瑞星卡卡安全论坛
无知的男孩 - 2007-9-3 11:11:00
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
NVSvc
[AM] 1. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 101.02
.text,.rdata,.data,CONST,.rsrc,
RfwProxySrv
[A ] 2. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
RfwService
[A ] 3. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
RsCCenter
[A ] 4. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 5. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 6. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 7. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HdAudAddService
[A ] 8. c:\windows\system32\drivers\hdaudio.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Function Driver v1.0
.text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
HDAudBus
[A ] 9. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
HookCont
[A ] 10. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 11. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 12. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookUrl
[A ] 13. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
IntcAzAudAddService
[A ] 14. c:\windows\system32\drivers\rtkhdaud.sys
Realtek Semiconductor Corp.
Realtek(r) High Definition Audio Function Driver
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 15. c:\program files\rising\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
mProcRs
[A ] 16. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 17. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsFwDrv
[A ] 18. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
无知的男孩 - 2007-9-3 11:12:00
RsNTGDI
[A ] 19. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 20. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 21. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
SMBios
[A ] 22. c:\windows\system32\drivers\smbios.sys
Intel Corporation
Intel(R) System Management BIOS Driver
.text,.data,.CRT,.STL,PAGE,INIT,.rsrc,.reloc,
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[AM] 23. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 24. c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
AcroIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
[AM] 25. c:\program files\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
{F156768E-81EF-470C-9057-481BA8380DBA}
[AM] 26. c:\program files\flashget\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 27. c:\program files\flashget\flashget.exe
FlashGet.com
FlashGet
.text,.rdata,.data,.rsrc,
Exec
[A ] 28. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 29. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
RISING
[AM] 30. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 31. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
NvCpl DesktopContext Class
[A ] 32. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,CONST,.rsrc,.reloc,
Play on my TV helper
[A ] 32. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,CONST,.rsrc,.reloc,
Desktop Explorer
[A ] 33. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
Desktop Explorer Menu
[A ] 33. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
nView Desktop Context Menu
[A ] 33. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 30. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[A ] 34. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
High Definition Audio 属性页快捷方式
[A ] 35. c:\windows\system32\hdaudpropshortcut.exe
Windows (R) Server 2003 DDK provider
High Definition Audio Property Page Shortcut v1.0
.text,.data,.rsrc,
无知的男孩 - 2007-9-3 11:12:00
SoundMan
[AM] 36. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.rsrc,
AlcWzrd
[AM] 37. c:\windows\alcwzrd.exe
RealTek Semicoductor Corp.
RealTek AlcWzrd Application
.text,.data,.tls,.rdata,.idata,.edata,.rsrc,.reloc,
Alcmtr
[A ] 38. c:\windows\alcmtr.exe
Realtek Semiconductor Corp.
Realtek AC97 Audio - Event Monitor
.text,.rdata,.data,.rsrc,
RavTask
[A ] 39. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
RfwMain
[A ] 40. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
runeip
[AM] 41. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
nwiz
[A ] 42. c:\windows\system32\nwiz.exe
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
KKDelay
[A ] 43. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 44. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 45. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
+ 正在运行的进程
+ 000000a4(164) alg.exe
+ 0000010c(268) wscntfy.exe
10000000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000001b8(440) smss.exe
+ 000001f8(504) csrss.exe
+ 00000210(528) winlogon.exe
72C80000[00008000]
[ M] 47. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
+ 0000023c(572) services.exe
+ 00000248(584) lsass.exe
+ 000002e4(740) svchost.exe
+ 00000314(788) svchost.exe
+ 0000034c(844) svchost.exe
+ 00000368(872) ALCWZRD.EXE
00400000[00277000]
[AM] 37. c:\windows\alcwzrd.exe
RealTek Semicoductor Corp.
RealTek AlcWzrd Application
.text,.data,.tls,.rdata,.idata,.edata,.rsrc,.reloc,
10000000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000374(884) svchost.exe
+ 0000037c(892) SOUNDMAN.EXE
00400000[00013000]
[AM] 36. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.rsrc,
无知的男孩 - 2007-9-3 11:13:00
10000000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000003a0(928) svchost.exe
+ 00000464(1124) taskmgr.exe
10000000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 000004b4(1204) spoolsv.exe
+ 00000540(1344) nvsvc32.exe
00400000[0002D000]
[AM] 1. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 101.02
.text,.rdata,.data,CONST,.rsrc,
009C0000[00054000]
[ M] 48. c:\windows\system32\nvapi.dll
NVIDIA Corporation
NVIDIA NVAPI Library, Version 101.02
.text,.rdata,.data,.idata,.rsrc,.reloc,
+ 00000648(1608) ctfmon.exe
10000000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000660(1632) RUNDLL32.EXE
10000000[00016000]
[ M] 49. c:\windows\system32\nvmctray.dll
NVIDIA Corporation
NVIDIA Media Center Library
.text,.rdata,.data,.rsrc,.reloc,
00AC0000[00054000]
[ M] 48. c:\windows\system32\nvapi.dll
NVIDIA Corporation
NVIDIA NVAPI Library, Version 101.02
.text,.rdata,.data,.idata,.rsrc,.reloc,
00BA0000[00037000]
[ M] 50. c:\windows\system32\nvrszhc.dll
NVIDIA Corporation
NVIDIA Simplified Chinese language resource library
.rsrc,.reloc,
00B70000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 0000070c(1804) Explorer.EXE
10000000[0001B000]
[AM] 30. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
01190000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 47. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
01830000[0002B000]
[AM] 31. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
23700000[0001A000]
[ M] 51. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000cbc(3260) Ras.exe
00400000[0013F000]
[ M] 52. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 53. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01260000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000e0c(3596) RavStub.exe
00400000[00018000]
[ M] 54. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 55. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 51. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000f28(3880) runiep.exe
00400000[00013000]
[AM] 41. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00C40000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
+ 00000f50(3920) iexplore.exe
10000000[00057000]
[AM] 23. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
06ED0000[00008000]
[AM] 24. c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
AcroIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
06F30000[00011000]
[AM] 25. c:\program files\flashget\jccatch.dll
www.flashget.com
Flashget CatchUrl Module
.text,.rdata,.data,.rsrc,.reloc,
06F50000[00021000]
[AM] 26. c:\program files\flashget\getflash.dll
www.flashget.com
Flashget GetFlash Module
.text,.rdata,.data,.rsrc,.reloc,
07DE0000[0001B000]
[ M] 46. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
08690000[00019000]
[ M] 56. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
30000000[002EE000]
[ M] 57. c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 47. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
Enao2005 - 2007-9-3 11:15:00
没看出什么问题
扫SRENG日志
无知的男孩 - 2007-9-3 11:18:00
我现在刚删了一堆毒 但现在还能找到那些文件 这个是不是一重起还会出毒啊
两个铁球 - 2007-9-3 12:40:00
这种日志没人理的。
盖世爱 - 2007-9-3 12:44:00
http://forum.ikaka.com/topic.asp?board=28&artid=8362073
1
© 2000 - 2026 Rising Corp. Ltd.