瑞星卡卡安全论坛
叨叨1 - 2007-7-11 11:50:00
我的电脑在浏览完网页后,PF使用率为1.5GB.系统提示虚拟内存不足 .用瑞星杀毒,但未发现病毒,也没有可疑进程,到底是怎么回事 ?是不是一种新病毒?
Leoooo - 2007-7-11 11:55:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星
http://up.rising.com.cn/webmail/uploadnew.htm
叨叨1 - 2007-7-11 14:17:00
瑞星卡卡电脑诊断日志 v1.20 (2007-7-11 13:27:51) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
aspnet_state
[A ] 1. c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
Microsoft Corporation
Microsoft ASP.NET State Server
.text,.data,.rsrc,
E8 F4 FB FF FF E9 9E FD FF FF CC FF 25 04 11 40
Ati HotKey Poller
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
6A 60 68 10 14 46 00 E8 A1 29 00 00 83 65 FC 00
ATI Smart
[A ] 3. c:\windows\system32\ati2sgag.exe
ATI Smart
.text,.rdata,.data,.rsrc,
6A 60 68 E0 90 41 00 E8 1C 33 00 00 83 65 FC 00
clr_optimization_v2.0.50727_32
[A ] 4. c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
Microsoft Corporation
.NET Runtime Optimization Service
.text,.data,.rsrc,
E8 FA 04 00 00 E9 35 FD FF FF FF 25 24 12 40 00
gusvc
[A ] 5. c:\program files\google\common\google updater\googleupdaterservice.exe
Google
叨叨1 - 2007-7-11 14:21:00
【回复“Leoooo”的帖子】 gusvc
.text,.rdata,.data,.rsrc,
6A 60 68 20 95 41 00 E8 40 03 00 00 BF 94 00 00
RfwProxySrv
[A ] 6. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 94 40 00 68 60 85 40 00 64
RfwService
[A ] 7. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 AC 41 00 68 80 94 41 00 64
RsCCenter
[A ] 8. i:\瑞星\瑞星主程序\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 9. i:\瑞星\瑞星主程序\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
UMWdf
[AM] 10. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
ALCXWDM
[A ] 11. c:\windows\system32\drivers\alcxwdm.sys
Realtek Semiconductor Corp.
Realtek AC'97 Audio Driver (WDM)
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
A1 18 A7 1D 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
BaseTDI
[A ] 12. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
ExpScaner
[A ] 13. i:\瑞星\瑞星主程序\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
HookCont
[A ] 14. i:\瑞星\瑞星主程序\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 15. i:\瑞星\瑞星主程序\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 16. i:\瑞星\瑞星主程序\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
HookUrl
[A ] 17. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
MEMSCAN
[A ] 18. i:\瑞星\瑞星主程序\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
mProcRs
[A ] 19. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
npkcrypt
[A ] 20. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
51 53 56 E8 6F 2C 00 00 A3 28 46 01 00 E8 EC 2B
RsAntiSpyware
[A ] 21. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsFwDrv
叨叨1 - 2007-7-11 14:22:00
【回复“Leoooo”的帖子】[A ] 22. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
RsNTGDI
[A ] 23. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
RSPPSYS
[A ] 24. i:\瑞星\瑞星主程序\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
Secdrv
[A ] 25. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
viamraid
[A ] 26. c:\windows\system32\drivers\viamraid.sys
VIA Technologies inc,.ltd
VIA RAID DRIVER FOR WIN 2000/XP/2003IA32
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 54 57 33 FF 39 7D 08 75 09 C6 05
ZSMC0305
[A ] 27. c:\windows\system32\drivers\usbvm305.sys
Vimicro Corporation
Video streaming and Capture Device Driver
.text,.data,.data1,PAGECONS,INIT,.rsrc,.reloc,
68 08 1C 01 00 6A 04 68 E8 06 00 00 FF 74 24 14
+ File System Drivers
+ HKLM\System\CurrentControlSet\Services
fechtipg
[A ] 28. c:\windows\system32\drivers\fechtipg.sys
Yahoo! China Corporation
.text,.rdata,.data,INIT,.rsrc,.reloc,
yaskp
[A ] 29. c:\windows\system32\drivers\yaskp.sys
Copyright (C) yahoo Corporation.
