瑞星卡卡安全论坛
漂漂008 - 2007-7-9 14:34:00
那位老大有杀这两个毒的方法,提示是重启删除,可是弄了几次就是不行啊,救命啊!
天上天下2007 - 2007-7-9 14:49:00
杀毒软件升级到最高版本了吗?
Leoooo - 2007-7-9 15:08:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"忽略系统文件"、"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
网上小绅 - 2007-7-9 16:36:00
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:30手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-23 14:30手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-23 14:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:35手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Win32.Agent.ce需要解压缩后杀毒2007-06-23 14:35手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe>>$COMMONFILES\CPUSH\cpush.tmp本机
Adware.Win32.Agent.ce删除成功2007-06-23 14:35手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad703.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:14定时扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:32手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:32手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:32手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:32手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d需要解压缩后杀毒2007-06-25 12:32手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe>>$TEMP\insshell.exe本机
Adware.Winsdup.d删除成功2007-06-25 12:33手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempad_2104.exe本机
Adware.Win32.Agent.cw删除成功2007-06-26 20:47手动扫描C:\WINDOWS\system32\wbemtfdly.dll本机
Trojan.Win32.Agent.hri删除成功2007-06-26 20:52手动扫描C:\WINDOWS\system320811.dlltmp本机
Adware.Win32.Agent.cv删除成功2007-06-26 20:52手动扫描C:\WINDOWS\system32jpddl.dll本机
Adware.Win32.Agent.cu删除成功2007-06-26 20:54手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml97.tmp本机
Trojan.DL.VBS.Agent.aa删除成功2007-06-26 20:55手动扫描C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GZIJKL4Nnew09[1].htm本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 11:11手动扫描C:\WINDOWS\system32idexmw30.dll本机
Trojan.DL.Win32.Agent.wkq删除成功2007-07-01 11:13手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempbind_50050.exe本机
网上小绅 - 2007-7-9 16:37:00
Trojan.DL.Win32.Agent.wkq删除成功2007-07-01 11:13手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempmy_70008.exe本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml15.tmp本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlD.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml2A.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:16手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml1A.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml6.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml8.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml1C.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlAC.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml1E.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:17手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlB.tmp本机
Adware.Win32.Agent.npl删除成功2007-07-01 11:18手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml48.tmp本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 11:34手动扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\ser.exe本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 11:34手动扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\play.dll本机
网上小绅 - 2007-7-9 16:38:00
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\ser.exe本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 11:34手动扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\ser.exe本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 11:34手动扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 11:34手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp>>$TEMP\ser.exe本机
Trojan.DL.Win32.Agent.wli删除成功2007-07-01 11:35手动扫描C:\Documents and Settings\Administrator\Local Settings\TempcmlE.tmp本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-01 14:22手动扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-01 14:27手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-01 14:27手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-03 11:18定时扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-04 11:58定时扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.Agent.npl需要解压缩后杀毒2007-07-04 12:02定时扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\play.dll本机
Trojan.DL.Win32.Agent.wli需要解压缩后杀毒2007-07-04 12:02定时扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp>>$TEMP\ser.exe本机
Adware.Win32.Agent.npl删除成功2007-07-04 12:26手动扫描C:\Documents and Settings\Administrator\Local Settings\Tempcml9.tmp本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-05 12:29快捷扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-05 12:29手动扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-05 12:29手动扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-05 12:29手动扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-06 11:17定时扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 19:57快捷扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 19:57手动扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 19:58手动扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 19:58手动扫描C:\WINDOWS\system32idexmw30.dll本机
Trojan.Win32.QHost.lt重新启动计算机后删除文件2007-07-07 20:04快捷扫描C:\WINDOWS\system3281ad1.exe本机
Trojan.Win32.Agent.ich删除成功2007-07-07 20:04快捷扫描C:\WINDOWS\system32cdnprh.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 20:05快捷扫描C:\WINDOWS\system32idexmw30.dll本机
Adware.Win32.AdPlayer.a删除成功2007-07-07 20:05快捷扫描C:\WINDOWS\system320811.dlltmp本机
Trojan.Win32.QHost.lt删除成功2007-07-07 20:06快捷扫描C:\WINDOWSdc3b1.txt本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 20:18快捷扫描C:\WINDOWS\system32idexmw30.dll本机
AdWare.Win32.Agent.npr重新启动计算机后删除文件2007-07-07 20:20手动扫描C:\WINDOWS\system32idexmw30.dll本机
网上小绅 - 2007-7-9 16:39:00
瑞星卡卡电脑诊断日志 v1.20 (2007-7-9 16:22:38) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
ms_2fax
[AM] 1. c:\windows\system32\81ad1.exe
.text,.rdata,.data,.rsrc,
6A 18 68 80 4A 41 00 E8 3C 19 00 00 BF 94 00 00
ose
[A ] 2. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
6A 74 68 60 2E 00 30 E8 23 04 00 00 33 DB 89 5D
P4P Service
[AM] 3. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 F1 40 00 68 A0 C8 40 00 64
RfwProxySrv
[A ] 4. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 94 40 00 68 60 85 40 00 64
RfwService
[A ] 5. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 AC 41 00 68 80 94 41 00 64
RsCCenter
[A ] 6. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 7. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
UMWdf
[A ] 8. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
WalALET
[A ] 9. c:\windows\system32\rundllforour.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
A320RAID
[A ] 10. c:\windows\system32\drivers\a320raid.sys
Adaptec, Inc.
