瑞星卡卡安全论坛
天啊a - 2007-7-17 14:43:00
刚刚用瑞星查到俩个木马病毒Trojan.DL.Liumazi.n 和Trojan.DL.SmaLL.tpf 我手动删除了,请高手看下是否还有其他病毒,没删干净请指点下怎么删,谢谢~
瑞星卡卡电脑诊断日志 v1.30 (2007-7-17 14:3:12) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
NVSvc
[AM] 1. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 53.03
.text,.rdata,.data,.rsrc,
P4P Service
[AM] 2. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
RsCCenter
[AM] 3. d:\ruixing\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[AM] 4. d:\ruixing\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 5. c:\windows\system32\drivers\alcxsens.sys
Sensaura Ltd
Sensaura WDM 3D Audio Driver
.text,page,init,.data,init,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 6. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,.rdata,.data,.CRT,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 7. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 8. d:\ruixing\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 9. d:\ruixing\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 10. d:\ruixing\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 11. d:\ruixing\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HSFHWBS2
[A ] 12. c:\windows\system32\drivers\hsfhwbs2.sys
Conexant Systems
HSF_HWB2 WDM driver
.text,GLOBAL_I,.rdata,.data,.CRT,GLOBAL_I,PAGE,INIT,.rsrc,.reloc,
HSF_DP
[A ] 13. c:\windows\system32\drivers\hsf_dp.sys
Conexant Systems
HSF_DP driver
.text,_PARA_DA,.rdata,.data,.CRT,PAGE,INIT,.rsrc,.reloc,
mdmxsdk
[A ] 14. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 15. d:\ruixing\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 16. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
nv
[A ] 17. c:\windows\system32\drivers\nv4_mini.sys
NVIDIA Corporation
NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.03
.text,_NVTEXT3,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 18. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 19. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 20. d:\ruixing\rising\rav\rsppsys.sys
Rising
RSPPSYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 21. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
SISAGP
[A ] 22. c:\windows\system32\drivers\sisagpx.sys
Silicon Integrated Systems Corporation
SiS AGPv3.5 Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SiSide
[A ] 23. c:\windows\system32\drivers\siside.sys
Silicon Integrated Systems Corp.
SiS PCI Mini IDE Driver
.text,.rdata,INIT,.rsrc,.reloc,
sisperf
[A ] 24. c:\windows\system32\drivers\sisperf.sys
Silicon Integrated Systems Corp.
SiS Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
UIUSys
[A ] 25. c:\windows\system32\drivers\uiusys.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
usbehci
[A ] 26. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
winachsf
[A ] 27. c:\windows\system32\drivers\hsf_cnxt.sys
Conexant Systems
WinACHSF driver
.text,_LTEXT,.rdata,.data,_LDATA,PAGESER,INIT,.rsrc,.reloc,
XDva001
[A ] 28. c:\windows\system32\xdva001.sys
XDva012
[A ] 29. c:\windows\system32\xdva012.sys
XDva013
[A ] 30. c:\windows\system32\xdva013.sys
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
sisidex
[A ] 31. c:\windows\system32\drivers\sisidex.sys
Windows (R) 2000 DDK provider
SISIDEX Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{54EBD539-9BC1-480B-966A-843A333CA162}
[AM] 32. c:\program files\thunder network\thunder\comdlls\xunleibho_007.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{54EBD53A-9BC1-480B-966A-843A333CA162}
[AM] 33. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 34. c:\program files\thunder network\thunder\thunder.exe
Thunder Networking Technologies,LTD
.text,.rdata,.data,.rsrc,
Script
[A ] 35. c:\windows\web\related.htm
Exec
[A ] 36. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
天啊a - 2007-7-17 14:44:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-17 14:3:12) 北京瑞星科技股份有限公司
注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
NVSvc
[AM] 1. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 53.03
.text,.rdata,.data,.rsrc,
P4P Service
[AM] 2. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
RsCCenter
[AM] 3. d:\ruixing\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[AM] 4. d:\ruixing\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
ALCXSENS
[A ] 5. c:\windows\system32\drivers\alcxsens.sys
Sensaura Ltd
Sensaura WDM 3D Audio Driver
.text,page,init,.data,init,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 6. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,.rdata,.data,.CRT,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 7. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 8. d:\ruixing\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 9. d:\ruixing\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 10. d:\ruixing\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 11. d:\ruixing\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HSFHWBS2
[A ] 12. c:\windows\system32\drivers\hsfhwbs2.sys
Conexant Systems
