems Corporationc:\windows\system32\keyhook.exe

+ SiSUSBRGSiSUSBrgSilicon Integrated Systems Corp.c:\windows\sisusbrg.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

+ Winpatch AutoUpdatec:\windows\system32\dll.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\System\CurrentControlSet\Services

+ RfwProxySrvRising Personal Proxy ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwproxy.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ cmudaC-Media Audio WDM DriverC-Media Incc:\windows\system32\drivers\cmuda.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.f:\qq\npkcrypt.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SiS315SiS Compatible Super VGA DriverSilicon Integrated Systems Corporationc:\windows\system32\drivers\sisgrp.sys

+ SISAGPSiS AGPv3.5 FilterSilicon Integrated Systems Corporationc:\windows\system32\drivers\sisagpx.sys

+ SiSkpSiS VGA Driver ManagerSilicon Integrated Systems Corporationc:\windows\system32\drivers\srvkp.sys

+ SISNICSiS PCI Fast Ethernet Adapter DriverSiS Corporationc:\windows\system32\drivers\sisnic.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys