瑞星卡卡安全论坛
最后一片树叶 - 2007-7-9 10:37:00
我中了不知道什么病毒杀完了一重启还有,请大家看看啊!
最后一片树叶 - 2007-7-9 10:40:00
病毒名称处理结果发现日期扫描方式路径文件病毒来源
Trojan.PSW.Win32.LMir.hru删除成功2007-07-08 19:08手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\8xyz0p2310[1].exe>>upack0.39本机
Dropper.Win32.OnlineGames.n删除成功2007-07-08 19:08手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CPEF45I70[1].exe本机
Trojan.PSW.Win32.XYOnline.an删除成功2007-07-08 19:08手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\cpef45i73[1].exe>>upack0.39本机
Trojan.PSW.Win32.Agent.pk删除成功2007-07-08 19:08手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CPEF45I79[1].exe本机
Trojan.PSW.Win32.Agent.pk删除成功2007-07-08 19:08手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P2[1].exe本机
Trojan.PSW.Win32.RocOnline.t删除成功2007-07-08 19:08手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P4[1].exe本机
Dropper.Win32.ArpCheater.a删除成功2007-07-08 19:08手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\pt37q9pn11[1].exe>>upack0.34本机
Trojan.PSW.Win32.OnlineGames.dau删除成功2007-07-08 19:08手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PT37Q9PN6[1].exe本机
Trojan.PSW.Win32.QQPass.qlc删除成功2007-07-08 19:08手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\pt37q9pn8[1].exe>>upx_c本机
Trojan.PSW.Win32.RocOnline.t重新启动计算机后删除文件2007-07-08 19:34手动扫描C:\WINDOWS\system32cxfrru.dll本机
Trojan.PSW.Win32.RocOnline.t重新启动计算机后删除文件2007-07-08 19:36手动扫描C:\WINDOWS\system32TIMHost.dll本机
Trojan.PSW.Win32.QQPass.qlc删除成功2007-07-08 19:43手动扫描e:sysauto.exe>>upx_c本机
Trojan.DL.Win32.Agent.wnn清除成功2007-07-08 19:51手动扫描svchost.exe>>C:\WINDOWS\system32\svchost.exe本机
Dropper.Win32.ArpCheater.a删除成功2007-07-08 19:54手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\8xyz0p2311[1].exe>>upack0.34本机
Trojan.DL.Win32.Agent.wnn清除成功2007-07-09 08:25手动扫描svchost.exe>>C:\WINDOWS\system32\svchost.exe本机
Trojan.PSW.Win32.Agent.pk删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZ0P232[1].exe本机
Trojan.IMMSG.Win32.TBMSG.gp删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZ0P237[1].exe本机
Trojan.IMMSG.Win32.TBMSG.gp删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XYZ0P237[2].exe本机
Trojan.PSW.Win32.XYOnline.an删除成功2007-07-09 08:42手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\cpef45i73[1].exe>>upack0.39本机
Trojan.PSW.Win32.AskTao.r删除成功2007-07-09 08:42手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\cpef45i75[1].exe>>upx_c本机
Trojan.PSW.Win32.AskTao.r删除成功2007-07-09 08:42手动扫描c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\cpef45i75[2].exe>>upx_c本机
Trojan.PSW.Win32.Agent.pk删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CPEF45I79[1].exe本机
Trojan.PSW.Win32.RocOnline.t删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P4[1].exe本机
Trojan.PSW.Win32.RocOnline.t删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P4[2].exe本机
Trojan.PSW.Win32.OnlineGames.dcv删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P6[1].exe本机
Trojan.PSW.Win32.OnlineGames.dcv删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJHXGH9P6[2].exe本机
Dropper.Win32.OnlineGames.n删除成功2007-07-09 08:42手动扫描C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PT37Q9PN0[1].exe本机
Trojan.PSW.Win32.RocOnline.t删除成功2007-07-09 09:03手动扫描C:\WINDOWS\system324.exe本机
Trojan.PSW.Win32.AskTao.r删除成功2007-07-09 09:03手动扫描c:\windows\system325.exe>>upx_c本机
Leoooo - 2007-7-9 11:00:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"忽略系统文件"、"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm
haohe的fans - 2007-7-9 11:22:00
========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
6 提示:这里下载冰刃(1.2版本):http://forum.ikaka.com/topic.asp?board=67&artid=8283060(如果你用的到的话)
最后一片树叶 - 2007-7-9 11:34:00
瑞星卡卡电脑诊断日志 v1.20 (2007-7-9 11:8:56) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
AcPrfMgrSvc
[AM] 1. c:\program files\thinkpad\connectutilities\acprfmgrsvc.exe
.text,.rdata,.data,
6A 28 68 C8 6A 40 00 E8 FA 01 00 00 33 FF 57 FF
AcSvc
[AM] 2. c:\program files\thinkpad\connectutilities\acsvc.exe
Lenovo
ThinkVantage Access Connections Main Service Module
.text,.rdata,.data,.rsrc,
6A 74 68 20 BD 41 00 E8 36 03 00 00 33 FF 89 7D
Adobe LM Service
[A ] 3. c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
Adobe Systems
System Level Service Utility
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 20 E2 40 00 68 08 75 40 00 64
aspnet_state
[A ] 4. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
Microsoft Corporation
aspnet_state.exe
.text,.data,.rsrc,
6A 28 68 F0 11 42 00 E8 D3 02 00 00 33 FF 57 FF
Ati HotKey Poller
[AM] 5. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
6A 60 68 B8 D4 45 00 E8 E6 24 00 00 83 65 FC 00
Autodesk Licensing Service
[A ] 6. c:\program files\common files\autodesk shared\service\adskscsrv.exe
Autodesk
System Level Service Utility
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 20 E2 40 00 68 08 75 40 00 64
btwdins
[AM] 7. c:\program files\thinkpad\bluetooth software\bin\btwdins.exe
Broadcom Corporation.
