瑞星卡卡安全论坛
蚂蚁蚂蚁啃骨头 - 2007-7-24 16:04:00
瑞星监控自动关闭,启动qq时就会提示发现病毒,所有磁盘分区都有autorun,后来用个东西杀掉了,现在没了,但是电脑反映很慢,还能不断的发现新病毒,电脑格了一次都没有用,请帮帮我
附日志:
Logfile of HijackThis v1.99.1
Scan saved at 15:28:46, on 2088-1-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Rising\Rav\Ravmon.exe
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [RAV008C] C:\WINDOWS\system32\RAV008C.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [SoundMan] SoundMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - d:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - d:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - d:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - d:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: WMIApiSrv2.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Help and Support (helpsvc) - 1 - C:\WINDOWS\system32\inetres.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
newcenturymoon - 2007-7-24 16:05:00
扫描sreng 日志
Leoooo - 2007-7-24 16:13:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以),不要修改(一次发不完请分次发上来)
6
扫日志的时候尽量把不必要的软件关闭 如QQ TM等7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:34:00
【回复“Leoooo”的帖子】
瑞星卡卡电脑诊断日志 v1.30 (2099-1-1 17:19:54) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
Adobe LM Service
[A ] 1. c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
Adobe Systems
System Level Service Utility
.text,.rdata,.data,.rsrc,
aspnet_state
[A ] 2. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
Microsoft Corporation
aspnet_state.exe
.text,.data,.rsrc,
Ati HotKey Poller
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
Autodesk Licensing Service
[A ] 4. c:\program files\common files\autodesk shared\service\adskscsrv.exe
Autodesk
System Level Service Utility
.text,.rdata,.data,.rsrc,
EvtEng
[AM] 5. c:\program files\intel\wireless\bin\evteng.exe
Intel Corporation
EvtEng Module
.text,.rdata,.data,.rsrc,
helpsvc
[A ] 6. c:\windows\system32\inetres.exe
1
.text,.rsrc,
NICCONFIGSVC
[AM] 7. c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
Dell Inc.
Internal Network Card Power Management Service
.text,.rdata,.data,.rsrc,
ose
[A ] 8. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
RegSrvc
[AM] 9. c:\program files\intel\wireless\bin\regsrvc.exe
Intel Corporation
RegSrvc Module
.text,.rdata,.data,.rsrc,
RfwProxySrv
[A ] 10. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 11. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
RsCCenter
[A ] 12. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 13. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
S24EventMonitor
[AM] 14. c:\program files\intel\wireless\bin\s24evmon.exe
Intel Corporation
Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
.text,.rdata,.data,.rsrc,
UMWdf
[AM] 15. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
usnsvc
[A ] 16. c:\program files\msn messenger\usnsvc.dll
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.text,.data,.rsrc,.reloc,
WLANKEEPER
[AM] 17. c:\program files\intel\wireless\bin\wlkeeper.exe
Intel? Corporation
WLKEEPER
.text,.rdata,.data,.rsrc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:35:00
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
AegisP
[A ] 18. c:\windows\system32\drivers\aegisp.sys
Meetinghouse Data Communications
IEEE 802.1X Protocol Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
ApfiltrService
[A ] 19. c:\windows\system32\drivers\apfiltr.sys
Alps Electric Co., Ltd.
Alps Touch Pad Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
APPDRV
[A ] 20. c:\windows\system32\drivers\appdrv.sys
Dell Inc
App Support Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 21. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
bcm4sbxp
[A ] 22. c:\windows\system32\drivers\bcm4sbxp.sys
Broadcom Corporation
Broadcom Corporation NDIS 5.1 ethernet driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
d347bus
[A ] 23. c:\windows\system32\drivers\d347bus.sys
PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
d347prt
[A ] 24. c:\windows\system32\drivers\d347prt.sys
SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
drvmcdb
[A ] 25. c:\windows\system32\drivers\drvmcdb.sys
Sonic Solutions
Device Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 26. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 27. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 28. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 29. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 30. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
HSFHWICH
[A ] 31. c:\windows\system32\drivers\hsfhwich.sys
Conexant Systems, Inc.
HSFHWICH WDM driver
.text,GLOBAL_I,.rdata,.data,.CRT,GLOBAL_I,.STL,PAGE,INIT,.rsrc,.reloc,
HSF_DP
[A ] 32. c:\windows\system32\drivers\hsf_dp.sys
Conexant Systems, Inc.
