瑞星卡卡电脑诊断日志 v1.30 (2008-6-24 11:45:29) 北京瑞星科技股份有限公司 注释: [A]表示该文件存在自启动关联; [M]表示该文件在内存中; + 注册表自运行项目 + 系统服务 + HKLM\System\CurrentControlSet\Services ccosm [AM] 1. f:\baofeng\stormliv.exe 北京暴风网际科技有限公司 暴风影音媒体控制中心 .text,.rdata,.data,.rsrc, HotspotShieldService [AM] 2. e:\新建文件夹 (2)\hotspot shield\bin\openvpnas.exe .text,.data,.rdata,.bss,.idata, IPRIP [AM] 3. c:\windows\icpb.dll .text,.rdata,.data,.reloc, Irmon [AM] 4. c:\windows\system32\irmon64.dll Microsoft Corporation Microsoft RIP for Internet Protocol .text,.rdata,.data,.rsrc,.reloc, RsCCenter [AM] 5. f:\rising\rav\ccenter.exe Beijing Rising Technology Co., Ltd. CCenter .text,.rdata,.data,.rsrc, RsRavMon [AM] 6. f:\rising\rav\ravmond.exe Beijing Rising Technology Co., Ltd. Rising Realtime Moniter .text,.rdata,.data,.rsrc, WbWin [AM] 7. c:\windows\avtapit.dll Microsoft Corporation Advanced Windows 32 Base API .text,.rdata,.data,.rsrc,.reloc, + 内核驱动 + HKLM\System\CurrentControlSet\Services ALCXSENS [A ] 8. c:\windows\system32\drivers\alcxsens.sys Sensaura Ltd Sensaura WDM 3D Audio Driver .text,page,init,.data,init,INIT,.rsrc,.reloc, ALCXWDM [A ] 9. c:\windows\system32\drivers\alcxwdm.sys Realtek Semiconductor Corp. Realtek AC'97 Audio Driver (WDM) .text,.rdata,.data,.CRT,.data1,PAGE,INIT,.rsrc,.reloc, apcdli [A ] 10. c:\program files\microsoft office\system\apcdli.sys .text,.rdata,.data,INIT,.reloc, b8925f9cb1142729 [A ] 11. c:\b8925f9cb1142729.dat c16dfee0024fb8d7 [A ] 12. c:\c16dfee0024fb8d7.dat cFosSpeed [A ] 13. c:\windows\system32\drivers\cfosspeed.sys e279b5dca586be6a [A ] 14. c:\e279b5dca586be6a.dat fifgggdd [A ] 15. c:\windows\system32\drivers\fifgggdd.sys fn561ti [A ] 16. c:\windows\system32\drivers\fn561ti.sys File System Driver .text,.data,PAGE,INIT,.rsrc,.reloc, HOOKAPI [A ] 17. c:\program files\rising\rav\hookapi.sys HookCont [A ] 18. c:\windows\system32\drivers\hookcont.sys Beijing Rising Technology Co., Ltd HookCont .text,.rdata,.data,INIT,.rsrc,.reloc, HookNtos [A ] 19. c:\windows\system32\drivers\hookntos.sys Beijing Rising Technology Co., Ltd HookNtos .text,.rdata,.data,INIT,.rsrc,.reloc, HookReg [A ] 20. c:\windows\system32\drivers\hookreg.sys Beijing Rising Technology Co., Ltd HookReg .text,.rdata,.data,INIT,.rsrc,.reloc, HookSys [A ] 21. c:\windows\system32\drivers\hooksys.sys Beijing Rising Technology Co., Ltd Hooksys .text,.rdata,.data,INIT,.rsrc,.reloc, New0 [A ] 22. c:\windows\system32\new.sys .text,.rdata,INIT,.reloc, ntptdb [A ] 23. c:\documents and settings\all users\application data\microsoft\office\system\ntptdb.sys .text,.rdata,.data,INIT,.reloc, opw0e04fke [A ] 24. c:\windows\system32\drivers\opw0e04fke.sys .text,.data,PAGE,INIT,.reloc, RsAntiSpyware [A ] 25. c:\windows\system32\drivers\rsboot.sys Beijing Rising Technology Co., Ltd. Anti-RootKit Driver .text,.rdata,.data,INIT,.rsrc,.reloc, RsNTGDI [A ] 26. c:\windows\system32\drivers\rsntgdi.sys Beijing Rising Technology Co., Ltd. RsNTGDI .text,.rdata,INIT,.rsrc,.reloc, Secdrv [A ] 27. c:\windows\system32\drivers\secdrv.sys Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. Macrovision SECURITY Driver .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc, SISAGP [A ] 28. c:\windows\system32\drivers\sisagpx.sys Silicon Integrated Systems Corporation SiS AGPv3.5 Filter .