Bluetooth Support Server
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 A1 42 00 68 18 97 41 00 64
Diskeeper
[AM] 8. c:\program files\diskeeper corporation\diskeeper\dkservice.exe
Diskeeper Corporation
DKSERVICE.EXE
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 10 B4 47 00 68 C0 3B 46 00 64
EvtEng
[AM] 9. c:\program files\intel\wireless\bin\evteng.exe
Intel Corporation
Intel(R) PROSet/Wireless Event Log
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F0 34 41 00 68 B4 84 40 00 64
gusvc
[A ] 10. c:\program files\google\common\google updater\googleupdaterservice.exe
Google
gusvc
.text,.rdata,.data,.rsrc,
6A 60 68 20 95 41 00 E8 40 03 00 00 BF 94 00 00
IBMPMSVC
[AM] 11. c:\windows\system32\ibmpmsvc.exe
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 80 B3 40 00 68 60 86 40 00 64
IDriverT
[A ] 12. c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
Macrovision Corporation
IDriverT Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 30 A3 40 00 68 E4 67 40 00 64
IPSSVC
[AM] 13. c:\windows\system32\ipssvc.exe
Lenovo Group Limited
IPS Core Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 B5 40 00 68 E0 5C 40 00 64
ose
最后一片树叶 - 2007-7-9 11:35:00
[A ] 14. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
6A 74 68 60 2E 00 30 E8 23 04 00 00 33 DB 89 5D
RegSrvc
[AM] 15. c:\program files\intel\wireless\bin\regsrvc.exe
Intel Corporation
Intel(R) PROSet/Wireless Registry Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 6B 42 00 68 A0 AA 40 00 64
RfwProxySrv
[A ] 16. d:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 94 40 00 68 40 85 40 00 64
RfwService
[A ] 17. d:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 AC 41 00 68 80 94 41 00 64
RsCCenter
[A ] 18. d:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 19. d:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
S24EventMonitor
[AM] 20. c:\program files\intel\wireless\bin\s24evmon.exe
Intel Corporation
Wireless Management Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 30 E0 46 00 68 C0 AC 44 00 64
TPHDEXLGSVC
[AM] 21. c:\windows\system32\tphdexlg.exe
Lenovo.
ThinkVantage Active Protection System - HDD Logger Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 E1 40 00 68 3C 82 40 00 64
TpKmpSVC
[AM] 22. c:\windows\system32\tpkmpsvc.exe
.text,.rdata,.data,
55 8B EC 6A FF 68 48 61 40 00 68 DC 3C 40 00 64
TSSCoreService
[AM] 23. c:\program files\ibm thinkvantage\client security solution\ibmtcsd.exe
IBM
ibmtcsd Application
.text,.rdata,.data,.rsrc,
6A 18 68 98 09 4A 00 E8 FD 05 00 00 BF 94 00 00
TVT Backup Service
[AM] 24. c:\program files\ibm thinkvantage\rescue and recovery\rrservice.exe
rrservice Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 D8 76 43 00 68 32 0F 41 00 64
TVT Scheduler
[AM] 25. c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe
tvtsched Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 28 C7 40 00 68 56 73 40 00 64
UCLauncherService
[AM] 26. c:\program files\thinkvantage\systemupdate\uclauncherservice.exe
.text,.rdata,.data,
6A 60 68 A8 71 40 00 E8 03 06 00 00 BF 94 00 00
UMWdf
[AM] 27. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
WmcCds
[A ] 28. c:\program files\windows media connect\mswmccds.exe
Microsoft Corporation
Windows Media Connect
.text,.rsrc,.reloc,
FF 25 00 20 40 00 00 00 00 00 00 00 00 00 00 00
WmcCdsLs
[A ] 29. c:\program files\windows media connect\mswmcls.exe
Microsoft Corporation
Windows Media Connect
.text,.data,.rsrc,
6A 28 68 48 33 00 01 E8 A2 01 00 00 66 81 3D 00
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
ADIHdAudAddService
[A ] 30. c:\windows\system32\drivers\adihdaud.sys
Analog Devices, Inc.
High Definition Audio Function Driver(Release Candidate 1)
.text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 88 DA 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
AEAudioService
[A ] 31. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Audio Noise Filtering Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 8B 35 14 DA 02 00 57 68
AegisP
[A ] 32. c:\windows\system32\drivers\aegisp.sys
Meetinghouse Data Communications
IEEE 802.1X Protocol Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 81 EC 90 00 00 00 8B 45 08 53 56 8B 35
ANC
[A ] 33. c:\windows\system32\drivers\anc.sys
IBM Corp.
IBM Access Connections - ANC
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 81 EC 80 00 00 00 53 57 6A 1B 59 33 C0
atmeltpm
最后一片树叶 - 2007-7-9 11:38:00
[A ] 34. c:\windows\system32\drivers\atmeltpm.sys
Atmel, Inc.
