瑞星卡卡安全论坛
wait67 - 2007-8-1 16:06:00
带Rootkit.AdProt.o这个病毒的hcalway.sys的文件我怎么,怎么也清除不掉,这病毒文件应该是个**SYS文件吧.大虾们帮帮忙啊谢谢了
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Leoooo - 2007-8-1 16:24:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3
选择"文件详细信息"、"文件名相似分析"2个选项4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以),不要修改(一次发不完请分次发上来)
6
扫日志的时候尽量把不必要的软件关闭 如QQ TM等7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
sdfes8766 - 2007-8-26 17:21:00
瑞星卡卡电脑诊断日志 v1.30 (2007-8-26 16:57:18) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
ATKKeyboardService
[AM] 1. c:\windows\atkkbservice.exe
ASUSTeK COMPUTER INC.
ASUS Keyboard Service
.text,.data,.rsrc,
mscic
[AM] 2. c:\windows\system32\cic..exe
.text,.rdata,.data,.rsrc,
ms_2fax
[AM] 3. c:\windows\system32\5a541.exe
.text,.rdata,.data,.rsrc,
NVSvc
[AM] 4. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 83.91
.text,.rdata,.data,.rsrc,
ose
[A ] 5. c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
RsCCenter
[A ] 6. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 7. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
spoo1v
[A ] 8. c:\windows\system32\spoo1v.exe
.text,.rdata,.data,.rsrc,
WIDETS
[AM] 9. c:\windows\system32\rundllforour.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,
winmm
[AM] 10. c:\windows\system32\winmm.exe
.text,.rdata,.data,.rsrc,
WMPNetworkSvc
[A ] 11. c:\program files\windows media player\wmpnetwk.exe
Microsoft Corporation
Windows Media Player 网络共享服务
.text,.data,.rsrc,.reloc,
WudfSvc
[A ] 12. c:\windows\system32\wudfsvc.dll
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Service
.text,.data,.rsrc,.reloc,
sdfes8766 - 2007-8-26 17:22:00
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
abhcop
[A ] 13. c:\windows\system32\drivers\abhcop.sys
Systems Internals
Windows NT Registry Monitor
.text,.rdata,.data,INIT,.rsrc,.reloc,
acpidisk
[A ] 14. c:\windows\system32\drivers\acpidisk.sys
.text,.rdata,.data,INIT,.reloc,
AmdK8
[A ] 15. c:\windows\system32\drivers\amdk8.sys
Advanced Micro Devices
AMD Processor Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
asuskbnt
[A ] 16. c:\windows\system32\drivers\atkkbnt.sys
ASUSTeK COMPUTER INC.
ASUS Help driver For Keyboard Service.
.text,.rdata,.data,INIT,.rsrc,.reloc,
AtcL001
[A ] 17. c:\windows\system32\drivers\atl01_xp.sys
Attansic Technology corporation.
Attansic L1 Gigabit Ethernet Controller ndis miniport driver
.text,.rdata,.data,PAGECONS,INIT,.rsrc,.reloc,
atland
[A ] 18. c:\windows\system32\drivers\atland.sys
BaseTDI
[A ] 19. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
cegidjee
[A ] 20. c:\windows\system32\drivers\cegidjee.sys
clandt
[A ] 21. c:\windows\system32\drivers\clandt.sys
cnprov
[A ] 22. c:\windows\system32\drivers\cnprov.sys
中国互联网络信息中心(CNNIC)
国际化域名辅助模块
.text,.data,INIT,.rsrc,.reloc,
d347bus
[A ] 23. c:\windows\system32\drivers\d347bus.sys
PnP BIOS Extension
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
d347prt
[A ] 24. c:\windows\system32\drivers\d347prt.sys
SCSI miniport
.text,.rdata,.data,INIT,.rsrc,.reloc,
dblapdrv
[A ] 25. c:\windows\system32\drivers\dblapdrv.sys
dkqybr40
[A ] 26. c:\windows\system32\drivers\dkqybr40.sys
EIO
[A ] 27. c:\windows\system32\drivers\eio.sys
ASUSTeK Computer Inc.
ASUS Kernel Mode Driver for NT
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 28. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
fceagcfb
[A ] 29. c:\windows\system32\drivers\fceagcfb.sys
HDAudBus
[A ] 30. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
HookCont
[A ] 31. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 32. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 33. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
idnaux
[A ] 34. c:\windows\system32\drivers\idnaux.sys
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.data,INIT,.rsrc,.reloc,
IntcAzAudAddService
[A ] 35. c:\windows\system32\drivers\rtkhdaud.sys
Realtek Semiconductor Corp.
