瑞星卡卡安全论坛
benxiaohaihhh - 2007-7-31 13:02:00
Backdoor.Win32.Gpigeon.zyk
这个病毒怎么老删不掉呢,每次开机都有,好烦哦,谁能帮帮忙!
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Leoooo - 2007-7-31 13:22:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以),不要修改(一次发不完请分次发上来)
6
扫日志的时候尽量把不必要的软件关闭 如QQ TM等7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
benxiaohaihhh - 2007-8-2 9:56:00
瑞星卡卡电脑诊断日志 v1.30 (2007-8-2 9:38:43) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
3wareSrv
[A ] 1. c:\windows\system32\3waresrv.exe
.text,.rdata,.data,.rsrc,
AmdShpcSrv
[AM] 2. c:\windows\system32\amdhpsrv.exe
AMD, Inc.
AMD-813x Hot-Plug Service
.text,.rdata,.data,.rsrc,
Ati HotKey Poller
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
ATI Smart
[A ] 4. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,
ose
[A ] 5. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
RfwProxySrv
[A ] 6. e:\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 7. e:\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
RsCCenter
[A ] 8. e:\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 9. e:\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
UMWdf
[AM] 10. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
windows
[A ] 11. c:\windows\windows.com
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
2310_00
[A ] 12. c:\windows\system32\drivers\2310_00.sys
HighPoint Technologies, Inc.
RR231x/230x Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
3wareDrv
[A ] 13. c:\windows\system32\drivers\3waredrv.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
3waregsm
[A ] 14. c:\windows\system32\drivers\3waregsm.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
3wDrv100
[A ] 15. c:\windows\system32\drivers\3wdrv100.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
3wFlt100
[A ] 16. c:\windows\system32\drivers\3wflt100.sys
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
a320raid
[A ] 17. c:\windows\system32\drivers\a320raid.sys
Adaptec, Inc.
Adaptec HostRAID for Ultra320 SCSI
.text,.rdata,.data,INIT,.rsrc,.reloc,
aaatimeo
[A ] 18. c:\windows\system32\drivers\aaatimeo.sys
Microsoft Corporation
SRB Timout Control Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
aac
[A ] 19. c:\windows\system32\drivers\aac.sys
Adaptec, Inc.
Adaptec RAID Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
aacsas
[A ] 20. c:\windows\system32\drivers\aacsas.sys
Adaptec, Inc.
Adaptec SAS RAID Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
aarich
[A ] 21. c:\windows\system32\drivers\aarich.sys
Adaptec, Inc.
Adaptec hostRAID for Serial ATA
.text,.rdata,.data,INIT,.rsrc,.reloc,
adp94xx
[A ] 22. c:\windows\system32\drivers\adp94xx.sys
Adaptec, Inc.
Adaptec Windows SAS/SATA Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
benxiaohaihhh - 2007-8-2 9:57:00
adpu320
[A ] 23. c:\windows\system32\drivers\adpu320.sys
Adaptec, Inc.
Adaptec WinXP Ultra320 Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
aec6210
[A ] 24. c:\windows\system32\drivers\aec6210.sys
ACARD Technology Corp.
.text,.data,.idata,.rsrc,.reloc,
aec6260
[A ] 25. c:\windows\system32\drivers\aec6260.sys
ACARD Technology Corp.
ID=0006, 0007
.text,.rdata,.data,INIT,.rsrc,.reloc,
aec6280
[A ] 26. c:\windows\system32\drivers\aec6280.sys
ACARD Technology Corp.
AEC6280 Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
AEC6880
[A ] 27. c:\windows\system32\drivers\aec6880.sys
ACARD Technology Corp.
AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver
.text,.rdata,INIT,.rsrc,.reloc,
aec6897
[A ] 28. c:\windows\system32\drivers\aec6897.sys
ACARD Technology Corp.
RAID miniport driver for AEC6897/AEC6898
.text,.rdata,.data,INIT,.rsrc,.reloc,
AFAMgt
[A ] 29. c:\windows\system32\drivers\afamgt.sys
Adaptec, Inc.