Atmel TPM Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
BaseTDI
[A ] 35. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
btaudio
[A ] 36. c:\windows\system32\drivers\btaudio.sys
Broadcom Corporation.
Bluetooth Audio Device
.text,.rdata,.data,INIT,.rsrc,.reloc,
68 92 A6 01 00 FF 74 24 0C FF 74 24 0C E8 52 D6
BTDriver
[A ] 37. c:\windows\system32\drivers\btport.sys
Broadcom Corporation.
Bluetooth BTPORT Driver for Windows 2000
.text,.rdata,.data,INIT,.rsrc,.reloc,
56 8B 74 24 0C 57 68 43 4F 4D 58 66 8B 46 02 66
BTKRNL
[A ] 38. c:\windows\system32\drivers\btkrnl.sys
Broadcom Corporation.
Bluetooth Bus Enumerator
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
56 8B 74 24 0C 68 42 74 6B 72 66 8B 06 66 05 02
BTWDNDIS
[A ] 39. c:\windows\system32\drivers\btwdndis.sys
Broadcom Corporation.
Bluetooth LAN Access Server Driver
.text,PNP,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 60 53 56 33 DB 57 53 8D 45 0C FF
BTWUSB
[A ] 40. c:\windows\system32\drivers\btwusb.sys
Broadcom Corporation.
Driver for Bluetooth USB Devices
.text,PNP,.data,INIT,.rsrc,.reloc,
55 8B EC 51 6A 00 6A 01 FF 15 A0 03 01 00 25 FF
e1express
[A ] 41. c:\windows\system32\drivers\e1e5132.sys
Intel Corporation
Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
E9 27 FF FF FF CC 55 8B EC 53 33 DB 66 39 5D 0C
EGATHDRV
[A ] 42. c:\windows\system32\egathdrv.sys
IBM Corporation
IBM eGatherer Kernel Module
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 53 56 57 6A 08 59 BE 80 02 01
ExpScaner
[A ] 43. d:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
HDAudBus
[A ] 44. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 C0 D0 02 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
HookCont
[A ] 45. d:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 46. d:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 47. d:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
HookUrl
[A ] 48. d:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
HSF_DPV
[A ] 49. c:\windows\system32\drivers\hsx_dpv.sys
Conexant Systems, Inc.
HSF_DP driver
.text,_PARA_DA,.rdata,.data,.STL,.CRT,PAGE,INIT,.rsrc,.reloc,
A1 60 C0 0D 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
HSXHWAZL
[A ] 50. c:\windows\system32\drivers\hsxhwazl.sys
Conexant Systems, Inc.
HSF_HWAZL WDM driver
.text,GLOBAL_I,.rdata,.data,.CRT,GLOBAL_I,.STL,PAGE,INIT,.rsrc,.reloc,
A1 0C A7 03 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
ibmfilter
[A ] 51. c:\windows\system32\drivers\ibmfilter.sys
IBM
IBM Rescue and Recovery filter driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
81 EC A0 00 00 00 53 56 57 6A 09 59 6A 0B BE 02
IBMPMDRV
[A ] 52. c:\windows\system32\drivers\ibmpmdrv.sys
Lenovo.
ThinkPad Power Management Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B 44 24 04 B9 42 03 01 00 89 48 40 89 48 38 8B
IBMTPCHK
[A ] 53. c:\windows\system32\drivers\ibmbldid.sys
.text,.rdata,INIT,.reloc,
55 8B EC 83 EC 0C 8B 45 08 C7 40 70 6A 05 01 00
mdmxsdk
[A ] 54. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
A1 04 27 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
MEMSCAN
最后一片树叶 - 2007-7-9 11:39:00
[A ] 55. d:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
mProcRs
[A ] 56. d:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
NPF
[A ] 57. c:\windows\system32\drivers\npf.sys
CACE Technologies
npf
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 81 EC 80 00 00 00 53 56 57 8B 7D 0C 33
npkcrypt
[A ] 58. d:\qqdownload\qq2007\qq\npkcrypt.sys
pmem
[A ] 59. c:\windows\system32\drivers\pmemnt.sys
Microsoft Corporation
Physical Memory Driver
.text,.edata,INIT,.rsrc,.reloc,
55 8B EC 8B 45 08 B9 86 05 01 00 89 48 38 89 48
PrivateDisk
[A ] 60. c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys
Utimaco Safeware AG
SafeGuard? PrivateDisk Driver
.text,INITPD,.data,PAGEPD,INIT,.rsrc,.reloc,
55 8B EC 83 EC 0C 6A 00 6A 00 68 00 46 01 00 68
PROCDD
[A ] 61. c:\windows\system32\drivers\procdd.sys
Lenovo Group Limited
IPS Helper Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
psadd
[A ] 62. c:\windows\system32\drivers\psadd.sys
Lenovo
SMI Driver
.text,.rdata,.data,PAGE,PAGELOCK,INIT,.rsrc,.reloc,
8B 44 24 04 B9 83 0C 01 00 6A 00 50 89 48 38 89
PxHelp20
[A ] 63. c:\windows\system32\drivers\pxhelp20.sys
Sonic Solutions
Px Engine Device Driver for Windows 2000/XP
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 57 33 DB 33 C0 8D 7D FA
RsAntiSpyware
[A ] 64. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsFwDrv
[A ] 65. d:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
RsNTGDI
[A ] 66. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
RSPPSYS
[A ] 67. d:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
s24trans
[A ] 68. c:\windows\system32\drivers\s24trans.sys
Intel Corporation
Intel WLAN Packet Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 04 28 01 00 85 C0 B9 40 BB 00
Secdrv
[A ] 69. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
ShockMgr
[A ] 70. c:\windows\system32\drivers\shockmgr.sys
Lenovo.