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc, tapvpn [A ] 29. c:\windows\system32\drivers\tapvpn.sys The OpenVPN Project TAP-Win32 Virtual Network Driver .text,.rdata,.data,INIT,.rsrc,.reloc, TesSafe [A ] 30. c:\windows\system32\tessafe.sys TENCENT TesSafe NT Driver .text,.rdata,.data,INIT,.rsrc,.reloc, XDva157 [A ] 31. c:\windows\system32\xdva157.sys + IE浏览器加载模块 + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [A ] 32. c:\windows\system32\kakatool.dll Beijing Rising Technology Co., Ltd. Rising AntiSpyware Toolbar .text,.rdata,.data,MonitorS,.rsrc,.reloc, {c95a4e8e-816d-4655-8c79-d736da1adb6d} [AM] 33. c:\program files\hotspot_shield\tbhot0.dll Conduit Ltd. Conduit Toolbar .text,.rdata,.data,.rsrc,.reloc, + HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks {c95a4e8e-816d-4655-8c79-d736da1adb6d} [AM] 33. c:\program files\hotspot_shield\tbhot0.dll Conduit Ltd. Conduit Toolbar .text,.rdata,.data,.rsrc,.reloc, + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {01443AEC-0FD1-40fd-9C87-E93D1494C233} [AM] 34. f:\thunder\comdlls\tdatonce_now.dll Thunder Networking Technologies,LTD 迅雷浏览器高级特性支持模块 .text,.rdata,.data,.rsrc,.reloc, {889D2FEB-5411-4565-8998-1DD2C5261283} [AM] 35. f:\thunder\comdlls\xunleibho_now.dll Thunder Networking Technologies,LTD XunLeiBHO .text,.rdata,.data,.rsrc,.reloc, {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} [AM] 36. c:\documents and settings\all users\application data\microsoft\office\userdata\webbrowser_2048.dll ,,,.rsrc,,,.data,.adata, {c95a4e8e-816d-4655-8c79-d736da1adb6d} [AM] 33. c:\program files\hotspot_shield\tbhot0.dll Conduit Ltd. Conduit Toolbar .text,.rdata,.data,.rsrc,.reloc, {EB2ECF2E-81B1-4D2C-9553-3DF0CCB52A09} [AM] 37. c:\windows\thunderatone.dll Thunder Networking Technologies,LTD 迅雷浏览器高级特性支持模块 UPX0,UPX1,.rsrc, + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Exec [A ] 38. f:\thunder\thunder.exe Thunder Networking Technologies,LTD .text,.rdata,.data,.rsrc, Exec [A ] 39. c:\windows\network diagnostic\xpnetdiag.exe Microsoft Corporation Network Diagnostic for Windows XP .text,.data,.rsrc, Exec [A ] 40. c:\program files\messenger\msmsgs.exe Microsoft Corporation Windows Messenger .text,.data,.rsrc, + 资源管理器加载模块 + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved RISING [AM] 41. c:\windows\system32\ravext.dll Beijing Rising Technology Co., Ltd. Rising Shell Ext Module .text,.rdata,.data,.rsrc,.reloc, + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {32CD708B-60A7-4C00-9377-D73EAA495F0F} [AM] 41. c:\windows\system32\ravext.dll Beijing Rising Technology Co., Ltd. Rising Shell Ext Module .text,.rdata,.data,.rsrc,.reloc, {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A} [AM] 42. c:\windows\system32\shlhook.dll Beijing Rising Technology Co., Ltd. shlhook Module .text,.rdata,.data,.rsrc,.reloc, + 用户登陆自运行项目 + HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATIModeChange [A ] 43. c:\windows\system32\ati2mdxx.exe ATI Technologies, Inc. ATI 2D Mode component .text,.rdata,.data,.rsrc, ATIPTA [AM] 44. c:\program files\ati technologies\ati control panel\atiptaxx.exe ATI Technologies, Inc. ATI Desktop Control Panel .text,.rdata,.data,.rsrc, TkBellExe [AM] 45. c:\program files\common files\real\update_ob\realsched.exe RealNetworks, Inc. RealNetworks Scheduler .text,.rdata,.data,.rsrc, HotKey [AM] 46. c:\windows\wasay\hotkey.exe .text,.rdata,.data, ItMonitor [A ] 47. c:\windows\wasay\monitor.exe .text,.rdata,.data, RavTask [AM] 48. f:\rising\rav\ravtask.exe Beijing Rising Technology Co., Ltd. RavTimer .text,.rdata,.data,.rsrc, runeip [AM] 49. f:\kaka\runiep.