[CODE] 2008-05-13,13:50:26 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [VIA Technologies] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"> [Cyberlink Corp.] <"C:\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [(Verified)Microsoft Corporation] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <360Antiarp> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"> [(Verified)Google Inc] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 [AutoCAD 启动加速器] C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]> [QQ游戏启动加速程序] E:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\RAV\Ravmond.exe"> ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start] [GMSIPCI / GMSIPCI][Stopped/Manual Start] <\??\F:\INSTALL\GMSIPCI.SYS> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [nv / nv][Running/Manual Start] [DDK PACKET Protocol / Packet][Running/Manual Start] <360安全中心> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [QKeyServiceDisplay / QKeyService][Running/Boot Start] <\SystemRoot\system32\KeyCrypt.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [viamraid / viamraid][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> ================================== 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [&使用超级旋风下载] [&使用超级旋风下载全部链接] [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 556 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 628 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 652 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 696 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 708 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 940 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1032 / SYSTEM][C:\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [PID: 1052 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [PID: 1096 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1264 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1468 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [E:\迅雷5\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [E:\迅雷5\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0] [C:\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [E:\迅雷5\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [E:\Office2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [E:\WINRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [PID: 1480 / SYSTEM][C:\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [C:\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [C:\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 36] [C:\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13] [C:\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 65] [C:\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [PID: 1672 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 1852 / SYSTEM][C:\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 196 / SYSTEM][E:\暴风影音3\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [E:\暴风影音3\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [PID: 248 / Administrator][C:\Program Files\VIA\RAID\raid_tool.exe] [VIA Technologies, 4, 0, 6, 0] [C:\Program Files\VIA\RAID\drvInterface.dll] [VIA, 4, 0, 4, 0] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 260 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 48] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 320 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.7801] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7801] [PID: 328 / Administrator][C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe] [Cyberlink Corp., 5.00.0000] [C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll] [CyberLink Corp., 3.20.0000] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 336 / Administrator][C:\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 392 / Administrator][C:\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 36] [C:\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 464 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7801] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 532 / Administrator][C:\Program Files\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 584 / Administrator][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe] [Google Inc., 1, 0, 0, 1] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 1456 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 2700 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2248 / Administrator][E:\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 8, 1720] [E:\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 74] [E:\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 369] [E:\Maxthon2\MxProxy2.dll] [Maxthon, 1, 0, 0, 3675] [E:\Maxthon2\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 2330] [E:\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125] [E:\Maxthon2\MxExt.dll] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 3452 / Administrator][E:\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 8, 1720] [E:\Maxthon2\mxpp.dll] [Maxthon International ltd., 1, 0, 0, 74] [E:\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 369] [E:\Maxthon2\MxProxy2.dll] [Maxthon, 1, 0, 0, 3675] [E:\Maxthon2\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 2330] [E:\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125] [E:\Maxthon2\MxExt.dll] [N/A, ] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 3400 / Administrator][C:\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 71] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Rav\RsCommon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Rav\ravpagem.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 1, 5] [C:\Rav\htmllib.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Rav\ravpagew.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 87] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\Rav\SysMail.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [PID: 1968 / Administrator][C:\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 3744 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 372 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [E:\QQ超级旋风\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5] [E:\迅雷5\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [E:\迅雷5\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [E:\迅雷5\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [E:\Office2003\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [PID: 1440 / Administrator][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [PID: 2412 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3008 / Administrator][D:\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 0, 1006] [C:\WINDOWS\system32\GOOGLEPINYIN.IME] [Google Inc., ] [D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR Error. [AutoCADScriptFile] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn 127.0.0.1 idc.windowsupdeta.cn 127.0.0.1 nc.mskess.com 127.0.0.1 ok.sl8cjs.cn 127.0.0.1 dl.pvs360.com 127.0.0.1 ta.pvs360.com 127.0.0.1 cw.pvs360.com 127.0.0.1 fg.pvs360.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 248, C:\PROGRAM FILES\VIA\RAID\RAID_TOOL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 328, C:\PROGRAM FILES\ASUSTEK\ASUSDVD\PDVDSERV.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]