瑞星卡卡安全论坛
lukare - 2007-7-31 10:27:00
第一次扫日志..不知道对不对..
日志文件: 趋势科技 HijackThis v2.0.0 (BETA)
保存时间: 10:13:26, on 2007-7-31
操作系统: Windows XP SP2 (WinNT 5.01.2600)
启动模式: 正常
正在运行的进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Documents and Settings\Administrator\桌面\HiJackThis_v2.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - D:\动漫\新建文件夹 (2)\eREAD6.0\IEeREAD.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - D:\动漫\新建文件夹 (2)\eREAD6.0\WebHook.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - 工具栏: IE搜索工具条 - {BE830FD4-E393-417F-9F4B-CC70ABB3384C} - C:\WINDOWS\system32\IETool.dll (file missing)
O3 - 工具栏: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [switch] c:\windows\system32\壁纸自动换.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [333] C:\Syswm1j\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - 扩展右键菜单项: Google 搜索(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - 扩展右键菜单项: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - 扩展右键菜单项: 反向链接 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - 扩展右键菜单项: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - 扩展右键菜单项: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - 扩展右键菜单项: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - 扩展右键菜单项: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - 扩展右键菜单项: 类似网页 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - 扩展右键菜单项: 缓存的网页快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - 扩展右键菜单项: 翻译英文字词(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: (未命名) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (没有文件)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://qz-photo.qq.com/qzone_v4/QzoneMediaTools.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl
Object) - https://img.alipay.com/download/1009/aliedit.cab
O16 - DPF: {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (163Uploader Control) - http://photo.163.com/163Uploader.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} (KvScanOnline Control) - http://online.jiangmin.com/KvDown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{94B1044F-2F5E-4215-B59C-7B8275489BFD}: NameServer = 202.96.128.166 202.96.128.86
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (无 CLSID) - (没有文件)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (无 CLSID) - (没有文件)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - D:\动漫\新建文件夹 (2)\AVG Anti-Spyware\guard.exe (file missing)
O23 - Service: PigeonServer - Unknown owner - C:\WINDOWS\system32\msinc3.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
--
文件结束 - 7096 字节
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Leoooo - 2007-7-31 10:44:00
Leoooo - 2007-7-31 10:45:00
需要更详细的分析请扫描瑞星卡卡log
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以),不要修改(一次发不完请分次发上来)
6
扫日志的时候尽量把不必要的软件关闭 如QQ TM等7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
lukare - 2007-7-31 10:59:00
瑞星卡卡电脑诊断日志 v1.30 (2007-7-31 10:42:26) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
ose
[A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
PigeonServer
[A ] 2. c:\windows\system32\msinc3.exe
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,.MaskPE,pep,.Mybr,
入口点在最后一个节;
RsCCenter
[A ] 3. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 4. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
UMWdf
[AM] 5. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
aeaudio
[A ] 6. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Andrea Audio Noise Cancellation Driver
.text,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 7. c:\windows\system32\drivers\alcxwdm.sys
AmdK8
[A ] 8. c:\windows\system32\drivers\amdk8.sys
Advanced Micro Devices
AMD Processor Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
BaseTDI
[A ] 9. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 10. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 11. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 12. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 13. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
ialm
[A ] 14. c:\windows\system32\drivers\ialmnt5.sys
Intel Corporation
Intel Graphics Miniport Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
kdpfmjj
[A ] 15. c:\windows\system32\drivers\kdpfmjj.sys
北京三七二一科技有限公司
sys 应用程序
.text,.rdata,.data,INIT,.rsrc,.reloc,
kmsinput
[A ] 16. c:\windows\system32\drivers\kmsinput.sys
.text,.data,INIT,.reloc,
MEMSCAN
[A ] 17. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
NPF
[A ] 18. c:\windows\system32\drivers\npf.sys
Politecnico di Torino
NPF Driver - TME extensions
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 19. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
pvjmpnq
[A ] 20. c:\windows\system32\drivers\pvjmpnq.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 21. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 22. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 23. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
RTL8023xp
[A ] 24. c:\windows\system32\drivers\rtnicxp.sys
Realtek Semiconductor Corporation
Realtek 10/100/1000 NDIS 5.1 Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Secdrv
[A ] 25. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
SiS7012
[A ] 26. c:\windows\system32\drivers\sis7012.sys
Silicon Integrated Systems Corporation
SiS 7012 Audio Device WDM Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SiSkp
[A ] 27. c:\windows\system32\drivers\srvkp.sys
Silicon Integrated Systems Corporation
SiS VGA Driver Manager
.text,.rdata,.data,INIT,.rsrc,.reloc,
SISNICXP
[A ] 28. c:\windows\system32\drivers\sisnicxp.sys
SiS Corporation
SiS PCI Fast Ethernet Adapter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
smwdm
[A ] 29. c:\windows\system32\drivers\smwdm.sys
Analog Devices, Inc.