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware Monitor .text,.rdata,.data,.rsrc, + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce KKDelay [A ] 50. f:\kaka\runonce.exe Beijing Rising Technology Co., Ltd. RunOnce Application .text,.rdata,.data,.rsrc, + 开机执行 + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order BootExecute [A ] 51. c:\windows\system32\bsmain.exe Beijing Rising Technology Co., Ltd. Rising Antivirus 2008 .text,.rdata,.data,.rsrc,.reloc, [A ] 52. c:\windows\system32\kknative.exe Beijing Rising Technology Co., Ltd. NativeAp .text,.data,.rsrc,.reloc, + 映像劫持 + HKCR\.html htmlfile\Edit\Command [A ] 53. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, htmlfile\Print\Command [A ] 53. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, + HKCR\.htm htmlfile\Edit\Command [A ] 53. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, htmlfile\Print\Command [A ] 53. c:\program files\microsoft office\office\msohtmed.exe Microsoft Corporation Microsoft Office 2000 component .text,.data,.idata,.rsrc, + 正在运行的进程 + 00000104(260) Explorer.EXE 10000000[0001C000] [AM] 41. c:\windows\system32\ravext.dll Beijing Rising Technology Co., Ltd. Rising Shell Ext Module .text,.rdata,.data,.rsrc,.reloc, 00FD0000[00011000] [AM] 42. c:\windows\system32\shlhook.dll Beijing Rising Technology Co., Ltd. shlhook Module .text,.rdata,.data,.rsrc,.reloc, 026A0000[00042000] [ M] 54. c:\windows\system32\systemdrv.dll ,,,.rsrc,,,.data,.adata, 72C80000[00008000] [ M] 55. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 03750000[00029000] [ M] 56. c:\program files\winrar\rarext.dll .text,.data,.tls,.idata,.edata,.rsrc,.reloc, + 00000298(664) smss.exe + 000002f0(752) csrss.exe + 00000308(776) winlogon.exe 72C80000[00008000] [ M] 55. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, + 00000334(820) services.exe 46040000[0000F000] [ M] 57. c:\windows\apppatch\acadproc.dll Microsoft Corporation Windows Compatibility DLL .text,.data,.rsrc,.reloc, + 00000340(832) lsass.exe + 000003d0(976) svchost.exe + 000003d8(984) atiptaxx.exe 00400000[00054000] [AM] 44. c:\program files\ati technologies\ati control panel\atiptaxx.exe ATI Technologies, Inc. ATI Desktop Control Panel .text,.rdata,.data,.rsrc, 10000000[00017000] [ M] 58. c:\program files\ati technologies\ati control panel\atrpuixx.chs ATI Technologies, Inc. ATI Desktop Control Panel .rsrc,.reloc, 00960000[0003B000] [ M] 59. c:\program files\ati technologies\ati control panel\atipdsxx.dll ATI Technologies, Inc. ATI Desktop Control Panel .text,.rdata,.data,.sdata,.rsrc,.reloc, 00BF0000[00013000] [ M] 60. c:\program files\ati technologies\ati control panel\atipdxxx.dll ATI Technologies, Inc. ATI Desktop Control Panel .text,.rdata,.data,.rsrc,.reloc, + 00000400(1024) svchost.exe + 00000428(1064) CCenter.exe 00400000[00029000] [AM] 5. f:\rising\rav\ccenter.exe Beijing Rising Technology Co., Ltd. CCenter .text,.rdata,.data,.rsrc, + 00000438(1080) svchost.exe 10000000[0000A000] [AM] 3. c:\windows\icpb.dll .text,.rdata,.data,.reloc, 011E0000[0000D000] [AM] 4. c:\windows\system32\irmon64.dll Microsoft Corporation Microsoft RIP for Internet