[CODE] 2009-01-10,21:33:05 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition (Build 3790) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [SZQZSW] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [] [] [] [] <"c:\program files\iimsnode\pronode.exe" /autorun> [SZQZSW] <"C:\WINDOWS\system32\nap32.exe" /run> [Beijing Rising Information Technology Co., Ltd.] [SZQZSW] <"C:\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Publisher] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RTGSGENG] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessSafe.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe] [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <17lelestart><; C:\Program Files\VisionNet\17lele\system\17lele.exe 17LELEMIN> [File is missing] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [File is missing] <; D:\hidewnd\HideWnd.exe> [File is missing] <; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <; C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa> [File is missing] <; C:\Program Files\ORAY\PeanutHull\phnt.exe -sa> [File is missing] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <; c:\documents and settings\administrator\桌面\ie\nodeclt.exe /autorun> [SZQZSW] <; D:\Program Files\天网防火墙\FireWall\PFWMain.exe> [File is missing] <; %systemroot%\system32\dumprep 0 -u> [File is missing] <; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝(中国)软件有限公司] ================================== 启动文件夹 [快捷方式 到 FireServer.exe] D:\驱动防~1\服务端\FIRESE~1.EXE []> [快捷方式 到 ttj.exe] D:\rzx\wanmei\ttj.exe [File is missing]> ================================== 服务 [Helix Server / Helix Server][Running/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [NCHJRSTYT / JHHGIYIOU][Others/Auto Start] %SystemRoot%\System32\tancad.dll> [Peanut Hull Client Service / Peanut Hull Client Service][Stopped/Disabled] <(File is missing)> [Rav Process Communication Center / RavCCenter][Stopped/Auto Start] [Rising RavTask Manager / RavTask][Running/Auto Start] <"C:\Rav\RavTask.exe" RavTask> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"> [RService / RService][Running/Auto Start] <> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [RzxSevce / RzxSevce][Stopped/Auto Start] <(File is missing)> [StarWind iSCSI Service / StarWindService][Running/Auto Start] ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [ApPsMon / ApPsMon][Stopped/Manual Start] <\??\c:\documents and settings\administrator\桌面\ie\psmon.sys> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [GAMESGXP / GAMESGXP][Running/Manual Start] <\??\C:\WINDOWS\system32\Drivers\GAMESGXP.SYS> [GENIO / GENIO][Stopped/Manual Start] <\??\G:\Program Files\GoldenSoft\GoldenSoft\NetNC\WinNT\Server\genio.sys> [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [ialm / ialm][Running/Manual Start] [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [New0 / New0][Running/Auto Start] <\??\C:\WINDOWS\system32\new.sys> [NetGroup Packet Filter Driver / NPF][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [QKeyServiceDisplay / QKeyService][Running/Boot Start] <\SystemRoot\system32\KeyCrypt.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [Realtek RTL8169 Gigabit Ethernet Adapter NT Driver / RTL8169][Stopped/Manual Start] [Secdrv / Secdrv][Running/Auto Start] [SNIFFER Protocol Driver / Sniffer][Running/Auto Start] [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesDrvPt.sys> [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [tqantisy / tqantisys][Running/System Start] [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start] [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start] [rspp / rspp][Stopped/System Start] <\??