ShockMgr Device Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
56 8B 74 24 0C 66 8B 06 66 05 02 00 66 A3 0A 08
Shockprf
[A ] 71. c:\windows\system32\drivers\shockprf.sys
Lenovo
Shockproof Disk Driver
.text,.rdata,.data,PAGE,PAGE_DAT,INIT,.rsrc,.reloc,
33 C0 39 44 24 08 74 05 E9 87 FE FF FF C2 08 00
Smapint
[A ] 72. c:\windows\system32\drivers\smapint.sys
Microsoft Corporation
SMAPI I/O
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 B8 2A 11 01 00 8B EC 83 EC 04 56 8B 4D 08 8D
smi2
[A ] 73. c:\program files\smi2\smi2.sys
IBM Corp.
SMI BIOS driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
FF 74 24 08 68 CC 09 01 00 E8 13 F9 FF FF 8B 44
smihlp
[A ] 74. c:\program files\thinkvantage fingerprint software\smihlp.sys
UPEK Inc.
SMI helper driver
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 80 65 FF 00 53 56 8B 75 08 57
SYMIDSCO
[A ] 75. c:\progra~1\common~1\symant~1\symcdata\scfids~1\20070702.003\symidsco.sys
SynTP
[A ] 76. c:\windows\system32\drivers\syntp.sys
Synaptics, Inc.
Synaptics Touchpad Driver
.text,.data,INIT,.rsrc,.reloc,
E8 0B E7 FF FF 8B 44 24 08 8B 0D 90 89 03 00 50
TcUsb
[A ] 77. c:\windows\system32\drivers\tcusb.sys
UPEK Inc.
TouchChip USB Kernel Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 38 53 56 57 6A 06 59 6A 08 BE 5E
TDSMAPI
[A ] 78. c:\windows\system32\drivers\tdsmapi.sys
.text,.rdata,.data,.reloc,
TPHKDRV
[A ] 79. c:\windows\system32\drivers\tphkdrv.sys
IBM Corporation
ThinkPad Hotkey Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 8B 45 08 B9 CA 03 01 00 89 48 70 89 48
TPPWRIF
[A ] 80. c:\windows\system32\drivers\tppwrif.sys
.text,.rdata,.data,.reloc,
TSMAPIP
[A ] 81. c:\windows\system32\drivers\tsmapip.sys
.text,.rdata,.data,.reloc,
w39n51
[A ] 82. c:\windows\system32\drivers\w39n51.sys
Intel? Corporation
Intel? Wireless LAN Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
81 EC 80 00 00 00 8B 94 24 84 00 00 00 57 33 C0
winachsf
[A ] 83. c:\windows\system32\drivers\hsx_cnxt.sys
Conexant Systems, Inc.
HSF_CNXT driver
.text,_LTEXT,.rdata,.data,_LDATA,PAGESER,INIT,.rsrc,.reloc,
ZSMC303
[A ] 84. c:\windows\system32\drivers\usbvm303.sys
VM
Video streaming and Capture Device Driver
.text,.data,.data1,PAGECONS,INIT,.rsrc,.reloc,
68 74 1B 01 00 6A 04 68 88 05 00 00 FF 74 24 14
+ Winlogon
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
ACNotify
[AM] 85. c:\program files\thinkpad\connectutilities\acnotify.dll
Lenovo
ThinkVantage Access Connections Notify component
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 3C 00 10 E8 0A 02 00 00 33 C0 40 89
AtiExtEvent
[AM] 86. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
psfus
[AM] 87. c:\windows\system32\psqlpwd.dll
UPEK Inc.
Logon stub
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 71 40 31 E8 F5 04 00 00 33 C0 40 89
tpfnf2
[A ] 88. c:\windows\system32\notifyf2.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
tphotkey
[AM] 89. c:\windows\system32\tphklock.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[A ] 90. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,
6A 0C 68 40 31 10 10 E8 98 EC FF FF 33 C0 40 89
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 91. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}
[A ] 92. c:\program files\tencent\ssplus\saddr.dll
Tencent
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[A ] 93. d:\qqdownload\thunder.v5.6.2.300.noad-ayu\thunder.v5.6.2.300.noad-ayu\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 56 8B 75 0C 83 FE 01 74 05 83 FE 02 75
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}
[A ] 94. d:\qqdownload\thunder.v5.6.2.300.noad-ayu\thunder.v5.6.2.300.noad-ayu\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 80 0D 01 10 E8 2A F5 FF FF 33 C0 40 89
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 95. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
{0C7C23EF-A848-485B-873C-0ED954731014}
[A ] 92. c:\program files\tencent\ssplus\saddr.dll
Tencent
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[A ] 90. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
最后一片树叶 - 2007-7-9 11:41:00
.text,.rdata,.data,shared,.rsrc,.reloc,
6A 0C 68 40 31 10 10 E8 98 EC FF FF 33 C0 40 89
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
[AM] 96. c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
Google Inc.
