急急急！很想知道计算机是不是已经中了灰鸽子。 bbs.ikaka.com

水晶牡丹 - 2007-7-9 9:55:00

无意中看了一些介绍病毒的消息才知道现在居然能被远程启动摄像头。每天开机第一件事就事升级瑞星，然后杀毒。不知道这样管用吗？还有，有没有人知道怎么样能确认自己的机器是不是“肉鸡”？现在网络犯太可恶！！

菜花小鸟 - 2007-7-9 10:18:00

不管用，免杀的杀不到，要人为判断，有没有开什么可以端口，灰鸽子默认是8000，当然是可以改的，看看服务项多了什么~~

水晶牡丹 - 2007-7-9 13:19:00

谢谢提醒，虽然我看不太懂。担心中。。。

Leoooo - 2007-7-9 13:23:00

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"忽略系统文件"、"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
5 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来）
6 扫日志的时候尽量把不必要的软件关闭如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

水晶牡丹 - 2007-7-9 13:49:00

瑞星卡卡电脑诊断日志 v1.20 (2007-7-9 13:18:54) 北京瑞星科技股份有限公司

注释: [A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
Ati HotKey Poller
[AM] 1. c:\windows\system32\ati2evxx.exe
.text,.rdata,.data,.rsrc,
6A 60 68 18 98 45 00 E8 F6 2E 00 00 83 65 FC 00
ATI Smart
[A ] 2. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,
6A 60 68 80 80 41 00 E8 39 2F 00 00 83 65 FC 00
iPod Service
[AM] 3. c:\program files\ipod\bin\ipodservice.exe
Apple Inc.
iPodService Module
.text,.rdata,.data,.rsrc,
E8 5D 86 00 00 E9 16 FE FF FF CC CC 55 8B EC 57
MDM
[AM] 4. c:\program files\common files\microsoft shared\vs7debug\mdm.exe
Microsoft Corporation
Machine Debug Manager
.text,.data,.rsrc,
55 8B EC 6A FF 68 00 5E 40 00 68 70 B0 42 00 64
RsCCenter
[A ] 5. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 6. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
UMWdf
[AM] 7. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
usnjsvc
[AM] 8. c:\program files\msn messenger\usnsvc.exe
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.text,.data,.rsrc,
E8 0A 28 00 00 E9 40 FE FF FF E9 95 0B 00 00 51
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
00
[A ] 9. c:\windows\system32\drivers\1674875.sys
ALCXWDM
[A ] 10. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,_LTEXT,_PTEXT,.rdata,.data,.CRT,_LDATA,_PDATA,.data1,PAGE,INIT,.rsrc,.reloc,
53 56 57 8B 7C 24 10 68 F8 19 01 00 FF 74 24 18
BaseTDI
[A ] 11. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
CnsStd
[A ] 12. c:\windows\system32\drivers\cnsstd.sys
北京三七二一科技有限公司
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 13. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
GEARAspiWDM
[A ] 14. c:\windows\system32\drivers\gearaspiwdm.sys
GEAR Software Inc.
CD/DVD Class Filter Driver
.text,.data,PAGE,INIT,.rsrc,.reloc,
8B 54 24 04 57 6A 1C 59 B8 7E 13 01 00 8D 7A 38
HOOKAPI
[A ] 15. c:\program files\rising\rav\hookapi.sys
瑞星软件有限公司
HOOKAPI Driver
.text,.rdata,.data,.edata,INIT,.rsrc,.reloc,
33 C0 C2 08 00 CC 55 8B EC 53 B9 FF FF 00 00 56
HookCont
[A ] 16. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 17. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 18. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
kdoboep
[A ] 19. c:\windows\system32\drivers\kdoboep.sys
北京三七二一科技有限公司
sys 应用程序
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 18 C6 05 88 45 02 00 39 C6 05 89
mdmxsdk
[A ] 20. c:\windows\system32\drivers\mdmxsdk.sys
Conexant
Diagnostic Interface DRIVER
.text,.rdata,.data,INIT,.rsrc,.reloc,
57 6A 10 59 33 C0 FF 74 24 0C BF E4 24 01 00 F3
MEMSCAN
[A ] 21. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
New0
[A ] 22. c:\windows\system32\new.sys
.text,.rdata,INIT,.reloc,
55 8B EC 83 EC 1C 68 60 02 01 00 E8 68 01 00 00
npkcrypt
[A ] 23. f:\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
51 53 56 E8 47 2A 00 00 A3 28 36 01 00 E8 C4 29
pfc
[A ] 24. c:\windows\system32\drivers\pfc.sys
Padus, Inc.
Padus(R) ASPI Shell
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 68 00 1D 01 00 8D 45 F4 50
RsAntiSpyware
[A ] 25. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsNTGDI
[A ] 26. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
RSPPSYS
[A ] 27. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
Secdrv
[A ] 28. c:\windows\system32\drivers\secdrv.sys
Macrovision Europe Ltd
Macrovision SECURITY Driver

