[CODE] 2009-06-06,11:28:29 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 "R2" Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [File is missing] [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [N/A] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rflogon] [Rfinfo Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; %systemroot%\system32\dumprep 0 -k> [File is missing] <; c:\chenhu2\chenqxms.exe> [File is missing] ================================== 启动文件夹 [加密服务器] C:\WINDOWS\system32\KISCOM\KISMAN~1.EXE [金蝶软件(中国)有限公司]> [服务管理器] C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]> ================================== 服务 [Audition / Audition][Stopped/Auto Start] %SystemRoot%\System32\oodlrx.dll> [BossEye Service / BossEyeSvc][Running/Auto Start] [CAS Balance Server / CASBalanceServer][Running/Auto Start] <> [CAS Licence Service / CasLicenceService][Running/Auto Start] <> [CAS Web Server / CASWebServer][Running/Auto Start] <"C:\Program Files\RealFriend\Rap Server\bin\CASWebServer.exe" -k runservice> [CAS XML Service / CASXMLService][Running/Manual Start] <"C:\Program Files\RealFriend\Rap Server\bin\CASXMLService.exe" --defaults-file="C:\Program Files\RealFriend\Rap Server\Conf\CasDB.ini" CASXMLService> [Gene6 FTP Server / G6FTPServer][Running/Auto Start] <"C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [idtins / idtins][Stopped/Auto Start] %SystemRoot%\System32\sizmbx.dll> [KDDelegateService / KDDelegateService][Stopped/Manual Start] [MAC Detect Service(softbar) / MACDetect][Running/Auto Start] [Microsoft Search / MSSEARCH][Running/Auto Start] <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"> [MSSQLSERVER / MSSQLSERVER][Running/Auto Start] [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] [PeanutHull DDNS Service / Peanuthull5Core][Running/Auto Start] <上海贝锐> [Ris Process Communication Center / RisCCenter][Stopped/Auto Start] [Rising RisTask Manager / RisTask][Running/Auto Start] <"C:\Program Files\Rising\Ris\RavTask.exe" RisTask> [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [Remote Administrator Service / r_server][Running/Auto Start] <"C:\WINDOWS\system32\r_server.exe" /service><> [[Sentry6]Monitor Web-Activities / Sentry6AgentA][Running/Auto Start] [[Sentry6]Data Communication / Sentry6AgentC][Running/Auto Start] [[Sentry6]Monitor SentryServices / Sentry6Dog][Running/Auto Start] [[Sentry6]NAT/Virtual Bridge / Sentry6NAT][Stopped/Auto Start] [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] [Tong Yang Application Daemon / TY_Wireless_Net][Running/Auto Start] [WinHelpkiko / WinHelpkiko][Stopped/Auto Start] [WinHTTP Web Proxy Auto-Discovery Service / WinHttpAutoProxySvc][Stopped/Manual Start] winhttp.dll> [rhokpg / rhokpg][Running/Auto Start] %SystemRoot%\System32\flmomt.fdf> [msp d / To ljd][Stopped/Auto Start] ================================== 驱动程序 [Microsoft ACPI Driver / ACPI][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ACPI.sys> [AFD / AFD][Running/System Start] <\SystemRoot\System32\drivers\afd.sys> [RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start] [标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\atapi.sys> [ati2mtag / ati2mtag][Running/Manual Start] [ATM ARP Client Protocol / Atmarpc][Stopped/Manual Start] [音频存根驱动程序 / audstub][Running/Manual Start] [CD-ROM Driver / Cdrom][Running/System Start] [群集磁盘驱动程序 / ClusDisk][Stopped/Disabled] [CRC 磁盘筛选驱动程序 / crcdisk][Running/Boot Start] <\SystemRoot\system32\DRIVERS\crcdisk.sys> [DfsDriver / DfsDriver][Running/Boot Start] <\SystemRoot\system32\drivers\Dfs.sys> [磁盘驱动程序 / Disk][Running/Boot Start] <\SystemRoot\system32\DRIVERS\disk.sys> [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [Intel(R) PRO/1000 Network Connection Driver / E1000][Stopped/Manual Start] [Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Running/Manual Start] [Floppy Disk Controller Driver / Fdc][Running/Manual Start] [FltMgr / FltMgr][Running/Boot Start] <\SystemRoot\system32\DRIVERS\fltMgr.sys> [FsVga / FsVga][Running/System Start] [Volume Manager Driver / Ftdisk][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ftdisk.sys> [Generic Packet Classifier / Gpc][Running/Manual Start] [Microsoft HID Class Driver / HidUsb][Running/Manual Start] [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [HTTP / HTTP][Running/Manual Start] [i8042 Keyboard and PS/2 Mouse Port Driver / i8042prt][Running/System Start] [CD-Burning Filter Driver / imapi][Stopped/System Start] [Intel Processor Driver / intelppm][Running/Manual Start] [IPv6 Windows Firewall Driver / Ip6Fw][Running/Manual Start] [IP Traffic Filter Driver / IpFilterDriver][Running/Auto Start] [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [IP Network Address Translator / IpNat][Stopped/Manual Start] [IPSEC driver / IPSec][Running/System Start] [PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\isapnp.sys> [Keyboard Class Driver / Kbdclass][Running/System Start] [MEGAIDE / MEGAIDE][Running/Boot Start] <\SystemRoot\system32\DRIVERS\MegaIDE.sys> [Mouse Class Driver / Mouclass][Running/System Start] [Mouse HID Driver / mouhid][Running/Manual Start] [WebDav Client Redirector / MRxDAV][Stopped/Manual Start] [MRxSmb / MRxSmb][Running/System Start] [Microsoft System Management BIOS Driver / mssmbios][Running/Manual Start] [Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start] [NDIS 用户模式 I/O 协议 / Ndisuio][Running/Manual Start] [Remote Access NDIS WAN Driver / NdisWan][Running/Manual Start] [NetBIOS Interface / NetBIOS][Running/System Start] [NetBios over Tcpip / NetBT][Running/System Start] [Network Monitor Driver / nm][Running/Manual Start] [NetGroup Packet Filter Driver / NPF][Running/Manual Start] [p2pfilter / p2pfilter][Stopped/Manual Start] <\??