GoogleToolbarNotifier
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 78 C1 03 10 E8 37 02 00 00 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 97. c:\program files\lenovo\pkgmgr\pkgmgr.exe
Lenovo Group Limited
Software Installer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 00 D3 41 00 68 F8 77 41 00 64
Exec
[A ] 98. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
6A 70 68 10 98 00 01 E8 BF 01 00 00 33 DB 53 8B
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[AM] 99. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
application/x-complus
[AM] 99. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
application/x-msdownload
[AM] 99. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
text/xml
[A ] 100. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
6A 0C 68 70 22 40 00 E8 FD 01 00 00 33 C0 40 89
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
cetihpz
[A ] 101. c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Hewlett-Packard Company
HPCETIUI Protocol Handler Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
mso-offdap
[A ] 102. c:\program files\common files\microsoft shared\web components\10\owc10.dll
Microsoft Corporation
Microsoft Office XP Web Components
.text,.data,.rtext,.bootdat,msoconst,Shared,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 103. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 DD 00 10 E8 F5 EF FF FF 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 104. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
Fusion Cache
[AM] 99. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
Portable Media Devices
[A ] 105. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
Portable Media Devices Menu
[A ] 105. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
My Bluetooth Places
[A ] 106. c:\windows\system32\btneighborhood.dll
Broadcom Corporation.
BTNeighborhood DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
Catalyst Context Menu extension
[AM] 107. c:\program files\ati technologies\ati.ace\atiacmxx.dll
ACE Context Menu
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
SafeGuard PrivateDisk extension
[A ] 108. c:\program files\ibm thinkvantage\safeguard privatedisk\pdshell.dll
Utimaco Safeware AG
SafeGuard PrivateDisk Shell Extension DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
Microsoft Office HTML Icon Handler
[A ] 109. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
6A 0C 68 A8 41 5C 32 E8 B5 00 00 00 33 C0 40 89
Web Folders
[A ] 110. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
6A 0C 68 B0 AC 0A 49 E8 DA 00 00 00 33 C0 40 89
Microsoft Office Outlook Custom Icon Handler
[A ] 111. c:\program files\microsoft office\office11\olkfstub.dll
Microsoft Corporation
Outlook Shell Hook for Start/Find
.text,.data,.rsrc,.reloc,
6A 0C 68 E0 1B 75 35 E8 FC 01 00 00 33 C0 40 89
Microsoft Office Outlook Desktop Icon Handler
[A ] 112. c:\program files\microsoft office\office11\mlshext.dll
Microsoft Corporation
Microsoft Shell Extension Library
.text,.data,.cdata,.rsrc,.reloc,
6A 0C 68 98 13 A2 35 E8 10 02 00 00 33 C0 40 89
WinRAR shell extension
[A ] 113. d:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
RISING
[AM] 114. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 114. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
最后一片树叶 - 2007-7-9 11:42:00
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 115. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
swg
[AM] 116. c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
Google Inc.
GoogleToolbarNotifier
.text,.rdata,.data,.rsrc,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TpShocks
[AM] 117. c:\windows\system32\tpshocks.exe
Lenovo, Ltd. and IBM Corporation.
ThinkVantage Active Protection System
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 40 92 40 00 68 E4 4A 40 00 64
TP4EX
[A ] 118. c:\windows\system32\tp4ex.exe
Lenovo Group Limited
TrackPoint Accessibility Features
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 68 71 40 00 68 40 42 40 00 64
EZEJMNAP
[AM] 119. c:\program files\thinkpad\utilities\ezejmnap.exe
Lenovo Group Limited
ThinkPad EasyEject Support Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 99 42 00 68 24 18 41 00 64
TPHOTKEY
[AM] 120. c:\program files\lenovo\pkgmgr\hotkey\tphkmgr.exe
.text,.rdata,.data,
55 8B EC 6A FF 68 18 F2 40 00 68 84 C1 40 00 64
文件名和"taskmgr.exe"类似
SynTPLpr
[AM] 121. c:\program files\synaptics\syntp\syntplpr.exe
Synaptics, Inc.
TouchPad Driver Helper Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 C3 40 00 68 14 8D 40 00 64
SynTPEnh
[AM] 122. c:\program files\synaptics\syntp\syntpenh.exe
Synaptics, Inc.
Synaptics TouchPad Enhancements
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 DF 44 00 68 A4 46 44 00 64
SoundMAXPnP
[AM] 123. c:\program files\analog devices\core\smax4pnp.exe
Analog Devices, Inc.
SMax4PNP
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 B0 9F 41 00 68 E0 5B 41 00 64
ATICCC
[AM] 124. c:\program files\ati technologies\ati.ace\cli.exe
ATI Technologies Inc.
CLI Application (Command Line Interface)
.text,.rsrc,.reloc,
LPManager
[AM] 125. c:\program files\thinkvantage\prdctr\lpmgr.exe
Lenovo Group Limited
ThinkVantage Productivity Center Manager
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 00 EA 40 00 68 70 C4 40 00 64
AMSG
[AM] 126. c:\program files\thinkvantage\amsg\amsg.exe
LENOVO
Message Center
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 09 45 00 68 18 95 42 00 64
cssauth
[AM] 127. c:\program files\ibm thinkvantage\client security solution\cssauth.exe
Lenovo Group Limited
cssauth
.text,.rdata,.data,.data1,.rsrc,
6A 60 68 10 7C 58 00 E8 D7 2A 00 00 BF 94 00 00
PDService.exe
[AM] 128. c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe
Utimaco Safeware AG
PrivateDisk Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 57 40 1C 68 12 47 40 1C 64
Picasa Media Detector
[A ] 129. c:\program files\picasa2\picasamediadetector.exe
Google Inc.
