SystemDetector系统日志

系统版本: windows NT 5.1 Build: 2600 Service Pack 3
日期: 2010/12/7 16:4
SystemDetector版本: 1.2 build100308

系统进程检测
进程ID 路径 版本 发行商
900 C:\WINDOWS\System32\SMSS.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
968 C:\WINDOWS\System32\CSRSS.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
992 C:\WINDOWS\System32\WINLOGON.EXE 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  C:\WINDOWS\System32\aetpkss1.dll 2.3.0.15080 A.E.T. Europe B.V.
1036 C:\WINDOWS\System32\SERVICES.EXE 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Microsoft Corporation
1048 C:\WINDOWS\System32\LSASS.EXE 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1220 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1300 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1424 C:\Program Files\Rising\RSD\RsMgrSvc.exe 1.0.0.13 Beijing Rising Information Technology Co., Ltd.
1436 C:\Program Files\Rising\Rav\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
1452 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  C:\Program Files\Rising\RFW\Urllib.dll 23, 0, 0, 1 Beijing Rising Information Technology Co., Ltd.
1536 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
1704 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1804 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1820 C:\Program Files\360\360SAFE\DEEPSCAN\ZhuDongFangYu.exe 3, 2, 2, 1003 360.cn
  C:\Program Files\360\360SAFE\DEEPSCAN\heavygate.dll 3, 6, 21, 0 360.cn
1972 C:\Program Files\Kingsoft\KSM\KSMSVC.EXE 2010,10,27,1479  
2036 C:\Program Files\KSafe\KSafeSvc.exe 2.0.2.1210 Kingsoft Corporation.
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
716 C:\WINDOWS\System32\SPOOLSV.EXE 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\WINDOWS\System32\ssnetmon.dll 7.1.6 Seagull Scientific, Inc.
  C:\WINDOWS\System32\spool\drivers\W32X86\3\ts#tsc-u.dll 7.1.6.6 Seagull Scientific, Inc.
  C:\WINDOWS\System32\spool\drivers\W32X86\3\uniDRVui.DLL 5.2.3790.120 (srv03_qfe.031205-1652) Microsoft Corporation
  C:\WINDOWS\System32\spool\drivers\W32X86\3\uniDRV.DLL 5.2.3790.184 (srv03_qfe.040410-1236) Microsoft Corporation
1584 C:\WINDOWS\EXPLORER.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\Program Files\WinRAR\RarExt.dll    
  C:\WINDOWS\System32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
248 C:\Program Files\360\360SAFE\SAFEMON\360TRAY.EXE 7, 3, 1, 1012 360.cn
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  C:\Program Files\360\360SAFE\DEEPSCAN\heavygate.dll 3, 6, 21, 0 360.cn
268 C:\Program Files\Rising\Rav\RsTray.exe 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
336 C:\Program Files\Rising\RFW\RsTray.exe 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
420 C:\Program Files\KSafe\KSafeTray.exe 2.0.2.1213 Kingsoft Corporation.
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
708 C:\WINDOWS\System32\CTFMON.EXE 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4076 D:\MSSQL\Binn\sqlservr.exe 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\opends60.dll 2000.080.0194.00 Microsoft Corporation
  D:\MSSQL\Binn\ums.dll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\sqlsort.dll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\Resources\2052\sqlevn70.rll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\SSnetlib.dll 2000.080.0766.00 Microsoft Corporation
  D:\MSSQL\Binn\ssnmpn70.dll 2000.080.0534.00 Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  D:\MSSQL\Binn\SSmsLPCn.dll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\xprepl.dll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\xpstar.DLL 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\sqlresld.dll 2000.080.0382.00 Microsoft Corporation
  D:\MSSQL\Binn\sqlsvc.dll 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\w95scm.DLL 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\Resources\2052\sqlsvc.RLL 2000.080.0194.00 Microsoft Corporation
  D:\MSSQL\Binn\Resources\2052\xpstar.RLL 2000.080.0760.00 Microsoft Corporation
  D:\MSSQL\Binn\ODSOLE70.dll 2000.080.0760.00 Microsoft Corporation
636 C:\WINDOWS\System32\NVSVC32.EXE 6.14.11.7519 NVIDIA Corporation
  C:\WINDOWS\System32\NVAPI.DLL 6.14.11.7519 NVIDIA Corporation
1608 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
3704 D:\海德商业管理系统普及版\sypos.exe    
  D:\海德商业管理系统普及版\PBVM90.DLL 9.0.3.8670 Sybase Inc.
  D:\海德商业管理系统普及版\LIBJCC.DLL    
  D:\海德商业管理系统普及版\wsock32.dll 5.00.2195.6603 Microsoft Corporation
  D:\海德商业管理系统普及版\SYUtils.dll    
  D:\海德商业管理系统普及版\PBODB90.DLL 9.0.3.8670 Sybase Inc.
  D:\海德商业管理系统普及版\DBODBC8.DLL 8.0.1.2600 iAnywhere Solutions, Inc.
  D:\海德商业管理系统普及版\DBLGEN8.DLL 8.0.1.2600 iAnywhere Solutions, Inc.
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  D:\海德商业管理系统普及版\MSCOMM32.OCX 6.00.8169 Microsoft Corporation
  D:\海德商业管理系统普及版\PBDWE90.DLL 9.0.3.8670 Sybase Inc.
  C:\WINDOWS\System32\spool\drivers\W32X86\3\uniDRV.DLL 5.2.3790.184 (srv03_qfe.040410-1236) Microsoft Corporation
  C:\WINDOWS\System32\spool\drivers\W32X86\3\uniDRVui.DLL 5.2.3790.120 (srv03_qfe.031205-1652) Microsoft Corporation
2960 D:\海德商业管理系统普及版\DBENG8.EXE 8.0.1.2600 iAnywhere Solutions, Inc.
  D:\海德商业管理系统普及版\DBSERV8.DLL 8.0.1.2600 iAnywhere Solutions, Inc.
  D:\海德商业管理系统普及版\wsock32.dll 5.00.2195.6603 Microsoft Corporation
  D:\海德商业管理系统普及版\DBCTRS8.DLL 8.0.1.2600 iAnywhere Solutions, Inc.
  D:\海德商业管理系统普及版\DBLGEN8.DLL 8.0.1.2600 iAnywhere Solutions, Inc.
2004 D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL 8.00.50727.4053 Microsoft Corporation
  D:\Program Files\QQ2009\Bin\KernelUtil.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Bin\HookQQ.dll    
  D:\Program Files\QQ2009\Bin\LoadPatch.dll    
  D:\Program Files\QQ2009\Bin\TheTools.dll    
  D:\Program Files\QQ2009\Bin\HKDlls\KillQQAd.dll    
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  D:\Program Files\QQ2009\Bin\CustomFace.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Plugin\Com.Tencent.PaiPai\bin\PaiPai.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Plugin\Com.Tencent.SoBar\bin\SoBar.dll 1, 25, 660, 0 Tencent
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
4068 D:\Program Files\QQ2009\Bin\HKDlls\KQAdTray.exe    
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  D:\Program Files\QQ2009\Bin\HKDlls\IPSearcher.dll    
2804 D:\Program Files\QQ2009\Bin\TXPlatform.exe 1, 25, 660, 0 Tencent
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
3020 D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL 8.00.50727.4053 Microsoft Corporation
  D:\Program Files\QQ2009\Bin\KernelUtil.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Bin\HookQQ.dll    
  D:\Program Files\QQ2009\Bin\LoadPatch.dll    
  D:\Program Files\QQ2009\Bin\TheTools.dll    
  D:\Program Files\QQ2009\Bin\HKDlls\KillQQAd.dll    
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  D:\Program Files\QQ2009\Bin\CustomFace.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Plugin\Com.Tencent.PaiPai\bin\PaiPai.dll 1, 25, 660, 0 Tencent
  D:\Program Files\QQ2009\Plugin\Com.Tencent.SoBar\bin\SoBar.dll 1, 25, 660, 0 Tencent
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
6048 C:\WINDOWS\System32\CONVERT.exe 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
2216 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\Program Files\360\360SAFE\DEEPSCAN\heavygate.dll 3, 6, 21, 0 360.cn
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
1212 C:\WINDOWS\System32\CONVERT.exe 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\Program Files\360\360SAFE\DEEPSCAN\heavygate.dll 3, 6, 21, 0 360.cn
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
4480 C:\WINDOWS\System32\msiexec.exe 4.5.6001.22159 (vistasp1_ldr.080415-1732) Microsoft Corporation
  C:\WINDOWS\System32\MSI.DLL 4.5.6001.22159 Microsoft Corporation
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\SFC_OS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation
4768 C:\Documents and Settings\SHAN\桌面\SystemDetector\SystemDetector.exe 1.2 WALKER05
  C:\Documents and Settings\SHAN\桌面\SystemDetector\BugTrapU.dll 1.3.3291.42976 IntelleSoft
  C:\WINDOWS\System32\UXTHEME.DLL 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
  C:\WINDOWS\System32\AETSPROV.DLL 2.3.0.9 A.E.T. Europe B.V.
  C:\WINDOWS\System32\MSVCP71.DLL 7.10.3077.0 Microsoft Corporation
  C:\WINDOWS\System32\MSVCR71.DLL 7.10.3052.4 Microsoft Corporation