KMD
.text,.rdata,.data,INIT,.rsrc,.reloc,
+ Winlogon
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent
[AM] 30. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
[AM] 31. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,
6A 0C 68 40 31 10 10 E8 98 EC FF FF 33 C0 40 89
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
[A ] 32. c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{406F94F0-504F-4A40-8DFD-58B0666ABEBD}
[AM] 33. c:\program files\yahoo!\assistant\assist\yasbar.dll
yahoo! china
IE ToolBand
.text,.rdata,.data,.yAsbarS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{406F94F0-504F-4a40-8DFD-58B0666ABEBD}
[AM] 33. c:\program files\yahoo!\assistant\assist\yasbar.dll
yahoo! china
IE ToolBand
.text,.rdata,.data,.yAsbarS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233}
[AM] 34. i:\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 56 8B 75 0C 83 FE 01 74 05 83 FE 02 75
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 35. i:\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 36. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
{33BBE430-0E42-4f12-B075-8D21ACB10DCB}
叨叨1 - 2007-7-11 14:23:00
【回复“Leoooo”的帖子】[AM] 37. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{38928D50-8A48-44C2-945F-D2F23F771410}
[AM] 38. c:\program files\yahoo!\assistant\assist\yangling.dll
yahoo! china
yangling.dll
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{54EBD53A-9BC1-480B-966A-843A333CA162}
[AM] 39. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{62EED7C6-9F02-42f9-B634-98E2899E147B}
[AM] 40. c:\program files\yahoo!\assistant\assist\ydragsearch.dll
yahoo! china
DragSearch
.text,.rdata,.data,.BhoObjS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{AA58ED58-01DD-4d91-8333-CF10577473F7}
[AM] 31. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,
6A 0C 68 40 31 10 10 E8 98 EC FF FF 33 C0 40 89
{F166BC04-3C84-44cc-A6E9-2315EC4844B9}
[AM] 41. c:\program files\yahoo!\assistant\assist\yflashdl.dll
Yahoo! China
Flash video download
.text,.rdata,.data,.yFlashD,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}
[AM] 42. c:\program files\yahoo!\assistant\assist\yassist.dll
Yahoo! China
Assist Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[AM] 43. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 BE 4F 00 68 58 1D 47 00 64
Exec
[A ] 44. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
6A 70 68 28 98 00 01 E8 BF 01 00 00 33 DB 53 8B
+ HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{19CE93DE-8334-42C6-B2CA-BFE3DF5196A3}
[AM] 45. c:\program files\yahoo!\assistant\assist\yrss.dll
Yahoo! China
yRss Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
application/octet-stream
[A ] 46. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 40 56 00 00 FF 74 24 04 8B
application/x-complus
[A ] 46. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 40 56 00 00 FF 74 24 04 8B
application/x-msdownload
[A ] 46. c:\windows\system32\mscoree.dll
Microsoft Corporation
Microsoft .NET Runtime Execution Engine
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 0F 84 40 56 00 00 FF 74 24 04 8B
+ HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}
[AM] 47. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 DD 00 10 E8 F5 EF FF FF 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
叨叨1 - 2007-7-11 14:24:00
【回复“Leoooo”的帖子】[A ] 48. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
ShellLink for Application References
[A ] 49. c:\windows\system32\dfshim.dll
Microsoft Corporation
Application Deployment Support Library
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 40 19 00 00 FF 74 24 04
Shell Icon Handler for Application References
[A ] 49. c:\windows\system32\dfshim.dll
Microsoft Corporation
Application Deployment Support Library
.text,.data,.rsrc,.reloc,
83 7C 24 08 01 75 05 E8 40 19 00 00 FF 74 24 04
Catalyst Context Menu extension
[AM] 50. c:\program files\ati technologies\ati.ace\atiacmxx.dll
ACE Context Menu
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
WinRAR shell extension
[A ] 51. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
Shell Extensions for RealOne Player
[A ] 52. c:\program files\real\realplayer\rpshell.dll
RealNetworks, Inc.
RealPlayer Shell Extensions
.text,.rdata,.data,.rsrc,.reloc,
53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75
Portable Media Devices
[A ] 53. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
Portable Media Devices Menu
[A ] 53. c:\windows\system32\audiodev.dll
Microsoft Corporation
便携媒体设备命令行解释器扩展
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
Yahoo!Photo
[AM] 37. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
粉碎文件
[A ] 54. c:\program files\yahoo!\assistant\assist\ywiper.dll
Yahoo! China
Wiper 动态链接库
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 48 25 03 10 E8 1C 0B 00 00 33 C0 40 89
RISING
[AM] 55. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{12311A42-AC1B-158F-FD32-5674345F23A1}
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 55. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
1MJPMIG__
[AM] 57. c:\windows\imeinputs.exe
,,
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMan
[AM] 58. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
6A 60 68 08 B3 40 00 E8 2B 10 00 00 83 65 FC 00
TkBellExe
[AM] 59. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F0 30 42 00 68 28 94 41 00 64
VMSnap5
[AM] 60. c:\windows\vmsnap5.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 88 71 40 00 68 38 4D 40 00 64
Domino
[AM] 61. c:\windows\domino.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 71 40 00 68 F8 46 40 00 64
mppds
[A ] 62. c:\windows\mppds.exe
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 21 40 00 68 00 1F 40 00 64
cmdbcs
[A ] 63. c:\windows\cmdbcs.exe
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 21 40 00 68 20 1E 40 00 64
RfwMain
[AM] 64. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
runeip
[AM] 65. i:\新建文件夹\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
YLive.exe
[AM] 66. c:\program files\yahoo!\assistant\ylive.exe
Yahoo! China
YLive
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 31 40 00 68 90 25 40 00 64
yassistse
[AM] 67. c:\program files\yahoo!\assistant\yassistse.exe
Yahoo! China
AssistSetting
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 52 40 00 68 6E 40 40 00 64
RavTask
[A ] 68. i:\瑞星\瑞星主程序\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 69. i:\瑞星\瑞星主程序\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 70. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
+ Image Hijacks
+ HKCR\.mp3
PDVDmpgfile\Open\Command
[A ] 71. c:\program files\cyberlink\powerdvd\powerdvd.exe
CyberLink Corp.
