瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 请高手看看我的扫描报告,谢谢!!!!!!!!!!!!

1   1  /  1  页   跳转

请高手看看我的扫描报告,谢谢!!!!!!!!!!!!

收藏
大侠7
头像
快乐黄口狮
  • 帖子:122
  • 注册: 2003-11-20
  • 来自:
发表于: 2007-07-04 12:33 | 只看楼主 短消息 资料
字号: 1楼

请高手看看我的扫描报告,谢谢!!!!!!!!!!!!

2007-07-04,12:19:39

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Vista Ultimate Edition  (Build 6000) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <WindowsWelcomeCenter><rundll32.exe oobefldr.dll,ShowWelcomeCenter>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Windows Defender><%ProgramFiles%\Windows Defender\MSASCui.exe -hide>  [(Verified)Microsoft Windows]
    <RavTask><"H:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><H:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><H:\Windows\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <E:\软件\安全\AVG Anti-Spyware\guard.exe><GRISOFT s.r.o.>
[Rising Confing Manager / cfgload][Running/Auto Start]
  <H:\program files\rising\rav\cfgload.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"H:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"H:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Vista Interface / RsVInterface][Running/Auto Start]
  <H:\Program Files\Common Files\Rising\vsapisrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Vista Scanner / RsVScanner][Running/Auto Start]
  <H:\program files\rising\rav\scannerd.exe><Beijing Rising Technology Co., Ltd.>
[Rising Vista Update / RsVUpdate][Running/Auto Start]
  <H:\Program Files\Common Files\Rising\rsupd.exe><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdide / amdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\amdide.sys><Microsoft Corporation>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\E:\软件\安全\AVG Anti-Spyware\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G60I32.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HookReg / HookReg][Running/Auto Start]
  <\??\H:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\H:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\drivers\idebusdr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\drivers\idechndr.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ntrigdigi.sys><N-trig Innovative Technologies>
[nvlddmkm / nvlddmkm][Running/Manual Start]
  <system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[Royalty OEM BIOS Extension / OemBiosDevice][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\royal.sys><PARADOX>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100 NIC Family NDIS x86 Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[USB Mass Storage Driver / USBSTOR][Stopped/Disabled]
  <\SystemRoot\system32\drivers\usbstor.sys><N/A>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
最后编辑2007-07-04 12:54:53
分享到:
gototop
 
大侠7
头像
快乐黄口狮
  • 帖子:122
  • 注册: 2003-11-20
  • 来自:
发表于: 2007-07-04 12:34 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\工具\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <H:\Windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\工具\Thunder Network\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <%CommonProgramFiles%\System\msadc\msadco.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <H:\Windows\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
  <D:\工具\Thunder Network\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\工具\Thunder Network\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 352 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 436 / SYSTEM][H:\Windows\system32\csrss.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 484 / SYSTEM][H:\Windows\system32\csrss.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 492 / SYSTEM][H:\Windows\system32\wininit.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 536 / SYSTEM][H:\Windows\system32\services.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 548 / SYSTEM][H:\Windows\system32\lsass.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 556 / SYSTEM][H:\Windows\system32\lsm.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 604 / SYSTEM][H:\Windows\system32\winlogon.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 756 / SYSTEM][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 812 / NETWORK SERVICE][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 864 / SYSTEM][H:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 960 / SYSTEM][H:\Windows\System32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 996 / LOCAL SERVICE][H:\Windows\System32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1020 / SYSTEM][H:\Windows\System32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1036 / SYSTEM][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1140 / NETWORK SERVICE][H:\Windows\system32\SLsvc.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1260 / SYSTEM][H:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 54]
    [H:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
    [H:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [H:\PROGRAM FILES\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 6, 0, 0, 0]
    [H:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
    [H:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
    [H:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [H:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [H:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 6]
    [H:\PROGRAM FILES\RISING\RAV\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [H:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [H:\PROGRAM FILES\RISING\RAV\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [H:\PROGRAM FILES\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [H:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [H:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 1]
    [H:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [H:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [H:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [H:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [H:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [H:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 64]
    [H:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [H:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [H:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [H:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [H:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [H:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 17]
    [H:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
    [H:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [H:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [H:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [H:\Program Files\Rising\Rav\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [H:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1344 / LOCAL SERVICE][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1496 / SYSTEM][H:\program files\rising\rav\cfgload.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
    [H:\program files\rising\rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
    [H:\program files\rising\rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
[PID: 1516 / NETWORK SERVICE][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1532 / LOCAL SERVICE][H:\Windows\system32\svchost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1600 / SYSTEM][H:\Program Files\Common Files\Rising\vsapisrv.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 13]
[PID: 1620 / SYSTEM][H:\program files\rising\rav\scannerd.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 9]
[PID: 1640 / SYSTEM][H:\Program Files\Common Files\Rising\rsupd.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
[PID: 1688 / SYSTEM][H:\Windows\system32\SearchIndexer.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1948 / Administrator][H:\Windows\system32\Dwm.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2020 / Administrator][H:\Windows\Explorer.EXE]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [H:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [H:\Windows\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 9]
    [H:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 360 / SYSTEM][H:\Windows\system32\taskeng.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 416 / Administrator][H:\Windows\system32\taskeng.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 752 / Administrator][H:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
gototop
 