\C:\WINDOWS\system32\Drivers\Rspp.sys> ================================== 浏览器加载项 [FGCatchUrl] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [WebFilter Class] {8E2EF533-2086-4021-A85C-D8240F066EF9} [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [网址大全] {C18CB140-0BBB-11D4-8FE8-0088CC102438} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, > [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [] {9F755563-5399-4B20-BF0E-1ED76D9B4801} <, > [PhotoDrawEx Class] {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} [nEdit Control] {32D72994-45B9-42B5-8980-FB561D1BE2D0} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [InfoSecNetSign Class] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} [] {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} <, > [KVFileUpdate Class] {CA234A53-E68D-44D5-A07C-481C051D0C7B} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [] {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, > [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [FGAutoLive] {F90D830D-C175-4bbe-82C7-FF94669A4C42} [FGCatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} [ 发送到手机<彩信助手>] [&使用快车(FlashGet)下载] [&使用快车(FlashGet)下载全部链接] [使用影音传送带下载] [使用影音传送带下载全部链接] [使用迅雷下载] [使用迅雷下载全部链接] [添加到QQ表情] ================================== 正在运行的进程 [PID: 356 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 420 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 444 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\rtgsgeng.dll] [N/A, ] [C:\WINDOWS\system32\RNDINTER.DLL] [Shanghai Richtech Co., Ltd, 1, 0, 11, 15] [PID: 488 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 500 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 652 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 724 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 844 / SYSTEM][C:\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [C:\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [PID: 940 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 956 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1012 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1020 / SYSTEM][C:\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29] [C:\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21] [C:\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [C:\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [C:\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] [C:\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17] [C:\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14] [C:\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17] [C:\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 1180 / SYSTEM][C:\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9] [C:\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 1368 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620] [PID: 1396 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe] [(Verified) Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)] [PID: 1480 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1508 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1532 / SYSTEM][C:\Program Files\Real\Helix Server\Bin\rmserver.exe] [RealNetworks, Inc., 9.0.2.794] [C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0] [C:\Program Files\Real\Helix Server\Plugins\admi3260.dll] [RealNetworks, Inc., 6.0.2.2079] [C:\Program Files\Real\Helix Server\Plugins\adta3260.dll] [RealNetworks, Inc., 6.0.7.2862] [C:\Program Files\Real\Helix Server\Plugins\allo3260.dll] [RealNetworks, Inc., 6.0.2.2105] [C:\Program Files\Real\Helix Server\Plugins\arch3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\asfw3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\asnc3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\asxp3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\audp3260.dll] [RealNetworks, Inc., 6.0.7.3530] [C:\Program Files\Real\Helix Server\Plugins\auth3260.dll] [RealNetworks, Inc., 6.0.7.3475] [C:\Program Files\Real\Helix Server\Plugins\basc3260.dll] [RealNetworks, Inc., 6.0.7.3475] [C:\Program Files\Real\Helix Server\Plugins\bdst3260.dll] [RealNetworks, Inc., 6.0.7.2138] [C:\Program Files\Real\Helix Server\Plugins\brcv3260.dll] [RealNetworks, Inc., 6.0.7.2145] [C:\Program Files\Real\Helix Server\Plugins\cdad3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\cdis3290.