Realtek(r) High Definition Audio Function Driver
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
kbkhjd
[A ] 36. c:\windows\system32\drivers\kbkhjd.sys
北京三七二一科技有限公司
sys 应用程序
.text,.rdata,.data,INIT,.rsrc,.reloc,
kmsinput
[A ] 37. c:\windows\system32\drivers\kmsinput.sys
.text,.data,INIT,.reloc,
kpkhpu97
[A ] 38. c:\windows\system32\drivers\kpkhpu97.sys
lkcsav69
[A ] 39. c:\windows\system32\drivers\lkcsav69.sys
MEMSCAN
[A ] 40. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
sdfes8766 - 2007-8-26 17:22:00
MTsensor
[A ] 41. c:\windows\system32\drivers\asacpi.sys
ATK0110 ACPI Utility
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
mwffze67
[A ] 42. c:\windows\system32\drivers\mwffze67.sys
mxdispdr
[A ] 43. c:\windows\system32\drivers\mxdispdr.sys
.text,.rdata,.data,INIT,.reloc,
npkcrypt
[A ] 44. c:\program files\tencent\qq\npkcrypt.sys
pdoxoi25
[A ] 45. c:\windows\system32\drivers\pdoxoi25.sys
pqubhd43
[A ] 46. c:\windows\system32\drivers\pqubhd43.sys
PxHelp20
[A ] 47. c:\windows\system32\drivers\pxhelp20.sys
Sonic Solutions
Px Engine Device Driver for Windows 2000/XP
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 48. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 49. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 50. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
sfdrv01
[A ] 51. c:\windows\system32\drivers\sfdrv01.sys
Protection Technology
StarForce Protection Environment Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
sfhlp02
[A ] 52. c:\windows\system32\drivers\sfhlp02.sys
Protection Technology
StarForce Protection Helper Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
sfsync03
[A ] 53. c:\windows\system32\drivers\sfsync03.sys
Protection Technology
StarForce Protection Synchronization Driver
.text,.rdata,.data,.sfsign1,PAGE,PAGEI,.sfinit,.rsrc,.sfreloc,
uhcjnu25
[A ] 54. c:\windows\system32\drivers\uhcjnu25.sys
wmgnif43
[A ] 55. c:\windows\system32\drivers\wmgnif43.sys
wtmuni32
[A ] 56. c:\windows\system32\drivers\wtmuni32.sys
WudfPf
[A ] 57. c:\windows\system32\drivers\wudfpf.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Platform Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,
WudfRd
[A ] 58. c:\windows\system32\drivers\wudfrd.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Reflector
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
+ 文件系统驱动
+ HKLM\System\CurrentControlSet\Services
boqqowar
[A ] 59. c:\windows\system32\drivers\boqqowar.sys
Yahoo! China Corporation
.text,.rdata,.data,INIT,.rsrc,.reloc,
hcalway
[A ] 60. c:\windows\system32\drivers\hcalway.sys
+ IE浏览器加载模块
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
{22F86F33-9CBB-49a8-BB12-CDBE51B4C294}
[A ] 62. c:\program files\ocins\srchsp.dll
中国互联网络信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{00000000-12C9-4305-82F9-43058F20E8D2}
[AM] 63. c:\program files\tencent\qqdownload\qqiehelper01.dll
腾讯公司
超级旋风下载组件
.text,.rdata,.data,.rsrc,.reloc,
{00000AAA-A363-466E-BEF5-9BB68697AA7F}
[AM] 64. d:\qijieshijie\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
{0005A87D-D626-4B3A-84F9-1D9571695F55}
[AM] 65. c:\windows\system32\xunleibho_v8.dll
xunleibho BHO
.text,.rdata,.data,.rsrc,.reloc,
{00C104F7-0F5C-470C-ABCF-A5B2E70752F1}
[AM] 66. c:\windows\system32\wcczixp.dll
Microsoft Corporation
lpk Module
.text,.rdata,.data,.rsrc,.reloc,
{11F09AFD-75AD-4E51-AB43-E09E9351CE16}
[AM] 67. c:\program files\common files\cpush\cpush0.dll
.text,.rdata,.data,.rsrc,.reloc,
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
[AM] 68. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll
金泰丰(广州)科技有限公司
Pctools Module
.text,.rdata,.data,.rsrc,.reloc,
{54EBD53A-9BC1-480B-966A-843A333CA162}
[AM] 69. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
{7605CC7C-00FD-4A5F-BAFD-828342DE6279}
[AM] 70. c:\program files\ocins\ieaux.dll
中国互联网络信息中心(CNNIC)
国际化域名解析模块
.text,.rdata,.data,Shared,.rsrc,.reloc,
{8973A5A5-B7CE-4193-8B39-FE020A2197D8}
[AM] 71. c:\windows\system32\wupdmgr.ocx
microsoft
.text,.rdata,.data,.rsrc,.reloc,
{95279A0A-B7FA-4877-9571-BF0F27F79272}
[AM] 72. c:\windows\system32\35a1.dll
TODO: <公司名>
TODO: <文件说明>
.text,.rdata,.data,.rsrc,.reloc,
{B9893324-6B8F-4C54-98A8-D22194403550}
[AM] 73. c:\windows\system32\sotools.dll
工作室
辅助搜索
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 74. c:\program files\ocins\config.exe
中国互联网络信息中心(CNNIC)
config
.text,.rdata,.data,.rsrc,
Exec
[A ] 75. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
sdfes8766 - 2007-8-26 17:23:00
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
