[CODE]

2008-04-30,13:40:32

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <DrvLsnr><C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe>  [adi]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]
    <BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32>  []
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <NvCpl><RunDll32.exe "C:\WINDOWS\system32\NvCpl64.dll",RunDll32.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\IPv6.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
    <IFEO[auto.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntldr.exe]
    <IFEO[ntldr.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif]
    <IFEO[pagefile.pif]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
    <IFEO[sos.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe]
    <IFEO[sxs.exe]><AUTOGUARDER GUARDED.>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\test.exe]
    <IFEO[test.exe]><AUTOGUARDER GUARDED.>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[BrSplService / Brother XP spl Service][Running/Auto Start]
  <C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[VRVWatchServer / VRVWatchServer][Running/Auto Start]
  <"C:\WINDOWS\system32\WatchClient.exe" -service><>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[VRVFW / VRVFW][Running/Boot Start]
  <\SystemRoot\system32\VrvFw.sys><北信源>
[vrvfilemon / VRVSYS][Stopped/Auto Start]
  <\??\C:\Vrv\Client\filemon.sys><N/A>

==================================
浏览器加载项
[]
  {00000231-1000-0010-8000-00AA006D2EA4} <C:\WINDOWS\system32\WinXP.bmp, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[BDHlprObj Class]
  {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.4.0]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.0]
  {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[]
  {00000231-1000-0010-8000-00AA006D2EA4} <C:\WINDOWS\system32\WinXP.bmp, Microsoft Corporation>
[CTAIS_HTC.XMLTree]
  {03353F36-C17F-4A94-A609-3DA452B80D40} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\HHCTRL.OCX, Microsoft Corporation>
[POSPrint Class]
  {4F59D87C-866F-4622-96B3-5778E028F84A} <C:\WINDOWS\system32\CTAIS_AUX.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\HHCTRL.OCX, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BDHlprObj Class]
  {CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[Java Plug-in 1.4.0]
  {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.0\bin\npjpi140.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[CTAIS_HTC.DropDownList]
  {DD8322CC-5630-47FF-A6F8-56FFC2BA5E17} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.DataWindow]
  {DDF1E952-F686-42E6-A3AA-8CFDD3D8AE00} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.XMLSelect]
  {E76DC08A-C7E3-4669-ABCA-30E9702EA4A9} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[CTAIS_HTC.SocketMsg]
  {F5074040-B321-4990-B02B-7FF780AF34C7} <C:\Program Files\HTC\CTAIS_HTC.ocx, Software Products Dept. 3rd Group>
[XML Parser]
  {F5078F19-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>

==================================
正在运行的进程
[PID: 580 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 968 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1056 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1072 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1232 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1244 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 12]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 4]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 38]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 23]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1520 / SYSTEM][C:\WINDOWS\system32\brsvc01a.exe]  [brother Industries Ltd, 1, 0, 0, 2]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\brss01a.exe]  [brother Industries Ltd, 1.004]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\brpp2ka.dll]  [Brother Industries ,Ltd , 1.03]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1588 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL]  [Brother Industries ,Ltd , 1.03]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1640 / whgs][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINDOWS\system32\WinXP.bmp]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\DOWNLO~1\BDHelper.dll]  [, 1, 0, 0, 6]
    [C:\WINDOWS\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
[PID: 1888 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 164 / SYSTEM][C:\Program Files\Rising\Rav\RavService.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 376 / whgs][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 380 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 372 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 264 / whgs][C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe]  [adi, 1, 0, 0, 3]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 620 / SYSTEM][C:\WINDOWS\system32\WatchClient.exe]  [, 6, 6, 16, 21]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\VrvEdp_m.exe]  [, 6, 6, 20, 638]
    [C:\WINDOWS\system32\Cipherop.dll]  [Cipherop, 6, 6, 18, 17]
[PID: 924 / whgs][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3924]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1032 / whgs][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 19, 0, 0, 16]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\BDEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\BDEX.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\BDLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
[PID: 1096 / whgs][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
[PID: 1136 / whgs][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 48]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
[PID: 1160 / whgs][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1428 / SYSTEM][C:\WINDOWS\system32\vrvsafec.exe]  [edp, 6, 4, 19, 15]
    [C:\WINDOWS\system32\vrvhook.dll]  [edp, 6, 4, 19, 15]
[PID: 1760 / SYSTEM][C:\WINDOWS\system32\vrvrf_c.exe]  [, 6, 6, 6, 13]
    [C:\WINDOWS\system32\vrvpwk.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\vrvfw_c.dll]  [, 1, 0, 0, 2]
    [C:\WINDOWS\system32\vrvrun_c.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\bkfile.dll]  [N/A, ]
    [C:\WINDOWS\system32\edpaudfliter.dll]  [, 1, 0, 0, 1]
[PID: 2328 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IPv6.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2700 / whgs][H:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\IPv6.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\VrvHook.dll]  [edp, 6, 4, 19, 15]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\VrvKeyBoard.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\WinXP.bmp]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [H:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
RSVP UDP Service Provider
    C:\WINDOWS\VMailDog.dll(北信源, Vmaildog)
RSVP TCP Service Provider
    C:\WINDOWS\VMailDog.dll(北信源, Vmaildog)

==================================
Autorun.inf
[C:\]
[AuToRun]
open=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open=打开(&O)
shell\open\Command=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=RunDll32.exe .\Thumbs.lnk,Explorer
[D:\]
[AuToRun]
open=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open=打开(&O)
shell\open\Command=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=RunDll32.exe .\Thumbs.lnk,Explorer
[E:\]
[AuToRun]
open=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open=打开(&O)
shell\open\Command=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=RunDll32.exe .\Thumbs.lnk,Explorer
[F:\]
[AuToRun]
open=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open=打开(&O)
shell\open\Command=RunDll32.exe .\Thumbs.lnk,GetPic
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=RunDll32.exe .\Thumbs.lnk,Explorer

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 264, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\DRVLSNR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 920, C:\WINDOWS\SYSTEM32\VRVEDP_M.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1032, C:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1096, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1136, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1428, C:\WINDOWS\SYSTEM32\VRVSAFEC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1760, C:\WINDOWS\SYSTEM32\VRVRF_C.EXE]

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：NtOpenProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：ZwOpenFile (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：ZwOpenProcess (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：RegOpenKeyExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：RegDeleteKeyW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindFirstFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindFirstFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)
入口点错误：FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\VrvHook.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]