瑞星卡卡安全论坛
酷乐猫 - 2007-9-3 21:48:00
+ 注册表自运行项目
+ 系统服务
+ HKLM\System\CurrentControlSet\Services
27CDFFA4
[A ] 1. c:\windows\system32\bbd91abc.exe
Microsoft Corporation
.text,.rdata,.data,.rsrc,.aspack,.adata,
RsCCenter
[A ] 2. d:\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
RsRavMon
[A ] 3. d:\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
+ 内核驱动
+ HKLM\System\CurrentControlSet\Services
aeaudio
[A ] 4. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Andrea Audio Stub Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
BaseTDI
[A ] 5. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
bcm4sbxp
[A ] 6. c:\windows\system32\drivers\bcm4sbxp.sys
Broadcom Corporation
Broadcom Corporation NDIS 5.1 ethernet driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 7. d:\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookCont
[A ] 8. d:\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookReg
[A ] 9. d:\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
HookSys
[A ] 10. d:\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
MEMSCAN
[A ] 11. d:\rav\memscan.sys
Beijing Rising Technology Co., Ltd.
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
NPF
[A ] 12. c:\windows\system32\drivers\npf.sys
CACE Technologies
npf
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsAntiSpyware
[A ] 13. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
RsNTGDI
[A ] 14. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
RSPPSYS
[A ] 15. d:\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
Secdrv
[A ] 16. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
smwdm
[A ] 17. c:\windows\system32\drivers\smwdm.sys
Analog Devices, Inc.
SoundMAX Integrated Digital Audio
.text,_LTEXT,_PTEXT,.rdata,.data,_LDATA,_PDATA,.data1,.CRT,PAGE,PAGED,INIT,.rsrc,.reloc,
ZSMC301b
[A ] 18. c:\windows\system32\drivers\usbvm31b.sys
VM
Video streaming and Capture Device Driver
.text,.data,PAGECONS,INIT,.rsrc,.reloc,
[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAXTHON 2.0)附件:
935431200793213808.txt
酷乐猫 - 2007-9-3 21:49:00
+ IE浏览器加载模块
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 19. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
+ 资源管理器加载模块
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 20. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
RISING
[AM] 21. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
WinRAR shell extension
[AM] 22. d:\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 21. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 23. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
酷乐猫 - 2007-9-3 21:50:00
+ 用户登陆自运行项目
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDogPath
[AM] 24. c:\windows\vm_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
RavTask
[A ] 25. d:\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
msccrt
[A ] 26. c:\windows\msccrt.exe
UPX0,UPX1,.rsrc,
AVPSrv
[A ] 27. c:\windows\avpsrv.exe
UPX0,UPX1,.rsrc,
Kvsc3
[A ] 28. c:\windows\kvsc3.exe
UPX0,UPX1,.rsrc,
DiskMan32
[A ] 29. c:\windows\diskman32.exe
UPX0,UPX1,.rsrc,
runeip
[AM] 30. d:\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
mppds
[A ] 31. c:\windows\mppds.exe
.text,.rdata,.data,.rsrc,
WinForm
[A ] 32. c:\windows\winform.exe
UPX0,UPX1,.rsrc,
NVDispDrv
[A ] 33. c:\windows\nvdispdrv.exe
UPX0,UPX1,.rsrc,
cmdbcs
[A ] 34. c:\windows\cmdbcs.exe
UPX0,UPX1,.rsrc,
upxdnd
[A ] 35. c:\windows\upxdnd.exe
.text,.rdata,.data,.rsrc,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 36. d:\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
KKDelay
[A ] 37. d:\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
+ 开机执行
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 38. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
[A ] 39. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
酷乐猫 - 2007-9-3 21:52:00
+ 映像劫持
+ HKCR\.html
htmlfile\Maxthon\Command
[AM] 40. d:\maxthon2\maxthon.exe
Maxthon International ltd.
Maxthon Browser
.text,.rdata,.data,.rsrc,.reloc,
htmlfile\open\Command
[AM] 40. d:\maxthon2\maxthon.exe
Maxthon International ltd.
