瑞星卡卡安全论坛
水木屋 - 2007-7-16 14:22:00
在C:\WINNT\system32\drivers\wmoeu.sys文件中,请各位高人指点!
Leoooo - 2007-7-16 14:52:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
水木屋 - 2007-7-16 15:34:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-16 15:13:2) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
Microsoft Corporation
aspnet_state.exe
.text,.data,.rsrc,
Autodesk Licensing Service
[A ] 2. c:\program files\common files\autodesk shared\service\adskscsrv.exe
Autodesk
System Level Service Utility
.text,.rdata,.data,.rsrc,
NVSvc
[AM] 3. c:\winnt\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 61.72
.text,.rdata,.data,.rsrc,
RavService
[AM] 4. c:\program files\rising\rav\ravservice.exe
Beijing Rising Technology Co., Ltd.
.text,.rdata,.data,.rsrc,
RsCCenter
[AM] 5. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 6. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
WmdmPmSN
[A ] 7. c:\winnt\system32\mspmsnsv.dll
Microsoft Corporation
Microsoft Media Device Service Provider
.text,.data,.rsrc,.reloc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 8. c:\winnt\system32\drivers\alcxsens.sys
Sensaura
Sensaura WDM 3D Audio Driver
.text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 9. c:\winnt\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,.rdata,.data,.CRT,.data1,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 10. c:\winnt\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
d347bus
[A ] 11. c:\winnt\system32\drivers\d347bus.sys
PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
d347prt
[A ] 12. c:\winnt\system32\drivers\d347prt.sys
SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 13. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 14. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 15. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 16. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
IMNPF
[A ] 17. c:\winnt\system32\drivers\imnpf.sys
LUMDriver
[A ] 18. c:\winnt\system32\drivers\lumdriver.sys
IBM
LUM Runtime
.text,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 19. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
NPF
[A ] 20. c:\winnt\system32\npf.sys
npkcrypt
[A ] 21. c:\program files\tencent\qq\npkcrypt.sys
nv
[A ] 22. c:\winnt\system32\drivers\nv4_mini.sys
NVIDIA Corporation
NVIDIA Compatible Windows 2000 Miniport Driver, Version 61.72
.text,_NVTEXT3,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 23. c:\winnt\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 24. c:\winnt\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 25. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
RTL8023
[A ] 26. c:\winnt\system32\drivers\rtlnic5.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.0 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Sense3
[A ] 27. c:\winnt\system32\drivers\sense3.sys
Beijing Senselock
SENSE3 Driver for NT
.text,.rdata,.data,INIT,.rsrc,.reloc,
Sentinel
[A ] 28. c:\winnt\system32\drivers\sentinel.sys
Rainbow Technologies, Inc.
Sentinel System Driver (NT Parallel driver)
.text,.bss,.rsrc,.data,.idata,.reloc,
SISAGP
[A ] 29. c:\winnt\system32\drivers\sisagpx.sys
Silicon Integrated Systems Corporation
SiS AGPv3.5 Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
usbehci
[A ] 30. c:\winnt\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
usbhub20
[A ] 31. c:\winnt\system32\drivers\usbhub20.sys
Microsoft Corporation
Default Hub Driver for USB 2.0
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
usbsermpt
[A ] 32. c:\winnt\system32\drivers\usbsermpt.sys
Microsoft Corporation
USB Modem Driver
.text,.rdata,.data,PAGEUSBS,PAGEUSBS,PAGEUBS0,INIT,.rsrc,.reloc,
wmoeu
[A ] 33. c:\winnt\system32\drivers\wmoeu.sys
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[AM] 34. c:\program files\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
{F156768E-81EF-470C-9057-481BA8380DBA}
[AM] 35. c:\program files\flashget\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 36. c:\program files\flashget\flashget.exe
FlashGet.com
FlashGet
.text,.rdata,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 37. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-complus
[A ] 37. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-msdownload