Adaptec HostRAID for Ultra320 SCSI
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 A4 A1 04 00 85 C0 B9 40 BB 00
acpidisk
[A ] 11. c:\windows\system32\drivers\acpidisk.sys
.text,.rdata,.data,INIT,.reloc,
55 8B EC 83 EC 1C 53 56 57 50 E8 0A 00 00 00 C7
ADPU320
[A ] 12. c:\windows\system32\drivers\adpu320.sys
Adaptec, Inc.
Adaptec Windows Ultra320 Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 20 1D 03 00 85 C0 B9 40 BB 00
ahci8086
[A ] 13. c:\windows\system32\drivers\ahci8086.sys
ATI Technologies Inc.
ATI Technology AHCI Compatible Controller Driver for Windows family
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 2C D0 02 00 85 C0 B9 40 BB 00
ALCXWDM
[A ] 14. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
A1 A0 58 21 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
AmdK8
[A ] 15. c:\windows\system32\drivers\amdk8.sys
Advanced Micro Devices
AMD Processor Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 B4 50 01 00 85 C0 B9 40 BB 00
BaseTDI
[A ] 16. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
cnprov
[A ] 17. c:\windows\system32\drivers\cnprov.sys
中国互联网络信息中心(CNNIC)
国际化域名辅助模块
网上小绅 - 2007-7-9 16:41:00
.text,.data,INIT,.rsrc,.reloc,
55 8B EC A1 68 10 01 00 83 38 00 76 0A B8 01 00
CSB6IDE
[A ] 18. c:\windows\system32\drivers\csb6ide.sys
ServerWorks Corporation
ServerWorks CSB6 PCI IDE Bus Driver
.text,.rdata,INIT,.rsrc,.reloc,
68 54 04 00 00 68 BB 02 01 00 FF 74 24 10 FF 74
d347bus
[A ] 19. c:\windows\system32\drivers\d347bus.sys
PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8D 6C 24 90 81 EC 3C 02 00 00 8B 45 78 53 56
d347prt
[A ] 20. c:\windows\system32\drivers\d347prt.sys
SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 54 53 56 57 68 3C 0B 01 00 FF 15
drcovcx
[A ] 21. c:\windows\system32\drivers\drcovcx.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
56 57 E8 71 00 00 00 8B 74 24 0C FF 74 24 10 33
ExpScaner
[A ] 22. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
FASTTRAK
[A ] 23. c:\windows\system32\drivers\fasttrak.sys
Promise Technology, Inc.
Promise FastTrak Series Driver for Win2000
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 50 53 56 8B 75 08 57 FF 75 0C 89
FETNDISB
[A ] 24. c:\windows\system32\drivers\fetnd5b.sys
VIA Technologies, Inc.
NDIS 5.0 miniport driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 60 53 56 57 33 DB 53 FF 75 0C 8D
FTSATA2
[A ] 25. c:\windows\system32\drivers\ftsata2.sys
Promise Technology, Inc.