PowerDVD
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 EC 44 00 68 1C FE 43 00 64
+ AppInit Dlls & Known Dlls
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
叨叨1 - 2007-7-11 14:27:00
【回复“Leoooo”的帖子】+ 其他自启动项目
+ C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk
[A ] 72. c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
Adobe Systems Incorporated
Adobe Acrobat SpeedLauncher
.text,.rdata,.data,.rsrc,
6A 74 68 48 67 40 00 E8 08 02 00 00 33 DB 89 5D
+ 系统活动模块
+ 00000078(120) ctfmon.exe
003D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 00000110(272) IMEINPUTS.EXE
00400000[0000F000]
[AM] 57. c:\windows\imeinputs.exe
,,
009B0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 000001bc(444) smss.exe
+ 000001fc(508) csrss.exe
+ 00000218(536) winlogon.exe
004D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10000000[00018000]
[AM] 30. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
72C80000[00008000]
[ M] 75. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
+ 00000248(584) services.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000254(596) lsass.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000298(664) wdfmgr.exe
01000000[0000C000]
[AM] 10. c:\windows\system32\wdfmgr.exe
Microsoft Corporation
Windows User Mode Driver Manager
.text,.data,.rsrc,
6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
00560000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 000002e8(744) Ati2evxx.exe
00400000[0006E000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
6A 60 68 10 14 46 00 E8 A1 29 00 00 83 65 FC 00
00CA0000[00010000]
[ M] 76. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
+ 000002fc(764) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000344(836) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000398(920) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 000003c8(968) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000418(1048) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 0000045c(1116) Ati2evxx.exe
00400000[0006E000]
[AM] 2. c:\windows\system32\ati2evxx.exe
ATI Technologies Inc.
ATI External Event Utility EXE Module
.text,.rdata,.data,.rsrc,
6A 60 68 10 14 46 00 E8 A1 29 00 00 83 65 FC 00
00CF0000[00010000]
[ M] 76. c:\windows\system32\ati2edxx.dll
ATI Technologies, Inc.
ati2edxx
.text,.data,.SHAREDS,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
10000000[00018000]
[AM] 30. c:\windows\system32\ati2evxx.dll
ATI Technologies Inc.
ATI External Event Utility DLL Module
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
+ 00000590(1424) svchost.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
+ 000005a0(1440) Explorer.EXE
003D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10000000[0001B000]
[AM] 55. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
03CF0000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
03D90000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
03E00000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
72C80000[00008000]
[ M] 75. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
6E700000[00009000]
[ M] 80. c:\windows\preupd.dll
,.petite,,,
00D80000[0001C000]
[AM] 47. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
Adobe Systems, Inc.
PDF Shell Extension
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 DD 00 10 E8 F5 EF FF FF 33 C0 40 89
00F40000[00013000]
[AM] 50. c:\program files\ati technologies\ati.ace\atiacmxx.dll
ACE Context Menu
.text,.rdata,.data,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
叨叨1 - 2007-7-11 14:28:00
【回复“Leoooo”的帖子】 3C400000[0002E000]
[ M] 81. c:\program files\yahoo!\assistant\yalive.dll
yahoo! china
AutoLive Module
.text,.rdata,.data,.ylive_d,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40000000[0002A000]
[ M] 82. c:\program files\yahoo!\assistant\yalliveex.dll
Yahoo! China
LiveEx
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
04380000[0000E000]
[AM] 36. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
7C340000[00056000]
[ M] 83. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
42400000[00036000]
[ M] 84. c:\program files\yahoo!\assistant\assist\ysearch.dll
Yahoo! China
WebSearch Plugin
.text,.rdata,.data,.ySearch,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
39400000[00021000]
[ M] 85. c:\program files\yahoo!\assistant\assist\yasnoad.dll
yahoo! china
ADKiller Module
.text,.rdata,.data,.Setting,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3A800000[00019000]
[ M] 86. c:\program files\yahoo!\assistant\assist\yzsnetproto.dll
Yahoo! China
yzsNetProto.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
39000000[0000D000]
[ M] 87. c:\program files\yahoo!\assistant\assist\yadfilter.dll
Yahoo! China
yadfilter
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
42000000[00010000]
[ M] 88. c:\program files\yahoo!\assistant\shell\yassecblk.dll
Yahoo! China
yassecblk
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40C00000[0000F000]
[ M] 89. c:\program files\yahoo!\assistant\assist\yoptimum.dll
Yahoo! China
yOptimum
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
41800000[00046000]
[ M] 90. c:\program files\yahoo!\assistant\assist\yrepair.dll
Yahoo! China
yrepair
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
08AE0000[001C6000]
[ M] 91. c:\program files\yahoo!\assistant\assist\yasfsks.dll
Yahoo! China
fsk by Genghis.Tang(2004.12)
UPX0,UPX1,.rsrc,
80 7C 24 08 01 0F 85 9A 01 00 00 60 BE 00 C0 1A
011A0000[00007000]
[ M] 92. c:\program files\yahoo!\assistant\assist\yxpstyle.dll
Yahoo! China