HSF_DP driver
.text,_PARA_DA,.rdata,.data,.STL,.CRT,PAGE,INIT,.rsrc,.reloc,
IWCA
[A ] 33. c:\windows\system32\drivers\iwca.sys
Intel Corporation
Intel Wireless Connection Agent
.text,.rdata,.data,INIT,.rsrc,.reloc,
mdmxsdk
[A ] 34. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 35. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
mProcRs
[A ] 36. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 37. d:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
OMCI
[A ] 38. c:\windows\system32\drivers\omci.sys
Dell Computer Corporation
OMCI Device Driver
.text,.data,PAGE,INIT,.rsrc,.reloc,
PxHelp20
[A ] 39. c:\windows\system32\drivers\pxhelp20.sys
Sonic Solutions
Px Engine Device Driver for Windows 2000/XP
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 40. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 41. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 42. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 43. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
s24trans
[A ] 44. c:\windows\system32\drivers\s24trans.sys
Intel Corporation
Intel WLAN Packet Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 45. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
STAC97
[A ] 46. c:\windows\system32\drivers\stac97.sys
SigmaTel, Inc.
SigmaTel Audio Driver (WDM)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
UIUSys
[A ] 47. c:\windows\system32\drivers\uiusys.sys
w29n51
[A ] 48. c:\windows\system32\drivers\w29n51.sys
Intel? Corporation
Intel? Wireless LAN Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
winachsf
[A ] 49. c:\windows\system32\drivers\hsf_cnxt.sys
Conexant Systems, Inc.
HSF_CNXT driver
.text,_LTEXT,.rdata,.data,_LDATA,PAGESER,INIT,.rsrc,.reloc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:35:00
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
drvnddm
[A ] 50. c:\windows\system32\drivers\drvnddm.sys
Sonic Solutions
Device Driver Manager
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
sscdbhk5
[A ] 51. c:\windows\system32\drivers\sscdbhk5.sys
Sonic Solutions
Shared Driver Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
ssrtln
[A ] 52. c:\windows\system32\drivers\ssrtln.sys
Sonic Solutions
Shared Driver Component
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
tfsnboio
[A ] 53. c:\windows\system32\dla\tfsnboio.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
tfsncofs
[A ] 54. c:\windows\system32\dla\tfsncofs.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
tfsndrct
[A ] 55. c:\windows\system32\dla\tfsndrct.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
tfsndres
[A ] 56. c:\windows\system32\dla\tfsndres.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
tfsnifs
[A ] 57. c:\windows\system32\dla\tfsnifs.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
tfsnopio
[A ] 58. c:\windows\system32\dla\tfsnopio.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
tfsnpool
[A ] 59. c:\windows\system32\dla\tfsnpool.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
tfsnudf
[A ] 60. c:\windows\system32\dla\tfsnudf.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
tfsnudfa
[A ] 61. c:\windows\system32\dla\tfsnudfa.sys
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,INIT,.rsrc,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UIHost
[A ] 62. c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
Microsoft Corporation
Windows Logon UI
.text,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 63. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
IntelWireless
[AM] 64. c:\program files\intel\wireless\bin\lgnotify.dll
Intel Corporation
LogonNotify DLL
.text,.rdata,.data,.rsrc,.reloc,
WBSrv
[AM] 65. d:\program files\stardock\object desktop\windowblinds\wbsrv.dll
Stardock
WBSrv.dll
.text,.rdata,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 66. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{5CA3D70E-1895-11CF-8E15-001234567890}
[A ] 67. c:\windows\system32\dla\tfswshx.dll
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 68. d:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
Exec
[A ] 69. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 70. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-complus
[A ] 70. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
application/x-msdownload
[A ] 70. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
text/xml
[A ] 71. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
livecall
[A ] 72. c:\program files\msn messenger\msgrapp.8.0.0792.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
msnim