水晶牡丹 - 2007-7-9 13:51:00

.text,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 E8 82 E0 FF FF 85 C0 75 3D
zntport
[A ] 29. c:\windows\system32\zntport.sys
ZSMC303
[A ] 30. c:\windows\system32\drivers\usbvm303.sys
Vimicro Corporation
Video streaming and Capture Device Driver
.text,.data,.data1,PAGECONS,INIT,.rsrc,.reloc,
68 C4 1B 01 00 6A 04 68 B0 06 00 00 FF 74 24 14
+ File System Drivers
+ HKLM\System\CurrentControlSet\Services
CnsMinKP
[A ] 31. c:\windows\system32\drivers\cnsminkp.sys
Copyright (C) 3721 Corporation.
KMD
.text,.rdata,.data,INIT,.rsrc,.reloc,
yaskp
[A ] 32. c:\windows\system32\drivers\yaskp.sys
Copyright (C) yahoo Corporation.
KMD
.text,.rdata,.data,INIT,.rsrc,.reloc,
zwduxpym
[A ] 33. c:\windows\system32\drivers\zwduxpym.sys
Yahoo! China Corporation
.text,.rdata,.data,INIT,.rsrc,.reloc,
+ Winlogon
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 34. c:\windows\system32\ati2evxx.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[AM] 35. c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\zh-cn\msntb.dll
Microsoft Corporation
MSN Toolbar extension
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
6A 0C 68 30 2C 03 10 E8 CA 12 00 00 33 C0 40 89
{406F94F0-504F-4A40-8DFD-58B0666ABEBD}
[AM] 36. c:\program files\yahoo!\assistant\assist\yasbar.dll
yahoo! china
IE ToolBand
.text,.rdata,.data,.yAsbarS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[AM] 36. c:\program files\yahoo!\assistant\assist\yasbar.dll
yahoo! china
IE ToolBand
.text,.rdata,.data,.yAsbarS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55}
[AM] 37. c:\windows\system32\xunleibho_v8.dll
xunleibho BHO
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 38. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 28 89 00 10 E8 62 FC FF FF 33 C0 40 89
{33BBE430-0E42-4f12-B075-8D21ACB10DCB}
[AM] 39. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{38928D50-8A48-44C2-945F-D2F23F771410}
[AM] 40. c:\program files\yahoo!\assistant\assist\yangling.dll
yahoo! china
yangling.dll
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{54EBD53A-9BC1-480B-966A-843A333CA162}
[AM] 41. f:\qq\qqiehelper.dll

