[CODE] 2008-09-10,12:29:07 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [Hagel Technologies Ltd] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <%systemroot%\system32\dumprep 0 -u> [File is missing] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [File is missing] <"C:\Program Files\Rising\Rav\Update\setup.exe" /FIRST /ONCE> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 N/A ================================== 服务 [DSM SA Event Manager / dcevt32][Running/Auto Start] <"C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe"> [DSM SA Data Manager / dcstor32][Running/Auto Start] <"C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe"> [DU Meter Service / DUMeterSvc][Running/Auto Start] [Helix Server / Helix Server][Running/Auto Start] [DSM SA Shared Services / omsad][Running/Auto Start] <"C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe"> [DSM SA Connection Service / Server Administrator][Running/Auto Start] <"C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe"><> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [ati2mtag / ati2mtag][Running/Manual Start] [System Management Driver / dcdbas][Running/Manual Start] [Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start] [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [mraid35x / mraid35x][Running/Boot Start] <\SystemRoot\system32\drivers\mraid35x.sys> [DDK PACKET Protocol / Packet][Running/Manual Start] <360安全中心> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [HookSys / HookSys][Stopped/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookCont / HookCont][Stopped/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Stopped/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Stopped/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [RsNTGDI / RsNTGDI][Stopped/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> ================================== 浏览器加载项 [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [BitComet] {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, > [] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, > [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [] {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, > [] {D27CDB6E-AE6D-11CF-96B8-444553540000} <, > [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [&使用BitComet下载] [&使用BitComet下载全部链接] [&使用BitComet下载本页视频] ================================== 正在运行的进程 [PID: 292 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 340 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 368 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 416 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 428 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 584 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 668 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 732 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 776 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 792 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 920 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 1088 / SYSTEM][C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe] [Dell Inc., 5.7.0 (BLD_4837)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Dell\SysMgt\shared\bin\dcsupt32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcisep32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsgen32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsmil32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcship32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [PID: 1116 / SYSTEM][C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe] [Dell Inc., 5.7.0 (BLD_4837)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Dell\SysMgt\shared\bin\dcsupt32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcadpt32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\shared\bin\bmapi.dll] [Broadcom Corporation, 7, 5, 7, 0] [C:\Program Files\Dell\SysMgt\omsa\bin\dccoop32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\omsa\bin\dciemp32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\WINDOWS\system32\dchipm32.dll] [Dell Inc., 5.7.0 (BLD_4825)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcienv32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\WINDOWS\system32\dchbas32.dll] [Dell Inc., 5.7.0 (BLD_4825)] [C:\Program Files\Dell\SysMgt\omsa\bin\dclra32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcosp32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcsecp32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcwfm32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcifru32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\rac4\bin\dcrac432.dll] [Dell, Inc., 4.6.1.186] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsmil32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [PID: 1144 / SYSTEM][C:\Program Files\DU Meter\DUMeterSvc.exe] [Hagel Technologies Ltd, 4.0 Build R3009] [C:\Program Files\DU Meter\sqlite3.dll] [Hagel Technologies Ltd, 3.4.2] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 1168 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 1188 / SYSTEM][C:\Program Files\Real\Helix Server\Bin\rmserver.exe] [RealNetworks, Inc., 9.0.3.916] [C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Real\Helix Server\Plugins\admi3260.dll] [RealNetworks, Inc., 6.0.2.2201] [C:\Program Files\Real\Helix Server\Plugins\adta3260.dll] [RealNetworks, Inc., 6.0.7.2984] [C:\Program Files\Real\Helix Server\Plugins\allo3260.dll] [RealNetworks, Inc., 6.0.2.2267] [C:\Program Files\Real\Helix Server\Plugins\arch3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\asfw3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\asnc3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\asxp3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\audp3260.dll] [RealNetworks, Inc., 6.0.7.3652] [C:\Program Files\Real\Helix Server\Plugins\auth3260.dll] [RealNetworks, Inc., 6.0.7.3597] [C:\Program Files\Real\Helix Server\Plugins\basc3260.dll] [RealNetworks, Inc., 6.0.7.3597] [C:\Program Files\Real\Helix Server\Plugins\bdst3260.dll] [RealNetworks, Inc., 6.0.7.2260] [C:\Program Files\Real\Helix Server\Plugins\brcv3260.dll] [RealNetworks, Inc., 6.0.7.2267] [C:\Program Files\Real\Helix Server\Plugins\cdad3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\cdis3290.