Dell Management Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
ahcix86
[A ] 30. c:\windows\system32\drivers\ahcix86.sys
ATI Technologies Inc.
ATI Technology AHCI Compatible Controller Driver for Windows family
.text,.rdata,.data,INIT,.rsrc,.reloc,
ALCXWDM
[A ] 31. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
amdagp8p
[A ] 32. c:\windows\system32\drivers\amdagp8p.sys
Advanced Micro Devices, Inc.
AMD-8151 Windows XP AGP Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
amdbusdr
[A ] 33. c:\windows\system32\drivers\amdbusdr.sys
AMD
AMD IDE Bus Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
amdeide
[A ] 34. c:\windows\system32\drivers\amdeide.sys
AMD
AMD IDE Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
AmdPCI
[A ] 35. c:\windows\system32\drivers\amdpci32.sys
AMD, Inc.
AMD-813x Bus-Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
atiide
[A ] 36. c:\windows\system32\drivers\atiide.sys
ATI Technologies Inc.
ATI PCI BUS MASTER IDE Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
BaseTDI
[A ] 37. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
bb-run
[A ] 38. c:\windows\system32\drivers\bb-run.sys
Promise Technology, Inc.
Promise Disk Accelerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
caboagp
[A ] 39. c:\windows\system32\drivers\atisgkaf.sys
ATI Technologies Inc.
ATI AGP GART Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
cda1000
[A ] 40. c:\windows\system32\drivers\cda1000.sys
Adaptec, Inc.
Adaptec Array1000Ultra160 Family Manager Set
.text,.rdata,.data,INIT,.rsrc,.reloc,
cercsr6
[A ] 41. c:\windows\system32\drivers\cercsr6.sys
Adaptec, Inc.
DELL CERC SATA1.5/6ch Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
Cpq32fs2
[A ] 42. c:\windows\system32\drivers\cpq32fs2.sys
Hewlett-Packard Company
Hewlett-Packard 32-Bit SCSI-2 Controllers SCSI Miniport Driver - pnp
.text,.rdata,.data,INIT,.rsrc,.reloc,
dontgo
[A ] 43. c:\windows\system32\drivers\dontgo.sys
Promise Technology, Inc.
Promise Removable Disk Control
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
ExpScaner
[A ] 44. e:\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
FastSx
[A ] 45. c:\windows\system32\drivers\fastsx.sys
Promise Technology, Inc.
Promise FastTRAK SX4/SX4000 Driver for Windows
.text,.rdata,.data,INIT,.rsrc,.reloc,
fasttrak
[A ] 46. c:\windows\system32\drivers\fasttrak.sys
Promise Technology, Inc.
Promise FastTrak Series Driver for WinXP
.text,.rdata,.data,INIT,.rsrc,.reloc,
fasttx2k
[A ] 47. c:\windows\system32\drivers\fasttx2k.sys
Promise Technology, Inc.
Promise Driver for Windows XP
.text,.rdata,.data,INIT,.rsrc,.reloc,
fttxr52P
[A ] 48. c:\windows\system32\drivers\fttxr52p.sys
Promise Technology, Inc.
Promise FastTRAK TX4200/TX4300 Driver for Windows family
.text,.rdata,.data,INIT,.rsrc,.reloc,
FUJ02B1
[A ] 49. c:\windows\system32\drivers\fuj02b1.sys
FUJITSU LIMITED
WDM driver for FUJ02B1 PnP device
.text,.rdata,INIT,.rsrc,.reloc,
FUJ02E1
[A ] 50. c:\windows\system32\drivers\fuj02e1.sys
Fujitsu Limited
FUJ02E1
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
FUJ02E3
[A ] 51. c:\windows\system32\drivers\fuj02e3.sys
FUJITSU LIMITED
WDM driver for FUJ02E3 PnP device
.text,.rdata,INIT,.rsrc,.reloc,
HECI
[A ] 52. c:\windows\system32\drivers\heci.sys
Intel Corporation
Intel(R) Management Engine Interface
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 53. e:\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
benxiaohaihhh - 2007-8-2 9:57:00
HookReg
[A ] 54. e:\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 55. e:\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 56. e:\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
hpt374
[A ] 57. c:\windows\system32\drivers\hpt374.sys
HighPoint Technologies, Inc.