[A ] 37. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
[A ] 38. c:\winnt\system32\updcrl.exe
Microsoft Corporation
UPDCRL
.text,.data,.rsrc,
[A ] 39. c:\winnt\system32\verisignpub1.crl
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Multimedia File Property Sheet
[A ] 40. c:\winnt\system32\mmsys.cpl
Microsoft Corporation
Control Panel Drivers Applet
.text,.data,.rsrc,.reloc,
HyperTerminal Icon Ext
[A ] 41. c:\winnt\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Shell Application Manager
[A ] 42. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
Installed Apps Enumerator
[A ] 42. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
Darwin App Publisher
[A ] 42. c:\winnt\system32\appwiz.cpl
Microsoft Corporation
Shell Application Manager
.text,.data,.rsrc,.reloc,
Desktop Explorer
[AM] 43. c:\winnt\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 61.72
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Desktop Explorer Menu
[AM] 43. c:\winnt\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 61.72
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
nView Desktop Context Menu
[AM] 43. c:\winnt\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 61.72
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Microsoft Outlook Custom Icon Handler
[A ] 44. c:\program files\microsoft office\office\olkfstub.dll
Microsoft Corporation
Microsoft Outlook Shell Hook for Start/Find
.text,.data,.rsrc,.reloc,
水木屋 - 2007-7-16 15:34:00
RISING
[AM] 45. c:\winnt\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
Web Folders
[A ] 46. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
Fusion Cache
[A ] 37. c:\winnt\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
IronCAD Shell Extensions
[A ] 47. c:\caxa\caxa interface\bin\ironcadshellext.dll
IronCAD, LLC
IronCADShellExt Module
.text,.rdata,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 48. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 49. c:\winnt\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTimer
[AM] 50. c:\program files\rising\rav\ravtimer.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
RavTray
[AM] 51. c:\program files\rising\rav\ravtray.exe
Rising
RavNet Tray
.text,.rdata,.data,.rsrc,
RavTask
[A ] 52. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
runeip
[AM] 53. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 54. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
360safeuninst
[A ] 55. c:\documents and settings\administrator\local settings\temp\remove360.bat
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 56. c:\winnt\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 57. c:\winnt\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 58. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
htmlfile\Print\Command
[A ] 58. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 58. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
htmlfile\Print\Command
[A ] 58. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
+ HKCR\.mp3
mp3file\open\Command
[A ] 59. c:\program files\windows media player\wmplayer.exe
Microsoft Corporation
Windows Media Player
.text,.data,.rsrc,
mp3file\play\Command
[A ] 59. c:\program files\windows media player\wmplayer.exe
Microsoft Corporation
Windows Media Player
.text,.data,.rsrc,
+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Canon BJ Language Monitor i6100
[AM] 60. c:\winnt\system32\cnmlm4s.dll
CANON INC.
BJ Language Monitor
.text,.data,.rsrc,.reloc,
FPP2:
[AM] 61. c:\winnt\system32\fppmon2.dll
FinePrint Software, LLC
pdfFactory
.text,.rdata,.data,.rsrc,.reloc,
+ 正在运行的进程
+ 000000a8(168) smss.exe
+ 000000c8(200) csrss.exe
+ 000000dc(220) winlogon.exe
77520000[00008000]
[ M] 62. c:\winnt\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
773C0000[00008000]
[ M] 63. c:\winnt\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 000000f8(248) services.exe
+ 00000104(260) lsass.exe
+ 000001a0(416) svchost.exe
+ 000001c8(456) CCenter.exe
00400000[0001E000]
[AM] 5. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
+ 00000204(516) spoolsv.exe
66D00000[00018000]
[AM] 60. c:\winnt\system32\cnmlm4s.dll
CANON INC.