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\cssp3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\dbmg3260.dll] [RealNetworks, Inc., 6.0.0.2846] [C:\Program Files\Real\Helix Server\Plugins\dbwr3260.dll] [RealNetworks, Inc., 6.0.0.2835] [C:\Program Files\Real\Helix Server\Plugins\dlic3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\encf3260.dll] [RealNetworks, Inc., 6.0.2.2164] [C:\Program Files\Real\Helix Server\Plugins\enco3260.dll] [RealNetworks, Inc., 6.0.2.2188] [C:\Program Files\Real\Helix Server\Plugins\http3260.dll] [RealNetworks, Inc., 6.0.7.3734] [C:\Program Files\Real\Helix Server\Plugins\imgf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\incl3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\isph3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\liv33260.dll] [RealNetworks, Inc., 6.0.2.2189] [C:\Program Files\Real\Helix Server\Plugins\logp3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\meif3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\meip3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\miip3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\mp3f3260.dll] [RealNetworks, Inc., 6.0.9.2637] [C:\Program Files\Real\Helix Server\Plugins\mpgf3260.dll] [RealNetworks, Inc., 6.0.7.2803] [C:\Program Files\Real\Helix Server\Plugins\ntau3260.dll] [RealNetworks, Inc., 6.0.7.831] [C:\Program Files\Real\Helix Server\Plugins\ntlo3260.dll] [Progressive Networks, Inc., 6.0.2.2191] [C:\Program Files\Real\Helix Server\Plugins\perf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\plus3260.dll] [RealNetworks, Inc., 6.0.7.2982] [C:\Program Files\Real\Helix Server\Plugins\pply3260.dll] [RealNetworks, Inc., 6.0.7.3036] [C:\Program Files\Real\Helix Server\Plugins\ppva3260.dll] [RealNetworks, Inc., 6.0.2.2268] [C:\Program Files\Real\Helix Server\Plugins\ppvb3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\ppvo3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\pxad3260.dll] [RealNetworks, Inc., 6.0.4.3260] [C:\Program Files\Real\Helix Server\Plugins\qtbc3260.dll] [RealNetworks, Inc., 6.0.2.2149] [C:\Program Files\Real\Helix Server\Plugins\qtff3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\ramp3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\redb3260.dll] [RealNetworks, Inc., 6.0.2.1065] [C:\Program Files\Real\Helix Server\Plugins\rmff3260.dll] [RealNetworks, Inc., 6.0.9.1305] [C:\Program Files\Real\Helix Server\Plugins\rn5a3260.dll] [RealNetworks, Inc., 6.0.7.3597] [C:\Program Files\Real\Helix Server\Plugins\rnca3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\rtff3260.dll] [RealNetworks, Inc., 6.0.7.3352] [C:\Program Files\Real\Helix Server\Plugins\sdpp3260.dll] [RealNetworks, Inc., 6.0.7.3834] [C:\Program Files\Real\Helix Server\Plugins\shel3260.dll] [RealNetworks, Inc., 6.0.3.2994] [C:\Program Files\Real\Helix Server\Plugins\smlf3260.dll] [RealNetworks, Inc., 6.0.7.3155] [C:\Program Files\Real\Helix Server\Plugins\smlg3260.dll] [RealNetworks, Inc., 6.0.7.2970] [C:\Program Files\Real\Helix Server\Plugins\smon3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\smpl3260.dll] [RealNetworks, Inc., 6.0.7.3852] [C:\Program Files\Real\Helix Server\Plugins\swff3260.dll] [RealNetworks, Inc., 6.0.8.3059] [C:\Program Files\Real\Helix Server\Plugins\tagf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\tmpl3260.dll] [RealNetworks, Inc., 6.0.7.2136] [C:\Program Files\Real\Helix Server\Plugins\vidf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\vivf3260.dll] [Vivo Software, Inc., 1, 0, 0, 1] [C:\Program Files\Real\Helix Server\Plugins\vsrc3260.dll] [RealNetworks, Inc., 6.0.7.2956] [C:\Program Files\Real\Helix Server\Plugins\wmmc3260.dll] [RealNetworks, Inc., 6.0.2.400] [C:\Program Files\Real\Helix Server\Plugins\wmsr3260.dll] [RealNetworks, Inc., 6.0.0.918] [C:\Program Files\Real\Helix Server\Plugins\xmlc3260.dll] [RealNetworks, Inc., 6.0.2.926] [PID: 1288 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 1316 / SYSTEM][C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\omacs32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\dsupt32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\omsas32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\dnet32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\dweb32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\devent32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\omintf32.dll] [Dell Inc., 3.2.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 1424 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 1484 / SYSTEM][C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe] [, 3.2.