HPT374 Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
hpt3xx
[A ] 58. c:\windows\system32\drivers\hpt3xx.sys
HighPoint Technologies, Inc.
HPT3xx Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
hptmv
[A ] 59. c:\windows\system32\drivers\hptmv.sys
HighPoint Technologies, Inc.
hptmv Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
hptmv6
[A ] 60. c:\windows\system32\drivers\hptmv6.sys
HighPoint Technologies, Inc.
hptmv6 Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
hptpro
[A ] 61. c:\windows\system32\drivers\hptpro.sys
HighPoint Technologies, Inc.
Hptpro
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
iaStor
[A ] 62. c:\windows\system32\drivers\iastor.sys
Intel Corporation
Intel Matrix Storage Manager driver - ia32
.text,.rdata,.data,INIT,.rsrc,.reloc,
IFXTPM
[A ] 63. c:\windows\system32\drivers\ifxtpm.sys
Infineon Technologies AG
Infineon Trusted Platform Module
.text,page,init,.rdata,.data,.idata,INIT,.rsrc,.reloc,
ITECIR
[A ] 64. c:\windows\system32\drivers\itecir.sys
IET Tech. Inc.
ITE Consumer IR Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,
iteraid
[A ] 65. c:\windows\system32\drivers\iteraid.sys
Integrated Technology Express, Inc.
ITE IT8212 ATA RAID SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
JGOGO
[A ] 66. c:\windows\system32\drivers\jgogo.sys
JMicron
SCSI Port upper filter driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
JRAID
[A ] 67. c:\windows\system32\drivers\jraid.sys
JMicron Technology Corp.
JMicron JMB36X RAID Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
m5281
[A ] 68. c:\windows\system32\drivers\m5281.sys
ALi Corporation
ALi SATA RAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
m5287
[A ] 69. c:\windows\system32\drivers\m5287.sys
ULi Electronics Inc.
ULi SATA Controller Driver
.text,.rdata,.data,.idata,.rsrc,.reloc,
m5288
[A ] 70. c:\windows\system32\drivers\m5288.sys
ULi Electronics Inc.
ULi SATA Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
m5289
[A ] 71. c:\windows\system32\drivers\m5289.sys
ULi Electronics Inc.
ULi SATA RAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
MegaIDE
[A ] 72. c:\windows\system32\drivers\megaide.sys
LSI Logic Corporation.
LSI MegaRAID IDE Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 73. e:\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
mProcRs
[A ] 74. e:\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
mv61xx
[A ] 75. c:\windows\system32\drivers\mv61xx.sys
Marvell Semiconductor, Inc.
Marvell Thor and Odin Windows Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
nfrd960
[A ] 76. c:\windows\system32\drivers\nfrd960.sys
IBM Corporation
IBM ServeRAID Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkcrypt
[A ] 77. e:\qq2006\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
npkycryp
[A ] 78. c:\windows\system32\npkycryp.sys
Pnp649r
[A ] 79. c:\windows\system32\drivers\pnp649r.sys
CMD Technology, Inc.
IDE RAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Pnp680
[A ] 80. c:\windows\system32\drivers\pnp680.sys
Silicon Image, Inc.
DMA capable ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Pnp680r
[A ] 81. c:\windows\system32\drivers\pnp680r.sys
Silicon Image, Inc
DMA capable ATA RAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
ql2100
[A ] 82. c:\windows\system32\drivers\ql2100.sys
QLogic Corporation
Miniport Driver for QLA2100 Adapter
.text,.rdata,.data,INIT,.rsrc,.reloc,
ql2200
[A ] 83. c:\windows\system32\drivers\ql2200.sys
QLogic Corporation
Miniport Driver for QLA2200 Adapter
.text,.rdata,.data,INIT,.rsrc,.reloc,
raidsrc
[A ] 84. c:\windows\system32\drivers\raidsrc.sys
Intel
Intel(r) Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
rr232x
[A ] 85. c:\windows\system32\drivers\rr232x.sys
HighPoint Technologies, Inc.
