2008-05-16,08:50:03
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SiS KHooker><C:\WINDOWS\system32\khooker.exe> [Silicon Integrated Systems Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe> []
<RavTray><"C:\Program Files\Rising\Rav\RavTray.exe"> [Rising]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<360Safetray><d:\Program Files\360safe\safemon\360tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Multi-user Cleanup Service / Multi-user Cleanup Service][Running/Auto Start]
<C:\Lotus\Notes\ntmulti.exe><IBM Corp>
[RavService / RavService][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
<"C:\WINDOWS\system32\WatchClient.exe" -service><>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[vrvaud / vrvaud][Running/System Start]
<\??\C:\WINDOWS\system32\vrvaud_c.SYS><BXY>
[VRVFW / VRVFW][Running/Boot Start]
<\SystemRoot\system32\VrvFw.sys><北信源>
==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[JSKDRIVER Class]
{18D5D878-49B1-4FDE-9DD2-236AD1F54BA8} <C:\WINDOWS\Downloaded Program Files\JSAPIX32.dll, AeroSpace Information Corp.>
[Java Plug-in 1.4.2_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.0]
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_03]
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll, JavaSoft / Sun Microsystems, Inc.>
[ActiveFormX Control]
{F69A87D1-8A65-4E64-82E1-B8C1A6D6EBBF} <C:\WINDOWS\DOWNLO~1\GZNTBPRJ.ocx, >
[CTAIS_HTC.XMLTree]
{03353F36-C17F-4A94-A609-3DA452B80D40} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[JSKDRIVER Class]
{18D5D878-49B1-4FDE-9DD2-236AD1F54BA8} <C:\WINDOWS\Downloaded Program Files\JSAPIX32.dll, AeroSpace Information Corp.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[Java Plug-in 1.4.0]
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[Microsoft DirectAnimation Path]
{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6} <C:\WINDOWS\system32\daxctle.ocx, Microsoft Corporation>
[CTAIS_HTC.DropDownList]
{DD8322CC-5630-47FF-A6F8-56FFC2BA5E17} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.DataWindow]
{DDF1E952-F686-42E6-A3AA-8CFDD3D8AE00} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.XMLSelect]
{E76DC08A-C7E3-4669-ABCA-30E9702EA4A9} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.SocketMsg]
{F5074040-B321-4990-B02B-7FF780AF34C7} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[XML Parser]
{F5078F19-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[ActiveFormX Control]
{F69A87D1-8A65-4E64-82E1-B8C1A6D6EBBF} <C:\WINDOWS\DOWNLO~1\GZNTBPRJ.ocx, >
==================================
正在运行的进程
[PID: 436 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 840 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 860 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 908 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 964 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 996 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 12]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 1, 4]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 38]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 23]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1304 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1464 / SYSTEM][C:\Lotus\Notes\ntmulti.exe] [IBM Corp, 6.5.30.4258]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1492 / SYSTEM][C:\Program Files\Rising\Rav\RavService.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55]
[C:\Program Files\Rising\Rav\DLCenter.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\WatchClient.exe] [, 6, 6, 24, 14]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 1720 / SYSTEM][C:\WINDOWS\system32\VrvEdp_m.exe] [, 6, 6, 20, 1800]
[C:\WINDOWS\system32\Cipherop.dll] [Cipherop, 6, 6, 18, 17]
[PID: 1748 / SYSTEM][C:\WINDOWS\system32\vrvrf_c.exe] [, 6, 6, 6, 13]
[C:\WINDOWS\system32\vrvpwk.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\vrvfw_c.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\vrvrun_c.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\bkfile.dll] [N/A, ]
[C:\WINDOWS\system32\edpaudfliter.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\vrvaud_c.dll] [, 6, 12, 22, 12]
[PID: 1916 / SYSTEM][C:\WINDOWS\system32\vrvsafec.exe] [edp, 7, 3, 23, 15]
[C:\WINDOWS\system32\vrvhook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 904 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 180 / a01][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 0, 3, 1011]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\WINDOWS\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 352 / a01][C:\WINDOWS\system32\khooker.exe] [Silicon Integrated Systems Corporation, 5.13.01.2010]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 360 / a01][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.14]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 388 / a01][C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe] [N/A, ]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[PID: 396 / a01][C:\Program Files\Rising\Rav\RavTray.exe] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RavUILib.dll] [, 18, 0, 0, 1]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\RavTray936.dll] [Rising, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommx.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