HSF_HWB2 WDM driver
.text,GLOBAL_I,.rdata,.data,.CRT,GLOBAL_I,PAGE,INIT,.rsrc,.reloc,
HSF_DP
[A ] 13. c:\windows\system32\drivers\hsf_dp.sys
Conexant Systems
HSF_DP driver
.text,_PARA_DA,.rdata,.data,.CRT,PAGE,INIT,.rsrc,.reloc,
mdmxsdk
[A ] 14. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 15. d:\ruixing\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 16. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
nv
[A ] 17. c:\windows\system32\drivers\nv4_mini.sys
NVIDIA Corporation
NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.03
.text,_NVTEXT3,.rdata,.data,PAGE,PAGE,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 18. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 19. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 20. d:\ruixing\rising\rav\rsppsys.sys
Rising
RSPPSYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 21. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
SISAGP
[A ] 22. c:\windows\system32\drivers\sisagpx.sys
Silicon Integrated Systems Corporation
SiS AGPv3.5 Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SiSide
[A ] 23. c:\windows\system32\drivers\siside.sys
Silicon Integrated Systems Corp.
SiS PCI Mini IDE Driver
.text,.rdata,INIT,.rsrc,.reloc,
sisperf
[A ] 24. c:\windows\system32\drivers\sisperf.sys
Silicon Integrated Systems Corp.
SiS Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
UIUSys
[A ] 25. c:\windows\system32\drivers\uiusys.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
usbehci
[A ] 26. c:\windows\system32\drivers\usbehci.sys
Microsoft Corporation
EHCI eUSB Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
winachsf
[A ] 27. c:\windows\system32\drivers\hsf_cnxt.sys
Conexant Systems
WinACHSF driver
.text,_LTEXT,.rdata,.data,_LDATA,PAGESER,INIT,.rsrc,.reloc,
XDva001
[A ] 28. c:\windows\system32\xdva001.sys
XDva012
[A ] 29. c:\windows\system32\xdva012.sys
XDva013
[A ] 30. c:\windows\system32\xdva013.sys
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
sisidex
[A ] 31. c:\windows\system32\drivers\sisidex.sys
Windows (R) 2000 DDK provider
SISIDEX Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{54EBD539-9BC1-480B-966A-843A333CA162}
[AM] 32. c:\program files\thunder network\thunder\comdlls\xunleibho_007.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{54EBD53A-9BC1-480B-966A-843A333CA162}
[AM] 33. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 34. c:\program files\thunder network\thunder\thunder.exe
Thunder Networking Technologies,LTD
.text,.rdata,.data,.rsrc,
Script
[A ] 35. c:\windows\web\related.htm
Exec
[A ] 36. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
天啊a - 2007-7-17 14:53:00
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 37. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Desktop Explorer
[AM] 38. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 53.03
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Desktop Explorer Menu
[AM] 38. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 53.03
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
nView Desktop Context Menu
[AM] 38. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 53.03
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
WinRAR shell extension
[A ] 39. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 40. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
RISING
[AM] 41. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 41. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 42. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
nwiz
[A ] 43. c:\windows\system32\nwiz.exe
NVIDIA Corporation
NVIDIA nView Wizard, Version 53.03
.text,.rdata,.data,.rsrc,
SoundMan
[AM] 44. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.rsrc,
StormCodec_Helper
[A ] 45. c:\program files\ringz studio\storm codec\stormset.exe
.text,.rdata,.data,.ndata,.rsrc,
runeip
[AM] 46. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
RavTask
[AM] 47. d:\ruixing\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 48. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.bat
batfile\edit\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
batfile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.log
txtfile\open\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.txt
txtfile\open\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
txtfile\printto\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.cmd
cmdfile\edit\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
cmdfile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.reg
regfile\edit\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
regfile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.vbs
VBSFile\Edit\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
VBSFile\Print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.js
JSFile\Edit\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
JSFile\Print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 50. c:\program files\real\realplayer\realplay.exe
RealNetworks, Inc.