[A ] 72. c:\program files\msn messenger\msgrapp.8.0.0792.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
mso-offdap
[A ] 73. c:\program files\common files\microsoft shared\web components\10\owc10.dll
Microsoft Corporation
Microsoft Office XP Web Components
.text,.data,.rtext,.bootdat,msoconst,Shared,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{2bf41073-b2b1-21c1-b5c1-0701f4155588}
[A ] 74. c:\program files\common files\services\svchost.exe
CODE,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 75. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
DriveLetterAccess
[A ] 67. c:\windows\system32\dla\tfswshx.dll
Sonic Solutions
Drive Letter Access Component
.text,.rdata,.data,.rsrc,.reloc,
RecordNow! SendToExt
[A ] 76. c:\program files\sonic\sonic solutions product cd\recordnow!\shlext.dll
Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
WinRAR shell extension
[A ] 77. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
MSNShell
[A ] 78. c:\windows\system32\contmenu.dll
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
WindowBlinds CPL Extension
[A ] 79. d:\program files\stardock\object desktop\windowblinds\wbui.dll
Stardock.Net, Inc
WindowBlinds 5.0 UI
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[A ] 80. d:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
Web Folders
[A ] 81. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
Microsoft Office Outlook Custom Icon Handler
[A ] 82. d:\program files\microsoft office\office11\olkfstub.dll
Microsoft Corporation
Outlook Shell Hook for Start/Find
.text,.data,.rsrc,.reloc,
Microsoft Office Outlook Desktop Icon Handler
[A ] 83. d:\program files\microsoft office\office11\mlshext.dll
Microsoft Corporation
Microsoft Shell Extension Library
.text,.data,.cdata,.rsrc,.reloc,
TuneUp 碎纸机
[A ] 84. d:\program files\tuneup utilities 2006\sdshelex.dll
TuneUp Software GmbH
TuneUp Shredder Shell Extension
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
Fusion Cache
[A ] 70. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
Autodesk Drawing Preview
[A ] 85. c:\program files\common files\autodesk shared\thumbnail\acthumbnail16.dll
Autodesk
AcThumbnail Module
.text,.rdata,.data,.rsrc,.reloc,
AutoCAD 数字签名图标覆盖处理程序
[AM] 86. c:\windows\system32\acsignicon.dll
Autodesk
AcSignIcon Module
.text,.rdata,.data,.rsrc,.reloc,
Autodesk DWF Preview
[A ] 87. c:\program files\common files\autodesk shared\thumbnail\acdwfthmbprxy16.dll
Autodesk
AcThumbnail Module
.text,.rdata,.data,.rsrc,.reloc,
Messenger Sharing Folders
[AM] 88. c:\program files\msn messenger\fsshext.8.0.0792.00.dll
Microsoft Corporation
Messenger File Sharing Shell Extensions
.text,.data,.rsrc,.reloc,
RISING
[A ] 89. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:41:00
+ 用户登陆自运行项目
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
[A ] 90. c:\program files\msn messenger\msnmsgr.exe
Microsoft Corporation
Messenger
.text,.data,.rsrc,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA
[AM] 91. c:\program files\ati technologies\ati control panel\atiptaxx.exe
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,
Apoint
[AM] 92. c:\program files\apoint\apoint.exe
Alps Electric Co., Ltd.
Alps Pointing-device Driver
.text,.sdata,.rdata,.data,.rsrc,
TIMHost
[A ] 93. c:\windows\timhost.exe
.text,.rdata,.data,.rsrc,
RAV008C
[A ] 94. c:\windows\system32\rav008c.exe
VL橸谚�?_Y??G�,QV?褤瑒,
mppds
[A ] 95. c:\windows\mppds.exe
.text,.rdata,.data,.rsrc,
RavTask
[A ] 96. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
SoundMan
[AM] 97. c:\windows\system32\soundman.exe
1
.text,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 98. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 99. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 100. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.exe
exefile\启用/禁用数字签名图标\Command
[A ] 101. c:\windows\system32\acsignopt.exe
Autodesk
AcSignOpt Module
.text,.rdata,.data,.rsrc,
+ HKCR\.html
htmlfile\Edit\Command
[A ] 102. d:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Edit with Dreamweaver 8\Command
[A ] 103. d:\program files\macromedia\dreamweaver 8\dreamweaver.exe
Macromedia, Inc.
Dreamweaver 8
.text,.rdata,.data,.rsrc,
htmlfile\Maxthon\Command
[AM] 104. d:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
htmlfile\open\Command
[AM] 104. d:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
htmlfile\Print\Command
[A ] 102. d:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 102. d:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Edit with Dreamweaver 8\Command
[A ] 103. d:\program files\macromedia\dreamweaver 8\dreamweaver.exe
Macromedia, Inc.