RR232x Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 86. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 87. e:\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 88. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 89. e:\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
S150sx8
[A ] 90. c:\windows\system32\drivers\s150sx8.sys
Promise Technology, Inc.
Promise SATAII150 SX8 Driver for WindowsXP
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 91. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
SI3112
[A ] 92. c:\windows\system32\drivers\si3112.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3112r
[A ] 93. c:\windows\system32\drivers\si3112r.sys
Silicon Image, Inc
Serial ATA RAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3114
[A ] 94. c:\windows\system32\drivers\si3114.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3114r
[A ] 95. c:\windows\system32\drivers\si3114r.sys
Silicon Image, Inc
SATARAID miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Si3114r5
[A ] 96. c:\windows\system32\drivers\si3114r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3124
[A ] 97. c:\windows\system32\drivers\si3124.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3124r
[A ] 98. c:\windows\system32\drivers\si3124r.sys
Silicon Image, Inc
SATARAID miniport driver (PRE-RELEASE)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
Si3124r5
[A ] 99. c:\windows\system32\drivers\si3124r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SI3132
[A ] 100. c:\windows\system32\drivers\si3132.sys
Silicon Image, Inc.
Serial ATA miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
benxiaohaihhh - 2007-8-2 9:58:00
Si3132r5
[A ] 101. c:\windows\system32\drivers\si3132r5.sys
Silicon Image, Inc
SATA SoftRAID 5 miniport driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SiFilter
[A ] 102. c:\windows\system32\drivers\siwinacc.sys
Silicon Image, Inc.
Windows Accelerator Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
SiRemFil
[A ] 103. c:\windows\system32\drivers\siremfil.sys
Silicon Image, Inc.
Filter driver for Silicon Image SATALink controllers.
.text,.rdata,PAGE,INIT,.rsrc,.reloc,
SISAGP
[A ] 104. c:\windows\system32\drivers\sisagpx.sys
Silicon Integrated Systems Corporation
SiS AGPv3.5 Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
SiSRaid
[A ] 105. c:\windows\system32\drivers\sisraid.sys
Silicon Integrated Systems
SiS RAID Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
SiSRaid2
[A ] 106. c:\windows\system32\drivers\sisraid2.sys
Silicon Integrated Systems Corp
SiS RAID Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
sptrak
[A ] 107. c:\windows\system32\drivers\sptrak.sys
Promise Technology, Inc.
Promise SuperTrak Family Driver for WindowsNT
.text,.rdata,.data,INIT,.rsrc,.reloc,
Symmpi
[A ] 108. c:\windows\system32\drivers\symmpi.sys
LSI Logic
LSI Logic Fusion-MPT MiniPort Driver (ScsiPort)
.text,.rdata,.data,INIT,.rsrc,.reloc,
TesSafe
[A ] 109. c:\windows\system32\tessafe.sys
.text,.rdata,.data,INIT,.reloc,
tmagp
[A ] 110. c:\windows\system32\drivers\tmagp.sys
Transmeta Corporation
TM8000 AGP Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
ULiAGP
[A ] 111. c:\windows\system32\drivers\uliagp.sys
ULi Electronics Inc.
ULi AGP Filter Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
uliagpkx
[A ] 112. c:\windows\system32\drivers\agpkx.sys
ULi Electronics Inc.
ULi AGPv3.0 Filter for K8/9 Processor Platforms
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
UlSata
[A ] 113. c:\windows\system32\drivers\ulsata.sys
Promise Technology, Inc.
Promise Ultra/Sata Series Driver for WinXP
.text,.rdata,.data,INIT,.rsrc,.reloc,
ulsata2
[A ] 114. c:\windows\system32\drivers\ulsata2.sys
Promise Technology, Inc.
Promise SATAII150 Series Driver for Windows
.text,.rdata,.data,INIT,.rsrc,.reloc,
viaagp1
[A ] 115. c:\windows\system32\drivers\viaagp1.sys
VIA Technologies, Inc.