启动项检测[注册表]
项目名 路径 版本 发行商
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
360Safetray C:\Program Files\360\360safe\safemon\360Tray.exe 7, 3, 1, 1012 360.cn
RavTRAY C:\Program Files\Rising\Rav\RSTRAY.EXE 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
RFWTRAY C:\Program Files\Rising\RFW\RSTRAY.EXE 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
KSafeTray C:\Program Files\KSafe\KSafeTray.exe 2.0.2.1213 Kingsoft Corporation.
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup    
IMJPMIG8.1   C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE    

启动项检测[启动目录]
项目名 路径 版本 发行商
N/A

启动项检测[Shell延迟加载]
项目名 CLSID 路径 版本 发行商
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} C:\WINDOWS\system32\SHELL32.dll 6.00.2900.6018 (xpsp_sp3_gdr.100726-1746) Microsoft Corporation
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} C:\WINDOWS\system32\SHELL32.dll 6.00.2900.6018 (xpsp_sp3_gdr.100726-1746) Microsoft Corporation
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} C:\WINDOWS\system32\webcheck.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} C:\WINDOWS\system32\upnpui.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation

启动项检测[Shell挂钩]
路径 CLSID 版本 发行商
shell32.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} 6.00.2900.6018 (xpsp_sp3_gdr.100726-1746) Microsoft Corporation

启动项检测[登陆通知]
项目名 路径 版本 发行商
crypt32chain crypt32.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Corporation
cscdll cscdll.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ScCertProp wlnotify.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
Schedule wlnotify.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
sclgntfy sclgntfy.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
SensLogn WlNotify.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
termsrv wlnotify.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
wlballoon wlnotify.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation

启动项检测[其他项]
项目名 内容
Shell EXPLORER.EXE
UIHost logonui.exe
Userinit C:\WINDOWS\system32\userinit.exe,
VmApplet rundll32 shell32,Control_RunDLL "sysdm.cpl"
cmdline %SystemRoot%\system32\ntvdm.exe -o
wowcmdline %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
AppInit_DLLs  
AlternateShell cmd.exe
BootExecute autocheck autochk *

服务检测[系统服务]
服务名 状态/启动模式 文件路径 版本 发行商
364svc Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
367svc Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Alerter Stopped/Disabled C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ALG Stopped/Demand C:\WINDOWS\System32\alg.exe 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
alstk Stopped/Auto      
AppMgmt Stopped/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
aqddxkmw Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
atyskx Stopped/Auto      
AudioSrv Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Auomicjarsier Stopped/Auto C:\Program Files\Auomicjarsier\srvany.exe    
bennlfwh Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
BITS Stopped/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Browser Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
bzffntkn Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
CiSvc Stopped/Demand C:\WINDOWS\system32\cisvc.exe 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
ClipSrv Stopped/Disabled C:\WINDOWS\system32\clipsrv.exe 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
CryptSvc Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
DcomLaunch Running/Auto C:\WINDOWS\system32\svchost -k DcomLaunch 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Dhcp Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
dmadmin Stopped/Demand C:\WINDOWS\System32\dmadmin.exe /com 2600.5512.503.0 Microsoft Corp., Veritas Software
dmserver Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Dnscache Running/Auto C:\WINDOWS\system32\svchost.exe -k NetworkService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Dot3svc Stopped/Demand C:\WINDOWS\System32\svchost.exe -k dot3svc 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
dpljayxs Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
EapHost Stopped/Demand C:\WINDOWS\System32\svchost.exe -k eapsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
eciyjsve Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ERSvc Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Eventlog Running/Auto C:\WINDOWS\system32\services.exe 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Microsoft Corporation
EventSystem Running/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
F28690593K Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvc 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
FastUserSwitchingCompatibility Running/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
fbwpuyqf Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
helpsvc Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
HidServ Stopped/Disabled C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
hkmsvc Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
HTTPFilter Stopped/Demand C:\WINDOWS\System32\svchost.exe -k HTTPFilter 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ias Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ImapiService Stopped/Demand C:\WINDOWS\system32\imapi.exe 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
IPSEC Serices Stopped/Auto C:\WINDOWS\system32\IPSEC.exe    
jwsvutek Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Kingsoft Rescue Service Running/Auto C:\Program Files\kingsoft\KSM\ksmsvc.exe 2010,10,27,1479  
KSafeSvc Running/Auto "C:\Program Files\KSafe\KSafeSvc.exe" -svc 2.0.2.1210 Kingsoft Corporation.
kzpuzugk Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
LanmanServer Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
lanmanworkstation Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
LmHosts Running/Auto C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
lpskyaui Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
lsibczzs Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ltmi Stopped/Auto      
Messenger Stopped/Disabled C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
mnmsrvc Stopped/Demand C:\WINDOWS\system32\mnmsrvc.exe 5.1.2600.5512 Microsoft Corporation
MSDIS Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
MSDTC Stopped/Demand C:\WINDOWS\system32\msdtc.exe 2001.12.4414.700 Microsoft Corporation
MSIServer Running/Demand C:\WINDOWS\system32\msiexec.exe /V 4.5.6001.22159 (vistasp1_ldr.080415-1732) Microsoft Corporation
MSSQL$AAAA Stopped/Demand C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlservr.exe -sAAAA 2000.080.0194.00 Microsoft Corporation
MSSQLSERVER Running/Auto D:\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER 2000.080.0760.00 Microsoft Corporation
MSSQLServerADHelper Stopped/Demand C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 2000.080.0760.00 Microsoft Corporation
napagent Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
NetDDE Stopped/Disabled C:\WINDOWS\system32\netdde.exe 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
NetDDEdsdm Stopped/Disabled C:\WINDOWS\system32\netdde.exe 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
Netlogon Stopped/Demand C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
Netman Running/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ngubpivw Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Nla Running/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
NtLmSsp Stopped/Demand C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
NtmsSvc Stopped/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
NVSvc Running/Auto C:\WINDOWS\system32\nvsvc32.exe 6.14.11.7519 NVIDIA Corporation
ose Stopped/Demand "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 11.0.5525 Microsoft Corporation
oubkpsed Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
pjrxihke Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
PlugPlay Running/Auto C:\WINDOWS\system32\services.exe 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Microsoft Corporation
PolicyAgent Stopped/Demand C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
ProtectedStorage Running/Auto C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
qxwreajq Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RasAuto Stopped/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RasMan Running/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Rcoes EcSz Service Stopped/Auto      
RDSessMgr Stopped/Demand C:\WINDOWS\system32\sessmgr.exe 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RemoteAccess Stopped/Disabled C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RemoteRegistry Stopped/Disabled C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
rjpixwbp Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RpcLocator Stopped/Demand C:\WINDOWS\system32\locator.exe 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
RpcSs Running/Auto C:\WINDOWS\system32\svchost -k rpcss 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RsMgrSvc Running/Auto "C:\Program Files\Rising\RSD\RsMgrSvc.exe" 1.0.0.13 Beijing Rising Information Technology Co., Ltd.
RsRavMon Running/Auto "C:\Program Files\Rising\Rav\RavMonD.exe" 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
RsRFWMon Running/Auto "C:\Program Files\Rising\RFW\RavMonD.exe" 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
RSVP Stopped/Demand C:\WINDOWS\system32\rsvp.exe 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
SamSs Running/Auto C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
SCardSvr Stopped/Demand C:\WINDOWS\System32\SCardSvr.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
Schedule Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
secfog Stopped/Auto      
seclogon Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
SENS Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
SharedAccess Stopped/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ShellHWDetection Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Spooler Running/Auto C:\WINDOWS\system32\spoolsv.exe 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626) Microsoft Corporation
SQLAgent$AAAA Stopped/Demand C:\PROGRA~1\MI6841~1\MSSQL$~1\binn\sqlagent.exe -i AAAA 2000.080.0194.00 Microsoft Corporation
srservice Stopped/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
SSDPSRV Running/Demand C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
stisvc Running/Auto C:\WINDOWS\system32\svchost.exe -k imgsvc 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
sxvkjfer Stopped/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
TapiSrv Running/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
TermService Running/Demand C:\WINDOWS\System32\svchost -k DComLaunch 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Themes Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
TlntSvr Stopped/Disabled C:\WINDOWS\system32\tlntsvr.exe 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
TrkWks Stopped/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
UMWdf Stopped/Demand C:\WINDOWS\system32\wdfmgr.exe 5.2.3790.1230 built by: dnsrv(bld4act) Microsoft Corporation
upnphost Stopped/Demand C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
UPS Stopped/Demand C:\WINDOWS\System32\ups.exe 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
uyumayhl Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
VSS Stopped/Demand C:\WINDOWS\System32\vssvc.exe 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
vubwocym Stopped/Auto C:\WINDOWS\System32\svchost.exe -k vubwocym 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
W32Time Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
WebClient Stopped/Demand C:\WINDOWS\system32\svchost.exe -k LocalService 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
winmgmt Running/Auto C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Wiystelp32 Stopped/Auto      
WmdmPmSN Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Wmi Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
WmiApSrv Stopped/Demand C:\WINDOWS\system32\wbem\wmiapsrv.exe 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Wnvvievvu Stopped/Demand C:\Program Files\Wnvvievvu\srvany.exe    
wscsvc Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
wuauserv Running/Demand C:\WINDOWS\system32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Wuuvcusuu Stopped/Demand C:\Program Files\Wuuvcusuu\srvany.exe    
WZCSVC Running/Auto C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
xmlprov Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
xucxzsrk Stopped/Demand C:\WINDOWS\System32\svchost.exe -k netsvcs 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ZhuDongFangYu Running/Auto "C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe" 3, 2, 2, 1003 360.cn