Dreamweaver 8
.text,.rdata,.data,.rsrc,
htmlfile\Maxthon\Command
[AM] 104. d:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
htmlfile\open\Command
[AM] 104. d:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
htmlfile\Print\Command
[A ] 102. d:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.log
txtfile\open\Command
[A ] 105. c:\windows\system32\notep.exe
1
.text,.rsrc,
文件名和"notepad.exe"类似;
+ HKCR\.txt
txtfile\open\Command
[A ] 105. c:\windows\system32\notep.exe
1
.text,.rsrc,
文件名和"notepad.exe"类似;
+ HKCR\.js
jsfile\Edit\Command
[A ] 103. d:\program files\macromedia\dreamweaver 8\dreamweaver.exe
Macromedia, Inc.
Dreamweaver 8
.text,.rdata,.data,.rsrc,
+ HKCR\.mp3
MMJB.MP3\Open\Command
[A ] 106. c:\program files\musicmatch\musicmatch jukebox\mmjblaunch.exe
Musicmatch, Inc.
MUSICMATCH Jukebox
.text,.rdata,.data,.rsrc,
MMJB.MP3\Play\Command
[A ] 106. c:\program files\musicmatch\musicmatch jukebox\mmjblaunch.exe
Musicmatch, Inc.
MUSICMATCH Jukebox
.text,.rdata,.data,.rsrc,
+ 正在运行的进程
+ 000000a8(168) 1XConfig.exe
00400000[00040000]
[ M] 107. c:\program files\intel\wireless\bin\1xconfig.exe
Intel
8021XConfig Module
.text,.rdata,.data,.rsrc,
10000000[0015D000]
[ M] 108. c:\program files\intel\wireless\bin\intelae5.dll
Meetinghouse Data Communications
IEEE 802.1X Protocol
.text,.rdata,.data,.idata,.rsrc,.reloc,
00370000[00023000]
[ M] 109. c:\program files\intel\wireless\bin\traceapi.dll
Intel Corporation
TraceAPI Module
.text,.rdata,.data,.rsrc,.reloc,
003A0000[00030000]
[ M] 110. c:\program files\intel\wireless\bin\psregapi.dll
Intel Corporation
PsRegApi
.text,.rdata,.data,.rsrc,.reloc,
00A20000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
00E40000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
01430000[00012000]
[ M] 113. c:\program files\intel\wireless\bin\d8021xps.dll
.text,.orpc,.rdata,.data,.reloc,
+ 0000014c(332) NICCONFIGSVC.exe
00400000[0005C000]
[AM] 7. c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
Dell Inc.
Internal Network Card Power Management Service
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
+ 00000154(340) ZcfgSvc.exe
00400000[00063000]
[ M] 115. c:\program files\intel\wireless\bin\zcfgsvc.exe
Intel Corporation
ZeroCfgSvc MFC Application
.text,.rdata,.data,.rsrc,
10000000[00071000]
[ M] 116. c:\program files\intel\wireless\bin\pfmgrapi.dll
Intel Corporation
ProfileMgrApi DLL
.text,.rdata,.data,.rsrc,.reloc,
00380000[00023000]
[ M] 109. c:\program files\intel\wireless\bin\traceapi.dll
Intel Corporation
TraceAPI Module
.text,.rdata,.data,.rsrc,.reloc,
003B0000[00030000]
[ M] 110. c:\program files\intel\wireless\bin\psregapi.dll
Intel Corporation
PsRegApi
.text,.rdata,.data,.rsrc,.reloc,
00470000[0003F000]
[ M] 117. c:\program files\intel\wireless\bin\murocapi.dll
Intel Corporation
MurocApi DLL
.text,.rdata,.data,.rsrc,.reloc,
003E0000[00010000]
[ M] 118. c:\program files\intel\wireless\bin\s24mudll.dll
Intel Corporation
Interface DLL for S24EvMon functions
.text,.rdata,.data,.rsrc,.reloc,
004B0000[00053000]
[ M] 119. c:\program files\intel\wireless\bin\c1xstngs.dll
Intel Corporation
C8021XSettings DLL
.text,.rdata,.data,.rsrc,.reloc,
00B80000[00015000]
[ M] 120. c:\program files\intel\wireless\bin\c8021chs.dll
Intel Corporation
C8021XSettings DLL
.text,.rdata,.data,.rsrc,.reloc,
23000000[0000D000]
[ M] 121. c:\program files\intel\wireless\bin\lsawrapi.dll
Intel Corporation
LSAWRAPI
.text,.rdata,.data,.rsrc,.reloc,
00BE0000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
01060000[0000D000]
[ M] 122. c:\program files\intel\wireless\bin\zcsvcchs.dll
Intel Corporation
ZeroCfgSvc MFC Application
.rsrc,.reloc,
01080000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:42:00
019F0000[00012000]
[ M] 113. c:\program files\intel\wireless\bin\d8021xps.dll