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\cssp3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\dbmg3260.dll] [RealNetworks, Inc., 6.0.0.2724] [C:\Program Files\Real\Helix Server\Plugins\dbwr3260.dll] [RealNetworks, Inc., 6.0.0.2713] [C:\Program Files\Real\Helix Server\Plugins\dlic3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\encf3260.dll] [RealNetworks, Inc., 6.0.2.2042] [C:\Program Files\Real\Helix Server\Plugins\enco3260.dll] [RealNetworks, Inc., 6.0.2.2066] [C:\Program Files\Real\Helix Server\Plugins\http3260.dll] [RealNetworks, Inc., 6.0.7.3612] [C:\Program Files\Real\Helix Server\Plugins\imgf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\incl3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\isph3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\liv33260.dll] [RealNetworks, Inc., 6.0.2.2067] [C:\Program Files\Real\Helix Server\Plugins\logp3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\meif3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\meip3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\miip3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\mp3f3260.dll] [RealNetworks, Inc., 6.0.9.2515] [C:\Program Files\Real\Helix Server\Plugins\mpgf3260.dll] [RealNetworks, Inc., 6.0.7.2681] [C:\Program Files\Real\Helix Server\Plugins\ntau3260.dll] [RealNetworks, Inc., 6.0.7.713] [C:\Program Files\Real\Helix Server\Plugins\ntlo3260.dll] [Progressive Networks, Inc., 6.0.2.2073] [C:\Program Files\Real\Helix Server\Plugins\perf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\plus3260.dll] [RealNetworks, Inc., 6.0.7.2860] [C:\Program Files\Real\Helix Server\Plugins\pply3260.dll] [RealNetworks, Inc., 6.0.7.2914] [C:\Program Files\Real\Helix Server\Plugins\ppva3260.dll] [RealNetworks, Inc., 6.0.2.2106] [C:\Program Files\Real\Helix Server\Plugins\ppvb3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\ppvo3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\pxad3260.dll] [RealNetworks, Inc., 6.0.4.3138] [C:\Program Files\Real\Helix Server\Plugins\qtbc3260.dll] [RealNetworks, Inc., 6.0.2.2027] [C:\Program Files\Real\Helix Server\Plugins\qtff3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\ramp3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\redb3260.dll] [RealNetworks, Inc., 6.0.2.943] [C:\Program Files\Real\Helix Server\Plugins\rmff3260.dll] [RealNetworks, Inc., 6.0.9.1183] [C:\Program Files\Real\Helix Server\Plugins\rn5a3260.dll] [RealNetworks, Inc., 6.0.7.3475] [C:\Program Files\Real\Helix Server\Plugins\rnca3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\rtff3260.dll] [RealNetworks, Inc., 6.0.7.3230] [C:\Program Files\Real\Helix Server\Plugins\sdpp3260.dll] [RealNetworks, Inc., 6.0.7.3672] [C:\Program Files\Real\Helix Server\Plugins\shel3260.dll] [RealNetworks, Inc., 6.0.3.2872] [C:\Program Files\Real\Helix Server\Plugins\smlf3260.dll] [RealNetworks, Inc., 6.0.7.3033] [C:\Program Files\Real\Helix Server\Plugins\smlg3260.dll] [RealNetworks, Inc., 6.0.7.2848] [C:\Program Files\Real\Helix Server\Plugins\smon3260.dll] [RealNetworks, Inc., 6.0.2.1] [C:\Program Files\Real\Helix Server\Plugins\smpl3260.dll] [RealNetworks, Inc., 6.0.7.3690] [C:\Program Files\Real\Helix Server\Plugins\swff3260.dll] [RealNetworks, Inc., 6.0.8.2937] [C:\Program Files\Real\Helix Server\Plugins\tagf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\tmpl3260.dll] [RealNetworks, Inc., 6.0.7.2014] [C:\Program Files\Real\Helix Server\Plugins\vidf3260.dll] [N/A, ] [C:\Program Files\Real\Helix Server\Plugins\vivf3260.dll] [Vivo Software, Inc., 1, 0, 0, 1] [C:\Program Files\Real\Helix Server\Plugins\vsrc3260.dll] [RealNetworks, Inc., 6.0.7.2834] [C:\Program Files\Real\Helix Server\Plugins\wmmc3260.dll] [RealNetworks, Inc., 6.0.2.400] [C:\Program Files\Real\Helix Server\Plugins\wmsr3260.dll] [RealNetworks, Inc., 6.0.0.796] [C:\Program Files\Real\Helix Server\Plugins\xmlc3260.dll] [RealNetworks, Inc., 6.0.2.804] [PID: 