请高手看看我的扫描报告,谢谢!!!!!!!!!!!! bbs.ikaka.com

大侠7 - 2007-7-4 12:33:00

2007-07-04,12:19:39

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Vista Ultimate Edition (Build 6000) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<WindowsWelcomeCenter><rundll32.exe oobefldr.dll,ShowWelcomeCenter> [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide> [(Verified)Microsoft Windows]
<RavTask><"H:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows]
<Userinit><H:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><H:\Windows\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<E:\软件\安全\AVG Anti-Spyware\guard.exe><GRISOFT s.r.o.>
[Rising Confing Manager / cfgload][Running/Auto Start]
<H:\program files\rising\rav\cfgload.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"H:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"H:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Vista Interface / RsVInterface][Running/Auto Start]
<H:\Program Files\Common Files\Rising\vsapisrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Vista Scanner / RsVScanner][Running/Auto Start]
<H:\program files\rising\rav\scannerd.exe><Beijing Rising Technology Co., Ltd.>
[Rising Vista Update / RsVUpdate][Running/Auto Start]
<H:\Program Files\Common Files\Rising\rsupd.exe><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdide / amdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\amdide.sys><Microsoft Corporation>
[arc / arc][Stopped/Disabled]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\E:\软件\安全\AVG Anti-Spyware\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[blbdrive / blbdrive][Stopped/Disabled]
<\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
<\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
<system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HookReg / HookReg][Running/Auto Start]
<\??\H:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\H:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HpCISSs / HpCISSs][Stopped/Disabled]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
<\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\drivers\idebusdr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\drivers\idechndr.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
<\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
<system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
<system32\DRIVERS\nwlnkfwd.sys><N/A>
[Royalty OEM BIOS Extension / OemBiosDevice][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\royal.sys><PARADOX>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100 NIC Family NDIS x86 Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
<\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
<\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
<\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
<\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[USB Mass Storage Driver / USBSTOR][Stopped/Disabled]
<\SystemRoot\system32\drivers\usbstor.sys><N/A>
[viaide / viaide][Stopped/Disabled]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

大侠7 - 2007-7-4 12:34:00

浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\工具\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <H:\Windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\工具\Thunder Network\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <H:\Windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
<D:\工具\Thunder Network\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\工具\Thunder Network\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 352 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 436 / SYSTEM][H:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 484 / SYSTEM][H:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 492 / SYSTEM][H:\Windows\system32\wininit.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][H:\Windows\system32\services.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 548 / SYSTEM][H:\Windows\system32\lsass.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 556 / SYSTEM][H:\Windows\system32\lsm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 604 / SYSTEM][H:\Windows\system32\winlogon.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 756 / SYSTEM][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 812 / NETWORK SERVICE][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 864 / SYSTEM][H:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 960 / SYSTEM][H:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 996 / LOCAL SERVICE][H:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1020 / SYSTEM][H:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1036 / SYSTEM][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1140 / NETWORK SERVICE][H:\Windows\system32\SLsvc.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1260 / SYSTEM][H:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 54]
[H:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
[H:\PROGRAM FILES\RISING\RAV\RsCommX.dll] [rising, 18, 0, 0, 1]
[H:\PROGRAM FILES\RISING\RAV\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 6, 0, 0, 0]
[H:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
[H:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
[H:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[H:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
[H:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[H:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 6]
[H:\PROGRAM FILES\RISING\RAV\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[H:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[H:\PROGRAM FILES\RISING\RAV\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[H:\PROGRAM FILES\RISING\RAV\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[H:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[H:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Rising, 19, 0, 0, 1]
[H:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[H:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[H:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[H:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[H:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
[H:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 64]
[H:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[H:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[H:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[H:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[H:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[H:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 17]
[H:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[H:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[H:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[H:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[H:\Program Files\Rising\Rav\ScanElf.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[H:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1344 / LOCAL SERVICE][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1496 / SYSTEM][H:\program files\rising\rav\cfgload.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
[H:\program files\rising\rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
[H:\program files\rising\rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
[PID: 1516 / NETWORK SERVICE][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1532 / LOCAL SERVICE][H:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1600 / SYSTEM][H:\Program Files\Common Files\Rising\vsapisrv.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 13]
[PID: 1620 / SYSTEM][H:\program files\rising\rav\scannerd.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 9]
[PID: 1640 / SYSTEM][H:\Program Files\Common Files\Rising\rsupd.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
[PID: 1688 / SYSTEM][H:\Windows\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1948 / Administrator][H:\Windows\system32\Dwm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2020 / Administrator][H:\Windows\Explorer.EXE] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[H:\Program Files\WinRAR\rarext.dll] [N/A, ]
[H:\Windows\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 9]
[H:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 360 / SYSTEM][H:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 416 / Administrator][H:\Windows\system32\taskeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 752 / Administrator][H:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]

大侠7 - 2007-7-4 12:35:00

[H:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[H:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
[H:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
[H:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 780 / Administrator][H:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 60]
[H:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 34]
[H:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
[H:\Program Files\Rising\Rav\jmpapi.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 11]
[H:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
[H:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
[H:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[H:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[H:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
[H:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 19, 2, 0, 5]
[PID: 2216 / Administrator][H:\Program Files\Windows Media Player\wmpnscfg.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 2412 / Administrator][H:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
[D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[D:\工具\Thunder Network\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[D:\工具\Thunder Network\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[H:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[H:\Windows\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[H:\Windows\system32\nvd3dum.dll] [NVidia Corporation, 7.15.10.9686]
[PID: 3104 / SYSTEM][H:\Windows\system32\SearchProtocolHost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3016 / SYSTEM][H:\Windows\servicing\TrustedInstaller.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1848 / NETWORK SERVICE][H:\Windows\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2964 / Administrator][E:\软件\安全\AVG Anti-Spyware\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[E:\软件\安全\AVG Anti-Spyware\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1912 / Administrator][E:\软件\扫描\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[E:\软件\扫描\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
Rising Net Filter over [MSAFD Tcpip [TCP/IP]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [UDP/IP]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [RAW/IP]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [TCP/IPv6]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [UDP/IPv6]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [RAW/IPv6]]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP TCPv6 服务提供商]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP TCP 服务提供商]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP UDPv6 服务提供商]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP UDP 服务提供商]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] SEQPACKET 2]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] DATAGRAM 2]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] SEQPACKET 3]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] DATAGRAM 3]
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter
H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
::1 localhost

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
[2356] H:\Windows\System32\wuapp.exe

==================================

瑞星卡卡安全论坛