RealPlayer
.text,.rdata,.data,.rsrc,
+ HKCR\.ini
inifile\open\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inifile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ HKCR\.inf
inffile\open\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
inffile\print\Command
[A ] 49. c:\windows\system32\notepad.exe
Microsoft Corporation
记事本
.text,.data,.rsrc,
+ 正在运行的进程
+ 0000017c(380) alg.exe
+ 00000190(400) smss.exe
+ 000001b8(440) nvsvc32.exe
00400000[00015000]
[AM] 1. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 53.03
.text,.rdata,.data,.rsrc,
+ 000001c0(448) p2psvr.exe
00400000[00016000]
[AM] 2. c:\program files\common files\sogou pxp\p2psvr.exe
Sohu.com Inc.
Sogou P4P Service
.text,.rdata,.data,.rsrc,
10000000[0003C000]
[ M] 51. c:\program files\sogou pxp\vodsvr.dll
Sohu.com Inc.
Sogou VOD Service Plugin
.text,.rdata,.data,.rsrc,.reloc,
00A90000[00025000]
[ M] 52. c:\program files\sogou pxp\pxpnet.dll
Sohu.com Inc.
Sogou PXP Network Plugin
.text,.rdata,.data,.rsrc,.reloc,
00AD0000[00038000]
[ M] 53. c:\program files\sogou pxp\p2pclient.dll
Sohu.com Inc.
P2P Client Plugin
.text,.rdata,.data,.rsrc,.reloc,
00B10000[00012000]
[ M] 54. c:\program files\p4p\p4pipc.dll
Sohu.com Inc.
Sogou P4P IPC Service
.text,.rdata,.data,.rsrc,.reloc,
+ 000001e0(480) csrss.exe
+ 000001f8(504) winlogon.exe
72C90000[00009000]
[ M] 55. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000224(548) services.exe
+ 00000230(560) lsass.exe
+ 000002cc(716) svchost.exe
+ 00000300(768) CCenter.exe
00400000[0001E000]
[AM] 3. d:\ruixing\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
+ 00000310(784) svchost.exe
+ 0000038c(908) svchost.exe
+ 000003dc(988) svchost.exe
+ 00000424(1060) Ravmond.exe
00400000[0004E000]
[AM] 4. d:\ruixing\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
10000000[0002E000]
[ M] 57. d:\ruixing\rising\rav\bwlist.dll
Beijing Rising Technology Co., Ltd.
BWList DLL
.text,.rdata,.data,.rsrc,.reloc,
00820000[0001B000]
[ M] 58. d:\ruixing\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
00C40000[0000F000]
[ M] 59. d:\ruixing\rising\rav\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
00C50000[0000D000]
[ M] 60. d:\ruixing\rising\rav\rsppsys.dll
Beijing Rising Technology Co., Ltd.
RSPPSYS Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
00D60000[0000E000]
[ M] 61. d:\ruixing\rising\rav\rsappmgr.dll
Beijing Rising Technology Co., Ltd.
Rising Application Manager
.text,.rdata,.data,.rsrc,.reloc,
00D80000[0002F000]
[ M] 62. d:\ruixing\rising\rav\cfgdll.dll
Beijing Rising Technology Co., Ltd.
CfgDll
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 63. d:\ruixing\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
00DD0000[0000B000]
[ M] 64. d:\ruixing\rising\rav\rslog.dll
Beijing Rising Technology Co., Ltd.
RsLog DLL
.text,.rdata,.data,.rsrc,.reloc,
天啊a - 2007-7-17 14:54:00
00DE0000[0000D000]
[ M] 65. d:\ruixing\rising\rav\hooksys.dll
Beijing Rising Technology Co., Ltd.
HOOKSYS Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
00E10000[00029000]
[ M] 66. d:\ruixing\rising\rav\scanner.dll
Beijing Rising Technology Co., Ltd.