1604 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)] [PID: 1624 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1640 / SYSTEM][C:\WINDOWS\system32\iscsiexe.exe] [Microsoft Corporation, 5.2.3790.302 built by: srv03_rtm(wmbla-s)] [PID: 1808 / SYSTEM][C:\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [C:\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 35] [PID: 1832 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1872 / SYSTEM][C:\Program Files\rzx\Net110\RService.exe] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\RKernel.dll] [TODO: <公司名>, 1.0.0.1] [C:\Program Files\rzx\Net110\IpSecMan.dll] [TODO: <公司名>, 1.0.0.1] [C:\Program Files\rzx\Net110\packet.dll] [Politecnico di Torino, 3, 0, 0, 18] [C:\Program Files\rzx\Net110\SerIFace.dll] [深圳任子行网络技术有限公司, 3, 1, 0, 1] [C:\Program Files\rzx\Net110\NetLogPath.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\Program Files\rzx\Net110\UniLog.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\RzxSdk.dll] [RZX, 2, 1, 0, 3] [C:\Program Files\rzx\Net110\IPList.dll] [N/A, ] [C:\Program Files\rzx\Net110\ListSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\DynaSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\NetSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\LanSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\RAnalyse.dll] [TODO: <公司名>, 1.0.0.1] [C:\Program Files\rzx\Net110\nicman.dll] [TODO: <公司名>, 1.0.0.1] [PID: 208 / conexant][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [PID: 376 / SYSTEM][C:\Program Files\Rocket Division Software\StarWind\StarWindService.exe] [Rocket Division Software, 2.6.4 Build 20050908] [C:\Program Files\Rocket Division Software\StarWind\RamDisk.dll] [Rocket Division Software, 2.6.4 Build 20050908] [C:\Program Files\Rocket Division Software\StarWind\ImageFile.dll] [Rocket Division Software, 2.6.4 Build 20050908] [C:\Program Files\Rocket Division Software\StarWind\VirtualDvd.dll] [Rocket Division Software, 2.6.4 Build 20050908] [C:\Program Files\Rocket Division Software\StarWind\IBVolume.dll] [Rocket Division Software, 2.6.4 Build 20050908] [PID: 268 / SYSTEM][C:\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [C:\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23] [C:\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36] [C:\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.8] [C:\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 464 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 560 / conexant][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 920 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1940 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 2808 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 2992 / conexant][C:\Rav\RSMAIN.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Rav\rspalmgr.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.29] [C:\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Rav\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27] [C:\Rav\ravbmenu.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [C:\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.21] [C:\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25] [C:\Rav\ravpsafe.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Rav\psafecfg.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Rav\ravxpage.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 81] [C:\Rav\ravxmons.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Rav\ravptool.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [C:\Rav\log2file.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [C:\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Rav\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [PID: 3008 / conexant][C:\Rav\RsAgent.