服务检测[驱动服务]
服务名 状态/启动模式 文件路径 版本 发行商
360netmon Running/System \??\C:\WINDOWS\system32\drivers\360netmon.sys 2.1.6.1019 360.cn
360SelfProtection Running/System system32\drivers\360SelfProtection.sys 1, 0, 0, 1050 360安全中心
Abiosdsk Stopped/Disabled      
ACPI Running/Boot \SystemRoot\system32\DRIVERS\ACPI.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
ACPIEC Running/Boot \SystemRoot\System32\DRIVERS\ACPIEC.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
aec Stopped/Demand system32\drivers\aec.sys 5.1.2601.3142 Microsoft Corporation
AFD Running/System \SystemRoot\System32\drivers\afd.sys 5.1.2600.5695 (xpsp_sp3_qfe.081016-1735) Microsoft Corporation
agpCPQ Running/Boot \SystemRoot\system32\DRIVERS\agpCPQ.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Alidevice Stopped/Demand C:\WINDOWS\system32\drivers\Alidevice.sys 1.00 built by: WinDDK alipay.com
alim1541 Running/Boot \SystemRoot\system32\DRIVERS\alim1541.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
amdagp Running/Boot \SystemRoot\system32\DRIVERS\amdagp.sys 5.00 (xpsp.080413-2111) Advanced Micro Devices, Inc.
AmdLLD Running/Demand system32\DRIVERS\AmdLLD.sys 1.0.1.0 AMD, Inc.
AmdPPM Running/System system32\DRIVERS\AmdPPM.sys 1.0.0 built by: WinDDK Advanced Micro Devices
AsyncMac Stopped/Demand system32\DRIVERS\asyncmac.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
atapi Running/Boot \SystemRoot\system32\DRIVERS\atapi.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Atdisk Stopped/Disabled      
Atmarpc Stopped/Demand system32\DRIVERS\atmarpc.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
audstub Running/Demand system32\DRIVERS\audstub.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
BAPIDRV Running/System \??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS 1.0.0.1018 360.cn
Beep Running/System C:\WINDOWS\system32\drivers\Beep.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
cbidf2k Stopped/Disabled      
Cdaudio Stopped/System C:\WINDOWS\system32\drivers\Cdaudio.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
Cdfs Running/Disabled C:\WINDOWS\system32\drivers\Cdfs.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Cdrom Running/System system32\DRIVERS\cdrom.sys 5.1.2600.5593 (xpsp_sp3_qfe.080502-1245) Microsoft Corporation
Changer Stopped/System      
Disk Running/Boot \SystemRoot\system32\DRIVERS\disk.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
dmboot Stopped/Disabled System32\drivers\dmboot.sys 2600.5512.503.0 Microsoft Corp., Veritas Software
dmio Running/Boot \SystemRoot\System32\drivers\dmio.sys 2600.5512.503.0 Microsoft Corp., Veritas Software
dmload Running/Boot \SystemRoot\System32\drivers\dmload.sys 2600.0.503.0 Microsoft Corp., Veritas Software.
DMusic Stopped/Demand system32\drivers\DMusic.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
drmkaud Stopped/Demand system32\drivers\drmkaud.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
EfiMon Running/System System32\Drivers\Efimon.sys 1, 0, 0, 1007 奇虎网
exFat Stopped/Disabled C:\WINDOWS\system32\drivers\exFat.sys 5.1.2600.5686 (xpsp_sp3_gdr.080929-1314) Microsoft Corporation
Fastfat Running/Disabled C:\WINDOWS\system32\drivers\Fastfat.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Fdc Stopped/System C:\WINDOWS\system32\drivers\Fdc.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Fips Running/System C:\WINDOWS\system32\drivers\Fips.sys 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
Flpydisk Stopped/System C:\WINDOWS\system32\drivers\Flpydisk.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
FltMgr Running/Boot \SystemRoot\system32\DRIVERS\fltMgr.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
FsVga Running/System system32\DRIVERS\fsvga.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
ft2kEnum Running/Demand system32\DRIVERS\ic2kenum.sys 2.4.3.403 OEM Corporation
Ftdisk Running/Boot \SystemRoot\system32\DRIVERS\ftdisk.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
GDBaseSmc Running/Demand system32\DRIVERS\Chip_smc.sys 2.4.3.1110 OEM
Gpc Running/Demand system32\DRIVERS\msgpc.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
HDAudBus Running/Demand system32\DRIVERS\HDAudBus.sys 5.10.01.5013 built by: WinDDK Windows (R) Server 2003 DDK provider
HidUsb Running/Demand system32\DRIVERS\hidusb.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
HookPort Running/Boot \SystemRoot\System32\Drivers\Hookport.sys 1, 0, 0, 1017 360安全中心
hooksys Running/System \??\C:\WINDOWS\system32\drivers\Hooksys.sys 25, 0, 0, 30 Beijing Rising Information Technology Co., Ltd.
HookTdi Running/System \??\C:\WINDOWS\system32\drivers\HookTdi.sys 25.0.0.14 Beijing Rising Information Technology Co., Ltd.
hptpro Stopped/Boot \SystemRoot\system32\DRIVERS\hptpro.sys 1.23.12.10 HighPoint Technologies, Inc.
HTTP Running/Demand System32\Drivers\HTTP.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
HyperVM Running/System \??\C:\WINDOWS\system32\drivers\hvm.sys 23, 0, 0, 4 Beijing Rising Information Technology Co., Ltd.
i2omgmt Running/System C:\WINDOWS\system32\drivers\i2omgmt.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
i8042prt Running/System system32\DRIVERS\i8042prt.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Imapi Stopped/System system32\DRIVERS\imapi.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
IntcAzAudAddService Running/Demand system32\drivers\RtkHDAud.sys 5.10.0.5506 built by: WinDDK Realtek Semiconductor Corp.
intelppm Stopped/Demand system32\DRIVERS\intelppm.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Ip6Fw Stopped/Demand system32\DRIVERS\Ip6Fw.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
IpFilterDriver Stopped/Demand system32\DRIVERS\ipfltdrv.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
IpInIp Stopped/Demand system32\DRIVERS\ipinip.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
IpNat Stopped/Demand system32\DRIVERS\ipnat.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
IPSec Running/System system32\DRIVERS\ipsec.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
IRENUM Stopped/Demand system32\DRIVERS\irenum.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
isapnp Running/Boot \SystemRoot\system32\DRIVERS\isapnp.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Kbdclass Running/System system32\DRIVERS\kbdclass.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
kbdhid Stopped/Demand system32\DRIVERS\kbdhid.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
kmixer Running/Demand system32\drivers\kmixer.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
KSecDD Running/Boot C:\WINDOWS\system32\drivers\KSecDD.sys 5.1.2600.5834 (xpsp_sp3_qfe.090624-1332) Microsoft Corporation
lbrtfdc Stopped/System      
mf Running/Demand system32\DRIVERS\mf.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
mnmdd Running/System C:\WINDOWS\system32\drivers\mnmdd.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
Modem Stopped/Demand C:\WINDOWS\system32\drivers\Modem.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Mouclass Running/System system32\DRIVERS\mouclass.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
mouhid Running/Demand system32\DRIVERS\mouhid.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
MountMgr Running/Boot C:\WINDOWS\system32\drivers\MountMgr.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
MRxDAV Stopped/Demand system32\DRIVERS\mrxdav.sys 5.1.2600.6007 (xpsp_sp3_gdr.100630-1644) Microsoft Corporation
MRxSmb Running/System system32\DRIVERS\mrxsmb.sys 5.1.2600.5944 (xpsp_sp3_qfe.100224-1424) Microsoft Corporation
Msfs Running/System C:\WINDOWS\system32\drivers\Msfs.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
MSKSSRV Stopped/Demand system32\drivers\MSKSSRV.sys 5.3.2600.5512 (xpsp.080413-2108) Microsoft Corporation
MSPCLOCK Stopped/Demand system32\drivers\MSPCLOCK.sys 5.3.2600.5512 (xpsp.080413-2108) Microsoft Corporation
MSPQM Stopped/Demand system32\drivers\MSPQM.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
mssmbios Running/Demand system32\DRIVERS\mssmbios.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Mup Running/Boot C:\WINDOWS\system32\drivers\Mup.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