VIA NT AGP Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
viamraid
[A ] 116. c:\windows\system32\drivers\viamraid.sys
VIA Technologies inc,.ltd
VIA AHCI RAID DRIVER FOR WIN XP/SRV2003
.text,.rdata,.data,INIT,.rsrc,.reloc,
viapdsk
[A ] 117. c:\windows\system32\drivers\viapdsk.sys
VIA Technologies, Inc.
VIA VT4149 PATA Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
videX32
[A ] 118. c:\windows\system32\drivers\videx32.sys
VIA Technologies, Inc.
VIA Generic PCI IDE Bus Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
vmscsi
[A ] 119. c:\windows\system32\drivers\vmscsi.sys
VMware, Inc.
VMware SCSI Controller Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
WINIO
[A ] 120. c:\docume~1\admini~1\locals~1\temp\rar$ex00.969\qmacro\winio.sys
xfilt
[A ] 121. c:\windows\system32\drivers\xfilt.sys
VIA Technologies,Inc
ATA/ATAPI devices hot-plug monitor
.text,.rdata,.data,INIT,.rsrc,.reloc,
yukonwxp
[A ] 122. c:\windows\system32\drivers\yk51x86.sys
Marvell
NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller
.text,.rdata,.data,INIT,.rsrc,.reloc,
ZSMC303
[A ] 123. c:\windows\system32\drivers\usbvm303.sys
Vimicro Corporation
Video streaming and Capture Device Driver
.text,.data,.data1,PAGECONS,INIT,.rsrc,.reloc,
+ 系统登陆自运行
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 124. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
WgaLogon
[AM] 125. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 126. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 127. c:\program files\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
{A9930D96-9CF0-42A0-A10D-4F28836579D5}
[AM] 128. c:\program files\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[A ] 129. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
KuGoo3
[A ] 130. d:\program files\kugoo3\inextend\kugoo3downxcontrol.ocx
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 131. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 132. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
Portable Media Devices Menu
[A ] 132. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
WinRAR shell extension
[A ] 133. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Web Folders
[A ] 134. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[AM] 135. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
RISING
[A ] 136. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 137. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
bgswitch
[A ] 138. c:\windows\system32\bgswitch.exe
.text,.data,.rsrc,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan
[AM] 139. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
BigDog303
[AM] 140. c:\windows\vm303_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
benxiaohaihhh - 2007-8-2 9:58:00
RavTask
[A ] 141. e:\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
RfwMain
[A ] 142. e:\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
runeip
[AM] 143. e:\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 144. e:\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 145. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 146. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 146. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 146. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
htmlfile\Print\Command
[A ] 146. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ 正在运行的进程
+ 000000cc(204) RavStub.exe
00400000[00018000]
[AM] 144. e:\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 147. e:\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 148. e:\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 000000fc(252) ctfmon.exe
10000000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000001e4(484) SOUNDMAN.EXE
00400000[0008F000]
[AM] 139. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
10000000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000001ec(492) VM303_STI.EXE
00400000[00013000]
[AM] 140. c:\windows\vm303_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
10000000[00030000]
[ M] 150. c:\windows\system32\vm303prp.ax
Vimicro
DirectShow Extension Page
.text,.rdata,.data,.idata,.CRT,.rsrc,.reloc,
01050000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000204(516) AmdHpSrv.exe
00400000[0000E000]
[AM] 2. c:\windows\system32\amdhpsrv.exe
AMD, Inc.
AMD-813x Hot-Plug Service
.text,.rdata,.data,.rsrc,
+ 00000228(552) runiep.exe
00400000[00012000]
[AM] 143. e:\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00C00000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000250(592) smss.exe
+ 00000290(656) csrss.exe
+ 000002ac(684) winlogon.exe
10000000[0001F000]
[AM] 124. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
01410000[0003B000]
[AM] 125. c:\windows\system32\wgalogon.dll
Microsoft Corporation
Windows 正版增值计划通知
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 151. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 000002d8(728) services.exe
+ 000002e4(740) lsass.exe
+ 00000328(808) svchost.exe
+ 0000037c(892) Ati2evxx.exe
00400000[0007B000]
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
00D70000[00010000]
[ M] 152. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
10000000[00025000]
[ M] 153. c:\windows\system32\atipdlxx.dll
ATI Technologies, Inc.