Promise Driver for Windows Server 2003
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 74 90 03 00 85 C0 B9 40 BB 00
HookCont
[A ] 26. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 27. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 28. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
HookUrl
[A ] 29. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
ialm
[A ] 30. c:\windows\system32\drivers\ialmnt5.sys
Intel Corporation
Intel Graphics Miniport Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 58 8B 45 08 A3 5C 30 13 10 68 78
IASTOR
[A ] 31. c:\windows\system32\drivers\iastor.sys
Intel Corporation
Intel Matrix Storage Manager driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
idexmw30
[A ] 32. c:\windows\system32\drivers\idexmw30.sys
idnaux
[A ] 33. c:\windows\system32\drivers\idnaux.sys
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 33 DB 57 89 5D FC E8 31
ITERAID
[A ] 34. c:\windows\system32\drivers\iteraid.sys
Integrated Technology Express, Inc.
ITE IT8212 ATA RAID SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 54 53 56 57 6A 50 5E 56 8D 45 AC
JRAID
[A ] 35. c:\windows\system32\drivers\jraid.sys
JMicron Technology Corp.
JMicron JR036X RAID Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 58 53 56 6A 50 5E 56 8D 45 A8 50
kjqhqam
[A ] 36. c:\windows\system32\drivers\kjqhqam.sys
M5228
[A ] 37. c:\windows\system32\drivers\m5228.sys
ALi Corporation.
M5228 ATA RAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 50 57 6A 14 59 33 C0 8D 7D B0 6A
M5281
[A ] 38. c:\windows\system32\drivers\m5281.sys
ALi Corporation
ALi SATA RAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 50 56 57 6A 14 59 6A 04 33 C0 8D
M5289
[A ] 39. c:\windows\system32\drivers\m5289.sys
ULi Electronics Inc.
ULi SATA RAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC 83 EC 50 56 57 6A 14 59 6A 04 33
MEMSCAN
[A ] 40. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
mProcRs
[A ] 41. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
mxdispdr
[A ] 42. c:\windows\system32\drivers\mxdispdr.sys
.text,.rdata,.data,INIT,.reloc,
55 8B EC 81 EC 74 02 00 00 53 56 57 53 E8 08 00
npkcrypt
[A ] 43. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
网上小绅 - 2007-7-9 16:42:00
51 53 56 E8 6F 2C 00 00 A3 28 46 01 00 E8 EC 2B
NVATABUS
[A ] 44. c:\windows\system32\drivers\nvatabus.sys
NVIDIA Corporation
NVIDIA? nForce(TM) IDE Performance Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
8B 54 24 04 85 D2 75 0E FF 74 24 08 E8 03 09 01
NVRAID
[A ] 45. c:\windows\system32\drivers\nvraid.sys
NVIDIA Corporation
NVIDIA? nForce(TM) RAID Driver
.text,.rdata,.data,PAGE,INIT,DUMPDATA,.rsrc,.reloc,
55 8D 6C 24 90 81 EC D4 00 00 00 56 8B 75 78 85
Proc
[A ] 46. c:\windows\system32\drivers\proc.sys
.text,.rdata,.data,INIT,.reloc,
55 8B EC 83 EC 0C 56 68 1A 10 01 00 8D 45 F4 33
QuakeDRV
[A ] 47. c:\windows\system32\drivers\quakedrv.sys
.text,.rdata,.data,INIT,.reloc,
55 8B EC 83 EC 50 53 8B 5D 0C 56 8B 73 04 57 6A
R2A
[A ] 48. c:\windows\system32a2.sys
Refiroso
[A ] 49. c:\windows\system32\drivers\refiroso.sys
.text,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 83 65 FC 00 56 57 90 90 E8 35
RsAntiSpyware
[A ] 50. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsFwDrv
[A ] 51. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
RsNTGDI
[A ] 52. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
RSPPSYS
[A ] 53. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
RTL8023xp
[A ] 54. c:\windows\system32\drivers\rtnicxp.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.1 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 E0 22 02 00 85 C0 B9 40 BB 00
Secdrv
[A ] 55. c:\windows\system32\drivers\secdrv.sys
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Macrovision SECURITY Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,pnidata,
55 8B EC 83 EC 14 56 E8 BC EA FF FF 85 C0 75 3D
sfcure01
[A ] 56. c:\windows\system32\drivers\sfcure01.sys
.text,.data,.bss,.idata,.reloc,
sfdrv01
[A ] 57. c:\windows\system32\drivers\sfdrv01.sys
Protection Technology