Protocol .text,.rdata,.data,.rsrc,.reloc, 02670000[00012000] [AM] 7. c:\windows\avtapit.dll Microsoft Corporation Advanced Windows 32 Base API .text,.rdata,.data,.rsrc,.reloc, + 0000044c(1100) realsched.exe 00400000[00027000] [AM] 45. c:\program files\common files\real\update_ob\realsched.exe RealNetworks, Inc. RealNetworks Scheduler .text,.rdata,.data,.rsrc, + 00000464(1124) svchost.exe + 0000046c(1132) HOTKEY.EXE 00400000[00006000] [AM] 46. c:\windows\wasay\hotkey.exe .text,.rdata,.data, 10000000[0000A000] [ M] 61. c:\windows\wasay\hook.dll .text,.rdata,.data,.HookSha,.rsrc,.reloc, + 00000484(1156) ctfmon.exe + 00000490(1168) RavTask.exe 00400000[00034000] [AM] 48. f:\rising\rav\ravtask.exe Beijing Rising Technology Co., Ltd. RavTimer .text,.rdata,.data,.rsrc, 10000000[0001F000] [ M] 62. f:\rising\rav\proccom.dll Beijing Rising Technology Co., Ltd. ProcessC Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00940000[00024000] [ M] 63. f:\rising\rav\rscommx2.dll Beijing Rising Technology Co., Ltd. RsCommX2 .text,.rdata,.data,.rsrc,.reloc, 23700000[00028000] [ M] 64. f:\rising\rav\rscommon.dll Beijing Rising Technology Co., Ltd. Rising Common Function Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00BA0000[0000E000] [ M] 65. f:\rising\rav\rsappmgr.dll Beijing Rising Technology Co., Ltd. Rising Application Manager .text,.rdata,.data,.rsrc,.reloc, 08BC0000[00030000] [ M] 66. f:\rising\rav\cfgdll.dll Beijing Rising Technology Co., Ltd. CfgDll .text,.rdata,.data,.rsrc,.reloc, + 000004a4(1188) runiep.exe 00400000[00020000] [AM] 49. f:\kaka\runiep.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware Monitor .text,.rdata,.data,.rsrc, 7C140000[00103000] [ M] 67. f:\kaka\mfc71.dll Microsoft Corporation MFCDLL Shared Library - Retail Version .text,.data,.rsrc,.reloc, 7C340000[00056000] [ M] 68. f:\kaka\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, + 000004b0(1200) Ravmon.exe 00400000[00067000] [ M] 69. f:\rising\rav\ravmon.exe Beijing Rising Technology Co., Ltd. Rising realtime monitor shell .text,.rdata,.data,.rsrc, 7C140000[00103000] [ M] 70. c:\windows\system32\mfc71.dll Microsoft Corporation MFCDLL Shared Library - Retail Version .text,.data,.rsrc,.reloc, 7C340000[00056000] [ M] 71. c:\windows\system32\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, 7C3A0000[0007B000] [ M] 72. c:\windows\system32\msvcp71.dll Microsoft Corporation Microsoft? C++ Runtime Library .text,.rdata,.data,.rsrc,.reloc, 10000000[0001F000] [ M] 62. f:\rising\rav\proccom.dll Beijing Rising Technology Co., Ltd. ProcessC Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00A30000[00024000] [ M] 63. f:\rising\rav\rscommx2.dll Beijing Rising Technology Co., Ltd. RsCommX2 .text,.rdata,.data,.rsrc,.reloc, 23700000[00028000] [ M] 64. f:\rising\rav\rscommon.dll Beijing Rising Technology Co., Ltd. Rising Common Function Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00C80000[00035000] [ M] 73. f:\rising\rav\recomp.dll Beijing Rising Technology Co., Ltd. component manager Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00CD0000[00036000] [ M] 74. f:\rising\rav\refs.dll Beijing Rising Technology Co., Ltd. filesystem Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00F30000[0002F000] [ M] 75. f:\rising\rav\viruslib.dll Beijing Rising Technology