NDIS Running/Boot C:\WINDOWS\system32\drivers\NDIS.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
NdisTapi Running/Demand system32\DRIVERS\ndistapi.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Ndisuio Running/Demand system32\DRIVERS\ndisuio.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
NdisWan Running/Demand system32\DRIVERS\ndiswan.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
NDProxy Running/Demand C:\WINDOWS\system32\drivers\NDProxy.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
NetBIOS Running/System system32\DRIVERS\netbios.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
NetBT Running/System system32\DRIVERS\netbt.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Npfs Running/System C:\WINDOWS\system32\drivers\Npfs.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Ntfs Running/Disabled C:\WINDOWS\system32\drivers\Ntfs.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Null Running/System C:\WINDOWS\system32\drivers\Null.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
nv Running/Demand system32\DRIVERS\nv4_mini.sys 6.14.11.7519 NVIDIA Corporation
nvsmu Running/Demand system32\DRIVERS\nvsmu.sys 5.10.2600.0145 built by: WinDDK NVIDIA Corporation
NwlnkFlt Stopped/Demand system32\DRIVERS\nwlnkflt.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
NwlnkFwd Stopped/Demand system32\DRIVERS\nwlnkfwd.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
Parport Running/Demand system32\DRIVERS\parport.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
PartMgr Running/Boot C:\WINDOWS\system32\drivers\PartMgr.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
ParVdm Stopped/Auto C:\WINDOWS\system32\drivers\ParVdm.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
PCI Running/Boot \SystemRoot\system32\DRIVERS\pci.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
PCIDump Stopped/System      
PCIIde Running/Boot \SystemRoot\system32\DRIVERS\pciide.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
Pcmcia Stopped/Disabled C:\WINDOWS\system32\drivers\Pcmcia.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
PDCOMP Stopped/Demand      
PDFRAME Stopped/Demand      
PDRELI Stopped/Demand      
PDRFRAME Stopped/Demand      
PptpMiniport Running/Demand system32\DRIVERS\raspptp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Processor Stopped/System system32\DRIVERS\processr.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
PSched Running/Demand system32\DRIVERS\psched.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Ptilink Running/Demand system32\DRIVERS\ptilink.sys 1.10 (XPClient.010817-1148) Parallel Technologies, Inc.
qutmdserv Running/System \??\C:\WINDOWS\system32\drivers\qutmdrv.sys 6.7.0.1004 360.cn
qutmipc Running/System \??\C:\WINDOWS\system32\drivers\qutmipc.sys 6.6.0.1006 360安全中心
RasAcd Running/System system32\DRIVERS\rasacd.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
Rasl2tp Running/Demand system32\DRIVERS\rasl2tp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
RasPppoe Running/Demand system32\DRIVERS\raspppoe.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
Raspti Running/Demand system32\DRIVERS\raspti.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
Rdbss Running/System system32\DRIVERS\rdbss.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RDPCDD Running/System System32\DRIVERS\RDPCDD.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
rdpdr Running/Demand system32\DRIVERS\rdpdr.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
RDPWD Stopped/Demand C:\WINDOWS\system32\drivers\RDPWD.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Reader_Device Running/Demand system32\DRIVERS\usbic2k.sys 2.4.3.403 OEM
redbook Running/System system32\DRIVERS\redbook.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
RFWARP Running/Auto system32\DRIVERS\rfwarp.sys 25.0.0.1 Beijing Rising Information Technology Co., Ltd.
RFWNDIS Running/Demand system32\DRIVERS\rfwndis.sys 25.0.0.4 Beijing Rising Information Technology Co., Ltd.
rfwtdi Running/Auto \??\C:\Program Files\Rising\RFW\rfwtdi.sys 25.0.0.6 Beijing Rising Information Technology Co., Ltd.
rsfwdrv Running/Auto \??\C:\Program Files\Rising\RFW\rsfwdrv.sys 25.0.0.14 Beijing Rising Information Technology Co., Ltd.
RTLE8023xp Running/Demand system32\DRIVERS\Rtenicxp.sys 5.708.1030.2008 built by: WinDDK Realtek Semiconductor Corporation
Secdrv Stopped/Demand system32\DRIVERS\secdrv.sys 4.03.086 Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Serenum Running/Demand system32\DRIVERS\serenum.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Serial Running/System system32\DRIVERS\serial.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Sfloppy Stopped/System C:\WINDOWS\system32\drivers\Sfloppy.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
SiFilter Stopped/Disabled \SystemRoot\system32\DRIVERS\SiWinAcc.sys 1.0.0.11 Silicon Image, Inc.
Simbad Stopped/Disabled      
SiRemFil Running/Boot \SystemRoot\system32\DRIVERS\SiRemFil.sys 1, 1, 7, 0 Silicon Image, Inc.
sisagp Running/Boot \SystemRoot\system32\DRIVERS\sisagp.sys 5.12.01.2010 (xpsp.080413-2111) Silicon Integrated Systems Corporation
SKNFW Running/System \??\C:\WINDOWS\system32\Drivers\SKNFW.sys    
skvkrpr Stopped/Demand \??\C:\WINDOWS\system32\Drivers\skvkrpr.sys 2010, 10, 20, 1 Kingsoft Corporation
SkyProcs Stopped/Demand \??\C:\Program Files\SkyNet\Firewall\SkyProcs.sys    
splitter Stopped/Demand system32\drivers\splitter.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
sr Stopped/Disabled \SystemRoot\system32\DRIVERS\sr.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Srv Running/Demand system32\DRIVERS\srv.sys 5.1.2600.6031 (xpsp_sp3_gdr.100826-1646) Microsoft Corporation
swenum Running/Demand system32\DRIVERS\swenum.sys 5.3.2600.5512 (xpsp.080413-2108) Microsoft Corporation
swmidi Stopped/Demand system32\drivers\swmidi.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
sysaudio Running/Demand system32\drivers\sysaudio.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Tcpip Running/System system32\DRIVERS\tcpip.sys 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Corporation
TDPIPE Stopped/Demand C:\WINDOWS\system32\drivers\TDPIPE.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
TDTCP Stopped/Demand C:\WINDOWS\system32\drivers\TDTCP.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
TermDD Running/System system32\DRIVERS\termdd.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Udfs Stopped/Disabled C:\WINDOWS\system32\drivers\Udfs.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
Update Running/Demand system32\DRIVERS\update.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
usbccgp Stopped/Demand system32\DRIVERS\usbccgp.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
usbehci Running/Demand system32\DRIVERS\usbehci.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
usbhub Running/Demand system32\DRIVERS\usbhub.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
usbohci Running/Demand system32\DRIVERS\usbohci.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
usbprint Stopped/Demand system32\DRIVERS\usbprint.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
usbscan Stopped/Demand system32\DRIVERS\usbscan.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
USBSTOR Stopped/Demand system32\DRIVERS\USBSTOR.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
VgaSave Running/System \SystemRoot\System32\drivers\vga.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
viaagp Running/Boot \SystemRoot\system32\DRIVERS\viaagp.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
VolSnap Running/Boot C:\WINDOWS\system32\drivers\VolSnap.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
Wanarp Running/Demand system32\DRIVERS\wanarp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
WDICA Stopped/Demand      
wdmaud Running/Demand system32\drivers\wdmaud.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
WmiAcpi Stopped/System system32\DRIVERS\wmiacpi.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation

内核驱动检测
加载顺序 驱动名 文件路径 版本 发行商
0 ntkrnlpa.exe C:\WINDOWS\system32\ntkrnlpa.exe 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636) Microsoft Corporation
1 hal.dll C:\WINDOWS\system32\hal.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
2 KDCOM.DLL C:\WINDOWS\system32\KDCOM.DLL 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
3 BOOTVID.dll C:\WINDOWS\system32\BOOTVID.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
4 ACPI.sys C:\WINDOWS\system32\drivers\ACPI.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
5 WMILIB.SYS C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
6 pci.sys C:\WINDOWS\system32\drivers\pci.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
7 isapnp.sys C:\WINDOWS\system32\drivers\isapnp.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
8 ACPIEC.sys C:\WINDOWS\system32\drivers\ACPIEC.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
9 OPRGHDLR.SYS C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
10 Hookport.sys C:\WINDOWS\system32\drivers\Hookport.sys 1, 0, 0, 1017 360安全中心
11 pciide.sys C:\WINDOWS\system32\drivers\pciide.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
12 PCIIDEX.SYS C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
13 MountMgr.sys C:\WINDOWS\system32\drivers\MountMgr.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
14 ftdisk.sys C:\WINDOWS\system32\drivers\ftdisk.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
15 dmload.sys C:\WINDOWS\system32\drivers\dmload.sys 2600.0.503.0 Microsoft Corp., Veritas Software.
16 dmio.sys C:\WINDOWS\system32\drivers\dmio.sys 2600.5512.503.0 Microsoft Corp., Veritas Software
17 PartMgr.sys C:\WINDOWS\system32\drivers\PartMgr.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
18 VolSnap.sys C:\WINDOWS\system32\drivers\VolSnap.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
19 atapi.sys C:\WINDOWS\system32\drivers\atapi.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
20 disk.sys C:\WINDOWS\system32\drivers\disk.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
21 CLASSPNP.SYS C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
22 fltMgr.sys C:\WINDOWS\system32\drivers\fltMgr.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
23 Fastfat.sys C:\WINDOWS\system32\drivers\Fastfat.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
24 KSecDD.sys C:\WINDOWS\system32\drivers\KSecDD.sys 5.1.2600.5834 (xpsp_sp3_qfe.090624-1332) Microsoft Corporation
25 NDIS.sys C:\WINDOWS\system32\drivers\NDIS.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
26 viaagp.sys C:\WINDOWS\system32\drivers\viaagp.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
27 sisagp.sys C:\WINDOWS\system32\drivers\sisagp.sys 5.12.01.2010 (xpsp.080413-2111) Silicon Integrated Systems Corporation
28 SiRemFil.sys C:\WINDOWS\system32\drivers\SiRemFil.sys 1, 1, 7, 0 Silicon Image, Inc.
29 Mup.sys C:\WINDOWS\system32\drivers\Mup.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
30 amdagp.sys C:\WINDOWS\system32\drivers\amdagp.sys 5.00 (xpsp.080413-2111) Advanced Micro Devices, Inc.
31 alim1541.sys C:\WINDOWS\system32\drivers\alim1541.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
32 agpCPQ.sys C:\WINDOWS\system32\drivers\agpCPQ.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
33 AmdPPM.sys C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 1.0.0 built by: WinDDK Advanced Micro Devices
34 serial.sys C:\WINDOWS\system32\DRIVERS\serial.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
35 serenum.sys C:\WINDOWS\system32\DRIVERS\serenum.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
36 i8042prt.sys C:\WINDOWS\system32\DRIVERS\i8042prt.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
37 kbdclass.sys C:\WINDOWS\system32\DRIVERS\kbdclass.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
38 nvsmu.sys C:\WINDOWS\system32\DRIVERS\nvsmu.sys 5.10.2600.0145 built by: WinDDK NVIDIA Corporation
39 usbohci.sys C:\WINDOWS\system32\DRIVERS\usbohci.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
40 USBPORT.SYS C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
41 usbehci.sys C:\WINDOWS\system32\DRIVERS\usbehci.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
42 mf.sys C:\WINDOWS\system32\DRIVERS\mf.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
43 HDAudBus.sys C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 5.10.01.5013 built by: WinDDK Windows (R) Server 2003 DDK provider
44 cdrom.sys C:\WINDOWS\system32\DRIVERS\cdrom.sys 5.1.2600.5593 (xpsp_sp3_qfe.080502-1245) Microsoft Corporation
45 redbook.sys C:\WINDOWS\system32\DRIVERS\redbook.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
46 ks.sys C:\WINDOWS\system32\DRIVERS\ks.sys 5.3.2600.5512 (xpsp.080413-2108) Microsoft Corporation
47 Rtenicxp.sys C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 5.708.1030.2008 built by: WinDDK Realtek Semiconductor Corporation
48 nv4_mini.sys C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6.14.11.7519 NVIDIA Corporation
49 VIDEOPRT.SYS C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
50 fsvga.sys C:\WINDOWS\system32\DRIVERS\fsvga.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
51 audstub.sys C:\WINDOWS\system32\DRIVERS\audstub.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
52 rasl2tp.sys C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
53 ndistapi.sys C:\WINDOWS\system32\DRIVERS\ndistapi.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
54 ndiswan.sys C:\WINDOWS\system32\DRIVERS\ndiswan.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
55 raspppoe.sys C:\WINDOWS\system32\DRIVERS\raspppoe.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
56 raspptp.sys C:\WINDOWS\system32\DRIVERS\raspptp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
57 TDI.SYS C:\WINDOWS\system32\DRIVERS\TDI.SYS 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
58 psched.sys C:\WINDOWS\system32\DRIVERS\psched.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
59 msgpc.sys C:\WINDOWS\system32\DRIVERS\msgpc.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
60 ptilink.sys C:\WINDOWS\system32\DRIVERS\ptilink.sys 1.10 (XPClient.010817-1148) Parallel Technologies, Inc.
61 raspti.sys C:\WINDOWS\system32\DRIVERS\raspti.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
62 rdpdr.sys C:\WINDOWS\system32\DRIVERS\rdpdr.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
63 termdd.sys C:\WINDOWS\system32\DRIVERS\termdd.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
64 mouclass.sys C:\WINDOWS\system32\DRIVERS\mouclass.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
65 rfwndis.sys C:\WINDOWS\system32\DRIVERS\rfwndis.sys 25.0.0.4 Beijing Rising Information Technology Co., Ltd.
66 Chip_smc.sys C:\WINDOWS\system32\DRIVERS\Chip_smc.sys 2.4.3.1110 OEM
67 SMCLIB.SYS C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
68 ic2kenum.sys C:\WINDOWS\system32\DRIVERS\ic2kenum.sys 2.4.3.403 OEM Corporation
69 swenum.sys C:\WINDOWS\system32\DRIVERS\swenum.sys 5.3.2600.5512 (xpsp.080413-2108) Microsoft Corporation
70 update.sys C:\WINDOWS\system32\DRIVERS\update.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
71 mssmbios.sys C:\WINDOWS\system32\DRIVERS\mssmbios.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
72 AmdLLD.sys C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 1.0.1.0 AMD, Inc.
73 NDProxy.SYS C:\WINDOWS\System32\Drivers\NDProxy.SYS 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
74 usbic2k.sys C:\WINDOWS\system32\DRIVERS\usbic2k.sys 2.4.3.403 OEM
75 usbhub.sys C:\WINDOWS\system32\DRIVERS\usbhub.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
76 USBD.SYS C:\WINDOWS\system32\DRIVERS\USBD.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
77 parport.sys C:\WINDOWS\system32\DRIVERS\parport.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
78 RtkHDAud.sys C:\WINDOWS\system32\drivers\RtkHDAud.sys 5.10.0.5506 built by: WinDDK Realtek Semiconductor Corp.
79 portcls.sys C:\WINDOWS\system32\drivers\portcls.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
80 drmk.sys C:\WINDOWS\system32\drivers\drmk.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
81 i2omgmt.SYS C:\WINDOWS\System32\Drivers\i2omgmt.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
82 Fs_Rec.SYS C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 5.1.2600.5686 (xpsp_sp3_gdr.080929-1314) Microsoft Corporation
83 Null.SYS C:\WINDOWS\System32\Drivers\Null.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
84 Beep.SYS C:\WINDOWS\System32\Drivers\Beep.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
85 360SelfProtection.sys C:\WINDOWS\system32\drivers\360SelfProtection.sys 1, 0, 0, 1050 360安全中心
86 vga.sys C:\WINDOWS\System32\drivers\vga.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
87 mnmdd.SYS C:\WINDOWS\System32\Drivers\mnmdd.SYS 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
88 RDPCDD.sys C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
89 Msfs.SYS C:\WINDOWS\System32\Drivers\Msfs.SYS 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
90 Npfs.SYS C:\WINDOWS\System32\Drivers\Npfs.SYS 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
91 rasacd.sys C:\WINDOWS\system32\DRIVERS\rasacd.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
92 ipsec.sys C:\WINDOWS\system32\DRIVERS\ipsec.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
93 360netmon.sys C:\WINDOWS\system32\drivers\360netmon.sys 2.1.6.1019 360.cn
94 tcpip.sys C:\WINDOWS\system32\DRIVERS\tcpip.sys 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Corporation
95 SKNFW.sys C:\WINDOWS\system32\Drivers\SKNFW.sys    
96 netbt.sys C:\WINDOWS\system32\DRIVERS\netbt.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
97 wanarp.sys C:\WINDOWS\system32\DRIVERS\wanarp.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
98 afd.sys C:\WINDOWS\System32\drivers\afd.sys 5.1.2600.5695 (xpsp_sp3_qfe.081016-1735) Microsoft Corporation
99 netbios.sys C:\WINDOWS\system32\DRIVERS\netbios.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
100 rdbss.sys C:\WINDOWS\system32\DRIVERS\rdbss.sys 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
101 qutmipc.sys C:\WINDOWS\system32\drivers\qutmipc.sys 6.6.0.1006 360安全中心
102 qutmdrv.sys C:\WINDOWS\system32\drivers\qutmdrv.sys 6.7.0.1004 360.cn
103 mrxsmb.sys C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 5.1.2600.5944 (xpsp_sp3_qfe.100224-1424) Microsoft Corporation
104 hvm.sys C:\WINDOWS\system32\drivers\hvm.sys 23, 0, 0, 4 Beijing Rising Information Technology Co., Ltd.
105 HookTdi.sys C:\WINDOWS\system32\drivers\HookTdi.sys 25.0.0.14 Beijing Rising Information Technology Co., Ltd.
106 HOOKHELP.sys C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
107 Hooksys.sys C:\WINDOWS\system32\drivers\Hooksys.sys 25, 0, 0, 30 Beijing Rising Information Technology Co., Ltd.
108 Fips.SYS C:\WINDOWS\System32\Drivers\Fips.SYS 5.1.2600.5512 (xpsp.080413-2113) Microsoft Corporation
109 Efimon.sys C:\WINDOWS\System32\Drivers\Efimon.sys 1, 0, 0, 1007 奇虎网
110 BAPIDRV.SYS C:\WINDOWS\system32\drivers\BAPIDRV.SYS 1.0.0.1018 360.cn
111 Ntfs.SYS C:\WINDOWS\System32\Drivers\Ntfs.SYS 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
112 hidusb.sys C:\WINDOWS\system32\DRIVERS\hidusb.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
113 HIDCLASS.SYS C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
114 HIDPARSE.SYS C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
115 mouhid.sys C:\WINDOWS\system32\DRIVERS\mouhid.sys 5.1.2600.0 (XPClient.010817-1148) Microsoft Corporation
116 Cdfs.SYS C:\WINDOWS\System32\Drivers\Cdfs.SYS 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
117 win32k.sys C:\WINDOWS\System32\win32k.sys 5.1.2600.6033 (xpsp_sp3_gdr.100831-1644) Microsoft Corporation
118 Dxapi.sys C:\WINDOWS\System32\drivers\Dxapi.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
119 watchdog.sys C:\WINDOWS\System32\watchdog.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
120 dxg.sys C:\WINDOWS\System32\drivers\dxg.sys 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
121 dxgthk.sys C:\WINDOWS\System32\drivers\dxgthk.sys 5.1.2600.0 (xpclient.010817-1148) Microsoft Corporation
122 nv4_disp.dll C:\WINDOWS\System32\nv4_disp.dll 6.14.11.7519 NVIDIA Corporation
123 ndisuio.sys C:\WINDOWS\system32\DRIVERS\ndisuio.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
124 rfwarp.sys C:\WINDOWS\system32\DRIVERS\rfwarp.sys 25.0.0.1 Beijing Rising Information Technology Co., Ltd.
125 wdmaud.sys C:\WINDOWS\system32\drivers\wdmaud.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
126 sysaudio.sys C:\WINDOWS\system32\drivers\sysaudio.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
127 srv.sys C:\WINDOWS\system32\DRIVERS\srv.sys 5.1.2600.6031 (xpsp_sp3_gdr.100826-1646) Microsoft Corporation
128 rfwtdi.sys C:\Program Files\Rising\RFW\rfwtdi.sys 25.0.0.6 Beijing Rising Information Technology Co., Ltd.
129 rsfwdrv.sys C:\Program Files\Rising\RFW\rsfwdrv.sys 25.0.0.14 Beijing Rising Information Technology Co., Ltd.
130 HTTP.sys C:\WINDOWS\System32\Drivers\HTTP.sys 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
131 kmixer.sys C:\WINDOWS\system32\drivers\kmixer.sys 5.1.2600.5512 (xpsp.080413-2108) Microsoft Corporation
132 SDDrv.sys C:\Documents and Settings\shan\桌面\SystemDetector\SDDrv.sys    
133 ntdll.dll C:\WINDOWS\System32\ntdll.dll 5.1.2600.6007 (xpsp_sp3_gdr.100630-1644) Microsoft Corporation
134 NTKRNLPA.EXE C:\WINDOWS\SYSTEM32\NTKRNLPA.EXE 5.1.2600.5973 (xpsp_sp3_gdr.100427-1636) Microsoft Corporation