StarForce Protection Environment Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
9C 8B 0C 24 81 34 24 00 00 20 00 9D 9C 58 3B C1
sfdrv01a
[A ] 58. c:\windows\system32\drivers\sfdrv01a.sys
Protection Technology (StarForce)
FrontLine Environment Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
9C 8B 0C 24 81 34 24 00 00 20 00 9D 9C 58 3B C1
sfhlp02
[A ] 59. c:\windows\system32\drivers\sfhlp02.sys
Protection Technology (StarForce)
FrontLine Helper Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
sfsync02
[A ] 60. c:\windows\system32\drivers\sfsync02.sys
Protection Technology
StarForce Protection Synchronization Driver
.text,.data,PAGE,INIT,.rsrc,.reloc,
9C 8B 0C 24 81 34 24 00 00 20 00 9D 9C 58 3B C1
sfsync04
[A ] 61. c:\windows\system32\drivers\sfsync04.sys
Protection Technology (StarForce)
FrontLine Synchronization Driver
.text,.rdata,.data,.sfsign1,PAGE,PAGEI,.xinit,.rsrc,.xreloc,
9C 8B 0C 24 81 34 24 00 00 20 00 9D 9C 58 3B C1
SI3112R
[A ] 62. c:\windows\system32\drivers\si3112r.sys
Silicon Image, Inc
Serial ATA RAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 7C 83 4D FC FF 53 57 6A 15 59 33
SI3114R
[A ] 63. c:\windows\system32\drivers\si3114r.sys
Silicon Image, Inc
SATARAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 7C 83 4D FC FF 53 57 6A 15 59 33
SI3114R5
网上小绅 - 2007-7-9 16:42:00
[A ] 64. c:\windows\system32\drivers\si3114r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 D0 96 03 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
SI3124
[A ] 65. c:\windows\system32\drivers\si3124.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 5C 83 4D FC FF 53 57 6A 15 59 33
SI3124R
[A ] 66. c:\windows\system32\drivers\si3124r.sys
Silicon Image, Inc
SATARAID miniport driver (PRE-RELEASE)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 74 53 83 4D FC FF 56 57 6A 15 33
SI3124R5
[A ] 67. c:\windows\system32\drivers\si3124r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 D0 A6 03 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
SI3132
[A ] 68. c:\windows\system32\drivers\si3132.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 5C 83 4D FC FF 53 57 6A 15 59 33
SI3132R5
[A ] 69. c:\windows\system32\drivers\si3132r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 D0 A6 03 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
SISRAID2
[A ] 70. c:\windows\system32\drivers\sisraid2.sys
Silicon Integrated Systems Corp
SiS RAID Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 5C 56 6A 50 5E 56 8D 45 A4 50 C6
SISRAID4
[A ] 71. c:\windows\system32\drivers\sisraid4.sys
Silicon Integrated Systems
SiS AHCI Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 3C F0 01 00 85 C0 B9 40 BB 00
SNPSTD3
[A ] 72. c:\windows\system32\drivers\snpstd3.sys
Sonix Co. Ltd.
USB PC Camera driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 34 EC 26 00 85 C0 B9 40 BB 00
Sopawen
[A ] 73. c:\windows\system32\drivers\sopawen.sys
.text,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 0C 56 33 F6 89 75 FC 90 90 68 76
SYMMPI
[A ] 74. c:\windows\system32\drivers\symmpi.sys
LSI Logic
LSI Logic Fusion-MPT MiniPort Driver (ScsiPort)
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC 81 EC 80 00 00 00 53 8B 1D 10 70
ULSATA
[A ] 75. c:\windows\system32\drivers\ulsata.sys
Promise Technology, Inc.
Promise Ultra/Sata Series Driver for Win2003
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 80 60 02 00 85 C0 B9 4E E6 40
ULSATA2
[A ] 76. c:\windows\system32\drivers\ulsata2.sys
Promise Technology, Inc.
Promise SATAII150 Series Windows Drivers
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 B0 90 02 00 85 C0 B9 4E E6 40
VIAMRAID
[A ] 77. c:\windows\system32\drivers\viamraid.sys
VIA Technologies inc,.ltd
VIA RAID DRIVER FOR WIN 2000/XP/2003IA32
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 54 57 33 FF 39 7D 08 75 09 C6 05
vmmouse
[A ] 78. c:\windows\system32\drivers\vmmouse.sys
VMware, Inc.
VMware Pointing Device Driver
.text,.rdata,PAGE,INIT,.rsrc,.reloc,
55 8B EC 8B 4D 08 B8 00 03 01 00 89 41 38 89 41
vmscsi
[A ] 79. c:\windows\system32\drivers\vmscsi.sys
VMware, Inc.