text/xml
[A ] 76. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
mso-offdap
[A ] 77. c:\program files\common files\microsoft shared\web components\10\owc10.dll
Microsoft Corporation
Microsoft Office XP Web Components
.text,.data,.rtext,.bootdat,msoconst,Shared,.rsrc,.reloc,
mso-offdap11
[A ] 78. c:\program files\common files\microsoft shared\web components\11\owc11.dll
Microsoft Corporation
Microsoft Office Web Components 2003
.text,.data,.rtext,Shared,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
[A ] 79. c:\windows\system32\ieudinit.exe
Microsoft Corporation
IE Per User Active Setup Uninstall Utility
.text,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 80. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
IE Search Band
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
Shell DocObject Viewer
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Browser Architecture
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
InternetShortcut
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
Microsoft Url History Service
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
History
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
Temporary Internet Files
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
Temporary Internet Files
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
Microsoft Url Search Hook
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
The Internet
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
Internet Name Space
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
浏览器栏
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
IE Microsoft BrowserBand
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Fade Task
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Menu Desk Bar
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE AutoComplete
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Navigation Bar
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Menu Site
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Menu Band
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Microsoft History AutoComplete List
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Tracking Shell Menu
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE IShellFolderBand
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE BandProxy
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE MRU AutoComplete List
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE RSS Feeder Folder
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Microsoft Shell Folder AutoComplete List
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Microsoft Multiple AutoComplete List Container
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
Microsoft Browser Architecture
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Shell Rebar BandSite
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Shell Band Site Menu
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
&Links
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Registry Tree Options Utility
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE User Assist
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
IE Custom MRU AutoCompleted List
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
NvCpl DesktopContext Class
[AM] 82. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,.rsrc,.reloc,
Play on my TV helper
[AM] 82. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,.rsrc,.reloc,
Portable Media Devices
[A ] 83. c:\windows\system32\audiodev.dll
Microsoft Corporation
Portable Media Devices Shell Extension
.text,.data,.rsrc,.reloc,
Portable Devices
[A ] 84. c:\windows\system32\wpdshext.dll
Microsoft Corporation
Portable Devices Shell Extension
.text,.data,.rsrc,.reloc,
Portable Devices Menu
[A ] 84. c:\windows\system32\wpdshext.dll
Microsoft Corporation
Portable Devices Shell Extension
.text,.data,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 85. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 86. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
sdfes8766 - 2007-8-26 17:23:00
Web Folders
[A ] 87. c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
Microsoft Office Outlook Desktop Icon Handler
[A ] 88. c:\program files\microsoft office\office11\mlshext.dll
Microsoft Corporation
Microsoft Shell Extension Library
.text,.data,.rsrc,.reloc,
Microsoft Office Outlook Custom Icon Handler
[A ] 89. c:\program files\microsoft office\office11\olkfstub.dll
Microsoft Corporation
Outlook Shell Hook for Start/Find