BJ Language Monitor
.text,.data,.rsrc,.reloc,
27000000[0004E000]
[AM] 61. c:\winnt\system32\fppmon2.dll
FinePrint Software, LLC
pdfFactory
.text,.rdata,.data,.rsrc,.reloc,
41000000[0001D000]
[ M] 64. c:\winnt\system32\fppr232.dll
FinePrint Software, LLC
pdfFactory
.rsrc,.reloc,
00E50000[00007000]
[ M] 65. c:\winnt\system32\spool\prtprocs\w32x86\cnmpd4s.dll
CANON INC.
Canon BJ Print Processor Dispatcher
.text,.data,.rsrc,.reloc,
+ 00000220(544) CATSysDemon.exe
00400000[00010000]
[ M] 66. c:\program files\dassault systemes\b12\intel_a\code\bin\catsysdemon.exe
Dassault Systemes
System
.text,.rdata,.data,.rsrc,.reloc,
+ 00000230(560) svchost.exe
63B50000[00034000]
[ M] 67. c:\winnt\system32\unimdm.tsp
Microsoft Corporation
Unimodem 5 Service Provider
.text,.data,.rsrc,.reloc,
63BC0000[00008000]
[ M] 68. c:\winnt\system32\kmddsp.tsp
Microsoft Corporation
TAPI Kernel-Mode Service Provider
.text,.data,.rsrc,.reloc,
63BB0000[0000C000]
[ M] 69. c:\winnt\system32\ndptsp.tsp
Microsoft Corporation
NDIS Proxy TAPI Service Provider
.text,.data,.rsrc,.reloc,
63BD0000[00006000]
[ M] 70. c:\winnt\system32\ipconf.tsp
Microsoft Corporation
Microsoft Multicast Conference TAPI Service Provider
.text,.data,.rsrc,.reloc,
63BE0000[00044000]
[ M] 71. c:\winnt\system32\h323.tsp
Microsoft Corporation
Microsoft H.323 TAPI Service Provider
.text,.data,.rsrc,.reloc,
1F660000[0001F000]
[ M] 72. c:\winnt\system32\msdart.dll
Microsoft Corporation
Microsoft Data Access - OLE DB Runtime Routines
.text,.data,.rsrc,.reloc,
+ 00000258(600) nvsvc32.exe
00400000[0001E000]
[AM] 3. c:\winnt\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 61.72
.text,.rdata,.data,.rsrc,
+ 00000294(660) RAVMON.EXE
00400000[00099000]
[ M] 73. c:\program files\rising\rav\ravmon.exe
Beijing Rising Technology Co., Ltd.
RavMon
.text,.rdata,.data,.rsrc,
26600000[0007C000]
[ M] 74. c:\program files\rising\rav\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
780C0000[00061000]
[ M] 75. c:\winnt\system32\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0002E000]
[ M] 76. c:\program files\rising\rav\bwlist.dll
Beijing Rising Technology Co., Ltd.
BWList DLL
.text,.rdata,.data,.rsrc,.reloc,
00980000[0000E000]
[ M] 77. c:\program files\rising\rav\rsappmgr.dll
Beijing Rising Technology Co., Ltd.
Rising Application Manager
.text,.rdata,.data,.rsrc,.reloc,
089A0000[0002F000]
[ M] 78. c:\program files\rising\rav\cfgdll.dll
Beijing Rising Technology Co., Ltd.
CfgDll
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 79. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
09060000[0001B000]
[ M] 80. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23800000[0001A000]
[ M] 81. c:\program files\rising\rav\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
23900000[00031000]
[ M] 82. c:\program files\rising\rav\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
09F60000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
水木屋 - 2007-7-16 15:35:00
+ 000002a0(672) regsvc.exe
+ 000002ac(684) MSTask.exe
+ 00000368(872) RavService.exe
00400000[0013C000]
[AM] 4. c:\program files\rising\rav\ravservice.exe
Beijing Rising Technology Co., Ltd.