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Dell\SysMgt\jre\bin\client\jvm.dll] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\Dell\SysMgt\jre\bin\hpi.dll] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\Dell\SysMgt\jre\bin\verify.dll] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\Dell\SysMgt\jre\bin\java.dll] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\Dell\SysMgt\jre\bin\zip.dll] [Sun Microsystems, Inc., 5.0.60.5] [C:\Program Files\Dell\SysMgt\oma\bin\omajdb32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\omacs32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\omadb32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\csda32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\dsupt32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\rac4\bin\drsda32.dll] [Dell, Inc., 4.6.1.186] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsgen32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsmil32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\shared\bin\dcsupt32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\oma\bin\hipda32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\omsa\bin\dcship32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcecfl32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\jre\bin\net.dll] [Sun Microsystems, Inc., 5.0.60.5] [PID: 1544 / SYSTEM][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\WINDOWS\system32\ILanSnmp.dll] [intel, 1, 66, 0, 0] [C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_snmp32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\shared\bin\dcsupt32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcsnis32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcship32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsgen32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\dataeng\bin\dcsmil32.dll] [Dell Inc., 5.7.0 (BLD_4837)] [C:\Program Files\Dell\SysMgt\omsa\bin\dcsfru32.dll] [Dell Inc., 5.7.0 (BLD_4834)] [C:\Program Files\Dell\SysMgt\oma\bin\invmib32.dll] [N/A, ] [C:\Program Files\Dell\SysMgt\oma\bin\omadb32.dll] [Dell Inc., 3.2.0] [C:\Program Files\Dell\SysMgt\oma\bin\omacs32.dll] [Dell Inc., 1.8.0] [C:\Program Files\Dell\SysMgt\oma\bin\libxml2.dll] [N/A, ] [C:\Program Files\Dell\SysMgt\rac4\bin\dcsnra32.dll] [Dell, Inc., 4.6.1.186] [C:\Program Files\Dell\SysMgt\rac4\bin\dcsdrs32.dll] [Dell, Inc., 4.6.1.186] [PID: 1764 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 2504 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 2544 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 3060 / xzyxAdministrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [PID: 3188 / xzyxAdministrator][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.33] [C:\Program Files\Rising\AntiSpyware\pscan.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.54] [C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 3220 / xzyxAdministrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 3248 / xzyxAdministrator][C:\Program Files\DU Meter\DUMeter.exe] [Hagel Technologies Ltd, 4.0 Build R3009] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 3520 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3828 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 3856 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\imaadp32.acm] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\msg711.acm] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\msgsm32.acm] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\system32\tsd32.dll] [, ] [C:\WINDOWS\system32\msg723.acm] [Microsoft Corporation, 5.2.3790.3959] [C:\WINDOWS\system32\msaud32.acm] [Microsoft Corporation, 8.00.00.4487] [C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02] [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [PID: 4080 / xzyxAdministrator][C:\WINDOWS\system32\rdpclip.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 328 / xzyxAdministrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 1140 / xzyxAdministrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 1412 / xzyxAdministrator][C:\Program Files\DU Meter\DUMeter.exe] [Hagel Technologies Ltd, 4.0 Build R3009] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 2464 / xzyxAdministrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2756 / xzyxAdministrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 652 / xzyxAdministrator][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3604 / xzyxAdministrator][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 4, 1, 8, 1004] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 2, 0, 1001] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001] [C:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1027] [PID: 1460 / xzyxAdministrator][C:\WINDOWS\System32\logon.scr] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 900 / xzyxAdministrator][C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe] [Rhino Software, Inc. +1(262) 560-9627, 6, 4, 0, 6] [C:\Program Files\RhinoSoft.com\Serv-U\zlib1.dll] [, 1.2.3] [C:\Program Files\RhinoSoft.com\Serv-U\RhinoNET.dll] [Rhino Software, Inc. +1(262) 560-9627, 1, 0, 0, 3] [C:\Program Files\RhinoSoft.com\Serv-U\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\RhinoSoft.com\Serv-U\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\Program Files\RhinoSoft.com\Serv-U\libeay32.DLL] [The OpenSSL Project, http://www.openssl.org/, 0.9.8g] [C:\Program Files\RhinoSoft.com\Serv-U\ssleay32.DLL] [The OpenSSL Project, http://www.openssl.org/, 0.9.8g] [PID: 2324 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 2428 / xzyxAdministrator][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2980 / xzyxAdministrator][E:\新建文件夹\新建文件夹\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [PID: 2268 / xzyxAdministrator][E:\新建文件夹\新建文件夹\SREd5e725.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [E:\新建文件夹\新建文件夹\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn 127.0.0.1 gxgxy.net 127.0.0.1 c0mo.com ================================== 进程特权扫描 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]