VMware SCSI Controller
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 5C 57 6A 14 59 33 C0 8D 7D A4 83
+ File System Drivers
+ HKLM\System\CurrentControlSet\Services
ADProt
[A ] 80. c:\windows\system32\drivers\adprot.sys
腾讯科技(深圳)有限公司
.text,.rdata,.data,INIT,.rsrc,.reloc,
A1 A8 AF 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
CnsMinKP
[A ] 81. c:\windows\system32\drivers\cnsminkp.sys
国风因特软件(北京)有限公司
CnsMinKPXP
.text,.rdata,.data,INIT,.rsrc,.reloc,
+ Winlogon
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
[A ] 82. c:\windows\system32\igfxdev.dll
Intel Corporation
igfxdev Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[A ] 83. c:\program files\yahoo!\assistant\assist\yasbar.dll
Yahoo!
ToolBar
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{7A38130D-BEB7-4d60-BE7A-4C4AB6A85CD1}
[A ] 84. c:\windows\vcbar11.dll
VCBar Module
.rdata,.data,.rsrc,.reloc,
6A 0C 68 C0 35 00 10 E8 34 DC FF FF 33 C0 40 89
{B580CF65-E151-49C3-B73F-70B13FCA8E86}
[A ] 85. c:\program files\baidu\bar\baidubar.dll
Baidu.com, Inc.
BaiduBar Module
.text,.rdata,.data,.idata,.SOBARSH,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{22F86F33-9CBB-49a8-BB12-CDBE51B4C294}
网上小绅 - 2007-7-9 16:43:00
[A ] 86. c:\program files\ocins\srchsp.dll
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 B0 D7 FF
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000000-12C9-4305-82F9-43058F20E8D2}
[A ] 87. c:\program files\tencent\qqdownload\qqiehelper01.dll
腾讯公司
超级旋风下载组件
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{0C7C23EF-A848-485B-873C-0ED954731014}
[A ] 88. c:\program files\tencent\ssplus\saddr.dll
Tencent
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[A ] 89. d:\game\plugins\paopaokdc\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{33BBE430-0E42-4f12-B075-8D21ACB10DCB}
[A ] 90. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
[A ] 91. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll
金泰丰(广州)科技有限公司
Pctools Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{38928D50-8A48-44C2-945F-D2F23F771410}
[A ] 92. c:\program files\yahoo!\assistant\assist\yangling.dll
Yahoo.
yangling.dll
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{3E422F49-1566-40D3-B43D-077EF739AC32}
[A ] 93. c:\windows\system32\navihelper.dll
TODO: <公司名>
TODO: <文件说明>
.text,.rsrc,.reloc,
B8 78 F5 06 10 50 64 FF 35 00 00 00 00 64 89 25
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[A ] 83. c:\program files\yahoo!\assistant\assist\yasbar.dll
Yahoo!
ToolBar
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{4E83D567-4697-4F7B-B1F0-A513B01DB89A}
[A ] 94. c:\program files\chinanet\vnettransfer.dll
VnetTransfer Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{62EED7C6-9F02-42f9-B634-98E2899E147B}
[A ] 95. c:\program files\yahoo!\assistant\assist\ydragsearch.dll
DragSearch
.text,.rdata,.data,.BhoObjS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{669751ED-D558-49AE-B01A-3B374CC7910E}
[A ] 96. c:\windows\system32\ssup.dll
TENCENT
SSup
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{6E28339B-7A2A-47B6-AEB2-197004272379}
[A ] 97. c:\windows\vchelper.dll
VCHelper Module
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 C8 41 04 10 E8 33 E3 FF FF 33 C0 40 89
{7605CC7C-00FD-4A5F-BAFD-828342DE6279}
[A ] 98. c:\program files\ocins\ieaux.dll
中国互联网络信息中心(CNNIC)
国际化域名解析模块
.text,.rdata,.data,Shared,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{77FEF28E-EB96-44FF-B511-3185DEA48697}
[A ] 85. c:\program files\baidu\bar\baidubar.dll
Baidu.com, Inc.