Co., Ltd. VirusLib Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01070000[00028000] [ M] 76. f:\rising\rav\relibldr.dll Beijing Rising Technology Co., Ltd. libloader Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 010F0000[0000E000] [ M] 65. f:\rising\rav\rsappmgr.dll Beijing Rising Technology Co., Ltd. Rising Application Manager .text,.rdata,.data,.rsrc,.reloc, 01110000[00030000] [ M] 66. f:\rising\rav\cfgdll.dll Beijing Rising Technology Co., Ltd. CfgDll .text,.rdata,.data,.rsrc,.reloc, 01270000[00075000] [ M] 77. f:\rising\rav\monrule.dll Beijing Rising Technology Co., Ltd. MonRule .text,.rdata,.data,.rsrc,.reloc, 23900000[00040000] [ M] 78. f:\rising\rav\pngdll.dll Beijing Rising Technology Co., Ltd. Rising .Png File Loader Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 26600000[000B8000] [ M] 79. f:\rising\rav\rsguilib.dll Beijing Rising Technology Co., Ltd. Rising GUI Library Loader .text,.rdata,.data,.rsrc,.reloc, 23800000[00018000] [ M] 80. f:\rising\rav\rsxml.dll Beijing Rising Technology Co., Ltd. RsXML .text,.rdata,.data,.rsrc,.reloc, + 000004c0(1216) svchost.exe + 000004f0(1264) ravmond.exe 00400000[00069000] [AM] 6. f:\rising\rav\ravmond.exe Beijing Rising Technology Co., Ltd. Rising Realtime Moniter .text,.rdata,.data,.rsrc, 10000000[00042000] [ M] 81. f:\rising\rav\bwlist.dll Beijing Rising Technology Co., Ltd. BWList DLL .text,.rdata,.data,.rsrc,.reloc, 7C140000[00103000] [ M] 70. c:\windows\system32\mfc71.dll Microsoft Corporation MFCDLL Shared Library - Retail Version .text,.data,.rsrc,.reloc, 7C340000[00056000] [ M] 71. c:\windows\system32\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, 7C3A0000[0007B000] [ M] 72. c:\windows\system32\msvcp71.dll Microsoft Corporation Microsoft? C++ Runtime Library .text,.rdata,.data,.rsrc,.reloc, 00A30000[0000E000] [ M] 65. f:\rising\rav\rsappmgr.dll Beijing Rising Technology Co., Ltd. Rising Application Manager .text,.rdata,.data,.rsrc,.reloc, 00A50000[00030000] [ M] 66. f:\rising\rav\cfgdll.dll Beijing Rising Technology Co., Ltd. CfgDll .text,.rdata,.data,.rsrc,.reloc, 00CF0000[00067000] [ M] 82. f:\rising\rav\rslog.dll Beijing Rising Technology Co., Ltd. RsLog DLL .text,.rdata,.data,.rsrc,.reloc, 00A90000[0001F000] [ M] 62. f:\rising\rav\proccom.dll Beijing Rising Technology Co., Ltd. ProcessC Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00D60000[00024000] [ M] 63. f:\rising\rav\rscommx2.dll Beijing Rising Technology Co., Ltd. RsCommX2 .text,.rdata,.data,.rsrc,.reloc, 00DA0000[00075000] [ M] 77. f:\rising\rav\monrule.dll Beijing Rising Technology Co., Ltd. MonRule .text,.rdata,.data,.rsrc,.reloc, 00E30000[00013000] [ M] 83. f:\rising\rav\hooksys.dll Beijing Rising Technology Co., Ltd Hooksys Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00F90000[00013000] [ M] 84. f:\rising\rav\hookreg.dll Beijing Rising Technology Co., Ltd HookReg Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00FF0000[00013000] [ M] 85. f:\rising\rav\hookntos.dll Beijing Rising Technology Co., Ltd SysMon Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01050000[0001C000] [ M] 86. f:\rising\rav\rswalmon.dll Beijing Rising Technology Co., Ltd. Rising WAL Monitor DLL .text,.rdata,.data,.rsrc,.reloc, 01E80000[00035000] [ M] 73. f:\rising\rav\recomp.dll Beijing Rising Technology Co., Ltd. component manager Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01ED0000[00036000] [ M] 74. f:\rising\rav\refs.dll Beijing Rising Technology Co., Ltd. filesystem Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01F20000[00023000] [ M] 87. f:\rising\rav\ffr.dll Beijing Rising Technology Co., Ltd. ffr Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01F60000[00020000] [ M] 88. f:\rising\rav\rsstore.dll Beijing Rising Technology Co., Ltd. RSStore .text,.rdata,.data,.rsrc,.reloc, 01F90000[00013000] [ M] 89. f:\rising\rav\hookcont.dll Beijing Rising Technology Co., Ltd HookCont Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 01FC0000[00027000] [ M] 90. f:\rising\rav\fakescan.dll Beijing Rising Technology Co., Ltd. FakeScan Module .text,.rdata,.data,.rsrc,.reloc, 02000000[00022000] [ M] 91. f:\rising\rav\scanner.dll Beijing Rising Technology Co., Ltd. RsScanner Module .text,.rdata,.data,.rsrc,.reloc, 02640000[0002F000] [ M] 75. f:\rising\rav\viruslib.dll Beijing Rising Technology Co., Ltd. VirusLib Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 02780000[00028000] [ M] 76. f:\rising\rav\relibldr.dll Beijing Rising Technology Co., Ltd. libloader Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 02E70000[0000D000] [ M] 92. f:\rising\rav\hookweb.dll Beijing Rising Technology Co., Ltd. Rising HookWeb Dll .text,.rdata,.data,.rsrc,.reloc, 03C00000[00021000] [ M] 93. f:\rising\rav\nvfile.dll Beijing Rising Technology Co., Ltd. NVFile .text,.rdata,.data,.rsrc,.reloc, 13AB0000[0004A000] [ M] 94. f:\rising\rav\scanexec.dll Beijing Rising Technology Co., Ltd. ScanExec .text,.rdata,.data,.rsrc,.reloc, 060B0000[002DC000] [ M] 95. f:\rising\rav\unexe.dll Beijing Rising Technology Co., Ltd. UnExe .text,.rdata,.data,.rsrc,.reloc, 04650000[000CD000] [ M] 96. f:\rising\rav\scanex.dll Beijing Rising Technology Co., Ltd. ScanEx .text,.rdata,.data,.rsrc,.reloc, 06390000[000DC000] [ M] 97. f:\rising\rav\extfile.dll Beijing Rising Technology Co., Ltd. extFile Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 02A20000[00027000] [ M] 98. f:\rising\rav\pearc.dll Beijing Rising Technology Co., Ltd. pearchive Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 068D0000[00036000] [ M] 99. f:\rising\rav\scanpack.dll Beijing Rising Technology Co., Ltd. Unpack Engine .text,.rdata,.data,.rsrc,.reloc, 06910000[000B4000] [ M] 100. f:\rising\rav\revm.dll Beijing Rising Technology Co., Ltd. REVM Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 06AF0000[00020000] [ M] 101. f:\rising\rav\urutils.dll urutils Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 06B20000[00018000] [ M] 102. f:\rising\rav\ur000.dat Beijing Rising Technology Co., Ltd. Unpack Routine .text,.rdata,.data,.rsrc,.reloc, 07BF0000[00036000] [ M] 103. f:\rising\rav\scriptci.dll Beijing Rising Technology Co., Ltd. scriptci Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 07C40000[0001D000] [ M] 104. f:\rising\rav\ur001.dat Beijing Rising Technology Co., Ltd. Unpack Routine .text,.rdata,.data,.rsrc,.reloc, 07C70000[000F3000] [ M] 105. f:\rising\rav\uroutine.dll Beijing Rising Technology Co., Ltd. Unpack Routine .text,.rdata,.data,.rsrc,.reloc, 04350000[00017000] [ M] 106. f:\rising\rav\ur023.dat Beijing Rising Technology Co., Ltd. Unpack Routine .text,.rdata,.data,.rsrc,.reloc, 04380000[00023000] [ M] 107. f:\rising\rav\scansct.dll Beijing Rising Technology