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [PID: 3068 / conexant][C:\WINDOWS\msagent\AgentSvr.exe] [(Verified) Microsoft Corporation, 2.00.0.3422] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3148 / conexant][C:\Program Files\rzx\Net110\SysMon.exe] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\LanSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\DynaSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\StatiSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\NetLogPath.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3168 / conexant][C:\Program Files\netstarcortrol\Msgsvr32.exe] [N/A, ] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3184 / conexant][C:\Program Files\netstarcortrol\Rundll33.exe] [N/A, ] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\netstarcortrol\wgzx.dll] [ft, 1, 0, 6, 704] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [PID: 3196 / conexant][C:\Program Files\rzx\Net110\Lsui.exe] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\LanSockS.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\Program Files\rzx\Net110\NetLogPath.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\StatiSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\StateSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\LanSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\NetSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\UniLog.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\DynaSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\RzxSdk.dll] [RZX, 2, 1, 0, 3] [C:\Program Files\rzx\Net110\PracticeCheck.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\rzxbackup.dll] [, 1, 0, 0, 1] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3208 / conexant][C:\Program Files\rzx\Net110\LSParser.exe] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\NetSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\LSReg.dll] [深圳任子行网络技术, 1.0.0.1] [C:\Program Files\rzx\Net110\LanSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\UniComm.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\DynaSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\PracticeCheck.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\Program Files\rzx\Net110\StatiSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\LanSockS.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\LsAsProc.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\StateSet.dll] [N/A, ] [C:\Program Files\rzx\Net110\ListSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\IPList.dll] [N/A, ] [C:\Program Files\rzx\Net110\CheckNet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\UniLog.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\NetLogPath.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\RzxSdk.dll] [RZX, 2, 1, 0, 3] [C:\Program Files\rzx\Net110\zlib.dll] [, 1.2.2] [C:\Program Files\rzx\Net110\UPNetLog.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\CheckUsr.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\LtSet.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\ODBC32.dll] [Microsoft Corporation, 3.520.6200.0] [C:\Program Files\rzx\Net110\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\rzx\Net110\LsLtProc.dll] [, 1, 0, 0, 1] [C:\Program Files\rzx\Net110\odbcint.dll] [Microsoft Corporation, 3.520.6200.0] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\rzx\Net110\FindHost.dll] [N/A, ] [PID: 3464 / conexant][D:\驱动防火墙\服务端\FireServer.exe] [, 1, 1, 4, 1] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [PID: 3608 / conexant][c:\program files\iimsnode\pronode.exe] [SZQZSW, 3.3.0.4] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\iimsnode\ScrCpter.dll] [SZQZSW, 3.2.0.0] [c:\program files\iimsnode\IDEADll.dll] [N/A, ] [PID: 3708 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 3916 / conexant][c:\program files\iimsnode\WebSrvr.exe] [N/A, ] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 4004 / conexant][d:\wx2004\server.exe] [, 16.4.8.919] [d:\wx2004\uptCom.dll] [, 1.0.0.1020] [d:\wx2004\Wx2004919.dll] [N/A, ] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\wx2004\WxComm.dll] [N/A, ] [d:\wx2004\wxcal.dll] [成都吉胜, 16.3.7.708] [d:\wx2004\rzx.dll] [成都吉胜科技, 