yXPStyle
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000005fc(1532) spoolsv.exe
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 00000654(1620) RavStub.exe
00400000[00018000]
[AM] 69. i:\瑞星\瑞星主程序\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64
10000000[0001B000]
[ M] 93. i:\瑞星\瑞星主程序\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23700000[0001A000]
[ M] 94. i:\瑞星\瑞星主程序\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000006e0(1760) RfwMain.exe
00400000[00073000]
[AM] 64. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
26600000[0007D000]
[ M] 95. c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23700000[0001A000]
[ M] 96. c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0000F000]
[ M] 97. c:\program files\rising\rfw\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23800000[0001A000]
[ M] 98. c:\program files\rising\rfw\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23900000[00031000]
[ M] 99. c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01110000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
015C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
01630000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
016C0000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
+ 000006ec(1772) KwMV.exe
00400000[0003F000]
[ M] 100. i:\qq\新建文件夹\kwmusic\kwmv.exe
.text,.rdata,.data,
6A 74 68 78 8A 43 00 E8 74 02 00 00 33 DB 89 5D
10000000[00016000]
[ M] 101. i:\qq\新建文件夹\kwmusic\kwlogsvr.dll
.text,.rdata,.data,.reloc,
6A 0C 68 E8 E5 00 10 E8 E7 00 00 00 33 C0 40 89
7C3A0000[0007B000]
[ M] 102. i:\qq\新建文件夹\kwmusic\msvcp71.dll
Microsoft Corporation
Microsoft? C++ Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 E8 1C 3D 7C E8 EB EA FF FF 33 C0 40 89
7C340000[00056000]
[ M] 103. i:\qq\新建文件夹\kwmusic\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
00920000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
00990000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
009C0000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00E10000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
叨叨1 - 2007-7-11 14:28:00
【回复“Leoooo”的帖子】 00F60000[00012000]
[ M] 106. i:\qq\新建文件夹\kwmusic\lidx.dll
.text,.rdata,.data,.reloc,
6A 0C 68 C8 C4 00 10 E8 52 01 00 00 33 C0 40 89
01090000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 00000738(1848) SOUNDMAN.EXE
00400000[00018000]
[AM] 58. c:\windows\soundman.exe
Realtek Semiconductor Corp.
Realtek Sound Manager
.text,.rdata,.data,.sxdata,.rsrc,
6A 60 68 08 B3 40 00 E8 2B 10 00 00 83 65 FC 00
10000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 00000748(1864) realsched.exe
00400000[0002F000]
[AM] 59. c:\program files\common files\real\update_ob\realsched.exe
RealNetworks, Inc.
RealNetworks Scheduler
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F0 30 42 00 68 28 94 41 00 64
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 00000764(1892) VMSnap5.EXE
00400000[0000F000]
[AM] 60. c:\windows\vmsnap5.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 88 71 40 00 68 38 4D 40 00 64
10000000[00034000]
[ M] 107. c:\windows\system32\vm305prp.ax
Vimicro
DirectShow Extension Page
.text,.rdata,.data,.idata,.CRT,.rsrc,.reloc,
8B 44 24 08 56 83 E8 00 74 45 48 75 49 8B 74 24
01000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 00000780(1920) Domino.EXE
00400000[0000F000]
[AM] 61. c:\windows\domino.exe
Vimicro
Vimicro
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 71 40 00 68 F8 46 40 00 64
+ 000007ac(1964) runiep.exe
00400000[00012000]
[AM] 65. i:\新建文件夹\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
00C40000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 000007c0(1984) YLive.exe
00400000[00006000]
[AM] 66. c:\program files\yahoo!\assistant\ylive.exe
Yahoo! China
YLive
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 31 40 00 68 90 25 40 00 64
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3C400000[0002E000]
[ M] 81. c:\program files\yahoo!\assistant\yalive.dll
yahoo! china
AutoLive Module
.text,.rdata,.data,.ylive_d,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40000000[0002A000]
[ M] 82. c:\program files\yahoo!\assistant\yalliveex.dll
Yahoo! China
LiveEx
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
40800000[00019000]
[ M] 108. c:\program files\yahoo!\assistant\ynotifier.dll
yahoo! china
Notifier Module
.text,.rdata,.data,.YahooNT,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 000007d0(2000) yAssistSe.exe
00400000[00017000]
[AM] 67. c:\program files\yahoo!\assistant\yassistse.exe
Yahoo! China
AssistSetting
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 48 52 40 00 68 6E 40 40 00 64
003B0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
42000000[00010000]
[ M] 88. c:\program files\yahoo!\assistant\shell\yassecblk.dll
Yahoo! China
yassecblk
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40400000[00009000]
[ M] 109. c:\program files\yahoo!\assistant\shell\ymenuinfo.dll
Yahoo! China
MenuInfo
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3EC00000[00006000]
[ M] 110. c:\program files\yahoo!\assistant\shell\yieangel.dll
Yahoo! China
IEAngel
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3B800000[0000F000]
[ M] 111. c:\program files\yahoo!\assistant\shell\yasmenu.dll
Yahoo! China
yAsMenu
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
10000000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
+ 0000084c(2124) RsAgent.exe
00400000[0003A000]
[ M] 112. i:\瑞星\瑞星主程序\rising\rav\rsagent.exe
Beijing Rising Technology Co., Ltd.