RsScanner
.text,.rdata,.data,.rsrc,.reloc,
13100000[0002E000]
[ M] 67. d:\ruixing\rising\rav\libload.dll
Beijing Rising Technology Co., Ltd.
LibLoad
.text,.rdata,.data,.rsrc,.reloc,
092D0000[0002B000]
[ M] 68. d:\ruixing\rising\rav\viruslib.dll
Beijing Rising Technology Co., Ltd.
VirusLib
.text,.rdata,.data,.rsrc,.reloc,
09410000[00010000]
[ M] 69. d:\ruixing\rising\rav\regmon.dll
Beijing Rising Technology Co., Ltd.
regmon
.text,.rdata,.data,.rsrc,.reloc,
731B0000[0000A000]
[ M] 70. d:\ruixing\rising\rav\psapi.dll
Microsoft Corporation
Process Status Helper
.text,.rdata,.data,.rsrc,.reloc,
096A0000[0000D000]
[ M] 71. d:\ruixing\rising\rav\hookweb.dll
Beijing Rising Technology Co., Ltd.
HookWeb
.text,.rdata,.data,.rsrc,.reloc,
097C0000[00014000]
[ M] 72. d:\ruixing\rising\rav\memmon.dll
Beijing Rising Technology Co., Ltd.
MemMon
.text,.rdata,.data,.rsrc,.reloc,
097F0000[0000E000]
[ M] 73. d:\ruixing\rising\rav\expscan.dll
Beijing Rising Technology Co., Ltd.
ExpScan.dll
.text,.rdata,.data,.rsrc,.reloc,
09810000[00012000]
[ M] 74. d:\ruixing\rising\rav\mports.dll
Beijing Rising Technology Co., Ltd.
mPorts.dll
.text,.rdata,.data,.rsrc,.reloc,
09960000[0000D000]
[ M] 75. d:\ruixing\rising\rav\hookcont.dll
Rising
HookCont Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
09A90000[00085000]
[ M] 76. d:\ruixing\rising\rav\spameng.dll
SpamEng Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
09B30000[0003C000]
[ M] 77. d:\ruixing\rising\rav\engine.dll
Beijing Rising Technology Co., Ltd.
engine
.text,.rdata,.data,.rsrc,.reloc,
0A5D0000[0002B000]
[ M] 78. d:\ruixing\rising\rav\posttrt.dll
Beijing Rising Technology Co., Ltd.
PostTrt
.text,.rdata,.data,.rsrc,.reloc,
0A610000[002DC000]
[ M] 79. d:\ruixing\rising\rav\unexe.dll
Beijing Rising Technology Co., Ltd.
UnExe
.text,.rdata,.data,.rsrc,.reloc,
13AB0000[00038000]
[ M] 80. d:\ruixing\rising\rav\scanexec.dll
Beijing Rising Technology Co., Ltd.
ScanExec
.text,.rdata,.data,.rsrc,.reloc,
0AA10000[00035000]
[ M] 81. d:\ruixing\rising\rav\scanex.dll
Beijing Rising Technology Co., Ltd.
ScanEX
.text,.rdata,.data,.rsrc,.reloc,
0AA90000[000AB000]
[ M] 82. d:\ruixing\rising\rav\extfile.dll
Beijing Rising Technology Co., Ltd.
extFile Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
0AB50000[0001C000]
[ M] 83. d:\ruixing\rising\rav\nvfile.dll
Beijing Rising Technology Co., Ltd.
NVFile
.text,.rdata,.data,.rsrc,.reloc,
13AF0000[00020000]
[ M] 84. d:\ruixing\rising\rav\scanmac.dll
Beijing Rising Technology Co., Ltd.
ScanMac
.text,.rdata,.data,.rsrc,.reloc,
0ACC0000[00029000]
[ M] 85. d:\ruixing\rising\rav\scansct.dll
Beijing Rising Technology Co., Ltd.
ScanSct
.text,.rdata,.data,.rsrc,.reloc,
00AB0000[00056000]
[ M] 86. d:\ruixing\rising\rav\unpacker.dll
Beijing Rising Technology Co., Ltd.
