[CODE]

2008-05-02,09:48:00

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Super Rabbit IEPro><E:\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD]
    <nTrayFw><C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe>  [NVIDIA Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"E:\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safetray><E:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Disabled]
  <C:\WINDOWS\System32\3wareSrv.exe><N/A>
[Windows Presentation Foundation (WPF) / applications][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k applications-->C:\WINDOWS\system32\CHXCEfArnlCqhWHPTwaX.dll><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[ForceWare Intelligent Application Manager (IAM) / ForceWare Intelligent Application Manager (IAM)][Running/Auto Start]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe><>
[Forceware Web Interface / ForcewareWebInterface][Running/Auto Start]
  <"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice><Apache Software Foundation>
[HID Input Service / HidServ][Stopped/Auto Start]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><Microsoft Corporation>
[mscodesrv / mscodesrv][Stopped/Auto Start]
  <C:\WINDOWS\temp\runassrv.exe runsrv /name:"mscodesrv" /prinum:"32" /inter /cmdline:"C:\WINDOWS\autohal.exe -PSSP S-1-5-21-2000478354-842925246-1202660629-500"><N/A>
[ForceWare IP service / nSvcIp][Running/Auto Start]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe><NVIDIA Corporation>
[ForceWare user log service / nSvcLog][Running/Auto Start]
  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe><NVIDIA>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"E:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Accounts Driver / windows_13][Stopped/Auto Start]
  <C:\WINDOWS\system32\dumped_.exe><N/A>

==================================
驱动程序
[aaatimeo / aaatimeo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AFAMgt / AFAMgt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[ahcix86 / ahcix86][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdbusdr / amdbusdr][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[apcdli / apcdli][Stopped/Auto Start]
  <\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[SiI-3112 SATALink  Controller / ASH1205][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ASH1205.sys><Silicon Image, Inc.>
[ata1200a / ata1200a][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ata1200a.sys><Adaptec, Inc.>
[atiide / atiide][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Cpq32fs2 / Cpq32fs2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[Promise Removable Disk Control Driver / dontgo][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fttxr52P / fttxr52P][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HpCISSm2 / HpCISSm2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\HpCISSm2.sys><Hewlett-Packard Company>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[Intel  RAID Controller / iaStor55][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor55.sys><Intel Corporation>
[Intel RAID  Controller / iaStor70][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\iaStor70.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[mv61xx / mv61xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[mvSata / mvSata][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mvsata.sys><Marvell Semiconductors Inc.>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[ntptdb / ntptdb][Stopped/Auto Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[nvsmu / nvsmu][Running/Manual Start]
  <system32\DRIVERS\nvsmu.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql2100 / ql2100][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[sisraidx / sisraidx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisraidx.sys><Silicon Integrated Systems Corp.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ViBus / ViBus][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[ykgv / ykgvk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ykgvk.sys><N/A>
[37390 / 37390][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360safe\safemon\safemon.dll, 360.CN>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[]
  {FB3412B6-6D67-4650-B3B4-C2A90191A80F} <C:\WINDOWS\system32\hqieumblmi.dll, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 892 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1212 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1280 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1428 / SYSTEM][E:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1564 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1652 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1692 / SYSTEM][E:\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [E:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [E:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [E:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [E:\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [E:\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [E:\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [E:\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [E:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35]
    [E:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [E:\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [E:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [E:\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [E:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [E:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [E:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [E:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
    [E:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [E:\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [E:\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [E:\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [E:\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [E:\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 62]
    [E:\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [E:\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [E:\RISING\RAV\urutils.dll]  [, 20, 0, 0, 5]
    [E:\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [E:\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\RISING\RAV\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [E:\RISING\RAV\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [E:\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1992 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 548 / SYSTEM][E:\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [E:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 752 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8487]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8487]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 952 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\chxcefarnlcqhwhptwax.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1128 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1240 / SYSTEM][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  [Apache Software Foundation, 2.0.52]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.52]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  [N/A, ]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.47]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  [N/A, ]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  [N/A, ]
[PID: 1392 / SYSTEM][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll]  [NVIDIA, 2, 2, 0, 464]
[PID: 356 / SYSTEM][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_resource_L1033.dll]  [NVIDIA Corporation, 1, 0, 1, 0]
[PID: 700 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8487]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1524 / SYSTEM][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe]  [Apache Software Foundation, 2.0.52]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll]  [Apache Software Foundation, 0.0.0.0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll]  [Apache Software Foundation, 2.0.52]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so]  [N/A, ]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so]  [Apache Software Foundation, 2.0.49]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so]  [Apache Software Foundation, 2.0.47]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll]  [N/A, ]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll]  [N/A, ]
[PID: 1520 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1620 / SYSTEM][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe]  [, 1, 0, 1, 0]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_resource_L1033.dll]  [NVIDIA Corporation, 1, 0, 1, 0]
[PID: 380 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 1468 / Administrator][E:\RISING\RAV\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35]
    [E:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [E:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [E:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [E:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [E:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [E:\RISING\RAV\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [E:\RISING\RAV\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [E:\RISING\RAV\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2880 / Administrator][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe]  [NVIDIA Corporation, 2, 2, 0, 489]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\SpecialCase.dll]  [NVIDIA, 2, 2, 0, 464]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 2988 / Administrator][E:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [E:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 3244 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 3316 / Administrator][E:\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 8.60]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [E:\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
[PID: 3792 / Administrator][E:\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.7]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 3852 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772 / Administrator][E:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 3, 80]
    [E:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
    [E:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [E:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 576 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 1120 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
[PID: 788 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]
    [E:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 884 / Administrator][E:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [E:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1392, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCIP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 356, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2880, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NTRAYFW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3316, E:\MAGICSET\SRIECLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 772, E:\MAXTHON\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]