.text,.orpc,.rdata,.data,.reloc,
69B10000[0012F000]
[ M] 123. c:\windows\system32\msxml4.dll
Microsoft Corporation
MSXML 4.0 SP 2
.text,.data,.rsrc,.reloc,
+ 00000290(656) spoolsv.exe
+ 000002f0(752) RavStub.exe
00400000[00018000]
[ M] 124. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 125. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 126. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000370(880) smss.exe
+ 000003c0(960) RegSrvc.exe
00400000[00026000]
[AM] 9. c:\program files\intel\wireless\bin\regsrvc.exe
Intel Corporation
RegSrvc Module
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
+ 000003e0(992) csrss.exe
+ 000003f8(1016) winlogon.exe
10000000[00018000]
[AM] 63. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
013B0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
01760000[0001E000]
[AM] 64. c:\program files\intel\wireless\bin\lgnotify.dll
Intel Corporation
LogonNotify DLL
.text,.rdata,.data,.rsrc,.reloc,
01790000[00034000]
[AM] 65. d:\program files\stardock\object desktop\windowblinds\wbsrv.dll
Stardock
WBSrv.dll
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 127. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000428(1064) services.exe
+ 00000444(1092) lsass.exe
+ 000004f8(1272) Ati2evxx.exe
00400000[00069000]
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
003E0000[0000C000]
[ M] 128. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
+ 00000504(1284) svchost.exe
+ 00000558(1368) svchost.exe
+ 00000594(1428) wdfmgr.exe
01000000[0000C000]
[AM] 15. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
+ 000005f8(1528) svchost.exe
+ 00000618(1560) EvtEng.exe
00400000[00016000]
[AM] 5. c:\program files\intel\wireless\bin\evteng.exe
Intel Corporation
EvtEng Module
.text,.rdata,.data,.rsrc,
10000000[00030000]
[ M] 110. c:\program files\intel\wireless\bin\psregapi.dll
Intel Corporation
PsRegApi
.text,.rdata,.data,.rsrc,.reloc,
00370000[00023000]
[ M] 109. c:\program files\intel\wireless\bin\traceapi.dll
Intel Corporation
TraceAPI Module
.text,.rdata,.data,.rsrc,.reloc,
+ 0000063c(1596) S24EvMon.exe
00400000[00063000]
[AM] 14. c:\program files\intel\wireless\bin\s24evmon.exe
Intel Corporation
Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
.text,.rdata,.data,.rsrc,
10000000[00023000]
[ M] 109. c:\program files\intel\wireless\bin\traceapi.dll
Intel Corporation
TraceAPI Module
.text,.rdata,.data,.rsrc,.reloc,
00370000[00030000]
[ M] 110. c:\program files\intel\wireless\bin\psregapi.dll
Intel Corporation
PsRegApi
.text,.rdata,.data,.rsrc,.reloc,
+ 000006a8(1704) WLKeeper.exe
00400000[0003B000]
[AM] 17. c:\program files\intel\wireless\bin\wlkeeper.exe
Intel? Corporation
WLKEEPER
.text,.rdata,.data,.rsrc,
10000000[00071000]
[ M] 116. c:\program files\intel\wireless\bin\pfmgrapi.dll
Intel Corporation
ProfileMgrApi DLL
.text,.rdata,.data,.rsrc,.reloc,
00370000[00023000]
[ M] 109. c:\program files\intel\wireless\bin\traceapi.dll
Intel Corporation
TraceAPI Module
.text,.rdata,.data,.rsrc,.reloc,
003A0000[00030000]
[ M] 110. c:\program files\intel\wireless\bin\psregapi.dll
Intel Corporation
PsRegApi
.text,.rdata,.data,.rsrc,.reloc,
00440000[0003F000]
[ M] 117. c:\program files\intel\wireless\bin\murocapi.dll
Intel Corporation
MurocApi DLL
.text,.rdata,.data,.rsrc,.reloc,
003D0000[00010000]
[ M] 118. c:\program files\intel\wireless\bin\s24mudll.dll
Intel Corporation
Interface DLL for S24EvMon functions
.text,.rdata,.data,.rsrc,.reloc,
00480000[00053000]
[ M] 119. c:\program files\intel\wireless\bin\c1xstngs.dll
Intel Corporation
C8021XSettings DLL
.text,.rdata,.data,.rsrc,.reloc,
00AF0000[00015000]
[ M] 120. c:\program files\intel\wireless\bin\c8021chs.dll
Intel Corporation
C8021XSettings DLL
.text,.rdata,.data,.rsrc,.reloc,
23000000[0000D000]