Picasa
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 36 43 00 68 A8 D4 40 00 64
DiskeeperSystray
[A ] 130. c:\program files\diskeeper corporation\diskeeper\dkicon.exe
Diskeeper Corporation
DKICON.EXE
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 D5 41 00 68 68 E7 40 00 64
ACTray
[AM] 131. c:\program files\thinkpad\connectutilities\actray.exe
Lenovo
ThinkVantage Access Connections Status Icon
.text,.rdata,.data,.rsrc,
6A 74 68 68 8A 40 00 E8 EE 03 00 00 33 FF 89 7D
ACWLIcon
[AM] 132. c:\program files\thinkpad\connectutilities\acwlicon.exe
Lenovo
ThinkVantage Access Connections Wireless Status Icon
.text,.rdata,.data,.rsrc,
6A 74 68 18 DF 40 00 E8 8D 05 00 00 33 FF 89 7D
BigDog303
[AM] 133. c:\windows\vm303_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.sxdata,.rsrc,
6A 60 68 70 82 40 00 E8 E1 1D 00 00 83 65 FC 00
runeip
[AM] 134. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
RavTask
[A ] 135. d:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
RfwMain
[AM] 136. d:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MSDMG32
[A ] 137. c:\windows\system32\lyloadmr.exe
VL橸谚�?_Y??G�,QV?褤瑒,
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 138. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
+ Image Hijacks
+ HKCR\.html
htmlfile\Edit\Command
[A ] 139. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\open\Command
[A ] 140. d:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 10 5A 00 68 EC 37 55 00 64
htmlfile\Print\Command
[A ] 139. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\TencentTraveler\Command
[A ] 140. d:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 10 5A 00 68 EC 37 55 00 64
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 139. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\open\Command
[A ] 140. d:\program files\tencent\tt\ttraveler.exe
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 10 5A 00 68 EC 37 55 00 64
htmlfile\Print\Command
[A ] 139. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
htmlfile\TencentTraveler\Command
[A ] 140. d:\program files\tencent\tt\ttraveler.exe
最后一片树叶 - 2007-7-9 11:43:00
腾讯公司
Tencent Traveler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 10 5A 00 68 EC 37 55 00 64
+ Print Monitor
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Bluetooth 打印机端口
[AM] 141. c:\windows\system32\bthcrp.dll
Broadcom Corporation.
bthcrp DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
hpzsnt10
[AM] 142. c:\windows\system32\hpzsnt10.dll
HP
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ LSA Providers
+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa
Notification Packages
[AM] 87. c:\windows\system32\psqlpwd.dll
UPEK Inc.
Logon stub
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 71 40 31 E8 F5 04 00 00 33 C0 40 89
[AM] 143. c:\program files\ibm thinkvantage\client security solution\csspwntfy.dll
Lenovo Group Limited
Password change notification
.text,.rdata,.data,.data1,.rsrc,.reloc,
6A 0C 68 D8 9D 0E 10 E8 45 28 00 00 33 C0 40 89
+ 其他自启动项目
+ C:\Documents and Settings\Owner\「开始」菜单\程序\启动
腾讯QQ.lnk
[A ] 144. d:\qqdownload\qq2007\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 D0 63 53 00 68 48 EF 48 00 64
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk
[AM] 145. c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
6A 74 68 48 67 40 00 E8 08 02 00 00 33 DB 89 5D
Digital Line Detect.lnk
[AM] 146. c:\program files\digital line detect\dlg.exe
BVRP Software
Digital Line Detection
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 31 40 00 68 B0 27 40 00 64
蓝牙控制盘.lnk
[AM] 147. c:\program files\thinkpad\bluetooth software\bttray.exe
Broadcom Corporation.
Bluetooth Tray Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 F5 45 00 68 8C 49 45 00 64
+ C:\WINDOWS\Tasks
PMTask.job
[A ] 148. c:\program files\thinkpad\utilities\pwmidtsk.exe
.text,.rdata,.data,
55 8B EC 6A FF 68 68 34 40 00 68 E0 2B 40 00 64
+ 系统活动模块
+ 00000090(144) ibmtcsd.exe
00400000[000B0000]
[AM] 23. c:\program files\ibm thinkvantage\client security solution\ibmtcsd.exe
IBM
ibmtcsd Application
.text,.rdata,.data,.rsrc,
6A 18 68 98 09 4A 00 E8 FD 05 00 00 BF 94 00 00
10000000[0001A000]
[ M] 149. c:\windows\system32\tpmddl.dll
Atmel, Inc.