.text,.data,.rsrc,.reloc,
Microsoft Office HTML Icon Handler
[AM] 90. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
Desktop Explorer
[AM] 91. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Desktop Explorer Menu
[AM] 91. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
nView Desktop Context Menu
[AM] 91. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
RISING
[AM] 92. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 92. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 93. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WPDShServiceObj
[AM] 94. c:\windows\system32\wpdshserviceobj.dll
Microsoft Corporation
Windows Portable Device Shell Service Object
.text,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TkBellExe
[AM] 95. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
Thunder
[A ] 96. c:\program files\thunder network\thunder\thundershell.exe
CODE,DATA,BSS,.idata,.tls,.rdata,.reloc,.rsrc,
DAEMON Tools-2052
[A ] 97. f:\新建文件夹 (5)\daemon.exe
DAEMON'S HOME
Virtual DAEMON Manager
.text,.rdata,.data,.rsrc,
WebThunder
[A ] 98. d:\qijieshijie\webthunder.exe
深圳市迅雷网络技术有限公司
Web 迅雷
.text,.rdata,.data,.rsrc,
System
[A ] 99. c:\program files\common files\system\updaterun.exe
.text,.rdata,.data,
RavTask
[A ] 100. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
IdnSvr
[AM] 101. c:\program files\ocins\idnsvr.exe
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,
tekcdke
[A ] 102. c:\program files\via\tekcdke.exe
.text,.rdata,.data,
MoveSearch
[A ] 103. c:\program files\huaci\huaci\zsearch.exe
中搜在线
划词搜索
.text,.rdata,.data,.rsrc,
runeip
[AM] 104. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 105. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 106. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
+ 映像劫持
+ HKCR\.html
htmlfile\Edit\Command
[A ] 107. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 107. c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 108. c:\program files\real\realplayer\realplay.exe
RealNetworks, Inc.
RealPlayer
.text,.rdata,.data,.rsrc,
+ 打印机监控
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Microsoft Document Imaging Writer Monitor
[AM] 109. c:\windows\system32\mdimon.dll
Microsoft Corporation
Microsoft? Document Imaging
.text,.data,.rsrc,.reloc,
+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
ycdgfg.lnk
[A ] 110. c:\program files\realtek\ycdgfgl.exe
.text,.rdata,.data,
+ C:\WINDOWS\Tasks
OJ8WRm.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
egaNJJZlwjMTg5HT2kz9B.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
h.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
qenNh2bj6rZi9wnEebTN4Y.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
NaHZCir.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
AkBefuOnxrKSVi.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
Ew8wQE5hDVjAK45KWpNjuk.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
OtQAbHsbeb.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
tbQPDo989k3KuOQTsFqDRehdbH3GEG.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
bhbhd9ZPZzNYCb.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
qa.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
Klcbv.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
2HC2o.job
[A ] 111. c:\windows\system32\zheekme.exe
.text,.rdata,.data,
+ 正在运行的进程
+ 0000023c(572) idnsvr.exe
00400000[00016000]
[AM] 101. c:\program files\ocins\idnsvr.exe
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
10000000[0002C000]
[ M] 113. c:\program files\ocins\idnsvr.dll
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
00C50000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
067C0000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000002a4(676) ctfmon.exe
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
10000000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000002c4(708) smss.exe
+ 00000314(788) csrss.exe
+ 0000032c(812) winlogon.exe
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 117. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01BD0000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
+ 00000358(856) services.exe
47260000[0000F000]
[ M] 118. c:\windows\apppatch\acadproc.dll
Microsoft Corporation
Windows Compatibility DLL
.text,.data,.rsrc,.reloc,
+ 00000364(868) lsass.exe
+ 00000400(1024) svchost.exe
+ 00000450(1104) svchost.exe
+ 000004c0(1216) svchost.exe
00D70000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
+ 0000051c(1308) svchost.exe
+ 00000548(1352) realsched.exe
00400000[0002F000]