水晶牡丹 - 2007-7-9 13:51:00

深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{62EED7C6-9F02-42f9-B634-98E2899E147B}
[AM] 42. c:\program files\yahoo!\assistant\assist\ydragsearch.dll
yahoo! china
DragSearch
.text,.rdata,.data,.BhoObjS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{9030D464-4C02-4ABF-8ECC-5164760863C6}
[AM] 43. c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft Corporation
WindowsLiveLogin.dll
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 C2 3A 00 00 FF 74 24 04
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
[AM] 44. c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
Microsoft Corporation
st
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
6A 0C 68 18 C4 01 10 E8 2E 03 00 00 33 C0 40 89
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
[AM] 35. c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\zh-cn\msntb.dll
Microsoft Corporation
MSN Toolbar extension
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
6A 0C 68 30 2C 03 10 E8 CA 12 00 00 33 C0 40 89
{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
[AM] 45. c:\windows\downloaded program files\cnshook.dll
北京三七二一科技有限公司
CnsHook
.text,.rdata,.data,.cnshook,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{F166BC04-3C84-44cc-A6E9-2315EC4844B9}
[AM] 46. c:\program files\yahoo!\assistant\assist\yflashdl.dll
Yahoo! China
Flash video download
.text,.rdata,.data,.yFlashD,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}
[AM] 47. c:\program files\yahoo!\assistant\assist\yassist.dll
Yahoo! China
Assist Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 48. f:\程序\超级解霸\sthsdvd.exe
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 88 57 43 00 68 2C F2 42 00 64
Exec
[A ] 49. f:\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 54 52 00 68 AE 54 48 00 64
Exec
[A ] 50. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
6A 70 68 10 98 00 01 E8 BF 01 00 00 33 DB 53 8B
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{19CE93DE-8334-42C6-B2CA-BFE3DF5196A3}
[AM] 51. c:\program files\yahoo!\assistant\assist\yrss.dll
Yahoo! China
yRss Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
cdo
[A ] 52. c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
Microsoft Corporation
Microsoft SharePoint Portal Server Object Model
.text,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
livecall
[A ] 53. c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 8A 05 00 00 FF 74 24 04
ms-itss
[A ] 54. c:\program files\common files\microsoft shared\information retrieval\msitss.dll
Microsoft Corporation
Microsoft? InfoTech Storage System Library
.text,.data,.rsrc,.reloc,
55 8B EC 53 56 8B 75 0C 57 6A 01 5F 3B F7 75 7C
msnim
[A ] 53. c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
Microsoft Corporation
MSN Messenger Protocol Handler
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 8A 05 00 00 FF 74 24 04
mso-offdap
[A ] 55. c:\program files\common files\microsoft shared\web components\10\owc10.dll
Microsoft Corporation
Microsoft Office XP Web Components
.text,.data,.rtext,.bootdat,msoconst,Shared,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 56. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 DD 00 10 E8 F5 EF FF FF 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
RISING
[AM] 57. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
Messenger Sharing Folders
[A ] 58. c:\program files\msn messenger\fsshext.8.1.0178.00.dll
Microsoft Corporation
Messenger File Sharing Shell Extensions
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 43 06 00 00 FF 74 24 04
Shell Extensions for RealOne Player
[A ] 59. f:\realone\rpshellext.dll
RealNetworks
RealOne Player Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75
粉碎文件
[A ] 60. c:\program files\yahoo!\assistant\assist\ywiper.dll
Yahoo! China
Wiper 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 48 25 03 10 E8 1C 0B 00 00 33 C0 40 89
Yahoo!Photo
[AM] 39. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
iTunes
[A ] 61. e:\11\itunesminiplayer.dll
Apple Inc.
iTunes Mini Player DLL