Atmel TDDL (x86)
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 D8 40 01 10 E8 1D 17 00 00 33 C0 40 89
+ 000000a4(164) rrservice.exe
00400000[00167000]
[AM] 24. c:\program files\ibm thinkvantage\rescue and recovery\rrservice.exe
rrservice Module
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 D8 76 43 00 68 32 0F 41 00 64
10000000[000A6000]
[ M] 150. c:\program files\ibm thinkvantage\rescue and recovery\rr_res.dll
Language DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00370000[00045000]
[ M] 151. c:\program files\ibm thinkvantage\rescue and recovery\pui.dll
International Business Machines Corporation
pui DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
003C0000[00029000]
[ M] 152. c:\program files\ibm thinkvantage\rescue and recovery\ui.dll
ui DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00570000[00026000]
[ M] 153. c:\program files\ibm thinkvantage\rescue and recovery\cdrecord.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
005A0000[00011000]
[ M] 154. c:\program files\ibm thinkvantage\rescue and recovery\zlib.dll
zlib data compression library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01240000[00023000]
[ M] 155. c:\windows\system32\prochlp.dll
Lenovo Group Limited
IPS Helper DLL
.text,.rdata,.data,._PROCHL,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01270000[0001B000]
[AM] 114. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
012A0000[00011000]
[AM] 115. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000198(408) spoolsv.exe
10000000[0001C000]
[AM] 141. c:\windows\system32\bthcrp.dll
Broadcom Corporation.
bthcrp DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00EA0000[000FB000]
[ M] 156. c:\windows\system32\widcommsdk.dll
Broadcom Corporation.
WidcommSdk DLL
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01010000[000CB000]
[ M] 157. c:\windows\system32\wbtapi.dll
Broadcom Corporation.
WBTApi DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00FA0000[0002E000]
[AM] 142. c:\windows\system32\hpzsnt10.dll
HP
.text,.rdata,.data,.idata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000001d8(472) svchost.exe
最后一片树叶 - 2007-7-9 11:44:00
+ 00000218(536) IPSSVC.EXE
00400000[00013000]
[AM] 13. c:\windows\system32\ipssvc.exe
Lenovo Group Limited
IPS Core Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 B5 40 00 68 E0 5C 40 00 64
10000000[00023000]
[ M] 155. c:\windows\system32\prochlp.dll
Lenovo Group Limited
IPS Helper DLL
.text,.rdata,.data,._PROCHL,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00B00000[00022000]
[ M] 158. c:\program files\lenovo\awaytask\awaydb.dll
Lenovo Group Limited
AWAYDB DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000228(552) AcPrfMgrSvc.exe
00400000[0000A000]
[AM] 1. c:\program files\thinkpad\connectutilities\acprfmgrsvc.exe
.text,.rdata,.data,
6A 28 68 C8 6A 40 00 E8 FA 01 00 00 33 FF 57 FF
0A000000[00025000]
[ M] 159. c:\program files\thinkpad\connectutilities\aclocsettings.dll
.text,.rdata,.data,.reloc,
6A 0C 68 F8 41 01 0A E8 F1 00 00 00 33 C0 40 89
7C3A0000[0007B000]
[ M] 160. c:\windows\system32\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 1C 3D 7C E8 EB EA FF FF 33 C0 40 89
7C340000[00056000]
[ M] 161. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
08000000[00023000]
[ M] 162. c:\program files\thinkpad\connectutilities\acprfmgr.dll
.text,.rdata,.data,.reloc,
6A 0C 68 90 6F 01 08 E8 15 02 00 00 33 C0 40 89
10000000[00013000]
[ M] 163. c:\program files\thinkpad\connectutilities\accrypthlpr.dll
.text,.rdata,.data,.SlNum,.reloc,
6A 0C 68 A0 E5 00 10 E8 EA 01 00 00 33 C0 40 89
00370000[00012000]
[ M] 164. c:\program files\thinkpad\connectutilities\achelper.dll
.text,.rdata,.data,.reloc,
6A 0C 68 10 AE 00 10 E8 4B 01 00 00 33 C0 40 89
09000000[0007C000]
[ M] 165. c:\program files\thinkpad\connectutilities\acon.dll
.text,.rdata,.data,.reloc,
6A 0C 68 48 D7 05 09 E8 DE 00 00 00 33 C0 40 89
00390000[00005000]
[ M] 166. c:\program files\thinkpad\connectutilities\acturinsupport.dll
.text,.rdata,.data,.reloc,
00DF0000[0001C000]
[ M] 167. c:\program files\thinkpad\connectutilities\aclocmigrator.dll
.text,.rdata,.data,.reloc,
6A 0C 68 50 39 01 10 E8 E4 00 00 00 33 C0 40 89
00E10000[00017000]
[ M] 168. c:\program files\thinkpad\connectutilities\thinqcon.dll
.text,.rdata,.data,.QconDll,.reloc,
6A 0C 68 B0 2E 01 10 E8 95 01 00 00 33 C0 40 89
+ 00000250(592) btwdins.exe
00400000[00058000]
[AM] 7. c:\program files\thinkpad\bluetooth software\bin\btwdins.exe
Broadcom Corporation.
Bluetooth Support Server
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 A1 42 00 68 18 97 41 00 64
+ 00000264(612) DkService.exe
00400000[000BE000]
[AM] 8. c:\program files\diskeeper corporation\diskeeper\dkservice.exe
Diskeeper Corporation
DKSERVICE.EXE
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 10 B4 47 00 68 C0 3B 46 00 64
10000000[00034000]
[ M] 169. c:\program files\diskeeper corporation\diskeeper\dklib.dll
Diskeeper Corporation
DKLIB.LIB
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00370000[00017000]
[ M] 170. c:\program files\diskeeper corporation\diskeeper\tab.dll
Executive Software International, Inc.