UnPacker
.text,.rdata,.data,.rsrc,.reloc,
09FA0000[0003A000]
[ M] 87. d:\ruixing\rising\rav\scanpack.dll
Beijing Rising Technology Co., Ltd.
Unpack Engine
.text,.rdata,.data,.rsrc,.reloc,
0BCF0000[000B4000]
[ M] 88. d:\ruixing\rising\rav\rsvm.dll
RSVM Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 0000045c(1116) Explorer.EXE
10000000[0001B000]
[AM] 41. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
00960000[00011000]
[AM] 42. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
00EF0000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 55. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01FF0000[0006F000]
[AM] 38. c:\windows\system32\nvshell.dll
NVIDIA Corporation
NVIDIA Desktop Explorer, Version 53.03
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
01110000[0001F000]
[ M] 90. c:\windows\system32\nvwrszhc.dll
NVIDIA Corporation
NVIDIA nView Desktop and Window Manager
.rsrc,.reloc,
+ 000004fc(1276) SOUNDMAN.EXE
00400000[00014000]
[AM] 44. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000050c(1292) runiep.exe
00400000[00012000]
[AM] 46. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
天啊a - 2007-7-17 14:55:00
00BE0000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000514(1300) RavTask.exe
00400000[0001F000]
[AM] 47. d:\ruixing\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
23700000[0001A000]
[ M] 63. d:\ruixing\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
10000000[0000E000]
[ M] 61. d:\ruixing\rising\rav\rsappmgr.dll
Beijing Rising Technology Co., Ltd.
Rising Application Manager
.text,.rdata,.data,.rsrc,.reloc,
08A00000[0002F000]
[ M] 62. d:\ruixing\rising\rav\cfgdll.dll
Beijing Rising Technology Co., Ltd.
CfgDll
.text,.rdata,.data,.rsrc,.reloc,
08C80000[0001B000]
[ M] 58. d:\ruixing\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
08EA0000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000520(1312) ctfmon.exe
10000000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000578(1400) spoolsv.exe
+ 000005bc(1468) Ravmon.exe
00400000[00099000]
[ M] 91. d:\ruixing\rising\rav\ravmon.exe
Beijing Rising Technology Co., Ltd.
RavMon
.text,.rdata,.data,.rsrc,
26600000[0007D000]
[ M] 92. d:\ruixing\rising\rav\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
10000000[0002E000]
[ M] 57. d:\ruixing\rising\rav\bwlist.dll
Beijing Rising Technology Co., Ltd.
BWList DLL
.text,.rdata,.data,.rsrc,.reloc,
003D0000[0000E000]
[ M] 61. d:\ruixing\rising\rav\rsappmgr.dll
Beijing Rising Technology Co., Ltd.
Rising Application Manager
.text,.rdata,.data,.rsrc,.reloc,
08AF0000[0002F000]
[ M] 62. d:\ruixing\rising\rav\cfgdll.dll
Beijing Rising Technology Co., Ltd.