BaiduBar Module
.text,.rdata,.data,.idata,.SOBARSH,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{889D2FEB-5411-4565-8998-1DD2C5261283}
[A ] 99. c:\program files\thunder network\thunder\comdlls\xunleibho_002.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
[A ] 100. c:\windows\downloaded program files\cnshook.dll
国风因特软件(北京)有限公司
CnsHook
.text,.rdata,.data,.cnshook,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{F156768E-81EF-470C-9057-481BA8380DBA}
[A ] 101. d:\game\plugins\paopaokdc\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 98 C0 01 10 E8 4D EC FF FF 33 C0 40 89
{FAAAC0F6-94BE-4466-934B-7C53666A2F41}
[A ] 102. c:\windows\system32\0811.dll
TODO: <公司名>
TODO: <文件说明>
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 5B 01 10 E8 F3 0C 00 00 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 103. c:\program files\thunder network\thunder\thunder.exe
Thunder Networking Technologies,LTD
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
55 8B EC B9 06 00 00 00 6A 00 6A 00 49 75 F9 51
Exec
[A ] 104. d:\downloads\浩方\浩方对战平台\gameclient.exe
上海浩方在线信息技术有限公司
浩方对战平台
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 82 51 00 68 1E CC 4D 00 64
Exec
[A ] 105. c:\program files\ocins\config.exe
中国互联网络信息中心(CNNIC)
config
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 88 C3 40 00 68 3C 95 40 00 64
Exec
[A ] 106. d:\game\plugins\paopaokdc\flashget.exe
FlashGet.com
FlashGet
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 C4 55 00 68 44 11 4F 00 64
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{19CE93DE-8334-42C6-B2CA-BFE3DF5196A3}
[A ] 107. c:\program files\yahoo!\assistant\assist\yrss.dll
Yahoo! China
yRss Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[A ] 108. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
6A 0C 68 70 22 40 00 E8 FD 01 00 00 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 109. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 110. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
Portable Media Devices Menu
[A ] 110. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
WinRAR shell extension
[A ] 111. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[A ] 112. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
6A 0C 68 A8 41 5C 32 E8 B5 00 00 00 33 C0 40 89
Web Folders
[A ] 113. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
6A 0C 68 B0 AC 0A 49 E8 DA 00 00 00 33 C0 40 89
Shell Extensions for RealOne Player
[A ] 114. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75
RISING
[A ] 115. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
粉碎文件
[A ] 116. c:\program files\yahoo!\assistant\assist\ywiper.dll
Wiper 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 88 5F 02 10 E8 1B 0B 00 00 33 C0 40 89
Yahoo!Photo
[A ] 90. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 117. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
igfxtray
[AM] 118. c:\windows\system32\igfxtray.exe
Intel Corporation
igfxTray Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E8 E5 40 00 68 44 84 40 00 64
igfxhkcmd
[AM] 119. c:\windows\system32\hkcmd.exe
Intel Corporation
hkcmd Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 C4 40 00 68 10 99 40 00 64
网上小绅 - 2007-7-9 16:43:00
igfxpers
[AM] 120. c:\windows\system32\igfxpers.exe
Intel Corporation
persistence Module
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 6A FF 68 68 23 41 00 68 44 C3 40 00 64
SoundMan
[AM] 121. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
6A 60 68 08 B3 40 00 E8 2B 10 00 00 83 65 FC 00
FixCamera
[AM] 122. c:\windows\fixcamera.exe
CameraFixer MFC Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 24 40 00 68 74 1B 40 00 64
tsnpstd3
[AM] 123. c:\windows\tsnpstd3.exe
tsnp2std Microsoft
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 93 42 00 68 9C 0A 41 00 64
snpstd3
[AM] 124. c:\windows\vsnpstd3.exe
CameraMonitor Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 C2 4A 00 68 50 B2 48 00 64
runeip
[AM] 125. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
RavTask
[A ] 126. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
RfwMain
[AM] 127. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
TkBellExe
[A ] 128. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F0 30 42 00 68 08 97 41 00 64
YLive.exe
[AM] 129. c:\program files\yahoo!\assistant\ylive.exe
Yahoo! China
YLive
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E8 20 40 00 68 C0 1A 40 00 64
yassistse
[AM] 130. c:\program files\yahoo!\assistant\yassistse.exe
Yahoo!