水晶牡丹 - 2007-7-9 13:52:00

.text,.rdata,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 BA 46 00 00 FF 74 24 04
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
[AM] 45. c:\windows\downloaded program files\cnshook.dll
北京三七二一科技有限公司
CnsHook
.text,.rdata,.data,.cnshook,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 57. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 62. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
[AM] 63. c:\program files\msn messenger\msnmsgr.exe
Microsoft Corporation
Messenger
.text,.data,.rsrc,
E8 05 00 00 00 E9 A1 11 FF FF 55 8B EC 83 EC 10
updateMgr
[A ] 64. c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe
Adobe Systems Incorporated
Adobe Update Manager
.text,.rsrc,
B8 68 B3 4A 00 50 64 FF 35 00 00 00 00 64 89 25
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303
[AM] 65. c:\windows\vm303_sti.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C0 A2 40 00 68 A8 66 40 00 64
runeip
[AM] 66. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
QuickTime Task
[AM] 67. c:\program files\quicktime\qttask.exe
Apple Inc.
QuickTime Task
.text,.rdata,.data,.rsrc,
6A 60 68 D0 4A 43 00 E8 23 1E 00 00 BF 94 00 00
Adobe Photo Downloader
[AM] 68. c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
Adobe Systems Incorporated
Adobe Photoshop Album Starter Edition 3.0 component
.text,.rdata,.data,.rsrc,
6A 74 68 A8 35 40 00 E8 60 02 00 00 33 DB 89 5D
TkBellExe
[AM] 69. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 B0 D4 41 00 68 6C 3E 41 00 64
YLive.exe
[AM] 70. c:\program files\yahoo!\assistant\ylive.exe
Yahoo! China
YLive
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 31 40 00 68 90 25 40 00 64
yassistse
[AM] 71. c:\program files\yahoo!\assistant\yassistse.exe
Yahoo! China
AssistSetting
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 52 40 00 68 6E 40 40 00 64
iTunesHelper
[AM] 72. e:\11\ituneshelper.exe
Apple Inc.
iTunesHelper Module
.text,.rdata,.data,.rsrc,
E8 B8 6D 00 00 E9 16 FE FF FF CC 68 B0 D6 40 00
RavTask
[A ] 73. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 74. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
+ Image Hijacks
+ HKCR\.html
htmlfile\Edit\Command
[A ] 75. f:\程序\office xp\office10\msohtmed.exe
Microsoft Corporation
Microsoft Office XP component
.text,.data,.rsrc,
55 8B EC 83 EC 18 83 4D FC FF 53 56 57 6A FE 33
htmlfile\Print\Command
[A ] 75. f:\程序\office xp\office10\msohtmed.exe
Microsoft Corporation
Microsoft Office XP component
.text,.data,.rsrc,
55 8B EC 83 EC 18 83 4D FC FF 53 56 57 6A FE 33
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 75. f:\程序\office xp\office10\msohtmed.exe
Microsoft Corporation
Microsoft Office XP component
.text,.data,.rsrc,
55 8B EC 83 EC 18 83 4D FC FF 53 56 57 6A FE 33
htmlfile\Print\Command
[A ] 75. f:\程序\office xp\office10\msohtmed.exe
Microsoft Corporation
Microsoft Office XP component
.text,.data,.rsrc,
55 8B EC 83 EC 18 83 4D FC FF 53 56 57 6A FE 33
+ HKCR\.mp3
RealPlayer.MP3.6\open\Command
[A ] 76. f:\realone\realplay.exe
RealNetworks, Inc.
RealOne Player
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 A0 AA 40 00 68 B0 8D 40 00 64
+ 其他自启动项目
+ C:\Documents and Settings\liYuan\「开始」菜单\程序\启动
腾讯QQ.lnk
[A ] 49. f:\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 54 52 00 68 AE 54 48 00 64
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk
[A ] 77. c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
6A 74 68 E0 66 40 00 E8 08 02 00 00 33 DB 89 5D
+ C:\WINDOWS\Tasks
AppleSoftwareUpdate.job
[A ] 78. c:\program files\apple software update\softwareupdate.exe
Apple Computer, Inc.
Software Application
.text,.rdata,.data,.rsrc,
E8 B1 63 00 00 E9 17 FE FF FF 55 8B EC 51 53 8B
+ 系统活动模块
+ 00000084(132) mdm.exe
00400000[00044000]
[AM] 4. c:\program files\common files\microsoft shared\vs7debug\mdm.exe
Microsoft Corporation
Machine Debug Manager
.text,.data,.rsrc,
55 8B EC 6A FF 68 00 5E 40 00 68 70 B0 42 00 64
+ 00000140(320) svchost.exe
+ 00000190(400) wdfmgr.exe
01000000[0000C000]
[AM] 7. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
+ 0000027c(636) smss.exe
+ 000002c0(704) csrss.exe
+ 000002d8(728) winlogon.exe
10000000[00017000]
[AM] 34. c:\windows\system32\ati2evxx.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D
72C80000[00008000]
[ M] 79. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
+ 00000304(772) services.exe
+ 00000310(784) lsass.exe
+ 00000354(852) Ras.exe
00400000[0013D000]
[ M] 80. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 3A 4C 00 68 70 B7 4A 00 64
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00C20000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[000A0000]
[ M] 84. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
026D0000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
03E60000[0005B000]
[ M] 86. c:\program files\common files\microsoft shared\ink\skchui.dll
Microsoft Corporation
Draw Pen Tip
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 51 C7 45 FC 01 00 00 00 83 7D 0C 00 75
+ 000003b0(944) Ati2evxx.exe
00400000[00067000]
[AM] 1. c:\windows\system32\ati2evxx.exe
.text,.rdata,.data,.rsrc,
6A 60 68 18 98 45 00 E8 F6 2E 00 00 83 65 FC 00
+ 000003c0(960) svchost.exe
+ 0000040c(1036) svchost.exe
+ 00000468(1128) svchost.exe
50E60000[0000C000]
[ M] 87. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
8B FF 55 8B EC 83 7D 0C 01 75 05 E8 F9 04 00 00
+ 000004f0(1264) svchost.exe
+ 0000050c(1292) alg.exe
+ 0000055c(1372) svchost.exe
+ 000005cc(1484) iexplore.exe
53000000[0000E000]