[AM] 95. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
sdfes8766 - 2007-8-26 17:25:00
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
10000000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000059c(1436) svchost.exe
00800000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
+ 00000658(1624) rundll32.exe
10000000[00115000]
[ M] 119. c:\windows\system32\531.dll
Player 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
009F0000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
422B0000[005CB000]
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
01900000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000069c(1692) Explorer.EXE
00400000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
10000000[0001B000]
[AM] 92. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
00F20000[00011000]
[AM] 93. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
422B0000[005CB000]
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
07160000[0002F000]
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
164A0000[00023000]
[AM] 94. c:\windows\system32\wpdshserviceobj.dll
Microsoft Corporation
Windows Portable Device Shell Service Object
.text,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 117. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
109C0000[0002C000]
[ M] 120. c:\windows\system32\portabledevicetypes.dll
Microsoft Corporation
Windows Portable Device (Parameter) Types Component
.text,.orpc,.data,.rsrc,.reloc,
10930000[00049000]
[ M] 121. c:\windows\system32\portabledeviceapi.dll
Microsoft Corporation
Windows Portable Device API Components
.text,.orpc,.data,.rsrc,.reloc,
07C50000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
083B0000[00019000]
[AM] 64. d:\qijieshijie\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
081E0000[0000C000]
[AM] 65. c:\windows\system32\xunleibho_v8.dll
xunleibho BHO
.text,.rdata,.data,.rsrc,.reloc,
08490000[00022000]
[AM] 72. c:\windows\system32\35a1.dll
TODO: <公司名>
TODO: <文件说明>
.text,.rdata,.data,.rsrc,.reloc,
084C0000[00014000]
[AM] 73. c:\windows\system32\sotools.dll
工作室
辅助搜索
.text,.rdata,.data,.rsrc,.reloc,
60EA0000[0001B000]
[ M] 122. c:\program files\tencent\qq\qdshm.dll
QQDiskShellMenu Module
.text,.rdata,.data,.rsrc,.reloc,
08070000[0002C000]
[AM] 86. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
23700000[0001A000]
[ M] 123. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
0B080000[00747000]
[AM] 82. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,.rsrc,.reloc,
013C0000[00036000]
[ M] 124. c:\windows\system32\nvrszhc.dll
NVIDIA Corporation
NVIDIA Simplified Chinese language resource library
.rsrc,.reloc,
09B20000[00073000]
[AM] 91. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
+ 00000718(1816) spoolsv.exe
00AF0000[00008000]
[AM] 109. c:\windows\system32\mdimon.dll
Microsoft Corporation
Microsoft? Document Imaging
.text,.data,.rsrc,.reloc,
00B00000[00008000]
[ M] 125. c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
Microsoft Corporation
Microsoft? Document Imaging
.text,.data,.rsrc,.reloc,
+ 00000798(1944) runiep.exe
00400000[00013000]
[AM] 104. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
00C50000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000007bc(1980) RavStub.exe
00400000[00018000]
[AM] 105. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 126. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 123. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 0000095c(2396) ATKKBService.exe
01000000[0003E000]
[AM] 1. c:\windows\atkkbservice.exe
ASUSTeK COMPUTER INC.
ASUS Keyboard Service
.text,.data,.rsrc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
+ 00000988(2440) CIC~1.EXE
00400000[0001F000]
[AM] 2. c:\windows\system32\cic..exe
.text,.rdata,.data,.rsrc,
+ 00000994(2452) 5a541.exe
00400000[0001E000]
[AM] 3. c:\windows\system32\5a541.exe
.text,.rdata,.data,.rsrc,
+ 000009bc(2492) nvsvc32.exe
00400000[00027000]
[AM] 4. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 83.91
.text,.rdata,.data,.rsrc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
+ 000009dc(2524) rundll32.exe
10000000[000D2000]
[ M] 127. c:\windows\system32\els..cpl
mcsoft
动态链接库
.text,.rdata,.data,.rsrc,.reloc,
009F0000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
sdfes8766 - 2007-8-26 17:25:00
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
422B0000[005CB000]
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
00A00000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000b1c(2844) RUNDLLFOROUR.EXE
01000000[00004000]
[AM] 9. c:\windows\system32\rundllforour.exe