AssistSetting
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 52 40 00 68 6E 40 40 00 64
IdnSvr
[AM] 131. c:\program files\ocins\idnsvr.exe
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 18 92 40 00 68 24 69 40 00 64
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 132. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
+ Image Hijacks
+ HKCR\.html
htmlfile\Edit\Command
[A ] 133. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\Maxthon\Command
[AM] 134. c:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
60 BE 00 10 56 00 8D BE 00 00 EA FF 57 83 CD FF
htmlfile\open\Command
[AM] 134. c:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
60 BE 00 10 56 00 8D BE 00 00 EA FF 57 83 CD FF
htmlfile\Print\Command
[A ] 133. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 133. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\Maxthon\Command
[AM] 134. c:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
60 BE 00 10 56 00 8D BE 00 00 EA FF 57 83 CD FF
htmlfile\open\Command
[AM] 134. c:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
60 BE 00 10 56 00 8D BE 00 00 EA FF 57 83 CD FF
htmlfile\Print\Command
[A ] 133. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
+ 其他自启动项目
+ C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
腾讯QQ.lnk
[A ] 135. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 D0 63 53 00 68 48 EF 48 00 64
+ 系统活动模块
+ 00000078(120) 81ad1.exe
00400000[0001E000]
[AM] 1. c:\windows\system32\81ad1.exe
.text,.rdata,.data,.rsrc,
6A 18 68 80 4A 41 00 E8 3C 19 00 00 BF 94 00 00
+ 000001e8(488) smss.exe
+ 00000230(560) csrss.exe
+ 00000248(584) winlogon.exe
72C80000[00008000]
[ M] 136. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
+ 00000274(628) services.exe
+ 00000280(640) lsass.exe
+ 00000334(820) svchost.exe
+ 00000364(868) svchost.exe
+ 000003c4(964) svchost.exe
50E60000[0000C000]
[ M] 137. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
8B FF 55 8B EC 83 7D 0C 01 75 05 E8 F9 04 00 00
+ 00000408(1032) svchost.exe
+ 00000420(1056) Maxthon.exe
00400000[0023D000]
[AM] 134. c:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
60 BE 00 10 56 00 8D BE 00 00 EA FF 57 83 CD FF
10000000[00015000]
[ M] 138. c:\program files\maxthon\maxzlib.dll
maxzlib
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
00C50000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
53000000[0000D000]
[ M] 141. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00DD0000[0000B000]
[ M] 142. c:\program files\yahoo!\assistant\yhelper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
4B4F0000[00006000]
[ M] 143. c:\windows\system32\odbcbcp.dll
Microsoft Corporation
Microsoft BCP for ODBC
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
02790000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
03450000[00019000]
[ M] 145. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
30000000[002EE000]
[ M] 146. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 C8 B9 1C 30 E8 67 EB FF FF 33 C0 40 89
72C80000[00008000]
[ M] 136. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
网上小绅 - 2007-7-9 16:44:00
+ 00000448(1096) svchost.exe
+ 0000054c(1356) igfxtray.exe
00400000[0001A000]
[AM] 118. c:\windows\system32\igfxtray.exe
Intel Corporation
igfxTray Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E8 E5 40 00 68 44 84 40 00 64
10000000[00013000]
[ M] 147. c:\windows\system32\hccutils.dll
Intel Corporation
hccutils Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00D90000[0000E000]
[ M] 148. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
83 7C 24 08 01 75 10 8B 44 24 04 50 A3 70 52 00
00DA0000[00014000]
[ M] 149. c:\windows\system32\igfxres.dll
Intel Corporation
igfxres Module
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 A9 F7 FF
00E00000[0016F000]
[ M] 150. c:\windows\system32\igfxress.dll
Intel Corporation
igfxress Module
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 A9 F7 FF
00FB0000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
01100000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000574(1396) hkcmd.exe
00400000[00013000]
[AM] 119. c:\windows\system32\hkcmd.exe
Intel Corporation
hkcmd Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 C4 40 00 68 10 99 40 00 64
10000000[00013000]
[ M] 147. c:\windows\system32\hccutils.dll
Intel Corporation
hccutils Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
003F0000[0000E000]
[ M] 148. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
83 7C 24 08 01 75 10 8B 44 24 04 50 A3 70 52 00
00D60000[00014000]
[ M] 149. c:\windows\system32\igfxres.dll
Intel Corporation
igfxres Module
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 A9 F7 FF
00DC0000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000598(1432) spoolsv.exe
+ 000005c0(1472) igfxpers.exe
00400000[0001D000]
[AM] 120. c:\windows\system32\igfxpers.exe
Intel Corporation
persistence Module
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 6A FF 68 68 23 41 00 68 44 C3 40 00 64
10000000[0000E000]
[ M] 148. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
83 7C 24 08 01 75 10 8B 44 24 04 50 A3 70 52 00
00E50000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 000005d4(1492) Explorer.EXE
00F10000[00011000]
[AM] 117. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01B00000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
72C80000[00008000]
[ M] 136. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
53000000[0000D000]
[ M] 141. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01DE0000[00007000]