[C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
[PID: 408 / a01][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 296 / a01][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 48]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 580 / a01][D:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 4, 0, 3, 1011]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 0, 3, 1011]
[D:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 0, 3, 1008]
[D:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 0, 3, 1009]
[D:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1025]
[PID: 952 / a01][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 0, 3, 1011]
[PID: 2444 / a01][E:\Program Files\专杀工具包\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\VrvHook.dll] [Microsoft Corporation, 6, 12, 18, 15]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 0, 3, 1011]
[C:\WINDOWS\system32\VrvKeyBoard.dll] [, 1, 0, 0, 1]
[E:\Program Files\专杀工具包\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 www.ll78.cn
127.0.0.1 ll78.cn
127.0.0.1 www.9ysj.com
127.0.0.1 9ysj.com
127.0.0.1 qq.520sf.org
127.0.0.1 go.ipcenter.cn
127.0.0.1 ip.8dunet.com
127.0.0.1 www1.winopen.cn
127.0.0.1 ip.alexaanywhere.com
127.0.0.1 www.f1ash8.net
127.0.0.1 f1ash8.net
127.0.0.1 www.1717kan.cn
127.0.0.1 1717kan.cn
127.0.0.1 ip.adanywhere.cn
127.0.0.1 59.34.197.239
127.0.0.1 www1.jlzqw.net
127.0.0.1 www.zpx520.com
127.0.0.1 zpx520.com
127.0.0.1 go.bannerbox.cn
127.0.0.1 www.b1ueidea.com
127.0.0.1 b1ueidea.com
127.0.0.1 www3.winopen.cn
127.0.0.1 www.pp913.com
127.0.0.1 pp913.com
127.0.0.1 www.baibaoxiang.cn
127.0.0.1 baibaoxiang.cn
127.0.0.1 www.jobl68.com
127.0.0.1 jobl68.com
127.0.0.1 yin520.com
127.0.0.1 w.vvcyin.com
127.0.0.1 web.77276.com
127.0.0.1 www.bbxdnzyy.com
127.0.0.1 bbxdnzyy.com
127.0.0.1 www.xaitan.cn
127.0.0.1 xaitan.cn
127.0.0.1 www.55t5.com
127.0.0.1 55t5.com
127.0.0.1 a1188.go.3322.org
127.0.0.1 a0088.go.3322.org
127.0.0.1 w.qbbd.com
127.0.0.1 www.jyshn.com
127.0.0.1 jyshn.com
127.0.0.1 61.152.169.234
127.0.0.1 www.ii35.com
127.0.0.1 ii35.com
127.0.0.1 www1.ycdy.com
127.0.0.1 ip.123kan.com
127.0.0.1 www.ycdy.com
127.0.0.1 ycdy.com
127.0.0.1 61.172.249.215
127.0.0.1 macr.microfsot.com
127.0.0.1 www.wxdown.net
127.0.0.1 wxdown.net
127.0.0.1 aa.59ys.com
127.0.0.1 ad3.59ys.cn
127.0.0.1 cc.wzxqy.com
127.0.0.1 1.369dm.com
127.0.0.1 2007.ads3721.com
127.0.0.1 tugood.ip8868.cn
127.0.0.1 ip.ipunion.cn
220.181.37.4 www.baidu.com
220.181.18.134 baidu.com
59.151.21.100 www.google.cn
64.233.161.99 google.cn
72.14.207.99 google.com
64.233.189.104 www.google.com
218.30.73.89 www.qq.com
219.133.40.91 qq.com
218.30.66.101 www.sina.com
71.5.7.138 sina.com
218.30.66.101 www.sina.com.cn
220.181.29.154 163.com
220.181.28.52 www.163.com
221.236.12.212 www.sohu.com
61.135.133.104 sohu.com
218.30.23.101 www.tom.com
61.135.158.237 tom.com
218.30.70.105 www.cctv.com
202.108.249.209 cctv.com
207.68.172.246 msn.com
207.68.183.32 www.msn.com
222.77.177.110 www.17173.com
59.60.148.170 www.yulv.net
218.206.191.72 www.chinamobile.com
61.177.95.155 www.126.com
211.206.123.219 www.hotmail.com
220.181.18.117 hi.baidu.com
211.98.115.5 www.newhua.com
222.185.229.75 www.skycn.com
220.181.3.21 www.
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1720, C:\WINDOWS\SYSTEM32\VRVEDP_M.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1916, C:\WINDOWS\SYSTEM32\VRVSAFEC.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 580, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
==================================
API HOOK
入口点错误:NtOpenProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:NtQuerySystemInformation (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:NtTerminateProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:ZwOpenProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:ZwTerminateProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:RegOpenKeyExW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:RegDeleteKeyW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:EnumServicesStatusW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:FindFirstFileExW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:FindFirstFileW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误:FindNextFileW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
==================================
隐藏进程
N/A
==================================