TAB
.text,.rdata,.data,.sign,.rsrc,.reloc,
6A 0C 68 50 02 01 10 E8 46 01 00 00 33 C0 40 89
7C340000[00056000]
[ M] 171. c:\program files\diskeeper corporation\diskeeper\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
00390000[00008000]
[ M] 172. c:\program files\diskeeper corporation\diskeeper\getfatextents.dll
Diskeeper Corporation
GETFATEXTENTS.DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
4B4F0000[00006000]
[ M] 173. c:\windows\system32\odbcbcp.dll
Microsoft Corporation
Microsoft BCP for ODBC
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
009C0000[0008C000]
[ M] 174. c:\program files\diskeeper corporation\diskeeper\2052\dkres.dll
Diskeeper Corporation
DKRES.DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00EE0000[00017000]
[ M] 175. c:\program files\diskeeper corporation\diskeeper\dktabprovider.dll
Diskeeper Corporation
DKTABPROVIDER.EXE
.text,.rdata,.data,.sign,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000002cc(716) RegSrvc.exe
00400000[00038000]
[AM] 15. c:\program files\intel\wireless\bin\regsrvc.exe
Intel Corporation
Intel(R) PROSet/Wireless Registry Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 6B 42 00 68 A0 AA 40 00 64
+ 000002d8(728) reader_sl.exe
00400000[0000A000]
[AM] 145. c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
6A 74 68 48 67 40 00 E8 08 02 00 00 33 DB 89 5D
7C3A0000[0007B000]
最后一片树叶 - 2007-7-9 12:02:00
还有很长呢 不过我升级了最新病毒库杀完后重启再杀没发现病毒了 不知道是不是瑞星已经解决了!
天月来了 - 2007-7-9 13:07:00
估计还得再来!!!
如果真的再来,请不要折腾别的了。直接:
将你的系统日期对正确
下载 System Repair Engineer,到你的“Windows”文件夹里。
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 将SREng.exe重命名为abc.exe运行.(一定得改名)
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝分段贴上来,不要修改
骑着XX混社会 - 2007-7-9 13:47:00
[A ] 137. c:\windows\system32\lyloadmr.exe
仔细看马上就能发现了
把这个文件删了就好了
Leoooo - 2007-7-9 13:51:00
| 引用: |
【骑着XX混社会的贴子】[A ] 137. c:\windows\system32\lyloadmr.exe
仔细看马上就能发现了
把这个文件删了就好了
……………… |
楼主最好能把这个文件打包发送上来
http://up.rising.com.cn/webmail/uploadnew.htm
清风飞絮 - 2007-7-9 13:55:00
同问 如何解决???
请高手解答~~
asembler - 2007-7-9 14:06:00
Trojan.PSW.Win32典型的木马病毒嘛!
估计你的RSING该升级了.另外,微软补丁也该打了.
用RSING进行漏洞扫描一下,智能提醒你主机所存在何种漏洞,按提示做好防护即可.
升级RSING后,记得进入安全模式下用RSING好好杀一下.养成每天定时查毒的好习惯.
不要随便DOWNLOAD一下非正式网站里的SOFTWARE,不上一些不良信息的网站.
李逍遥e - 2007-7-9 14:25:00
你中了应该是威金病毒,这种病毒很难杀,可以说无法杀,因为现在的瑞星软件也无法彻底清除它,只要中了每次开机都会自动生成!谢谢!
最后一片树叶 - 2007-7-9 14:39:00
| 引用: |
【Leoooo的贴子】| 引用: | 【骑着XX混社会的贴子】[A ] 137. c:\windows\system32\lyloadmr.exe
仔细看马上就能发现了
把这个文件删了就好了
……………… |
楼主最好能把这个文件打包发送上来
……………… |
已经打包发过去了
最后一片树叶 - 2007-7-9 14:54:00
我已经很小心了,以前丛没有中的这么严重,昨天到今天一直在折腾这个,试了别的杀毒软件也是一样杀不掉,估计是前天上163下邮件的时候传染的,qq也丢了,申诉了说证记不足,真是狂郁闷啊!(请大家吸取我的教训,一定要做密码保护)还有就是瑞星升级完后杀完到现在重启了几次都还没查出病毒,但愿是不会再中毒了,和我一样情况的朋友赶紧升级后试试吧!
还有就是要谢谢上面这些关心我的朋友,谢谢你们对我的帮助!
克毒之星 - 2007-9-20 23:14:00
Trojan.PSW.Win32.OnlineGames.yub
为什么这个病毒杀完又有了
克毒之星 - 2007-9-20 23:36:00
Trojan.PSW.Win32.OnlineGames.yub
55555555555555555要几版的才杀得了`
我已经杀了4天了多是一样的`
克毒之星 - 2007-9-20 23:38:00
该病毒```上这个论坛也会出现`````
要是可以让瑞星升级杀得了那就好了
我就不用天天杀了
Aasetup - 2007-9-20 23:44:00
第一次看到 KAKA 的日志
感觉在系统上杀毒软件和删除工具不能去除的病毒,除了知道病毒如何启动和运行来手动杀掉外。(其余都得在系统没启动前如DOS下清理掉,然后在其目录再新建个和病毒名相同的文件夹,再在这个文件夹里面建个难删除的文件如CMD命令 md aa...\,这样病毒应该就不会再生成。)
�火影忍者 - 2007-9-21 0:14:00
清空IE缓存,打好系统补丁
1
© 2000 - 2026 Rising Corp. Ltd.