连接状态检测[TCP]
进程ID 本机地址 远程地址 文件路径 版本 发行商
1300 0.0.0.0:135 0.0.0.0:45145 C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
4 0.0.0.0:445 0.0.0.0:36982 system    
1452 0.0.0.0:1028 0.0.0.0:38942 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
4076 0.0.0.0:1433 0.0.0.0:30951 D:\MSSQL\Binn\sqlservr.exe 2000.080.0760.00 Microsoft Corporation
2960 0.0.0.0:2638 0.0.0.0:39006 D:\海德商业管理系统普及版\DBENG8.EXE 8.0.1.2600 iAnywhere Solutions, Inc.
1436 0.0.0.0:6059 0.0.0.0:28916 C:\Program Files\Rising\Rav\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
716 0.0.0.0:6160 0.0.0.0:28707 C:\WINDOWS\System32\SPOOLSV.EXE 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626) Microsoft Corporation
1452 127.0.0.1:1028 127.0.0.1:1718 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 127.0.0.1:1028 127.0.0.1:1720 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
0 127.0.0.1:1028 127.0.0.1:1722 [System Process]    
0 127.0.0.1:1028 127.0.0.1:1724 [System Process]    
1452 127.0.0.1:1028 127.0.0.1:1726 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 127.0.0.1:1028 127.0.0.1:1728 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 127.0.0.1:1028 127.0.0.1:1729 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 127.0.0.1:1028 127.0.0.1:1732 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
0 127.0.0.1:1028 127.0.0.1:1734 [System Process]    
0 127.0.0.1:1716 127.0.0.1:1028 [System Process]    
4112 127.0.0.1:1718 127.0.0.1:1028 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 127.0.0.1:1720 127.0.0.1:1028 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4768 127.0.0.1:1726 127.0.0.1:1028 C:\Documents and Settings\SHAN\桌面\SystemDetector\SystemDetector.exe 1.2 WALKER05
4112 127.0.0.1:1728 127.0.0.1:1028 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 127.0.0.1:1729 127.0.0.1:1028 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 127.0.0.1:1732 127.0.0.1:1028 C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
420 127.0.0.1:4463 127.0.0.1:1028 C:\Program Files\KSafe\KSafeTray.exe 2.0.2.1213 Kingsoft Corporation.
4 169.254.26.228:139 0.0.0.0:2218 system    
1452 222.84.105.202:1497 113.108.86.51:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
0 222.84.105.202:1717 121.14.11.70:80 [System Process]    
1452 222.84.105.202:1719 203.208.37.22:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 222.84.105.202:1721 219.159.91.57:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 222.84.105.202:1727 96.17.155.90:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 222.84.105.202:1730 219.238.235.114:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 222.84.105.202:1731 219.238.235.114:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
1452 222.84.105.202:1733 219.159.91.57:80 C:\Program Files\Rising\RFW\RavMonD.exe 23, 0, 0, 12 Beijing Rising Information Technology Co., Ltd.
连接状态检测[UDP]
4 0.0.0.0:445   system    
248 0.0.0.0:1036   C:\Program Files\360\360SAFE\SAFEMON\360TRAY.EXE 7, 3, 1, 1012 360.cn
2004 0.0.0.0:1157   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1158   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1159   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1160   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1161   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1162   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1163   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1170   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1171   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:1194   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
4076 0.0.0.0:1434   D:\MSSQL\Binn\sqlservr.exe 2000.080.0760.00 Microsoft Corporation
3020 0.0.0.0:2760   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2761   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2762   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2763   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2764   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2765   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2766   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2769   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:2772   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
248 0.0.0.0:3600   C:\Program Files\360\360SAFE\SAFEMON\360TRAY.EXE 7, 3, 1, 1012 360.cn
2004 0.0.0.0:4000   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2004 0.0.0.0:4001   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:4002   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
3020 0.0.0.0:4003   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
2216 0.0.0.0:4514   C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 0.0.0.0:4999   C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
2004 0.0.0.0:9000   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
1536 127.0.0.1:123   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
248 127.0.0.1:1025   C:\Program Files\360\360SAFE\SAFEMON\360TRAY.EXE 7, 3, 1, 1012 360.cn
336 127.0.0.1:1027   C:\Program Files\Rising\RFW\RsTray.exe 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
2004 127.0.0.1:1165   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
1804 127.0.0.1:1900   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
2960 127.0.0.1:2638   D:\海德商业管理系统普及版\DBENG8.EXE 8.0.1.2600 iAnywhere Solutions, Inc.
2960 127.0.0.1:2638   D:\海德商业管理系统普及版\DBENG8.EXE 8.0.1.2600 iAnywhere Solutions, Inc.
3020 127.0.0.1:2759   D:\Program Files\QQ2009\Bin\QQ.exe 1, 25, 660, 0 Tencent
268 127.0.0.1:4382   C:\Program Files\Rising\Rav\RsTray.exe 23.0.0.8 Beijing Rising Information Technology Co., Ltd.
2216 127.0.0.1:4515   C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
4112 127.0.0.1:5000   C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.00.2900.5512 (xpsp.080413-2105) Microsoft Corporation
1536 169.254.26.228:123   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
4 169.254.26.228:137   system    
4 169.254.26.228:138   system    
1804 169.254.26.228:1900   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
1536 222.84.105.202:123   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation
1804 222.84.105.202:1900   C:\WINDOWS\System32\SVCHOST.EXE 5.1.2600.5512 (xpsp.080413-2111) Microsoft Corporation