[ M] 121. c:\program files\intel\wireless\bin\lsawrapi.dll
Intel Corporation
LSAWRAPI
.text,.rdata,.data,.rsrc,.reloc,
+ 000006e0(1760) Ras.exe
00400000[0013F000]
[ M] 129. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
01150000[000A3000]
[ M] 130. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
016A0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
01EA0000[00019000]
[ M] 131. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 127. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
034C0000[0002F000]
[ M] 132. c:\program files\rising\antispyware\engine.dll
Beijing Rising Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,
034F0000[00012000]
[ M] 133. c:\program files\rising\antispyware\zip.dll
rising
zip
UPX0,UPX1,.rsrc,
60C60000[00026000]
[AM] 86. c:\windows\system32\acsignicon.dll
Autodesk
AcSignIcon Module
.text,.rdata,.data,.rsrc,.reloc,
5A500000[0002F000]
[AM] 88. c:\program files\msn messenger\fsshext.8.0.0792.00.dll
Microsoft Corporation
Messenger File Sharing Shell Extensions
.text,.data,.rsrc,.reloc,
60D00000[00039000]
[ M] 134. c:\program files\common files\autodesk shared\acsigncore16.dll
Autodesk
AcSignCore Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:43:00
+ 000006fc(1788) svchost.exe
+ 0000070c(1804) Ati2evxx.exe
00400000[00069000]
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00DB0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
01500000[0000C000]
[ M] 128. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
+ 00000770(1904) svchost.exe
+ 000007cc(1996) SoundMan.exe
00400000[00011000]
[AM] 97. c:\windows\system32\soundman.exe
1
.text,.rsrc,
73390000[00154000]
[ M] 135. c:\windows\system32\msvbvm60.dll
Microsoft Corporation
Visual Basic Virtual Machine
.text,ENGINE,.data,.rsrc,.reloc,
66630000[0001C000]
[ M] 136. c:\windows\system32\vb6chs.dll
Microsoft Corporation
Visual Basic Environment International Resources
.rdata,.rsrc,.reloc,
+ 00000858(2136) alg.exe
+ 0000089c(2204) wmiprvse.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
+ 00000988(2440) RfwMain.exe
00400000[00068000]
[ M] 137. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
26600000[0007F000]
[ M] 138. c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
23700000[0001B000]
[ M] 139. c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
23900000[00031000]
[ M] 140. c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
013A0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
+ 000009d0(2512) atiptaxx.exe
00400000[00056000]
[AM] 91. c:\program files\ati technologies\ati control panel\atiptaxx.exe
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
01000000[00040000]
[ M] 141. c:\program files\ati technologies\ati control panel\atipdsxx.dll
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.sdata,.rsrc,.reloc,
01050000[0001A000]
[ M] 142. c:\program files\ati technologies\ati control panel\atrpuixx.chs
ATI Technologies, Inc.
ATI Desktop Control Panel
.rsrc,.reloc,
01170000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
015B0000[00013000]
[ M] 143. c:\program files\ati technologies\ati control panel\atipdxxx.dll
ATI Technologies, Inc.
ATI Desktop Control Panel
.text,.rdata,.data,.rsrc,.reloc,
+ 000009d8(2520) Apoint.exe
00400000[00029000]
[AM] 92. c:\program files\apoint\apoint.exe
Alps Electric Co., Ltd.
Alps Pointing-device Driver
.text,.sdata,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
01010000[00011000]
[ M] 144. c:\windows\system32\vxdif.dll
Alps Electric Co., Ltd.
Vxdif
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
01030000[00119000]
[ M] 145. c:\program files\apoint\apoint.dll
Alps Electric Co., Ltd.
Alps Pointing-device Driver
.text,.rdata,.data,.APOINT,.rsrc,.reloc,
01170000[0000C000]
[ M] 146. c:\program files\apoint\ezauto.dll
Alps Electric Co., Ltd.