.text,.rdata,.data,.rsrc,
780C0000[00061000]
[ M] 75. c:\winnt\system32\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[000D1000]
[ M] 84. c:\program files\rising\rav\dlcenter.dll
Beijing Rising Technology Co., Ltd.
DLCenter DLL
.text,.rdata,.data,.rsrc,.reloc,
00BE0000[0001B000]
[ M] 80. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
+ 000003a4(932) WinMgmt.exe
+ 000003b0(944) rsvp.exe
+ 000003f4(1012) svchost.exe
50640000[00009000]
[ M] 85. c:\winnt\system32\wups.dll
Microsoft Corporation
Windows Update client proxy stub
.orpc,.text,.data,.rsrc,.reloc,
+ 00000404(1028) RavStub.exe
00400000[00018000]
[ M] 86. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 80. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 79. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000420(1056) svchost.exe
+ 000004d0(1232) RavTray.exe
00400000[000D7000]
[AM] 51. c:\program files\rising\rav\ravtray.exe
Rising
RavNet Tray
.text,.rdata,.data,.rsrc,
10000000[0003E000]
[ M] 87. c:\program files\rising\rav\ravuilib.dll
RavUILib DLL
.text,.rdata,.data,.rsrc,.reloc,
780C0000[00061000]
[ M] 75. c:\winnt\system32\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
00E30000[00021000]
[ M] 88. c:\program files\rising\rav\ravtray936.dll
Rising
瑞星杀毒软件网络版托盘程序
.text,.rdata,.data,.rsrc,.reloc,
00E60000[0001B000]
[ M] 80. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
01220000[0001D000]
[ M] 89. c:\program files\rising\rav\bdengine.dll
Beijing Rising Technology Co., Ltd.
BDEngine Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
13100000[0002E000]
[ M] 90. c:\program files\rising\rav\libload.dll
Beijing Rising Technology Co., Ltd.
LibLoad
.text,.rdata,.data,.rsrc,.reloc,
01260000[00013000]
[ M] 91. c:\program files\rising\rav\bdex.dll
Beijing Rising Technology Co., Ltd.
BDEngine 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
01290000[00014000]
[ M] 92. c:\program files\rising\rav\bdlib.dll
Beijing Rising Technology Co., Ltd.
BDLib
.text,.rdata,.data,.rsrc,.reloc,
01590000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000057c(1404) Explorer.EXE
23000000[00056000]
[ M] 93. c:\winnt\apppatch\aclayers.dll
Microsoft Corporation
Windows 2000 Shim Accessory DLL
.text,.data,.CRT,.rsrc,.reloc,
60280000[0002D000]
[ M] 94. c:\winnt\system32\msimtf.dll
Microsoft Corporation
Active IMM Server DLL
.text,.data,.rsrc,.reloc,
60000000[0004B000]
[ M] 95. c:\winnt\system32\msctf.dll
Microsoft Corporation
MSUIM Server DLL
.text,.data,.rsrc,.reloc,
10000000[00070000]
[AM] 43. c:\winnt\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 61.72
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
77520000[00008000]
[ M] 62. c:\winnt\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
773C0000[00008000]
[ M] 63. c:\winnt\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
75CE0000[00006000]
[ M] 96. c:\winnt\system32\msadp32.acm
Microsoft Corporation
Microsoft ADPCM CODEC for MSACM
.text,.rsrc,.reloc,
032F0000[00019000]
[ M] 97. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
035D0000[0002B000]
[AM] 48. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
03A00000[0001B000]
[AM] 45. c:\winnt\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 79. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
05060000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
03EA0000[00011000]
[AM] 49. c:\winnt\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
06C30000[00004000]
[ M] 98. c:\winnt\system32\wuaucpl.cpl.mui
Microsoft Corporation
Automatic Updates Control Panel
.rsrc,.reloc,
06C40000[00DA2000]
[ M] 99. c:\winnt\system32\alsndmgr.cpl
Realtek Semiconductor Corp.