Microsoft Corporation
Run a DLL as an App
.text,.data,.rsrc,
10000000[0003A000]
[ M] 128. c:\windows\system32\wbem\xoxcf.dll
Microsoft Corporation
Microsoft irJIT Module
.data,.rsrc,.reloc,
00A60000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
+ 00000cf4(3316) winmm.exe
00400000[0001E000]
[AM] 10. c:\windows\system32\winmm.exe
.text,.rdata,.data,.rsrc,
+ 00000eac(3756) alg.exe
+ 0000c7b4(51124) IEXPLORE.EXE
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
422B0000[005CB000]
[AM] 61. c:\windows\system32\ieframe.dll
Microsoft Corporation
Internet Explorer
.text,.data,.rsrc,.reloc,
00D30000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
5DFF0000[0002F000]
[ M] 129. c:\windows\system32\ieui.dll
Microsoft Corporation
Internet Explorer UI Engine
.text,.data,.rsrc,.reloc,
47060000[00021000]
[ M] 130. c:\windows\system32\xmllite.dll
Microsoft Corporation
Microsoft XmlLite Library
.text,.data,.rsrc,.reloc,
325C0000[00012000]
[AM] 90. c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
10000000[0002F000]
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
3AD70000[0005D000]
[ M] 131. c:\program files\common files\microsoft shared\ime\shared2.0\mscand20.dll
Microsoft Corporation
Microsoft Candidate UI 9.0
.text,.data,.rsrc,.reloc,
61930000[0004A000]
[ M] 132. c:\program files\internet explorer\ieproxy.dll
Microsoft Corporation
IE ActiveX Interface Marshaling Library
.text,.orpc,.data,.rsrc,.reloc,
09410000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
09F30000[00037000]
[AM] 63. c:\program files\tencent\qqdownload\qqiehelper01.dll
腾讯公司
超级旋风下载组件
.text,.rdata,.data,.rsrc,.reloc,
09FA0000[00019000]
[AM] 64. d:\qijieshijie\webthunderbho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
09FE0000[0000C000]
[AM] 65. c:\windows\system32\xunleibho_v8.dll
xunleibho BHO
.text,.rdata,.data,.rsrc,.reloc,
09FF0000[00014000]
[AM] 66. c:\windows\system32\wcczixp.dll
Microsoft Corporation
lpk Module
.text,.rdata,.data,.rsrc,.reloc,
0A020000[0002C000]
[AM] 67. c:\program files\common files\cpush\cpush0.dll
.text,.rdata,.data,.rsrc,.reloc,
0A260000[0002C000]
[AM] 68. c:\documents and settings\all users\application data\microsoft\pctools\pctools.dll
金泰丰(广州)科技有限公司
Pctools Module
.text,.rdata,.data,.rsrc,.reloc,
617E0000[0002F000]
[AM] 69. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
0A3D0000[00057000]
[AM] 70. c:\program files\ocins\ieaux.dll
中国互联网络信息中心(CNNIC)
国际化域名解析模块
.text,.rdata,.data,Shared,.rsrc,.reloc,
0A540000[0002C000]
[ M] 113. c:\program files\ocins\idnsvr.dll
中国互联网信息中心(CNNIC)
国际化域名支持模块
.text,.rdata,.data,.rsrc,.reloc,
0A8A0000[00021000]
[AM] 71. c:\windows\system32\wupdmgr.ocx
microsoft
.text,.rdata,.data,.rsrc,.reloc,
0A8E0000[00022000]
[AM] 72. c:\windows\system32\35a1.dll
TODO: <公司名>
TODO: <文件说明>
.text,.rdata,.data,.rsrc,.reloc,
0A920000[00014000]
[AM] 73. c:\windows\system32\sotools.dll
工作室
辅助搜索
.text,.rdata,.data,.rsrc,.reloc,
42920000[00060000]
[ M] 133. c:\windows\system32\ieapfltr.dll
Microsoft Corporation
Microsoft Phishing Filter
.text,.data,.rsrc,.reloc,
0B4D0000[00019000]
[ M] 134. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 117. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
41E60000[00072000]
[ M] 135. c:\windows\system32\msfeeds.dll
Microsoft Corporation
Microsoft Feeds Manager
.text,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 136. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
+ 0000e248(57928) Ras.exe
00400000[0013F000]
[ M] 137. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
00380000[00009000]
[ M] 114. c:\windows\system32\normaliz.dll
Microsoft Corporation
Unicode Normalization DLL
.text,.data,.rsrc,.reloc,
41D50000[00045000]
[ M] 115. c:\windows\system32\iertutil.dll
Microsoft Corporation
Run time utility for Internet Explorer
.text,.data,.rsrc,.reloc,
10000000[000A3000]
[ M] 138. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
3B030000[000A9000]
[ M] 112. c:\windows\system32\imsc40a.ime
Microsoft Corporation
微软拼音输入法 2003
.text,.data,.rsrc,.reloc,
07130000[0001B000]
[ M] 116. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
07020000[0002F000]
[AM] 81. c:\windows\system32\shdocvw32.dll
Microsoft Corporation
Shell Doc Object and Control Library
.text,.rdata,.data,.rsrc,.reloc,
sdfes8766 - 2007-8-26 17:26:00
我发了 然后呢 应该怎么办
江湖医生 - 2007-11-19 9:10:00
Rootkit.AdProt.o 是一个插件写入的,是划词搜索和中搜,是一款恶意插件,其自带的_uninstall是一个没用的文件,其真正的卸载文件是mUin.exe,运行它输入机器码,大概过两分钟提示卸载成功,然后用360安全卫士查杀木马并清除,再用360的插件清理功能清理后,搞定,不懂的来问我QQ:3989983
1
© 2000 - 2026 Rising Corp. Ltd.