水晶牡丹 - 2007-7-9 13:56:00

[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00BA0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00CC0000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 00000770(1904) runiep.exe
00400000[00012000]
[AM] 66. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00D40000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 000007a8(1960) Rundll32.exe
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00AA0000[00010000]
[ M] 125. c:\windows\downloaded program files\cnsminio.dll
北京三七二一科技有限公司
CnsMinIO
.text,.rdata,.data,.cnsmini,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00AC0000[00026000]
[ M] 126. c:\windows\downloaded program files\cnsio.dll
北京三七二一科技有限公司
cnsio
.text,.rdata,.data,.cnsioda,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00BF0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00E50000[00018000]
[ M] 127. c:\windows\downloaded program files\cnsminex.dll
国风因特软件(北京)有限公司
CnsMinEx
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000007e0(2016) YLive.exe
00400000[00006000]
[AM] 70. c:\program files\yahoo!\assistant\ylive.exe
Yahoo! China
YLive
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 31 40 00 68 90 25 40 00 64
53000000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01EE0000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3C000000[00058000]

水晶牡丹 - 2007-7-9 13:57:00

[ M] 93. c:\program files\yahoo!\assistant\yalive.dll
yahoo! china
AutoLive Module
.text,.rdata,.data,.ylive_d,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0002A000]
[ M] 94. c:\program files\yahoo!\assistant\yalliveex.dll
Yahoo! China
LiveEx
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01F40000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
022A0000[00019000]
[ M] 128. c:\program files\yahoo!\assistant\ynotifier.dll
yahoo! china
Notifier Module
.text,.rdata,.data,.YahooNT,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 0000080c(2060) yassistse.exe
00400000[00017000]
[AM] 71. c:\program files\yahoo!\assistant\yassistse.exe
Yahoo! China
AssistSetting
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 52 40 00 68 6E 40 40 00 64
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
53000000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3B800000[0000F000]
[ M] 129. c:\program files\yahoo!\assistant\shell\yasmenu.dll
Yahoo! China
yAsMenu
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
42000000[00010000]
[ M] 115. c:\program files\yahoo!\assistant\shell\yassecblk.dll
Yahoo! China
yassecblk
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3EC00000[00006000]
[ M] 130. c:\program files\yahoo!\assistant\shell\yieangel.dll
Yahoo! China
IEAngel
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40400000[00009000]
[ M] 131. c:\program files\yahoo!\assistant\shell\ymenuinfo.dll
Yahoo! China
MenuInfo
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 0000082c(2092) iTunesHelper.exe
00400000[00041000]
[AM] 72. e:\11\ituneshelper.exe
Apple Inc.
iTunesHelper Module
.text,.rdata,.data,.rsrc,
E8 B8 6D 00 00 E9 16 FE FF FF CC 68 B0 D6 40 00
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0000E000]
[ M] 132. e:\11\ituneshelper.resources\zh_cn.lproj\ituneshelperlocalized.dll
Apple Inc.
iTunesHelper 资源库
.text,.rdata,.data,.rsrc,.reloc,
00BA0000[0000E000]
[ M] 133. e:\11\ituneshelper.resources\ituneshelper.dll
Apple Inc.
iTunesHelper Resource Library
.text,.rdata,.data,.rsrc,.reloc,
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00D30000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll

水晶牡丹 - 2007-7-9 13:57:00

Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
012E0000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 00000840(2112) ctfmon.exe
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
009F0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 00000850(2128) MsnMsgr.Exe
00400000[0056A000]
[AM] 63. c:\program files\msn messenger\msnmsgr.exe
Microsoft Corporation
Messenger
.text,.data,.rsrc,
E8 05 00 00 00 E9 A1 11 FF FF 55 8B EC 83 EC 10
59100000[000F7000]
[ M] 134. c:\program files\msn messenger\msncore.dll
Microsoft Corporation
Windows Live Client Code Module
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 23 6A 04 00 FF 74 24 04 8B
27500000[000C8000]
[ M] 135. c:\program files\msn messenger\msidcrl40.dll
Microsoft Corporation
IDCRL Dynamic Link Library
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 A2 50 00 00 FF 74 24 04
5A700000[00055000]
[ M] 136. c:\program files\msn messenger\contactsux.dll
Microsoft Corporation
Contact UX
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 21 98 01 00 FF 74 24 04 8B
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
012F0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
59300000[00185000]
[ M] 137. c:\program files\msn messenger\msgslang.8.1.0178.00.dll
Microsoft Corporation
Messenger Language Specific Resources
.rsrc,.reloc,
5B200000[0023E000]
[ M] 138. c:\program files\msn messenger\msgsres.dll
Microsoft Corporation
Messenger Resources
.rsrc,.reloc,
79000000[001A4000]
[ M] 139. c:\program files\msn messenger\lcapi.dll
Microsoft Corporation
LC User Agent DLL
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 8B FB FF FF FF 74 24 04
10000000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
7A100000[0005F000]
[ M] 140. c:\program files\msn messenger\lcres.dll
Microsoft Corporation
LC Resource DLL
.rsrc,.reloc,
02AF0000[003DB000]
[ M] 141. c:\program files\msn messenger\rtmpltfm.dll
Microsoft Corporation
Microsoft Real Time Media Stack
.text,IACODE1,IACODE2,EDTQ,MMXCODE1,.no_bbt,RT_CODE,.data,MMXMEDAT,IADATA1,IARDATA2,MMXDATA1,H26xColo,RT_DATA,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 40 FC E0 FF FF 74 24 04
72C80000[00008000]
[ M] 79. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
5B500000[000A4000]
[ M] 142. c:\program files\msn messenger\msgswcam.dll
Microsoft Corporation
Messenger WebCam Library
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 75 06 00 00 FF 74 24 04
5A600000[00013000]
[ M] 143. c:\windows\system32\sirenacm.dll
Microsoft Corp.
Messenger Audio Codec
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 5B 03 00 00 FF 74 24 04
59500000[00077000]
[ M] 144. c:\program files\msn messenger\lmcdata.dll
Microsoft Corporation
MSN Messenger Data

水晶牡丹 - 2007-7-9 13:58:00

.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 15 00 00 00 FF 74 24 04
5AA00000[0002C000]
[ M] 145. c:\program files\msn messenger\contact.dll
Microsoft Corporation
Contact Services
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 15 00 00 00 FF 74 24 04
5A000000[0019A000]
[ M] 146. c:\program files\msn messenger\dfsr.dll
Microsoft Corporation
Messenger File Replication
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 39 64 01 00 FF 74 24 04 8B
041B0000[0000B000]
[ M] 147. c:\program files\msn messenger\custsat.dll
Microsoft Corporation
custsat
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
59800000[00067000]
[ M] 148. c:\program files\msn messenger\abssm.dll
Microsoft Corporation
MSN Messenger Contacts Sync
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 15 00 00 00 FF 74 24 04
5A400000[0000F000]
[ M] 149. c:\program files\msn messenger\usnsvcps.dll
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.orpc,.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 D6 15 00 00 FF 74 24 04
08070000[0005B000]
[ M] 86. c:\program files\common files\microsoft shared\ink\skchui.dll
Microsoft Corporation
Draw Pen Tip
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 51 C7 45 FC 01 00 00 00 83 7D 0C 00 75
080D0000[00019000]
[ M] 109. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000918(2328) iPodService.exe
00400000[0007D000]
[AM] 3. c:\program files\ipod\bin\ipodservice.exe
Apple Inc.
iPodService Module
.text,.rdata,.data,.rsrc,
E8 5D 86 00 00 E9 16 FE FF FF CC CC 55 8B EC 57
10000000[0000E000]
[ M] 150. c:\program files\ipod\bin\ipodservice.resources\zh_cn.lproj\ipodservicelocalized.dll
Apple Inc.
iPodService 资源库
.text,.rdata,.data,.rsrc,.reloc,
008E0000[0000E000]
[ M] 151. c:\program files\ipod\bin\ipodservice.resources\ipodservice.dll
Apple Inc.
iPodService Resource Library
.text,.rdata,.data,.rsrc,.reloc,
+ 00000aec(2796) wuauclt.exe
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00AB0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
50E60000[0000C000]
[ M] 87. c:\windows\system32\wups2.dll
Microsoft Corporation
Windows Update client proxy stub 2
.text,.orpc,.data,.rsrc,.reloc,
8B FF 55 8B EC 83 7D 0C 01 75 05 E8 F9 04 00 00
10000000[00011000]
[ M] 152. f:\程序\超级解霸\vcvtshell.dll
herosoft
VCvtShell
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00B60000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
+ 00000d64(3428) usnsvc.exe
00400000[00019000]
[AM] 8. c:\program files\msn messenger\usnsvc.exe
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.text,.data,.rsrc,
E8 0A 28 00 00 E9 40 FE FF FF E9 95 0B 00 00 51
5A400000[0000F000]
[ M] 149. c:\program files\msn messenger\usnsvcps.dll
Microsoft Corporation
Messenger Sharing USN Journal Reader Service
.orpc,.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 D6 15 00 00 FF 74 24 04
+ 00000fd0(4048) explorer.exe
53000000[0000E000]
[ M] 81. c:\program files\3721\helper.dll
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[00007000]
[ M] 89. c:\program files\3721\alrex.dll
alrex Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00AF0000[0000B000]
[ M] 82. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
37210000[00086000]
[ M] 83. c:\windows\downloaded program files\cnsmin.dll
国风因特软件（北京）有限公司
CnsMin
.text,.rdata,.data,.cnsdata,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
025F0000[0001B000]
[ M] 85. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 6D 02 E8 BD 02 00 00 33 C0 40 89
72C80000[00008000]
[ M] 79. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
04480000[00014000]
[AM] 45. c:\windows\downloaded program files\cnshook.dll
北京三七二一科技有限公司
CnsHook
.text,.rdata,.data,.cnshook,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
05830000[0001C000]
[AM] 56. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 DD 00 10 E8 F5 EF FF FF 33 C0 40 89

瑞星卡卡安全论坛