常见问题检测
项目 当前状态
注册表编辑器被禁用 OK
IE浏览器标题被修改 OK
IE浏览器首页被锁定 OK
任务栏属性被禁用 OK
任务栏右键菜单被禁用 OK
开始菜单运行被禁用 OK
开始菜单关闭按钮消失 OK
开始菜单注销按钮消失 OK
任务管理器被禁用 OK
MS-DOS方式被禁用 OK
文件夹选项被禁用 OK
文件夹选项显示隐藏文件被禁用 OK
逻辑分区被隐藏 OK
桌面被锁定 OK

文件关联检测
项目 当前状态
.EXE类型文件关联 OK
.COM类型文件关联 OK
.BAT类型文件关联 OK
.CMD类型文件关联 OK
.LNK类型文件关联 OK
.REG类型文件关联 OK
.CHM类型文件关联 OK
.HLP类型文件关联 OK
.CPL类型文件关联 OK
.TXT类型文件关联 OK
.PIF类型文件关联 OK
.SCR类型文件关联 OK
.INI类型文件关联 OK
.INF类型文件关联 OK
.VBS类型文件关联 OK
.JS 类型文件关联 OK

IFEO映像劫持检测
LayoutText ImeFile
N/A

IME输入法劫持检测
被劫持项 劫持者路径 版本 发行商
中文 (繁体) - 注音 C:\WINDOWS\system32\phon.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
日语输入系统 (MS-IME2002) C:\WINDOWS\system32\imjp81.ime 8.1.4206.0 Microsoft Corporation
朝鲜语输入系统 (IME 2000) C:\WINDOWS\system32\imekr61.ime 6.1.2600.3 Microsoft Corporation
中文 (简体) - 全拼 C:\WINDOWS\system32\winpy.ime 5.1.2600.5512 Microsoft Corporation
中文 (繁体) - 仓颉 C:\WINDOWS\system32\chajei.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (简体) - 双拼 C:\WINDOWS\system32\winsp.ime 5.1.2600.5512 Microsoft Corporation
中文 (繁体) - 速成 C:\WINDOWS\system32\quick.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (简体) - 郑码 C:\WINDOWS\system32\winzm.ime 5.1.2600.5512 Microsoft Corporation
中文 (繁体) - Big5 码 C:\WINDOWS\system32\winime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (简体) - 智能 ABC C:\WINDOWS\system32\winabc.ime 5.1.2600.5512 Microsoft Corporation
中文 (繁体) - 行列 C:\WINDOWS\system32\winar30.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (简体) - 内码 C:\WINDOWS\system32\wingb.ime 5.1.2600.5512 Microsoft Corporation
中文 (繁体) - 大易 C:\WINDOWS\system32\dayi.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (繁体) - Unicode C:\WINDOWS\system32\unicdime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文 (繁体) - 新注音 C:\WINDOWS\system32\TINTLGNT.IME 5.2.4615 Microsoft Corporation
Chinese (Traditional) - New ChangJie C:\WINDOWS\system32\CINTLGNT.IME 4.4.2714 Microsoft Corporation
中文 (简体) - 微软拼音输入法 3.0 版 C:\WINDOWS\system32\pintlgnt.ime 5.3.0.4427 Microsoft Corporation
中文 (繁体) - 英数 C:\WINDOWS\system32\romanime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Corporation
中文(简体) - 极品五笔 2009 C:\WINDOWS\system32\JPWB.IME 4.00.950 日月科技

Sock提供者检测
协议类型 CLSID 路径 版本 发行商
MSAFD Tcpip [TCP/IP] {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD Tcpip [UDP/IP] {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD Tcpip [RAW/IP] {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
RSVP UDP Service Provider {9D60A9E0-337A-11D0-BD88-0000C082E69A} C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
RSVP TCP Service Provider {9D60A9E0-337A-11D0-BD88-0000C082E69A} C:\WINDOWS\system32\rsvpsp.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC63A3FE-601B-456A-BCA8-EE0FFC6A1627}] SEQPACKET 0 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EC63A3FE-601B-456A-BCA8-EE0FFC6A1627}] DATAGRAM 0 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{532A58EB-524D-4DA7-9E59-6C84917CFD51}] SEQPACKET 1 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{532A58EB-524D-4DA7-9E59-6C84917CFD51}] DATAGRAM 1 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EB931CC-CCC8-4756-8DD9-FAD0959B804B}] SEQPACKET 2 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2EB931CC-CCC8-4756-8DD9-FAD0959B804B}] DATAGRAM 2 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E533F1A-116A-468B-AEB5-BA986996CBCA}] SEQPACKET 3 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E533F1A-116A-468B-AEB5-BA986996CBCA}] DATAGRAM 3 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7117B932-7CC4-40EA-A7C8-49906A62A743}] SEQPACKET 4 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation
MSAFD NetBIOS [\Device\NetBT_Tcpip_{7117B932-7CC4-40EA-A7C8-49906A62A743}] DATAGRAM 4 {8D5F1830-C273-11CF-95C8-00805F48A192} C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_qfe.080620-1309) Microsoft Corporation