RsAgent Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 E4 40 00 68 0A BA 40 00 64
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
009B0000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00DE0000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
012A0000[0001B000]
[ M] 93. i:\瑞星\瑞星主程序\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01730000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
02C20000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
+ 0000085c(2140) AgentSvr.exe
007E0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00820000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00850000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00EB0000[0001B000]
叨叨1 - 2007-7-11 14:30:00
【回复“Leoooo”的帖子】 [ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
72C80000[00008000]
[ M] 75. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
10000000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
01D80000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
+ 00000908(2312) Ras.exe
00400000[0013E000]
[ M] 113. i:\新建文件夹\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 B8 3A 4C 00 68 10 B9 4A 00 64
003D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00C40000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
01280000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01840000[000A3000]
[ M] 114. i:\新建文件夹\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
03100000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
10000000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
04100000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
04710000[00019000]
[ M] 115. i:\瑞星\瑞星主程序\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000970(2416) alg.exe
+ 00000ab0(2736) GoogleToolbarNotifier.exe
00400000[0002C000]
[ M] 116. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
Google Inc.
GoogleToolbarNotifier
.text,.rdata,.data,.rsrc,
6A 60 68 D0 94 41 00 E8 68 02 00 00 BF 94 00 00
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00B30000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00F60000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
018B0000[00042000]
[ M] 117. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\swg.dll
Google Inc.
GoogleToolbarNotifier
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 98 F5 02 10 E8 AC 01 00 00 33 C0 40 89
01B10000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
10000000[0000E000]
[ M] 118. c:\program files\google\googletoolbarnotifier\1.2.1128.5462\res_zh-cn.dll
Google Inc.
GoogleToolbarNotifier
.rdata,.rsrc,.reloc,
+ 00000ba8(2984) iexplore.exe
003D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00A30000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00E60000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
41C00000[0000A000]
[ M] 119. c:\program files\yahoo!\assistant\yscrblock.dll
Yahoo! China
yScrBlock
.text,.rdata,.data,Shared,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3C400000[0002E000]
[ M] 81. c:\program files\yahoo!\assistant\yalive.dll
yahoo! china
AutoLive Module
.text,.rdata,.data,.ylive_d,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
40000000[0002A000]
[ M] 82. c:\program files\yahoo!\assistant\yalliveex.dll
Yahoo! China
LiveEx
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
42800000[00053000]
[AM] 33. c:\program files\yahoo!\assistant\assist\yasbar.dll
yahoo! china
IE ToolBand
.text,.rdata,.data,.yAsbarS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
42400000[00036000]
[ M] 84. c:\program files\yahoo!\assistant\assist\ysearch.dll
Yahoo! China
WebSearch Plugin
.text,.rdata,.data,.ySearch,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
39400000[00021000]
[ M] 85. c:\program files\yahoo!\assistant\assist\yasnoad.dll
yahoo! china
ADKiller Module
.text,.rdata,.data,.Setting,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3A800000[00019000]
[ M] 86. c:\program files\yahoo!\assistant\assist\yzsnetproto.dll
Yahoo! China
yzsNetProto.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
44800000[00020000]
[AM] 37. c:\program files\yahoo!\assistant\assist\yphtb.dll
Yahoo! China
yPhtb
.text,.rdata,.data,.yPhtbSe,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
43C00000[00030000]
[AM] 45. c:\program files\yahoo!\assistant\assist\yrss.dll
Yahoo! China
yRss Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
42C00000[00026000]
[ M] 120. c:\program files\yahoo!\assistant\assist\yaswiper.dll
Yahoo! China
yTWiper
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3F400000[0002A000]
[ M] 121. c:\program files\yahoo!\assistant\assist\yasiesec.dll
Yahoo! China
yIESecUI
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
43800000[00037000]
[ M] 122. c:\program files\yahoo!\assistant\assist\ysettings.dll
yahoo! china
ysettings
UPX0,UPX1,.rsrc,
80 7C 24 08 01 0F 85 86 01 00 00 60 BE 00 60 82
04660000[00028000]
[ M] 123. c:\program files\yahoo!\assistant\assist\ymailp.dll
Yahoo! China
YMail Alert
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 48 84 01 10 E8 72 01 00 00 33 C0 40 89
44C00000[00016000]
[ M] 124. c:\program files\yahoo!\assistant\assist\ymyweb.dll
Yahoo! China
yMyWeb Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
45C00000[0001A000]
[ M] 125. c:\program files\yahoo!\assistant\assist\ypagetr.dll
yPageTr Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
04730000[0001B000]
[AM] 55. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
04780000[0037F000]
[AM] 31. c:\program files\google\googletoolbar2.dll
Google Inc.