1.1.0.622] [d:\wx2004\Iplist.dll] [N/A, ] [d:\wx2004\wxhelper.dll] [成都吉胜科技有限公司, 1.1.0.5640] [d:\wx2004\idlogupload.dll] [深圳任子行网络技术公司, 2.0] [d:\wx2004\AuthDb.dll] [, 1, 0, 0, 1] [d:\wx2004\NBCONFIG.dll] [TODO: <公司名>, 1.0.0.1] [d:\wx2004\LanSet.dll] [N/A, ] [d:\wx2004\DynaSet.dll] [, 1, 0, 0, 1] [d:\wx2004\IdLostInfo.dll] [深圳任子行网络技术公司, 2.0] [d:\wx2004\zlib.dll] [, 1.2.2] [d:\wx2004\SysStatusLog.dll] [, 1, 0, 0, 1] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [PID: 2580 / conexant][d:\wx2004\Store.exe] [, 2.0.0.0] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2612 / conexant][d:\wx2004\rzxsurename.exe] [深圳任子行网络技术有限公司, 2.0] [d:\wx2004\NetbarScan.dll] [, 1, 0, 0, 1] [d:\wx2004\NetbarVideo.dll] [, 1, 0, 0, 1] [d:\wx2004\NetbarRecog.dll] [, 1, 0, 0, 1] [d:\wx2004\RzxSnEncKey.dll] [, 1, 0, 0, 1] [d:\wx2004\RzxHook.dll] [TODO: <公司名>, 1.0.0.1] [d:\wx2004\GCardID_RZX.dll] [N/A, ] [d:\wx2004\idcardupdown.dll] [深圳任子行网络技术公司, 2.0] [d:\wx2004\NBCONFIG.dll] [TODO: <公司名>, 1.0.0.1] [d:\wx2004\LanSet.dll] [N/A, ] [d:\wx2004\DynaSet.dll] [, 1, 0, 0, 1] [d:\wx2004\idlogupload.dll] [深圳任子行网络技术公司, 2.0] [d:\wx2004\AuthDb.dll] [, 1, 0, 0, 1] [d:\wx2004\IPList.dll] [N/A, ] [d:\wx2004\IdLostInfo.dll] [深圳任子行网络技术公司, 2.0] [d:\wx2004\zlib.dll] [, 1.2.2] [d:\wx2004\SysStatusLog.dll] [, 1, 0, 0, 1] [d:\wx2004\NetbarControl.dll] [, 1, 0, 0, 1] [d:\wx2004\IdApi.dll] [深圳任子行网络技术公司, 2.0] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\wx2004\sdtapi.dll] [N/A, ] [d:\wx2004\WltRS.dll] [N/A, ] [PID: 532 / conexant][d:\wx2004\snsysmon.exe] [, 1, 0, 0, 1] [PID: 3968 / conexant][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 4, 1007] [C:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 4, 1003] [C:\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.56] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 3, 0, 3, 0] [C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31] [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [PID: 736 / NETWORK SERVICE][c:\windows\system32\inetsrv\w3wp.exe] [(Verified) Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)] [PID: 3868 / conexant][C:\Program Files\FlashGet\FlashGet.exe] [FlashGet.com, 1, 9, 6, 1073] [C:\Program Files\FlashGet\FGBTCORE.dll] [, 1, 0, 0, 36] [C:\Program Files\FlashGet\FGEMCORE.dll] [, 1, 0, 3, 1002] [C:\Program Files\FlashGet\debugrpt.dll] [flashget, 1, 0, 0, 1006] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [C:\Program Files\FlashGet\fgupdate.dll] [www.flashget.com, 1, 8, 1, 1003] [C:\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.56] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [PID: 3660 / conexant][C:\Downloads\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 3804 / conexant][C:\Downloads\sreng2\SREe48feee9.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 4, 1007] [c:\windows\system32\tancad.dll] [Microsoft Corporation, 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Downloads\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 v.onondown.com.cn 127.0.0.2 ymsdasdw1.cn 127.0.0.3 h96b.info 127.0.0.0 www.bypk.com 127.0.0.1 va9sdhun23.cn 127.0.0.2 bnasnd83nd.cn 127.0.0.0 www.gamehacker.com.cn 127.0.0.0 gamehacker.com.cn 127.0.0.3 adlaji.cn 127.0.0.1 858656.com 127.1.1.1 bnasnd83nd.cn 127.0.1.1 59.34.216.143 127.0.0.1 my123.com 127.0.0.0 user1.12-27.net 127.0.0.1 8749.com 127.0.0.0 fengent.cn 127.0.0.1 4199.com 127.0.0.1 user1.16-22.net 127.0.0.1 www.oiuyt.net 127.0.0.1 61.164.118.209 127.0.0.1 7379.