Co., Ltd. ScanSct Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, + 00000538(1336) spoolsv.exe + 000005a0(1440) stormliv.exe 00400000[00077000] [AM] 1. f:\baofeng\stormliv.exe 北京暴风网际科技有限公司 暴风影音媒体控制中心 .text,.rdata,.data,.rsrc, 75FF0000[00065000] [ M] 108. f:\baofeng\msvcp60.dll Microsoft Corporation Microsoft (R) C++ Runtime Library .text,.rdata,.data,.rsrc,.reloc, + 000005cc(1484) openvpnas.exe 00400000[00014000] [AM] 2. e:\新建文件夹 (2)\hotspot shield\bin\openvpnas.exe .text,.data,.rdata,.bss,.idata, 6B240000[0003C000] [ M] 109. e:\新建文件夹 (2)\hotspot shield\bin\libcurl.dll The cURL library, http://curl.haxx.se/ libcurl Shared Library .text,.data,.rdata,.bss,.edata,.idata,.rsrc,.reloc, 61D80000[00125000] [ M] 110. e:\新建文件夹 (2)\hotspot shield\bin\libeay32.dll .text,.data,.rdata,.bss,.edata,.idata,.reloc, 6B080000[0003A000] [ M] 111. e:\新建文件夹 (2)\hotspot shield\bin\libssl32.dll .text,.data,.rdata,.bss,.edata,.idata,.reloc, + 00000618(1560) RavNT.exe 00400000[00011000] [ M] 112. c:\windows\ravnt.exe 瑞星 RavNT Application .text,.rdata,.data,.idata,.rsrc,.reloc, + 000007a4(1956) RavStub.exe 00400000[00021000] [ M] 113. f:\rising\rav\ravstub.exe Beijing Rising Technology Co., Ltd. Rising RavStub .text,.rdata,.data,.rsrc, 10000000[0001F000] [ M] 62. f:\rising\rav\proccom.dll Beijing Rising Technology Co., Ltd. ProcessC Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00620000[00024000] [ M] 63. f:\rising\rav\rscommx2.dll Beijing Rising Technology Co., Ltd. RsCommX2 .text,.rdata,.data,.rsrc,.reloc, 23700000[00028000] [ M] 64. f:\rising\rav\rscommon.dll Beijing Rising Technology Co., Ltd. Rising Common Function Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, + 000009e0(2528) alg.exe + 00000a18(2584) wscntfy.exe + 00000a5c(2652) doonline.exe 00400000[00101000] [ M] 114. e:\新建文件夹 (3)\doonline.exe (AO) ???E?oAaAI?o DO Auto Patch .text,.rdata,.data,.rsrc, + 00000bf8(3064) Ras.exe 00400000[001FF000] [ M] 115. f:\kaka\ras.exe Beijing Rising Technology Co., Ltd. Rising AntiSpyware .text,.rdata,.data,.rsrc, 7C140000[00103000] [ M] 67. f:\kaka\mfc71.dll Microsoft Corporation MFCDLL Shared Library - Retail Version .text,.data,.rsrc,.reloc, 7C340000[00056000] [ M] 68. f:\kaka\msvcr71.dll Microsoft Corporation Microsoft? C Runtime Library .text,.rdata,.data,.rsrc,.reloc, 7C3A0000[0007B000] [ M] 116. f:\kaka\msvcp71.dll Microsoft Corporation Microsoft? C++ Runtime Library .text,.rdata,.data,.rsrc,.reloc, 10000000[00013000] [ M] 117. f:\kaka\topsoft.dll Beijing Rising Technology Co., Ltd. Rising AntiSpyware TopSoft .text,.rdata,.data,.rsrc,.reloc, 00380000[00032000] [ M] 118. f:\kaka\ncomm.dll Beijing Rising Technology Co., Ltd. Rising AntiSpyware .text,.rdata,.data,.rsrc,.reloc, 00C60000[0001F000] [ M] 62. f:\rising\rav\proccom.dll Beijing Rising Technology Co., Ltd. ProcessC Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 00DA0000[00024000] [ M] 63. f:\rising\rav\rscommx2.dll Beijing Rising Technology Co., Ltd. RsCommX2 .text,.rdata,.data,.rsrc,.reloc, 00EE0000[0014D000] [ M] 119. f:\kaka\rasgui.dll Beijing Rising Technology Co., Ltd. RasGUI .text,.rdata,.data,.rsrc,.reloc, 23800000[00022000] [ M] 120. f:\kaka\rsxml.dll Beijing Rising Technology Co., Ltd. RsXML .text,.rdata,.data,.rsrc,.reloc, 03480000[00018000] [ M] 121. f:\kaka\ktrojan.dll Beijing Rising Technology Co., Ltd. Rising