Maxthon Browser
.text,.rdata,.data,.rsrc,.reloc,
+ HKCR\.htm
htmlfile\Maxthon\Command
[AM] 40. d:\maxthon2\maxthon.exe
Maxthon International ltd.
Maxthon Browser
.text,.rdata,.data,.rsrc,.reloc,
htmlfile\open\Command
[AM] 40. d:\maxthon2\maxthon.exe
Maxthon International ltd.
Maxthon Browser
.text,.rdata,.data,.rsrc,.reloc,
+ 正在运行的进程
+ 000000f0(240) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000001c0(448) VM_STI.EXE
00400000[0000D000]
[AM] 24. c:\windows\vm_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
10000000[00035000]
[ M] 42. c:\windows\system32\vm31bprp.ax
Vimicro
DirectShow Extension Page
.text,.rdata,.data,.idata,.CRT,.rsrc,.reloc,
00D10000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
00D70000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
00D80000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00EA0000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
00CF0000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
00D60000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
00EB0000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
00EC0000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
003D0000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
00ED0000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
+ 0000024c(588) smss.exe
+ 000002a0(672) csrss.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000002b8(696) winlogon.exe
72C80000[00008000]
[ M] 53. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000002e8(744) services.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000002f4(756) lsass.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 00000384(900) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000003dc(988) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 0000045c(1116) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 000004a4(1188) runiep.exe
00400000[00013000]
[AM] 30. d:\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
00BF0000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
00D40000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
00D50000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
00D60000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
10000000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
00D30000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
00D70000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
酷乐猫 - 2007-9-3 21:52:00
00D80000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
00D20000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
00D90000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
+ 000004b0(1200) ctfmon.exe
10000000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
00AE0000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
00AF0000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00AA0000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
00AD0000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
00B00000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
00B10000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
00AB0000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
00B20000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
00B30000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
+ 000004c4(1220) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 00000544(1348) svchost.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 00000630(1584) Explorer.EXE
72C80000[00008000]
[ M] 53. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
015D0000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
10000000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 54. d:\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
00FA0000[0002C000]
[AM] 22. d:\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
01400000[0001B000]
[AM] 21. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
01EC0000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
01ED0000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
01EE0000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
01AE0000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
01AF0000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
01BA0000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
01FF0000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
019C0000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
019D0000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
+ 000006a0(1696) spoolsv.exe
10000000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 00000714(1812) RavStub.exe
00400000[00018000]
[AM] 36. d:\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 55. d:\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 54. d:\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
00990000[0000C000]
[ M] 41. c:\windows\system32\17c2d7ac.dll
Microsoft Corporation
.text,.rdata,.data,.rsrc,.reloc,
+ 0000075c(1884) conime.exe
10000000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
00B00000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
00B40000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
00B50000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00AF0000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
00B10000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
00B60000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
00B70000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
00B20000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
00B80000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
酷乐猫 - 2007-9-3 21:53:00
+ 000008f0(2288) Maxthon.exe
00400000[00303000]
[AM] 40. d:\maxthon2\maxthon.exe
Maxthon International ltd.
Maxthon Browser
.text,.rdata,.data,.rsrc,.reloc,
10000000[0000D000]
[ M] 56. d:\maxthon2\mxext.dll
.text,.rdata,.data,.reloc,
00380000[00017000]
[ M] 57. d:\maxthon2\mxpp.dll
Maxthon
.text,.rdata,.data,.rsrc,.reloc,
003A0000[00022000]
[ M] 58. d:\maxthon2\mxsk.dll
Maxthon
.text,.rdata,.data,.rsrc,.reloc,
00710000[000A0000]
[ M] 59. d:\maxthon2\mxproxy2.dll
MxProxy DLL
.text,.text1,.rdata,.data,.data1,.rsrc,.reloc,
003D0000[00026000]
[ M] 60. d:\maxthon2\imxwebboost.dll
Maxthon
IMxWebBoost
.text,.rdata,.data,.rsrc,.reloc,
007B0000[00063000]
[ M] 61. d:\maxthon2\mxdb.dll
.text,.rdata,.data,.reloc,
00820000[0002F000]
[ M] 62. d:\maxthon2\mxsafe.dll
Maxthon
MxSafe
.text,.rdata,.data,.rsrc,.reloc,
01C30000[0001E000]
[ M] 63. d:\maxthon2\mxfav.dll
Maxthon
.text,.rdata,.data,.rsrc,.reloc,
01C50000[00012000]
[ M] 64. d:\maxthon2\maxzlib.dll
zlib data compression library
.text,.rdata,.data,.rsrc,.reloc,
01F90000[00015000]
[ M] 65. d:\maxthon2\mxtool.dll
mxtool Module
.text,.rdata,.data,.rsrc,.reloc,
028A0000[00016000]
[ M] 66. d:\maxthon2\mxfeedu.dll
MxFeed DLL
.text,.rdata,.data,.rsrc,.reloc,
03160000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
019F0000[00019000]
[ M] 67. d:\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
72C80000[00008000]
[ M] 53. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
03290000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
05D40000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
05D50000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
03280000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
032A0000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
05D90000[0018D000]
[ M] 68. c:\windows\system32\macromed\flash\flash.ocx
Macromedia, Inc.