[ M] 151. c:\program files\3721\alrex.dll
alrex Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01DF0000[0000B000]
[ M] 142. c:\program files\yahoo!\assistant\yhelper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01B40000[00026000]
[ M] 152. c:\windows\system32\igfxpph.dll
Intel Corporation
igfxpph Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
02060000[00013000]
[ M] 147. c:\windows\system32\hccutils.dll
Intel Corporation
hccutils Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
02090000[00014000]
[ M] 149. c:\windows\system32\igfxres.dll
Intel Corporation
igfxres Module
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 A9 F7 FF
020F0000[0016F000]
[ M] 150. c:\windows\system32\igfxress.dll
Intel Corporation
igfxress Module
.text,.rdata,.data,.rsrc,.reloc,
FF 74 24 0C FF 74 24 0C FF 74 24 0C E8 A9 F7 FF
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
023A0000[0000E000]
[ M] 148. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
83 7C 24 08 01 75 10 8B 44 24 04 50 A3 70 52 00
027B0000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000614(1556) SOUNDMAN.EXE
00400000[0008F000]
[AM] 121. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
6A 60 68 08 B3 40 00 E8 2B 10 00 00 83 65 FC 00
10000000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000638(1592) RavStub.exe
00400000[00018000]
[ M] 153. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64
10000000[0001B000]
[ M] 154. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23700000[0001A000]
[ M] 155. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000684(1668) FixCamera.exe
00400000[00005000]
[AM] 122. c:\windows\fixcamera.exe
CameraFixer MFC Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 24 40 00 68 74 1B 40 00 64
10000000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000688(1672) tsnpstd3.exe
00400000[00046000]
[AM] 123. c:\windows\tsnpstd3.exe
tsnp2std Microsoft
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 93 42 00 68 9C 0A 41 00 64
10000000[0000F000]
[ M] 156. c:\windows\system32\vsnpstd3.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00C30000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00D80000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
网上小绅 - 2007-7-9 16:45:00
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000006ec(1772) vsnpstd3.exe
00400000[000D2000]
[AM] 124. c:\windows\vsnpstd3.exe
CameraMonitor Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 C2 4A 00 68 50 B2 48 00 64
10000000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000708(1800) runiep.exe
00400000[00012000]
[AM] 125. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
00C00000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000720(1824) Ras.exe
00400000[0013D000]
[ M] 157. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 3A 4C 00 68 70 B7 4A 00 64
10000000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
53000000[0000D000]
[ M] 141. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00C30000[0000B000]
[ M] 142. c:\program files\yahoo!\assistant\yhelper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00EA0000[000A0000]
[ M] 158. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01750000[00011000]
[AM] 117. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01570000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000748(1864) p2psvr.exe
00400000[00016000]
[AM] 3. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 F1 40 00 68 A0 C8 40 00 64
10000000[00012000]
[ M] 159. c:\program files\p4p\p4pipc.dll
Sohu.com Inc.
Sogou P4P IPC Service
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000764(1892) rundll32.exe
10000000[00115000]
[ M] 160. c:\windows\system32\501.dll
Player 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 D0 94 09 10 E8 EA 21 00 00 33 C0 40 89
00AB0000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 140. c:\windows\downloaded program files\cnsmin.dll
国风因特软件(北京)有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
53000000[0000D000]
[ M] 141. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00A80000[0000B000]
[ M] 142. c:\program files\yahoo!\assistant\yhelper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00FA0000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
+ 00000774(1908) svchost.exe
+ 0000077c(1916) RfwMain.exe
00400000[00073000]
[AM] 127. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
26600000[0007D000]
[ M] 161. c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23700000[0001A000]
[ M] 162. c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0000F000]
[ M] 163. c:\program files\rising\rfw\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23800000[0001A000]
[ M] 164. c:\program files\rising\rfw\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23900000[00031000]
[ M] 165. c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01320000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
01470000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
网上小绅 - 2007-7-9 16:46:00
[ M] 141. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00990000[0000B000]
[ M] 142. c:\program files\yahoo!\assistant\yhelper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 144. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 57 01 E8 BD 02 00 00 33 C0 40 89
72C80000[00008000]
[ M] 136. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
00F90000[00029000]
[ M] 139. c:\program files\tencent\ssplus\splus.dll
TENCENT
.text,.rdata,.data,Shared_T,Shared_H,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
1
© 2000 - 2026 Rising Corp. Ltd.