大侠7
头像
快乐黄口狮
  • 帖子:122
  • 注册: 2003-11-20
  • 来自:
发表于: 2007-07-04 12:35 | 只看楼主 短消息 资料
字号: 3楼

[H:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [H:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
    [H:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
    [H:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 780 / Administrator][H:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 60]
    [H:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 34]
    [H:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 0]
    [H:\Program Files\Rising\Rav\jmpapi.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 11]
    [H:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 1]
    [H:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 3]
    [H:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [H:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [H:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 2]
    [H:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 19, 2, 0, 5]
[PID: 2216 / Administrator][H:\Program Files\Windows Media Player\wmpnscfg.exe]  [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)]
[PID: 2412 / Administrator][H:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
    [D:\工具\Thunder Network\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [D:\工具\Thunder Network\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [D:\工具\Thunder Network\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [D:\工具\Thunder Network\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [H:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [H:\Windows\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [H:\Windows\system32\nvd3dum.dll]  [NVidia Corporation, 7.15.10.9686]
[PID: 3104 / SYSTEM][H:\Windows\system32\SearchProtocolHost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3016 / SYSTEM][H:\Windows\servicing\TrustedInstaller.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1848 / NETWORK SERVICE][H:\Windows\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2964 / Administrator][E:\软件\安全\AVG Anti-Spyware\avgas.exe]  [GRISOFT s.r.o., 7, 5, 1, 43]
    [E:\软件\安全\AVG Anti-Spyware\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[PID: 1912 / Administrator][E:\软件\扫描\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\软件\扫描\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
Rising Net Filter over [MSAFD Tcpip [TCP/IP]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [UDP/IP]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [RAW/IP]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [TCP/IPv6]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [UDP/IPv6]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD Tcpip [RAW/IPv6]]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP TCPv6 服务提供商]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP TCP 服务提供商]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP UDPv6 服务提供商]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [RSVP UDP 服务提供商]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] SEQPACKET 2]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] DATAGRAM 2]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] SEQPACKET 3]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip6_{10BE8295-D23C-4B8A-B055-9E3D643BA1A4}] DATAGRAM 3]
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)
Rising Net Filter
    H:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
::1            localhost

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
    [2356] H:\Windows\System32\wuapp.exe

==================================
gototop
 
haohe的fans
头像
叱咤花甲狮
  • 帖子:2818
  • 注册: 2007-06-17
  • 来自:
发表于: 2007-07-04 12:37 | 短消息 资料
字号: 4楼

一次发不完请分次发上来
gototop
 
有毒必问
头像
锋芒艾服狮
  • 帖子:1653
  • 注册: 2005-02-13
  • 来自:廣東
发表于: 2007-07-04 12:44 | 短消息 资料
字号: 5楼

删除
H:\Windows\system32\wininit.exe
WOLLF.16病毒
gototop
 
大侠7
头像
快乐黄口狮
  • 帖子:122
  • 注册: 2003-11-20
  • 来自:
发表于: 2007-07-04 13:05 | 只看楼主 短消息 资料
字号: 6楼

wininit.exe 在VISTA中是正常进程 不能去关闭否则马上蓝频死机
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT