[CODE]

2007-07-20,12:37:09

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <360Safetray><D:\新建文件夹 (2)\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <Microsoft Autorun10><C:\WINDOWS\system32\nwizwmgjs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><jhapri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{F382C1EB-375C-573D-1F5E-23455234524F}><C:\WINDOWS\system32\wlcpri.dll>  []
    <{325AB2F3-234A-7469-2F43-E341713ABFA3}><C:\WINDOWS\system32\wgcpri.dll>  []
    <{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll>  []
    <{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\system32\zxepri.dll>  []
    <{44123FF1-8371-9834-9021-184518451FA4}><C:\WINDOWS\system32\qjdpri.dll>  []
    <{259AFD5B-159F-ACD8-954C-ACD545FA6582}><C:\WINDOWS\system32\jzbpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
    <N/A><C:\WINDOWS\system32\nwizzhuxians.exe>  []

==================================
启动文件夹
N/A

==================================
服务
[643BCA22 / 643BCA22][Stopped/Auto Start]
  <C:\WINDOWS\system32\6E923364.EXE -643BCA22><Microsoft Corporation>
[7CD99E00 / 7CD99E00][Stopped/Auto Start]
  <C:\WINDOWS\system32\85046C00.EXE -d><Microsoft Corporation>
[F7104400 / F7104400][Stopped/Auto Start]
  <C:\WINDOWS\system32\FB0E3E00.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows pvwa RunThem / pvwa][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\kqrv\uabf.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================

驱动程序
[2xspr31s4s / 2xspr31s4s][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\2xspr31s4s.sys><N/A>
[5hfve / 5hfvef][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\5hfvef.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3Inc / S3Inc][Running/Manual Start]
  <system32\DRIVERS\s3sav3dm.sys><S3 Incorporated>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\新建文件夹 (2)\360safe\safemon\safemon.dll, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\新建文件夹 (2)\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\新建文件夹 (2)\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>

==================================

正在运行的进程
[PID: 424 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 512 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\9DF2B1B5.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\msplrct.dll]  [N/A, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
[PID: 560 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 780 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 836 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 856 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
[PID: 900 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 948 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 996 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 19]

[C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1244 / zhang][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\ja5r.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\nwizwmgjs.dll]  [N/A, ]
    [C:\WINDOWS\system32\9DF2B1B5.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
[PID: 1344 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 1496 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 1992 / zhang][D:\新建文件夹 (2)\360safe\safemon\360Tray.exe]  [奇虎网, 3, 5, 1, 1001]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\新建文件夹 (2)\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [D:\新建文件夹 (2)\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\新建文件夹 (2)\360safe\live.dll]  [360safe.com, 1, 0, 1, 1016]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
[PID: 2036 / zhang][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 164 / zhang][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\4D9B0600.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
[PID: 1612 / zhang][C:\WINDOWS\system32\D5E87D0D.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\85046C00.DLL]  [Microsoft Corporation, ]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
[PID: 2612 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2628 / zhang][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3220 / zhang][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
[PID: 480 / zhang][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1924 / zhang][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
[PID: 2940 / zhang][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3392 / zhang][C:\DOCUME~1\zhang\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\k118490468210.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046776.DAT]  [N/A, ]
    [C:\WINDOWS\system32\k11849046754.DAT]  [N/A, ]
    [D:\新建文件夹 (2)\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjdpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wgcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mscomm.dll]  [N/A, ]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
    C:\WINDOWS\system32\mscomm.dll(, N/A)
MSAPI Tcpip [UDP/IP]
    C:\WINDOWS\system32\mscomm.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1992, D:\新建文件夹 (2)\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1992, D:\新建文件夹 (2)\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1612, C:\WINDOWS\SYSTEM32\D5E87D0D.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1612, C:\WINDOWS\SYSTEM32\D5E87D0D.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 480, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 480, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]