Google IE 客户端工具栏
.text,.rdata,.data,shared,.rsrc,.reloc,
6A 0C 68 40 31 10 10 E8 98 EC FF FF 33 C0 40 89
05980000[00022000]
[AM] 34. i:\thunder\comdlls\tdatonce_now.dll
Thunder Networking Technologies,LTD
迅雷浏览器高级特性支持模块
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 56 8B 75 0C 83 FE 01 74 05 83 FE 02 75
059E0000[00019000]
[AM] 35. i:\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89
223F0000[00009000]
[ M] 126. i:\thunder\components\resworker\dsbho_00.dll
DsBho
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
223C0000[0000C000]
[ M] 127. i:\thunder\components\resworker\dataprocessor_00.dll
Thunder Networking Technologies,LTD
DataProcessor
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
叨叨1 - 2007-7-11 14:35:00
【回复“Leoooo”的帖子】 10000000[0000E000]
[AM] 36. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
7C340000[00056000]
[ M] 83. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
39C00000[0002A000]
[AM] 38. c:\program files\yahoo!\assistant\assist\yangling.dll
yahoo! china
yangling.dll
.text,.rdata,.data,.SHARED,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
616D0000[0002F000]
[AM] 39. c:\program files\tencent\qq\qqiehelper.dll
深圳市腾讯计算机系统有限公司
QQIEHelper Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
44000000[0000E000]
[AM] 40. c:\program files\yahoo!\assistant\assist\ydragsearch.dll
yahoo! china
DragSearch
.text,.rdata,.data,.BhoObjS,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
45400000[0003B000]
[AM] 41. c:\program files\yahoo!\assistant\assist\yflashdl.dll
Yahoo! China
Flash video download
.text,.rdata,.data,.yFlashD,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
3B000000[00016000]
[AM] 42. c:\program files\yahoo!\assistant\assist\yassist.dll
Yahoo! China
Assist Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
054E0000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
055C0000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
05920000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
075A0000[00019000]
[ M] 115. i:\瑞星\瑞星主程序\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
30000000[002EF000]
[ M] 128. c:\windows\system32\macromed\flash\flash9c.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r45
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 C8 C9 1C 30 E8 67 EB FF FF 33 C0 40 89
72C80000[00008000]
[ M] 75. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
+ 00000d94(3476) QQ.exe
00400000[00150000]
[AM] 43. c:\program files\tencent\qq\qq.exe
TENCENT
QQ
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 58 BE 4F 00 68 58 1D 47 00 64
10000000[0021E000]
[ M] 129. c:\program files\tencent\qq\qqbaseclassindll.dll
QQBaseClassInDll DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00550000[00082000]
[ M] 130. c:\program files\tencent\qq\qqhelperdll.dll
QQHelperDll DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60090000[00035000]
[ M] 131. c:\program files\tencent\qq\basicctrldll.dll
Tencent
BasicCtrlDll DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60BA0000[000F2000]
[ M] 132. c:\program files\tencent\qq\mfc42.dll
Microsoft Corporation
MFCDLL Shared Library - Retail Version
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
003C0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
00CB0000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00E00000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
01220000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61FD0000[00005000]
[ M] 133. c:\program files\tencent\qq\riched32.dll
Microsoft Corporation
Wrapper Dll for Richedit 1.0
.text,.data,.rsrc,.reloc,
61F60000[00068000]
[ M] 134. c:\program files\tencent\qq\riched20.dll
Microsoft Corporation
Rich Text Edit Control, v3.1
.text,.data,.rsrc,.reloc,
55 8B EC 81 EC 0C 02 00 00 83 7D 0C 00 A1 08 C3
612B0000[00031000]
[ M] 135. c:\program files\tencent\qq\qqapi.dll
ModuleSample DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
622D0000[00007000]
[ M] 136. c:\program files\tencent\qq\timproxy.dll
tencent
TIMProxy
.text,.orpc,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01B60000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
60A30000[0005E000]
[ M] 137. c:\program files\tencent\qq\loginctrl.dll
LoginCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
02F30000[0003F000]
[ M] 138. c:\program files\tencent\qq\npkcntc.dll
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver Support Dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
02F70000[0000E000]
[ M] 139. c:\program files\tencent\qq\npkpdb.dll
INCA Internet Co., Ltd.