CfgDll
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 63. d:\ruixing\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
08D90000[0001B000]
[ M] 58. d:\ruixing\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23800000[0001A000]
[ M] 93. d:\ruixing\rising\rav\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
23900000[00031000]
[ M] 94. d:\ruixing\rising\rav\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
09AE0000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000660(1632) RavStub.exe
00400000[00018000]
[ M] 95. d:\ruixing\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 58. d:\ruixing\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 63. d:\ruixing\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000710(1808) Ras.exe
00400000[0013F000]
[ M] 96. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 97. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01630000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000007a8(1960) iexplore.exe
10000000[0001D000]
[AM] 32. c:\program files\thunder network\thunder\comdlls\xunleibho_007.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
617E0000[0002F000]
[AM] 33. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
01480000[0001B000]
[ M] 89. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
025A0000[00019000]
[ M] 98. d:\ruixing\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C90000[00009000]
[ M] 55. c:\windows\system32\wdmaud.drv
Microsoft Corporation
WDM Audio driver mapper
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 56. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
30000000[002DE000]
[ M] 99. c:\windows\system32\macromed\flash\flash9.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r16
.text,.rdata,.data,.rsrc,.reloc,
天啊a - 2007-7-17 14:57:00
SRE扫描结果
[CODE]
2007-07-17,14:18:21
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"D:\ruixing\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Running/Auto Start]
<C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\ruixing\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\ruixing\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Stopped/Manual Start]
<System32\DRIVERS\HSF_BSC2.sys><Conexant>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\HookSys.sys><Rising>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Running/Manual Start]
<System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[hsf_msft / hsf_msft][Stopped/Manual Start]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<System32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Stopped/Manual Start]
<System32\DRIVERS\HSF_SAMP.sys><Conexant>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\ruixing\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[sisidex / sisidex][Running/Boot Start]
<\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
<system32\drivers\UIUSys.sys><Conexant>
[winachsf / winachsf][Running/Manual Start]
<System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[XDva001 / XDva001][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\XDva001.sys><N/A>
[XDva012 / XDva012][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\XDva012.sys><N/A>
[XDva013 / XDva013][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\XDva013.sys><N/A>
天啊a - 2007-7-17 14:58:00
=================================
浏览器加载项
[Thunder Browser Helper]
{54EBD539-9BC1-480B-966A-843A333CA162} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
{FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\CONFLICT.6\MMCShell.dll, Sohu.com Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[&使用BitComet下载]
<res://D:\BT\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://D:\BT\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://D:\BT\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 400][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 768][D:\ruixing\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 784][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1060][D:\ruixing\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[D:\ruixing\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\ruixing\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\ruixing\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\ruixing\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\ruixing\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\ruixing\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\ruixing\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\ruixing\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\ruixing\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[D:\ruixing\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\ruixing\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\ruixing\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\ruixing\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\ruixing\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[D:\ruixing\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\ruixing\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\ruixing\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\ruixing\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[D:\ruixing\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\ruixing\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 27]
[D:\ruixing\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\ruixing\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\ruixing\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\ruixing\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 47]
[D:\ruixing\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\ruixing\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\ruixing\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\ruixing\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\ruixing\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\ruixing\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
[D:\ruixing\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 16]
[D:\ruixing\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[D:\ruixing\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1116][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5303]
[C:\WINDOWS\System32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5303]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\ruixing\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1276][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.14]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1292][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.15]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1300][D:\ruixing\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\ruixing\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\ruixing\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\ruixing\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\ruixing\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1312][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1400][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1468][D:\ruixing\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[D:\ruixing\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\ruixing\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\ruixing\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\ruixing\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\ruixing\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\ruixing\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\ruixing\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\ruixing\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1632][D:\ruixing\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[D:\ruixing\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\ruixing\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 380][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 440][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.5303]
[PID: 448][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] [Sohu.com Inc., 2, 0, 0, 20]
[C:\Program Files\Sogou PXP\vodsvr.dll] [Sohu.com Inc., 2, 4, 0, 6]
[C:\Program Files\Sogou PXP\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 9]
[C:\Program Files\Sogou PXP\p2pclient.dll] [Sohu.com Inc., 2, 9, 1, 6]
[C:\Program Files\P4P\p4pipc.dll] [Sohu.com Inc., 1, 0, 0, 11]
[PID: 1960][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\ruixing\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1716][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1180][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 872][D:\ruixing\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
天啊a - 2007-7-17 14:59:00
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
[/CODE]
Leoooo - 2007-7-17 15:31:00
c:\windows\system32\xdva001.sys
c:\windows\system32\xdva012.sys
c:\windows\system32\xdva013.sys
可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
Leoooo - 2007-7-17 15:32:00
c:\windows\system32\xdva001.sys
c:\windows\system32\xdva012.sys
c:\windows\system32\xdva013.sys
可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
天啊a - 2007-7-17 15:48:00
c:\windows\system32\xdva011.sys
c:\windows\system32\xdva012.sys
c:\windows\system32\xdva013.sys
c:\windows\system32\没找到这些可疑文件xdva012.sys,他们在那呢?
1
© 2000 - 2026 Rising Corp. Ltd.