SoundMAX Integrated Digital Audio
.text,_LTEXT,_PTEXT,.rdata,.data,_LDATA,_PDATA,.data1,.CRT,PAGE,PAGED,INIT,.rsrc,.reloc,
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
ADProt
[A ] 30. c:\windows\system32\drivers\adprot.sys
腾讯科技(深圳)有限公司
SSProt
.text,.rdata,.data,INIT,.rsrc,.reloc,
lukare - 2007-7-31 10:59:00
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
[A ] 31. c:\windows\system32\igfxsrvc.dll
Intel Corporation
igfxsrvc Module
.text,.rdata,.data,.rsrc,.reloc,
WgaLogon
[AM] 32. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[AM] 33. c:\program files\google\googletoolbar1.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{4E83D567-4697-4F7B-B1F0-A513B01DB89A}
[AM] 34. c:\program files\chinanet\vnettransfer.dll
VnetTransfer Module
.text,.rdata,.data,.rsrc,.reloc,
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[AM] 33. c:\program files\google\googletoolbar1.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 35. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[AM] 36. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 37. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 38. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 39. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[AM] 40. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
Web Folders
[A ] 41. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
lukare - 2007-7-31 11:00:00
Portable Media Devices
[A ] 42. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
Portable Media Devices Menu
[A ] 42. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
RISING
[AM] 43. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 43. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 44. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[A ] 45. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
switch
[A ] 46. c:\windows\system32\壁纸自动换.exe
.text,.data,.rsrc,
runeip
[AM] 47. d:\动漫\新建文件夹 (2)\新建文件夹\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 48. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
KKDelay
[A ] 49. d:\动漫\新建文件夹 (2)\新建文件夹\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 50. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 51. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 52. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\open\Command
[A ] 53. c:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
htmlfile\Print\Command
[A ] 52. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\TencentTraveler\Command
[A ] 53. c:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 52. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\open\Command
[A ] 53. c:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
lukare - 2007-7-31 11:00:00
htmlfile\Print\Command
[A ] 52. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\TencentTraveler\Command
[A ] 53. c:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
+ 正在运行的进程
+ 00000070(112) alg.exe
+ 0000018c(396) ctfmon.exe
10000000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000001ac(428) smss.exe
+ 000001f4(500) csrss.exe
+ 0000020c(524) winlogon.exe
011E0000[0003B000]
[AM] 32. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 55. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 00000238(568) services.exe
+ 00000244(580) lsass.exe
+ 000002d0(720) svchost.exe
+ 00000300(768) svchost.exe
+ 00000338(824) svchost.exe
+ 000003ac(940) svchost.exe
+ 0000045c(1116) svchost.exe
+ 00000470(1136) Explorer.EXE
10000000[0001B000]
[AM] 43. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 55. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01840000[0002C000]
[AM] 38. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
23700000[0001A000]
[ M] 56. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
01CB0000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
024D0000[00011000]
[AM] 44. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 00000528(1320) spoolsv.exe
+ 00000564(1380) RavStub.exe
00400000[00018000]
[AM] 48. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 57. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 56. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000680(1664) wdfmgr.exe
01000000[0000C000]
[AM] 5. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
+ 00000748(1864) TTPlayer.exe
00400000[000E0000]
[ M] 58. f:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,
60000000[00055000]
[ M] 59. f:\program files\ttplayer\ttpcomm.dll
.text,text,.rdata,.data,.tls,.reloc,
6FF50000[0003F000]
[ M] 60. f:\program files\ttplayer\ttpres.dll
Alen Soft
千千静听
.rsrc,.reloc,
00C70000[00006000]
[ M] 61. f:\program files\ttplayer\msdmo.dll
Microsoft Corporation
DMO Runtime
.text,.data,.rsrc,.reloc,
10000000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
60150000[0000D000]
[ M] 62. f:\program files\ttplayer\addin\ttp_asf.dll
.text,.rdata,.data,.rsrc,.reloc,
016C0000[0004B000]
[ M] 63. f:\program files\ttplayer\addin\ttp_aac.dll
.text,.rdata,.data,.rsrc,.reloc,
lukare - 2007-7-31 11:01:00
01710000[00021000]
[ M] 64. f:\program files\ttplayer\addin\ttp_ac3dts.dll
.text,.rdata,.data,.rsrc,.reloc,
08120000[00060000]
[ M] 65. f:\program files\ttplayer\wmadmod.dll
Microsoft Corporation
Windows Media Audio Decoder
.text,RT_CODE,.data,RT_DATA,.rsrc,.reloc,
72C80000[00008000]
[ M] 55. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 000007ac(1964) runiep.exe
00400000[00012000]
[AM] 47. d:\动漫\新建文件夹 (2)\新建文件夹\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00C40000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000814(2068) iexplore.exe
10000000[00127000]
[AM] 33. c:\program files\google\googletoolbar1.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,.rsrc,.reloc,
01330000[00018000]
[AM] 34. c:\program files\chinanet\vnettransfer.dll
VnetTransfer Module
.text,.rdata,.data,.rsrc,.reloc,
01350000[0000D000]
[ M] 66. c:\program files\chinanet\communicate.dll
GDCN
Common Communicate Module
.text,.rdata,.data,.rsrc,.reloc,
013C0000[0002D000]
[ M] 67. c:\program files\chinanet\clientapi.dll
ClientAPI Module
.text,.rdata,.data,.rsrc,.reloc,
325C0000[00012000]
[AM] 40. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
73900000[0002D000]
[ M] 68. c:\windows\system32\vcdxp.ime
风清扬
风清扬五笔输入法 版本6.0
.text,.data,.sgroup,.ShareDa,.rsrc,.reloc,
72C80000[00008000]
[ M] 55. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
02410000[00019000]
[ M] 69. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 70. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
05E80000[0000B000]
[AM] 36. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 56. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
07090000[00035000]
[ M] 71. c:\windows\system32\xpsp3res.dll
Microsoft Corporation
Service Pack 3 Messages
.rsrc,
04340000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000884(2180) VnetClient.exe
00400000[00043000]
[ M] 72. c:\program files\chinanet\vnetclient.exe
星空极速客户端
.text,.rdata,.data,.rsrc,
10000000[0000D000]
[ M] 66. c:\program files\chinanet\communicate.dll
GDCN
Common Communicate Module
.text,.rdata,.data,.rsrc,.reloc,
00380000[00077000]
[ M] 73. c:\program files\chinanet\dialmodule.dll
GDCN
DialModule DLL
.text,.rdata,.data,.rsrc,.reloc,
6BC40000[000F2000]
[ M] 74. c:\program files\chinanet\mfc42.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.rdata,.data,.rsrc,.reloc,
01320000[0002D000]
[ M] 67. c:\program files\chinanet\clientapi.dll
ClientAPI Module
.text,.rdata,.data,.rsrc,.reloc,
01210000[00024000]
[ M] 75. c:\program files\chinanet\plugincontainer.ocx
PlugInContainer ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
01240000[0000E000]
[ M] 76. c:\program files\chinanet\sign.dll
0
sign
.text,.rdata,.data,.rsrc,.reloc,
lukare - 2007-7-31 11:01:00
01260000[00015000]
[ M] 77. c:\program files\chinanet\webplugin.dll
WebPlugin Module
.text,.rdata,.data,.rsrc,.reloc,
012C0000[00011000]
[ M] 78. c:\program files\chinanet\sysplug\93d07ada-d3ac-485a-85eb-12ca3cee8375\vnetsafe114.dll
Vnetsafe114 Module
.text,.rdata,.data,.rsrc,.reloc,
01B70000[00017000]
[ M] 79. c:\program files\chinanet\advertise.ocx
Advertise ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
01B90000[0005D000]
[ M] 80. c:\program files\chinanet\vnetbs.ocx
VnetBs ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
01BF0000[0004B000]
[ M] 81. c:\program files\chinanet\vnetskin.ocx
GDDC
VnetSkin ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