nProtect KeyCrypt Program Database DLL
.text,.NUMEGAB,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
037A0000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
037B0000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
038C0000[003E9000]
[ M] 140. c:\program files\tencent\qq\qqres.dll
tencent
QQRes
.rsrc,.reloc,
61710000[00080000]
[ M] 141. c:\program files\tencent\qq\qqmainframe.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
05560000[000F9000]
[ M] 142. c:\program files\tencent\qq\cqqapplication.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60D10000[0005B000]
[ M] 143. c:\program files\tencent\qq\newskin.dll
NewSkin Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
607B0000[000CB000]
[ M] 144. c:\program files\tencent\qq\hostingmgr.dll
HostingMgr DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60130000[00022000]
[ M] 145. c:\program files\tencent\qq\cameradll.dll
CameraDll DLL
.text,.rdata,.data,.MYSHARE,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60B70000[0002D000]
[ M] 146. c:\program files\tencent\qq\mailsummary.dll
MailSummary DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61E30000[00016000]
[ M] 147. c:\program files\tencent\qq\qqspace.dll
QQSpace DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62340000[00071000]
[ M] 148. c:\program files\tencent\qq\vbscript.dll
Microsoft Corporation
Microsoft (r) VBScript
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
615D0000[00068000]
[ M] 149. c:\program files\tencent\qq\qqgroupmng.dll
QQGroupMng DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60770000[00033000]
[ M] 150. c:\program files\tencent\qq\grouplive.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61E50000[00034000]
[ M] 151. c:\program files\tencent\qq\qqsysmsgmng.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62310000[00015000]
[ M] 152. c:\program files\tencent\qq\userdefinedhead.dll
UserDefinedHead DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
618D0000[000C2000]
[ M] 153. c:\program files\tencent\qq\qqplugin.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61530000[0000C000]
叨叨1 - 2007-7-11 14:36:00
【回复“Leoooo”的帖子】 [ M] 154. c:\program files\tencent\qq\qqconfigplugin.dll
QQConfigPlugin DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
612F0000[0001F000]
[ M] 155. c:\program files\tencent\qq\qqavatar.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60340000[0003E000]
[ M] 156. c:\program files\tencent\qq\flashavatardll.dll
FlashAvatarDll DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
06770000[00184000]
[ M] 157. c:\program files\tencent\qq\qqallinone.dll
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62180000[00025000]
[ M] 158. c:\program files\tencent\qq\sccore.dll
.text,.rdata,.data,.shareds,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61540000[00032000]
[ M] 159. c:\program files\tencent\qq\qqcustomface.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
603A0000[001A3000]
[ M] 160. c:\program files\tencent\qq\gdiplus.dll
Microsoft Corporation
Microsoft GDI+
.text,.data,Shared,.rsrc,.reloc,
8B FF 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57
72C80000[00008000]
[ M] 75. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
72C60000[00007000]
[ M] 161. c:\windows\system32\msadp32.acm
Microsoft Corporation
Microsoft ADPCM CODEC for MSACM
.text,.data,.rsrc,.reloc,
8B FF 55 8B EC 83 7D 0C 01 75 0E FF 75 08 FF 15
61890000[00029000]
[ M] 162. c:\program files\tencent\qq\qqpet.dll
QQPet DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61F40000[00016000]
[ M] 163. c:\program files\tencent\qq\qringmng.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60DF0000[00020000]
[ M] 164. c:\program files\tencent\qq\phoneapi.dll
PhoneAPI DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
602F0000[0000D000]
[ M] 165. c:\program files\tencent\qq\dialerallinone.dll
tencent
DialerAllInOne
.text,.rdata,.data,Shared,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
30000000[002EF000]
[ M] 128. c:\windows\system32\macromed\flash\flash9c.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r45
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 C8 C9 1C 30 E8 67 EB FF FF 33 C0 40 89
61D90000[00029000]
[ M] 166. c:\program files\tencent\qq\qqscenemng.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
07E90000[0001B000]
[AM] 55. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60A90000[000A4000]
[ M] 167. c:\program files\tencent\qq\longconnection.dll
tencent
LongConnection
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62790000[00020000]
[ M] 168. c:\program files\tencent\qq\vqqmodule.dll