Realtek AC97 Audio Control Panel
.text,.rdata,.data,.rsrc,.reloc,
07E00000[0001E000]
[ M] 100. c:\winnt\system32\input.cpl
Microsoft Corporation
Text Input DLL
.text,.data,.rsrc,.reloc,
07E30000[00005000]
[ M] 101. c:\winnt\mui\fallback\0804\input.cpl.mui
Microsoft Corporation
Text Input DLL
.rsrc,.reloc,
646D0000[0001B000]
[ M] 102. c:\winnt\system32\powercfg.cpl
Microsoft Corporation
Power Management Configuration Control Panel Applet
.text,.data,.rsrc,.reloc,
07E40000[00013000]
[ M] 103. c:\winnt\system32\nvtuicpl.cpl
NVIDIA Corporation
NVIDIA nView Control Panel, Version 61.72
.text,.rdata,.data,.rsrc,.reloc,
07E70000[00023000]
[ M] 104. c:\winnt\system32\nvwrszhc.dll
NVIDIA Corporation
NVIDIA nView Desktop and Window Manager
.rsrc,.reloc,
+ 00000584(1412) RavTimer.exe
00400000[00021000]
[AM] 50. c:\program files\rising\rav\ravtimer.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
23700000[0001A000]
[ M] 79. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0000E000]
[ M] 77. c:\program files\rising\rav\rsappmgr.dll
Beijing Rising Technology Co., Ltd.
Rising Application Manager
.text,.rdata,.data,.rsrc,.reloc,
089E0000[0002F000]
[ M] 78. c:\program files\rising\rav\cfgdll.dll
Beijing Rising Technology Co., Ltd.
CfgDll
.text,.rdata,.data,.rsrc,.reloc,
08F90000[0001B000]
[ M] 80. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
水木屋 - 2007-7-16 15:37:00
0EDA0000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000588(1416) internat.exe
10000000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000007f0(2032) iexplore.exe
10000000[00017000]
[AM] 34. c:\program files\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
016B0000[00029000]
[AM] 35. c:\program files\flashget\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
017F0000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
02A80000[00019000]
[ M] 97. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[002EF000]
[ M] 105. c:\winnt\system32\macromed\flash\flash9c.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r45
.text,.rdata,.data,.rsrc,.reloc,
77520000[00008000]
[ M] 62. c:\winnt\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
773C0000[00008000]
[ M] 63. c:\winnt\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
75CE0000[00006000]
[ M] 96. c:\winnt\system32\msadp32.acm
Microsoft Corporation
Microsoft ADPCM CODEC for MSACM
.text,.rsrc,.reloc,
+ 00000804(2052) runiep.exe
00400000[00012000]
[AM] 53. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00B30000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000008c0(2240) U82.exe
00400000[00044000]
[ M] 106. d:\软件\u82.exe
Ultrasurf
UPX0,UPX1,.rsrc,
780C0000[00061000]
[ M] 75. c:\winnt\system32\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000920(2336) conime.exe
10000000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000009f4(2548) Ras.exe
00400000[0013F000]
[ M] 107. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
780C0000[00061000]
[ M] 75. c:\winnt\system32\msvcp60.dll
Microsoft Corporation
Microsoft (R) C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[000A3000]
[ M] 108. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
018A0000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
60280000[0002D000]
[ M] 94. c:\winnt\system32\msimtf.dll
Microsoft Corporation
Active IMM Server DLL
.text,.data,.rsrc,.reloc,
60000000[0004B000]
[ M] 95. c:\winnt\system32\msctf.dll
Microsoft Corporation
MSUIM Server DLL
.text,.data,.rsrc,.reloc,
+ 00000a48(2632) WINWORD.EXE
30000000[00836000]
[ M] 109. c:\program files\microsoft office\office\winword.exe
Microsoft Corporation
Microsoft Word for Windows
.text,.data,.tls,.CRT,.rsrc,
308C0000[0055C000]
[ M] 110. c:\program files\microsoft office\office\mso9.dll
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.rsrc,.reloc,
10000000[0002D000]
[ M] 111. c:\program files\rising\rav\rsplugin.dll
Beijing Rising Technology Co., Ltd.