Alps pointing device extension
.text,.rdata,.data,.EzAuto,.rsrc,.reloc,
012A0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
01640000[00035000]
[ M] 147. c:\program files\apoint\ezlaunch.dll
Alps Electric Co., Ltd.
Easy Launcher
.text,.rdata,.data,LAUNCHER,.rsrc,.reloc,
+ 00000a20(2592) explorer.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00ED0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
60C60000[00026000]
[AM] 86. c:\windows\system32\acsignicon.dll
Autodesk
AcSignIcon Module
.text,.rdata,.data,.rsrc,.reloc,
60D00000[00039000]
[ M] 134. c:\program files\common files\autodesk shared\acsigncore16.dll
Autodesk
AcSignCore Module
.text,.orpc,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 127. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000af8(2808) Maxthon.exe
00400000[0023D000]
[AM] 104. d:\program files\maxthon\maxthon.exe
Maxthon International Ltd.
Maxthon Web Browser
UPX0,UPX1,.rsrc,
10000000[00015000]
[ M] 148. d:\program files\maxthon\maxzlib.dll
maxzlib
.text,.rdata,.data,.idata,.rsrc,.reloc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
01000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
01200000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
60C60000[00026000]
[AM] 86. c:\windows\system32\acsignicon.dll
Autodesk
AcSignIcon Module
.text,.rdata,.data,.rsrc,.reloc,
02C00000[00019000]
[ M] 131. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
02F40000[0000B000]
[ M] 149. d:\program files\maxthon\services\realtime\real_time.dll
RealTime Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[00236000]
[ M] 150. c:\windows\system32\macromed\flash\flash8.ocx
Macromedia, Inc.
Macromedia Flash Player 8.0 r22
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 127. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:44:00
+ 00000afc(2812) Apntex.exe
00400000[0000B000]
[ M] 151. c:\program files\apoint\apntex.exe
Alps Electric Co., Ltd.
Alps Pointing-device Driver for Windows NT/2000/XP
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00CF0000[00011000]
[ M] 144. c:\windows\system32\vxdif.dll
Alps Electric Co., Ltd.
Vxdif
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
00D90000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
+ 00000b20(2848) conime.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00F90000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
+ 00000b9c(2972) drwtsn32.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
+ 00000c58(3160) drwtsn32.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
+ 00000da4(3492) RsAgent.exe
00400000[0003A000]
[ M] 152. c:\program files\rising\rav\rsagent.exe
Beijing Rising Technology Co., Ltd.
RsAgent Application
.text,.rdata,.data,.rsrc,
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00E20000[0001B000]
[ M] 125. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
00F50000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
+ 00000e1c(3612) AgentSvr.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00CC0000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
72C80000[00008000]
[ M] 127. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000fb4(4020) ctfmon.exe
10060000[00010000]
[ M] 111. c:\windows\system32\msdebug.dll
.text,.rsrc,.reloc,
10000000[00011000]
[ M] 112. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00E30000[00051000]
[ M] 114. c:\windows\system32\fourier_m1.ime
北京紫光华宇软件股份有限公司
紫光华宇拼音 Fourier 4.0 m1
.text,.rdata,.data,.share_d,.rsrc,.reloc,
Enao2005 - 2007-7-24 17:46:00
修复
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [RAV008C] C:\WINDOWS\system32\RAV008C.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O20 - AppInit_DLLs: WMIApiSrv2.dll
安全模式下
重启删除
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\system32\RAV008C.exe
C:\WINDOWS\mppds.exe
WMIApiSrv2.dll(搜索)
c:\windows\system32\inetres.exe
右盘打开删除各盘*.exe和autorun.inf(*代表未知文件名)
删除不掉的文件尝试用XDelBox1.3删除(enao.ys168.com 下载)
要是问题没解决,扫SRENG日志
下载Sreng(http://www.kztechs.com/sreng/download.html)
打开Sreng.exe==>智能扫描==>勾选 检查进程模块的数字签名==>点 扫描==>扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来,日志一次粘不完,分次粘完,请不要修改
要是Sreng.exe不能运行,直接重命名为123.bat运行
蚂蚁蚂蚁啃骨头 - 2007-7-24 17:50:00
【回复“Enao2005”的帖子】谢谢!我试试看!
1
© 2000 - 2026 Rising Corp. Ltd.