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 127.0.0.1 7255.com 127.0.0.1 user1.23-12.net 127.0.0.1 59.34.216.225 127.0.0.1 3448.com 127.0.0.1 www.guccia.net 127.0.0.1 7939.com 127.0.0.1 a.o1o1o1.nEt 127.0.0.1 8009.com 127.0.0.1 user1.12-73.cn 127.0.0.1 piaoxue.com 127.0.0.1 3n8nlasd.cn 127.0.0.1 kzdh.com 127.0.0.0 www.sony888.cn 127.0.0.1 about.blank.la 127.0.0.0 user1.asp-33.cn 127.0.0.1 6781.com 127.0.0.0 www.netkwek.cn 127.0.0.1 7322.com 127.0.0.0 ymsdkad6.cn 127.0.0.1 localhost 127.0.0.0 www.lkwueir.cn 127.0.0.1 06.jacai.com 127.0.1.1 user1.23-17.net 127.0.0.1 1.jopenkk.com 127.0.0.0 upa.luzhiai.net 127.0.0.1 1.jopenqc.com 127.0.0.0 www.guccia.net 127.0.0.1 1.joppnqq.com 127.0.0.0 4m9mnlmi.cn 127.0.0.1 1.xqhgm.com 127.0.0.0 mm119mkssd.cn 127.0.0.1 100.332233.com 127.0.0.0 61.128.171.115:8080 127.0.0.1 121.11.90.79 127.0.0.0 www.1119111.com 127.0.0.1 121565.net 127.0.0.0 win.nihao69.cn 127.0.0.1 125.90.88.38 127.0.0.1 16888.6to23.com 127.0.0.1 2.joppnqq.com 127.0.0.0 puc.lianxiac.net 127.0.0.1 204.177.92.68 127.0.0.0 pud.lianxiac.net 127.0.0.1 210.74.145.236 127.0.0.0 210.76.0.133 127.0.0.1 219.129.239.220 127.0.0.0 61.166.32.2 127.0.0.1 219.153.40.221 127.0.0.0 218.92.186.27 127.0.0.1 219.153.46.27 127.0.0.0 www.fsfsfag.cn 127.0.0.1 219.153.52.123 127.0.0.0 ovo.ovovov.cn 127.0.0.1 221.195.42.71 127.0.0.0 dw.com.com 127.0.0.1 222.73.218.115 127.0.0.1 203.110.168.233:80 127.0.0.1 3.joppnqq.com 127.0.0.1 203.110.168.221:80 127.0.0.1 363xx.com 127.0.0.1 www1.ip10086.com.cm 127.0.0.1 4199.com 127.0.0.1 blog.ip10086.com.cn 127.0.0.1 43242.com 127.0.0.1 www.ccji68.cn 127.0.0.1 5.xqhgm.com 127.0.0.0 t.myblank.cn 127.0.0.1 520.mm5208.com 127.0.0.0 x.myblank.cn 127.0.0.1 59.34.131.54 127.0.0.1 210.51.45.5 127.0.0.1 59.34.198.228 127.0.0.1 www.ew1q.cn 127.0.0.1 59.34.198.88 127.0.0.1 59.34.198.97 127.0.0.1 60.190.114.101 127.0.0.1 60.190.218.34 127.0.0.0 qq-xing.com.cn 127.0.0.1 60.191.124.252 127.0.0.1 61.145.117.212 127.0.0.1 61.157.109.222 127.0.0.1 75.126.3.216 127.0.0.1 75.126.3.217 127.0.0.1 75.126.3.218 127.0.0.0 59.125.231.177:17777 127.0.0.1 75.126.3.220 127.0.0.1 75.126.3.221 127.0.0.1 75.126.3.222 127.0.0.1 772630.com 127.0.0.1 832823.cn 127.0.0.1 8749.com 127.0.0.1 888.jopenqc.com 127.0.0.1 89382.cn 127.0.0.1 8v8.biz 127.0.0.1 97725.com 127.0.0.1 9gg.biz 127.0.0.1 www.9000music.com 127.0.0.1 test.591jx.com 127.0.0.1 a.topxxxx.cn 127.0.0.1 picon.chinaren.com 127.0.0.1 www.5566.net 127.0.0.1 p.qqkx.com 127.0.0.1 news.netandtv.com 127.0.0.1 z.neter888.cn 127.0.0.1 b.myblank.cn 127.0.0.1 wvw.wokutu.com 127.0.0.1 unionch.qyule.com 127.0.0.1 www.qyule.com 127.0.0.1 it.itjc.cn 127.0.0.1 www.linkwww.com 127.0.0.1 vod.kaicn.com 127.0.0.1 www.tx8688.com 127.0.0.1 b.neter888.cn 127.0.0.1 promote.huanqiu.com 127.0.0.1 www.huanqiu.com 127.0.0.1 www.haokanla.com 127.0.0.1 play.unionsky.cn 127.0.0.1 www.52v.com 127.0.0.1 www.gghka.cn 127.0.0.1 icon.ajiang.net 127.0.0.1 new.ete.cn 127.0.0.1 www.stiae.cn 127.0.0.1 o.neter888.cn 127.0.0.1 comm.jinti.com 127.0.0.1 www.google-analytics.com 127.0.0.1 hz.mmstat.com 127.0.0.1 www.game175.cn 127.0.0.1 x.neter888.cn 127.0.0.1 z.neter888.cn 127.0.0.1 p.etimes888.com 127.0.0.1 hx.etimes888.com 127.0.0.1 abc.qqkx.com 127.0.0.1 dm.popdm.cn 127.0.0.1 www.yl9999.com 127.0.0.1 www.dajiadoushe.cn 127.0.0.1 v.onondown.com.cn 127.0.0.1 www.interoo.net 127.0.0.1 bally1.bally-bally.net 127.0.0.1 www.bao5605509.cn 127.0.0.1 www.rty456.cn 127.0.0.1 www.werqwer.cn 127.0.0.1 1.360-1.cn 127.0.0.1 user1.23-16.net 127.0.0.1 61.160.213.143 127.0.0.1 qq.xiaoxiao02.cn 127.0.0.1 baoge.9966.org 127.0.0.1 www.oiuyt.net 127.0.0.1 www.guccia.net 127.0.0.1 www.interoo.net 127.0.0.1 upa.netsool.net 127.0.0.1 qq.gong2008.com 127.0.0.1 2008tl.copyip.com 127.0.0.1 tla.laozihuolaile.cn 127.0.0.1 www.tx6868.cn 127.0.0.1 p001.tiloaiai.com 127.0.0.1 s1.tl8tl.com 127.0.0.1 s1.gong2008.com 127.0.0.1 js.users.51.la 127.0.0.1 vip2.51.la 127.0.0.1 web.51.la 127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com ================================== 进程特权扫描 特殊特权被允许: SeDebugPrivilege [PID = 3148, C:\PROGRAM FILES\RZX\NET110\SYSMON.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 3196, C:\PROGRAM FILES\RZX\NET110\LSUI.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 3208, C:\PROGRAM FILES\RZX\NET110\LSPARSER.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 3608, C:\PROGRAM FILES\IIMSNODE\PRONODE.EXE] ================================== 计划任务 [已启用] 万象备份.job D:\Wx2004\1.bat ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]