ATI Desktop CWDDEDI DLL
.text,.rdata,.data,.rsrc,.reloc,
+ 00000388(904) svchost.exe
+ 000003e4(996) svchost.exe
+ 00000468(1128) wdfmgr.exe
01000000[0000C000]
[AM] 10. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
+ 0000049c(1180) svchost.exe
50E60000[0000C000]
[ M] 154. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
+ 000004dc(1244) Ati2evxx.exe
00400000[0007B000]
[AM] 3. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
00DB0000[00010000]
[ M] 152. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
10000000[00025000]
[ M] 153. c:\windows\system32\atipdlxx.dll
ATI Technologies, Inc.
ATI Desktop CWDDEDI DLL
.text,.rdata,.data,.rsrc,.reloc,
benxiaohaihhh - 2007-8-2 9:59:00
00DE0000[0001F000]
[AM] 124. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
+ 00000508(1288) svchost.exe
+ 000005b0(1456) svchost.exe
+ 00000738(1848) Explorer.EXE
10000000[00011000]
[AM] 137. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
014C0000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
13140000[000B1000]
[ M] 155. c:\windows\windows.dll
CODE,DATA,BSS,.idata,.rdata,.reloc,.rsrc,
72C80000[00008000]
[ M] 151. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
36D30000[0001A000]
[ M] 156. c:\program files\microsoft office\office11\mcps.dll
Microsoft Corporation
Media Catalog Proxy/Stub
.text,.data,.cdata,.rsrc,.reloc,
+ 000007a4(1956) spoolsv.exe
+ 000008ac(2220) alg.exe
+ 00000c88(3208) Ras.exe
00400000[0013F000]
[ M] 157. e:\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 158. e:\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
016C0000[00011000]
[AM] 137. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
01510000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000fec(4076) iexplore.exe
10000000[00032000]
[AM] 127. c:\program files\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
01250000[0001A000]
[AM] 128. c:\program files\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
018A0000[0001B000]
[ M] 149. e:\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
325C0000[00012000]
[AM] 135. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
026B0000[00019000]
[ M] 159. e:\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 151. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
30000000[002EF000]
[ M] 160. c:\windows\system32\macromed\flash\flash9c.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r45
.text,.rdata,.data,.rsrc,.reloc,
73900000[0002D000]
[ M] 161. c:\windows\system32\jpwb.ime
常诚研制
极品五笔输入法 版本6.7
.text,.data,.sgroup,.ShareDa,.rsrc,.reloc,
07950000[00040000]
[ M] 162. c:\windows\system32\wbjju.ime
北京六合源软件技术有限公司
五笔加加Plus2.81
.text,.rdata,.data,.rsrc,.reloc,
07990000[0005A000]
[ M] 163. c:\windows\system32\wbcodeu.dll
WbCodeU
.text,.rdata,.data,.rsrc,.reloc,
090B0000[00035000]
[ M] 164. c:\windows\system32\xpsp3res.dll
Microsoft Corporation
Service Pack 3 Messages
.rsrc,
58050000[0008A000]
[ M] 165. c:\windows\system32\l3codeca.acm
Fraunhofer Institut Integrierte Schaltungen IIS
MPEG Layer-3 Audio Codec for MSACM
.text,.rdata,.data,.rsrc,.reloc,
30BF0000[00289000]
[ M] 166. c:\windows\system32\ffdshow.ax
DirectShow and VFW video and audio decoding/encoding/processing filter
.text,.rdata,.data,.rodata,.rsrc,.reloc,
7C340000[00056000]
[ M] 167. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
097B0000[000E4000]
[ M] 168. c:\program files\stormii\codec\vsfilter.dll
Gabest
DirectShow/VirtualDub/Avisynth 的图形和文本字幕滤镜
.text,_TEXT64,.rdata,.data,.rsrc,.reloc,
benxiaohaihhh - 2007-8-2 10:00:00
这个病毒在C:\WINDOWS\windowsKey.DLL里,删不掉
1
© 2000 - 2026 Rising Corp. Ltd.