RsPlugIn Module
.text,.rdata,.data,.rsrc,.reloc,
01610000[00024000]
[ M] 112. c:\program files\common files\kingsoft\extract\pwoffice2.dll
Kingsoft Co, Ltd.
Powerword Grab Addin for Office
.text,.rdata,.data,.rsrc,.reloc,
02140000[0001B000]
[ M] 83. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
65000000[00252000]
[ M] 113. c:\program files\common files\microsoft shared\vba\vba6\vbe6.dll
Microsoft Corporation
Visual Basic Design Time Environment
.text,.data,.rsrc,.reloc,
65300000[00027000]
[ M] 114. c:\program files\common files\microsoft shared\vba\vba6\2052\vbe6intl.dll
Microsoft Corporation
Visual Basic Environment 的国际资源
.rdata,.rsrc,.reloc,
77520000[00008000]
[ M] 62. c:\winnt\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
66900000[0015B000]
[ M] 115. c:\winnt\system32\spool\drivers\w32x86\3\cnmui4s.dll
CANON INC.
BJ Printer Driver Interface Driver
.text,.data,.rsrc,.reloc,
66400000[00064000]
[ M] 116. c:\winnt\system32\spool\drivers\w32x86\3\cnmdr4s.dll
CANON INC.
BJ Raster Printer Graphics Driver
.text,.data,.rsrc,.reloc,
507C0000[00084000]
[ M] 117. c:\program files\common files\microsoft shared\proof\mslid.dll
Microsoft Corporation
Microsoft Language Identification DLL
.text,.data,.rsrc,.reloc,
06170000[000AB000]
[ M] 118. c:\program files\common files\microsoft shared\proof\wdbrkchs.dll
Microsoft Corporation
Microsoft (R) Simplified Chinese Wordbreaker
.text,.rdata,.data,.idata,.rsrc,.reloc,
3F000000[00015000]
[ M] 119. c:\program files\common files\microsoft shared\proof\msspell3.dll
Microsoft Corporation
Microsoft Speller
.text,.data,.rsrc,.reloc,
066E0000[00024000]
[ M] 120. c:\program files\common files\microsoft shared\proof\2052\msgr2sc.dll
Microsoft Corporation
Microsoft (R) Simplified Chinese Grammar Checker
.text,.rdata,.data,.rsrc,.reloc,
50880000[001D9000]
[ M] 121. c:\program files\common files\microsoft shared\proof\2052\msgr2en.dll
Microsoft Corporation
Microsoft 语法检查动态链接库
.text,.rdata,.data,.rsrc,.reloc,
Leoooo - 2007-7-16 15:49:00
把c:\winnt\system32\updcrl.exe
c:\winnt\system32\verisignpub1.crl打包
上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
水木屋 - 2007-7-17 9:05:00
已经把两个文件上传给瑞星了,但回复不是病毒!
想发送病毒样本提示又不可复制。
怎么办呀?有高人能告诉我怎么杀掉此毒吗?
panxiaoting - 2007-7-17 9:39:00
你中的是“木马代理”去看看我签名处的帮助主题吧!希望有点帮助。^_^
水木屋 - 2007-7-17 10:58:00
楼上,我怎么打不开呀
再顶顶,期待出现高人!
panxiaoting - 2007-7-17 13:47:00
更改签名,去这里:http://forum.ikaka.com/topic.asp?board=28&artid=8337847
水木屋 - 2007-7-17 15:04:00
谢谢楼上!再顶一下!
1
© 2000 - 2026 Rising Corp. Ltd.