VqqModule DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60880000[0001A000]
[ M] 169. c:\program files\tencent\qq\imageole.dll
TODO: <Company name>
TODO: <File description>
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62720000[00068000]
[ M] 170. c:\program files\tencent\qq\vqqallinone.dll
Tencent
VqqAllInOne
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
622A0000[00012000]
[ M] 171. c:\program files\tencent\qq\tencent-proto1.dll
tencent
tencent-proto1
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
62270000[00024000]
[ M] 172. c:\program files\tencent\qq\tencent-comlib.dll
tencent
tencent-comlib
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
622C0000[0000D000]
[ M] 173. c:\program files\tencent\qq\tencent-proto2.dll
tencent
tencent-proto2
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60080000[00009000]
[ M] 174. c:\program files\tencent\qq\audioengine.dll
TENCENT
audioengine
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60550000[001EC000]
[ M] 175. c:\program files\tencent\qq\gipsvoiceenginedll.dll
Global IP Sound
Global IP Sound VoiceEngine
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60110000[0001D000]
[ M] 176. c:\program files\tencent\qq\bqqapplication.dll
.text,.rdata,.data,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60170000[0004E000]
[ M] 177. c:\program files\tencent\qq\commercesmng.dll
CommercesMng DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
60DE0000[0000F000]
[ M] 178. c:\program files\tencent\qq\personaldesktop.dll
深圳市腾讯计算机系统公司QQ工作小组
QQ个人桌面
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
08FB0000[0028B000]
[ M] 179. c:\program files\tencent\qq\qqaddr.dll
深圳市腾讯计算机系统有限公司
腾讯通讯录
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
61700000[0000E000]
[ M] 180. c:\program files\tencent\qq\qqmagicface.dll
QQMagicFace DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
08330000[0002A000]
[ M] 181. c:\program files\tencent\qq\qqphonehelper.dll
腾讯科技(深圳)有限公司
QQPhoneHelper
UPX0,UPX1,.rsrc,
80 7C 24 08 01 0F 85 86 01 00 00 60 BE 00 90 01
61EE0000[0005B000]
[ M] 182. c:\program files\tencent\qq\qqzip.dll
tencent
QQZip
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
082E0000[00023000]
[ M] 183. c:\program files\tencent\qq\groupconnection.dll
Tencent
GroupConnection DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
06400000[00027000]
[ M] 184. c:\program files\tencent\qq\qqfiletransfer.dll
Tencent
QQFileTransfer DLL
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
09840000[00129000]
[ M] 185. c:\program files\tencent\qq\qqnetdisk.dll
深圳腾讯科技
QQNetDisk7.2Beta02 v07.2.103.141
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
09600000[00019000]
[ M] 115. i:\瑞星\瑞星主程序\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 00000e28(3624) taskmgr.exe
003D0000[0000A000]
[AM] 56. c:\windows\system32\dhapri.dll
CODE,DATA,BSS,.idata,.reloc,.rsrc,
20 81 FD 18 0C 08 00 74 09 81 3C 24 AD 82 29 00
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
00B80000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00FB0000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
027E0000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
10000000[00008000]
[ M] 79. c:\windows\system32\cmdbcs.dll
.text,.rdata,.data,sdt,.reloc,
36 53 56 FF D7 85 C0 0F 85 83 00 00 00 20 45 0B
028D0000[00009000]
[ M] 78. c:\windows\system32\mppds.dll
.text,.rdata,.data,sdt,.reloc,
00 3C 03 0F 87 C6 00 00 00 8B 3D 14 50 10 04 BB
+ 00000f10(3856) TIMPlatform.exe
00400000[00013000]
[ M] 186. c:\program files\tencent\qq\timplatform.exe
tencent
TIMPlatform
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 B2 40 00 68 78 6D 40 00 64
10010000[00013000]
[ M] 77. c:\windows\system32\remotedbg.dll
.text,.rsrc,.reloc,
003E0000[00012000]
[ M] 104. c:\windows\system32\windds32.dll
.text,.rsrc,.reloc,
FF FF 8B 3D 0C 80 C4 00 83 C4 18 83 3D 2C CB C4
00F10000[00012000]
[ M] 105. c:\windows\system32\netsrvcs.dll
.text,.rsrc,.reloc,
C4 10 C3 CC CC CC CC CC CC CC CC CC CC CC CC CC
53000000[0000B000]
[ M] 73. c:\program files\yahoo!\assistant\yhelper.dll
Yahoo! China
Helper Module
.text,.rdata,.data,.cnshelp,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01400000[0001B000]
[ M] 74. i:\新建文件夹\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 10 03 E8 BD 02 00 00 33 C0 40 89
622D0000[00007000]
[ M] 136. c:\program files\tencent\qq\timproxy.dll
tencent
TIMProxy
.text,.orpc,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
叨叨1 - 2007-7-11 14:42:00
【回复“Leoooo”的帖子】这是全部的报告,麻烦你了。我的电脑随着开机时间的延长,PF使用率随之增高。重启之后才会恢复正常。
zjlymzg - 2007-7-11 15:51:00
http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm
1
© 2000 - 2026 Rising Corp. Ltd.