Macromedia Flash Player 6.0 r79
.text,.rdata,.data,.data1,.CRT,.rsrc,.reloc,
06830000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
06840000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
032B0000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
06850000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
+ 000009ac(2476) alg.exe
+ 00000a64(2660) RsLogVw.exe
00400000[0002C000]
[ M] 69. d:\rav\rslogvw.exe
Beijing Rising Technology Co., Ltd.
RsLogVw
.text,.rdata,.data,.rsrc,
10000000[0001B000]
[ M] 55. d:\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
26600000[0007D000]
[ M] 70. d:\rav\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
23800000[0001A000]
[ M] 71. d:\rav\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
23900000[00031000]
[ M] 72. d:\rav\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
23700000[0001A000]
[ M] 54. d:\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
0AAC0000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
13100000[0002E000]
[ M] 73. d:\rav\libload.dll
Beijing Rising Technology Co., Ltd.
LibLoad
.text,.rdata,.data,.rsrc,.reloc,
0BC90000[0002C000]
[ M] 74. d:\rav\viruslib.dll
Beijing Rising Technology Co., Ltd.
VirusLib
.text,.rdata,.data,.rsrc,.reloc,
0CB70000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
0CB80000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
0CB90000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
0AAF0000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
0AB30000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
0CBA0000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
0CBB0000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
0AB40000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
0CBC0000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
+ 00000e3c(3644) Ras.exe
00400000[0013F000]
[ M] 75. d:\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
10000000[000A3000]
[ M] 76. d:\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
01200000[0000B000]
[ M] 51. c:\windows\system32\msccrt.dll
.text,.rdata,.data,sdata,.reloc,
01260000[0000A000]
[ M] 52. c:\windows\system32\upxdnd.dll
.text,.rdata,.data,sdt,.reloc,
01270000[0000A000]
[ M] 50. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
01280000[00008000]
[ M] 49. c:\windows\system32\nvdispdrv.dll
.text,.rdata,.data,sdt,.reloc,
01400000[0000B000]
[ M] 48. c:\windows\system32\diskman32.dll
.text,.rdata,.data,sdata,.reloc,
01410000[0000A000]
[ M] 47. c:\windows\system32\avpsrv.dll
.text,.rdata,.data,sdt,.reloc,
01420000[0000A000]
[ M] 46. c:\windows\system32\kvsc3.dll
.text,.rdata,.data,sdt,.reloc,
01430000[00008000]
[ M] 44. c:\windows\system32\winform.dll
.text,.rdata,.data,sdt,.reloc,
01440000[0000A000]
[ M] 45. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
01450000[0001B000]
[ M] 43. d:\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
02AA0000[0001B000]
[AM] 21. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
02AD0000[00011000]
[AM] 23. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
02680000[0002F000]
[ M] 77. d:\antispyware\engine.dll
Beijing Rising Technology Co., Ltd.
kaka engine
.text,.rdata,.data,.rsrc,.reloc,
026B0000[00012000]
[ M] 78. d:\antispyware\zip.dll
rising
zip
UPX0,UPX1,.rsrc,
01EB0000[00019000]
[ M] 67. d:\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
1
© 2000 - 2026 Rising Corp. Ltd.