01C40000[00085000]
[ M] 82. c:\program files\chinanet\dialogstyle.dll
DialogStyle DLL
.text,.rdata,.data,.rsrc,.reloc,
01EF0000[0000E000]
[ M] 83. c:\program files\chinanet\bdsearch.ocx
gdcn
BDSearch ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
01F00000[00012000]
[ M] 84. c:\program files\chinanet\pagefram.ocx
Workgroup
PageFram ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02050000[00018000]
[ M] 85. c:\program files\chinanet\accountpage.ocx
Workgroup
AccountPage ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02070000[00027000]
[ M] 86. c:\program files\chinanet\accountmgr.dll
AccountMgr DLL
.text,.rdata,.data,.rsrc,.reloc,
02130000[0000F000]
[ M] 87. c:\program files\chinanet\gif89a.dll
Gif89a Module
.text,.rdata,.data,.rsrc,.reloc,
02720000[00011000]
[ M] 88. c:\program files\chinanet\notifybar.ocx
Workgroup
NotifyBar ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02770000[0000C000]
[ M] 89. c:\program files\chinanet\icosbar.ocx
Workgroup
IcosBar ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
027D0000[00025000]
[ M] 90. c:\program files\chinanet\timer.ocx
Timer ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02800000[00083000]
[ M] 91. c:\program files\chinanet\pluginman.ocx
Manage VnetClient Plugin Components
.text,.rdata,.data,.rsrc,.reloc,
028C0000[0005A000]
[ M] 92. c:\program files\chinanet\newmessage.dll
NewMessage Module
.text,.rdata,.data,.rsrc,.reloc,
02920000[00011000]
[ M] 93. c:\program files\chinanet\passctrl.dll
GDCN
PassCtrl Module
.text,.rdata,.data,.rsrc,.reloc,
02940000[0003B000]
[ M] 94. c:\windows\system32\wpcap.dll
Politecnico di Torino
wpcap - Based on libpcap 0.7 snapshot feb 03, 2003
.text,.rdata,.data,.rsrc,.reloc,
028A0000[0000D000]
[ M] 95. c:\windows\system32\pthreadvc.dll
.text,.rdata,.data,.idata,.reloc,
02980000[0000F000]
[ M] 96. c:\windows\system32\packet.dll
Politecnico di Torino
Packet
.text,.rdata,.data,.rsrc,.reloc,
029C0000[00011000]
[ M] 97. c:\program files\chinanet\plugpush.dll
PlugPush Module
.text,.rdata,.data,.rsrc,.reloc,
029F0000[0001A000]
[ M] 98. c:\program files\chinanet\allinterface.dll
AllInterface Module
.text,.rdata,.data,.rsrc,.reloc,
02B20000[00015000]
[ M] 99. c:\program files\chinanet\vnetlogin.ocx
VNetLogin ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02B50000[00011000]
[ M] 100. c:\program files\chinanet\statnum.dll
StatNum Module
.text,.rdata,.data,.rsrc,.reloc,
02CB0000[00021000]
[ M] 101. c:\program files\chinanet\vnetonlineupdate.ocx
VNetOnlineUpdate ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02DE0000[0005D000]
[ M] 102. c:\program files\chinanet\allfunctions.dll
GDCN
AllFunctions Module
.text,.rdata,.data,.rsrc,.reloc,
02E40000[00025000]
[ M] 103. c:\program files\chinanet\vnetoptlog.dll
VnetOptLog DLL
.text,.rdata,.data,.rsrc,.reloc,
02CF0000[0000C000]
[ M] 104. c:\program files\chinanet\favorite.ocx
Favorite ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02A20000[00048000]
[ M] 105. c:\program files\chinanet\vnetsettings.ocx
VNetSettings ActiveX Control Module
.text,.rdata,.data,.rsrc,.reloc,
02EB0000[00032000]
[ M] 106. c:\program files\chinanet\base64.dll
.text,.rdata,.data,.idata,.reloc,
02EF0000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000988(2440) Ras.exe
00400000[0013F000]
[ M] 107. d:\动漫\新建文件夹 (2)\新建文件夹\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 108. d:\动漫\新建文件夹 (2)\新建文件夹\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
016C0000[0001B000]
[AM] 43. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
016F0000[00011000]
[AM] 44. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
01780000[0001B000]
[ M] 54. d:\动漫\新建文件夹 (2)\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
02FE0000[0002F000]
[ M] 109. d:\动漫\新建文件夹 (2)\新建文件夹\engine.dll
Beijing Rising Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,
01500000[00012000]
[ M] 110. d:\动漫\新建文件夹 (2)\新建文件夹\zip.dll
rising
zip
UPX0,UPX1,.rsrc,
完了
Leoooo - 2007-7-31 11:19:00
c:\windows\system32\msinc3.exe
c:\windows\system32\drivers\kmsinput.sys
c:\windows\system32\drivers\pvjmpnq.sys
把这些可疑文件打包上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm可能中了灰鸽子后门
1
© 2000 - 2026 Rising Corp. Ltd.