AntiSpyware .text,.rdata,.data,.rsrc,.reloc, 034A0000[0002F000] [ M] 122. f:\kaka\engine.dll Beijing Rising Technology Co., Ltd. kaka engine .text,.rdata,.data,.rsrc,.reloc, 034E0000[00041000] [ M] 123. f:\kaka\rsdialog.dll Beijing Rising Technology Co., Ltd. Rsdiaglo DLL .text,.rdata,.data,.rsrc,.reloc, 03540000[00024000] [ M] 124. f:\kaka\scanunv.dll Beijing Rising Technology Co., Ltd. .text,.rdata,.data,.rsrc,.reloc, 03580000[0001F000] [ M] 125. f:\kaka\secscan.dll Copyright(c) 1998-2006 Beijing Rising Technology Corporation Limited SecScan Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 03980000[00015000] [ M] 126. f:\kaka\secex.dll Copyright(c) 1998-2006 Beijing Rising Technology Corporation Limited SecScanE Dynamic Link Library .text,.rdata,.data,.rsrc,.reloc, 03D60000[00012000] [ M] 127. f:\kaka\zip.dll rising zip UPX0,UPX1,.rsrc, 72C80000[00008000] [ M] 55. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 72C60000[00007000] [ M] 128. c:\windows\system32\msadp32.acm Microsoft Corporation Microsoft ADPCM CODEC for MSACM .text,.data,.rsrc,.reloc, 03440000[00028000] [ M] 129. f:\rising\rav\ravscrch.dll Beijing Rising Technology Co., Ltd. RavScrCh Module .text,.rdata,.data,.rsrc,.reloc, 30000000[003AE000] [ M] 130. c:\windows\system32\macromed\flash\flash9e.ocx Adobe Systems, Inc. Adobe Flash Player 9.0 r115 .text,.rdata,.data,.rodata,.rsrc,.reloc, 07240000[0001C000] [AM] 41. c:\windows\system32\ravext.dll Beijing Rising Technology Co., Ltd. Rising Shell Ext Module .text,.rdata,.data,.rsrc,.reloc, 07260000[00011000] [AM] 42. c:\windows\system32\shlhook.dll Beijing Rising Technology Co., Ltd. shlhook Module .text,.rdata,.data,.rsrc,.reloc, + 00000c1c(3100) iexplore.exe 10000000[0002C000] [AM] 34. f:\thunder\comdlls\tdatonce_now.dll Thunder Networking Technologies,LTD 迅雷浏览器高级特性支持模块 .text,.rdata,.data,.rsrc,.reloc, 00F00000[00031000] [AM] 35. f:\thunder\comdlls\xunleibho_now.dll Thunder Networking Technologies,LTD XunLeiBHO .text,.rdata,.data,.rsrc,.reloc, 23E70000[0000E000] [ M] 131. f:\thunder\components\resworker\dsbho_01.dll Thunder Networking Technologies,LTD DsBho .text,.rdata,.data,.rsrc,.reloc, 23E20000[0001E000] [ M] 132. f:\thunder\components\resworker\dataprocessor_01.dll Thunder Networking Technologies,LTD DataProcessor .text,.rdata,.data,.rsrc,.reloc, 00FA0000[00034000] [AM] 36. c:\documents and settings\all users\application data\microsoft\office\userdata\webbrowser_2048.dll ,,,.rsrc,,,.data,.adata, 020E0000[00178000] [AM] 33. c:\program files\hotspot_shield\tbhot0.dll Conduit Ltd. Conduit Toolbar .text,.rdata,.data,.rsrc,.reloc, 02270000[00094000] [AM] 37. c:\windows\thunderatone.dll Thunder Networking Technologies,LTD 迅雷浏览器高级特性支持模块 UPX0,UPX1,.rsrc, 03D30000[00028000] [ M] 129. f:\rising\rav\ravscrch.dll Beijing Rising Technology Co., Ltd. RavScrCh Module .text,.rdata,.data,.rsrc,.reloc, 30000000[003AE000] [ M] 130. c:\windows\system32\macromed\flash\flash9e.ocx Adobe Systems, Inc. Adobe Flash Player 9.0 r115 .text,.rdata,.data,.rodata,.rsrc,.reloc, 72C80000[00008000] [ M] 55. c:\windows\system32\msacm32.drv Microsoft Corporation Microsoft Sound Mapper .text,.data,.rsrc,.reloc, 72C60000[00007000] [ M] 128. c:\windows\system32\msadp32.acm Microsoft Corporation Microsoft ADPCM CODEC for MSACM .text,.data,.rsrc,.reloc, + 00000d88(3464) regedit.exe