IE插件[BHO]
项目名 CLSID 路径 版本 发行商
ThunderAtOnce Class {01443AEC-0FD1-40fd-9C87-E93D1494C233} C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll 1.0.5.34 Thunder Networking Technologies,LTD
Thunder Browser Helper {889D2FEB-5411-4565-8998-1DD2C5261283} C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll 5, 0, 8, 120 Thunder Networking Technologies,LTD
卡卡上网安全助手 {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} C:\WINDOWS\system32\UrlFilter.dll 6, 0, 0, 28 Beijing Rising Information Technology Co., Ltd.
IE插件[ToolBar扩展]
启动迅雷5 {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} C:\Program Files\Thunder Network\Thunder\Thunder.exe 5,8,13,699 ShenZhen Thunder Networking Technologies,LTD
IE插件[ActiveX]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}      
Windows Media Player {6BF52A52-394A-11D3-B153-00C04F79FAA6} C:\WINDOWS\system32\wmp.dll 10.00.00.4081 Microsoft Corporation
Microsoft Web 浏览器 {8856F961-340A-11D0-A96B-00C04FD705A2} C:\WINDOWS\system32\shdocvw.dll 6.00.2900.6036 (xpsp_sp3_gdr.100908-2023) Microsoft Corporation
SearchAssistantOC {B45FF030-4447-11D2-85DE-00C04FA35C89} C:\WINDOWS\system32\shdocvw.dll 6.00.2900.6036 (xpsp_sp3_gdr.100908-2023) Microsoft Corporation
Shockwave Flash Object {D27CDB6E-AE6D-11CF-96B8-444553540000} C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx 10,1,102,64 Adobe Systems, Inc.
  {FB5F1910-F110-11D2-BB9E-00C04F795683}      

用户态API HOOK检测[IAT HOOK]
[PID]/进程名 API NAME 原始地址 当前地址 HOOK路径 版本 发行商
N/A

用户态API HOOK检测[CODE HOOK]
[PID]/进程名 API NAME 原始地址 当前地址 HOOK路径 版本 发行商
[2216]IEXPLORE.EXE KiUserApcDispatcher 0x7C92E450 0x015B9110 C:\Program Files\KSafe\kswbc.dll 2010.11.15.1209 Kingsoft Corporation.
[2216]IEXPLORE.EXE KiUserCallbackDispatcher 0x7C92E460 0x015B9120 C:\Program Files\KSafe\kswbc.dll 2010.11.15.1209 Kingsoft Corporation.
[2216]IEXPLORE.EXE NtCreateProcess 0x7C92D14E 0x00E8A9C0 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[2216]IEXPLORE.EXE NtCreateProcessEx 0x7C92D15E 0x00E8A930 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[2216]IEXPLORE.EXE ZwCreateProcess 0x7C92D14E 0x00E8A9C0 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[2216]IEXPLORE.EXE ZwCreateProcessEx 0x7C92D15E 0x00E8A930 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[4112]IEXPLORE.EXE KiUserApcDispatcher 0x7C92E450 0x015B9110 C:\Program Files\KSafe\kswbc.dll 2010.11.15.1209 Kingsoft Corporation.
[4112]IEXPLORE.EXE KiUserCallbackDispatcher 0x7C92E460 0x015B9120 C:\Program Files\KSafe\kswbc.dll 2010.11.15.1209 Kingsoft Corporation.
[4112]IEXPLORE.EXE NtCreateProcess 0x7C92D14E 0x00E8A9C0 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[4112]IEXPLORE.EXE NtCreateProcessEx 0x7C92D15E 0x00E8A930 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[4112]IEXPLORE.EXE ZwCreateProcess 0x7C92D14E 0x00E8A9C0 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation
[4112]IEXPLORE.EXE ZwCreateProcessEx 0x7C92D15E 0x00E8A930 C:\Program Files\KSafe\kswebshield.dll 2010.11.20.1037 Kingsoft Corporation

内核态NATIVE API HOOK检测
API NAME 原始地址 当前地址 HOOK路径 版本 发行商
N/A

SSDT TABLE HOOK检测
API NAME 原始地址 当前地址 HOOK路径 版本 发行商
NtAssignProcessToJobObject 0x805D75E2  0xBA414831  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtConnectPort 0x805A5596  0xBA341E0C  C:\Program Files\Rising\RFW\rfwtdi.sys 25.0.0.6 Beijing Rising Information Technology Co., Ltd.
NtCreateKey 0x806247C8  0xBA4149DE  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateMutant 0x80617D76  0xBA4148B5  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateProcess 0x805D21EA  0xBA41499C  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateProcessEx 0x805D2134  0xBA41497B  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateSection 0x805AC38E  0xBA414D38  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateSymbolicLinkObject 0x805C49A6  0xBA4149BD  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtCreateThread 0x805D1FD2  0xBA414663  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtDebugActiveProcess 0x8064420E  0xBA4147AD  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtDeleteKey 0x80624C64  0xBA414A41  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtDeleteValueKey 0x80624E34  0xBA414A20  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtDeviceIoControlFile 0x8057A24A  0xBA414852  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtDuplicateObject 0x805BEFB4  0xBA41495A  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtLoadDriver 0x8058513A  0xBA414621  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtLockVirtualMemory 0x805B78FE  0xBA41476B  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtOpenKey 0x80625BA6  0xBA414AC5  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtOpenProcess 0x805CC3FA  0xBA4148F7  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtOpenSection 0x805AB3B2  0xBA414684  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtProtectVirtualMemory 0x805B93CA  0xBA41474A  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtQueryDirectoryFile 0x8057AE64  0xBA414894  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtQuerySystemInformation 0x806120BE  0xBA414939  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtQueryValueKey 0x806229EC  0xBA414810  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtQueueApcThread 0x805D2230  0xBA414729  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtRenameKey 0x806241EA  0xBA414A62  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtRequestWaitReplyPort 0x805A3D3C  0xBA4147EF  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtRestoreKey 0x806261A8  0xBA414AA4  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetContextThread 0x805D26F4  0xBA4146E7  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetInformationProcess 0x805CEE44  0xBA414918  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetSecurityObject 0x805C15DA  0xBA414A83  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetSystemInformation 0x806103EC  0xBA41478C  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetSystemTime 0x80614B86  0xBA414873  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSetValueKey 0x80622D3A  0xBA4149FF  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSuspendProcess 0x805D5A22  0xBA414708  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSuspendThread 0x805D5894  0xBA4146C6  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtSystemDebugControl 0x80618792  0xBA4147CE  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtTerminateProcess 0x805D3982  0xBA414600  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtTerminateThread 0x805D3B7C  0xBA4146A5  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtUnmapViewOfSection 0x805B3DF4  0xBA4148D6  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtWriteVirtualMemory 0x805B5378  0xBA414642  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.

SSDT CODE HOOK检测
API NAME 原始地址 当前地址 HOOK路径 版本 发行商
N/A

SHADOW SSDT TABLE HOOK检测
API NAME 原始地址 当前地址 HOOK路径 版本 发行商
NtUserFindWindowEx 0xBF8B74D2  0xBA414F27  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtUserSetWindowsHookEx 0xBF8A0DA0  0xBA414F06  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.
NtUserWindowFromPoint 0xBF81CCA1  0xBA414F48  C:\WINDOWS\system32\drivers\HOOKHELP.sys 25, 0, 0, 6 Beijing Rising Information Technology Co., Ltd.

SHADOW SSDT CODE HOOK检测
API NAME 原始地址 当前地址 HOOK路径 版本 发行商
N/A

AutoRun.inf检测
路径 内容
N/A

host文件检测
文件内容
127.0.0.1       localhost