\c:\Program Files\grabsun\netsense\p2pfilter.sys> [PCI Bus Driver / PCI][Running/Boot Start] <\SystemRoot\system32\DRIVERS\pci.sys> [PCIIde / PCIIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\pciide.sys> [WAN Miniport (PPTP) / PptpMiniport][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Remote Access Auto Connection Driver / RasAcd][Running/System Start] [WAN Miniport (L2TP) / Rasl2tp][Running/Manual Start] [远程访问 PPPOE 驱动程序 / RasPppoe][Running/Manual Start] [Direct Parallel / Raspti][Running/Manual Start] [Rdbss / Rdbss][Running/System Start] [RDPCDD / RDPCDD][Running/System Start] [Terminal Server Device Redirector Driver / rdpdr][Running/Manual Start] [Digital CD Audio Playback Filter Driver / redbook][Running/System Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\C:\Program Files\Rising\Ris\rfwtdi.sys> [rsfwdrv / rsfwdrv][Running/System Start] <\??\C:\Program Files\Rising\Ris\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [RsProtect / RsProtect][Running/System Start] [Secdrv / Secdrv][Stopped/Manual Start] [Sentinel / Sentinel][Running/Auto Start] <\SystemRoot\System32\Drivers\SENTINEL.SYS> [Serenum Filter Driver / serenum][Running/Manual Start] [Serial port driver / Serial][Running/System Start] [基于消息的 TCP/IP 和 TCP/IPv6 协议 (SMB 会话) / Smb][Running/System Start] [Srv / Srv][Running/Manual Start] [Software Bus Driver / swenum][Running/Manual Start] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft IPv6 Protocol Driver / Tcpip6][Running/System Start] [终端设备驱动程序 / TermDD][Running/System Start] [Microsoft Tun Miniport Adapter Driver / tunmp][Running/Manual Start] [Microcode Update Driver / Update][Running/Manual Start] [Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Running/Manual Start] [USB2 Enabled Hub / usbhub][Running/Manual Start] [USB 大容量存储驱动程序 / USBSTOR][Stopped/Manual Start] [Microsoft USB Universal Host Controller Miniport Driver / usbuhci][Running/Manual Start] [VGA 显示控制器。 / VgaSave][Running/System Start] <\SystemRoot\System32\drivers\vga.sys> [存储卷 / VolSnap][Running/Boot Start] <\SystemRoot\system32\DRIVERS\volsnap.sys> [Remote Access IP ARP Driver / Wanarp][Running/Manual Start] [网络负载平衡 / WLBS][Running/Manual Start] [ydtinspp / ydtinspp][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\sizmbx.sys> [Rising RfwBase Driver / RfwBase9][Running/Manual Start] ================================== 浏览器加载项 [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [ObjWinNTCheck Class] {00134F72-5284-44F7-95A8-52A619F70751} [OfficeScan Corp Edition Web-Deployment SetupCtrl Class] {08D75BC1-D2B5-11D1-88FC-0080C859833B} [Encrypt Class] {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} [趋势科技防毒墙网络版管理控制台] {4F3DCE50-E8E7-40AC-AB8D-99F87F1F89BD} [OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class] {5EFE8CB1-D095-11D1-88FC-0080C859833B} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [PieChart Class] {A050E865-64E3-431B-8079-F0DFCEA90A2D} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, (Signed) N/A> [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [DHTML Edit Control Safe for Scripting for IE6] {BF3FF9A2-AC03-40A1-BA0F-F31076325AA7} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} ================================== 正在运行的进程 [PID: 268 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 336 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 364 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\RFNotify.dll] [Rfinfo Corporation, 4.0.0.11] [PID: 412 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.4455 (srv03_sp2_gdr.090203-1205)] [PID: 428 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 616 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 732 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 788 / SYSTEM][C:\Program Files\Rising\Ris\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [C:\Program Files\Rising\Ris\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [PID: 816 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 868 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [PID: 908 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 916 / SYSTEM][C:\Program Files\Rising\Ris\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\Ris\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\Ris\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31] [C:\Program Files\Rising\Ris\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [C:\Program Files\Rising\Ris\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files\Rising\Ris\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.80] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0] [C:\Program Files\Rising\Ris\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3] [C:\Program Files\Rising\Ris\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [C:\Program Files\Rising\Ris\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18] [C:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Ris\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [C:\Program Files\Rising\Ris\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Ris\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Ris\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [C:\Program Files\Rising\Ris\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [C:\Program Files\Rising\Ris\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [C:\Program Files\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25] [C:\Program Files\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [C:\Program Files\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [PID: 1208 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.2.3790.1023 built by: Lab03_dev(skatari)] [C:\WINDOWS\system32\ddklocalmon.dll] [N/A, ] [PID: 1244 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.4340 (srv03_sp2_gdr.080723-1210)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1356 / SYSTEM][E:\Program Files\softbar.com\Sentry6\BeSvc.exe] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1376 / SYSTEM][C:\Program Files\RealFriend\Rap Server\bin\caslic.exe] [, 4.0.1.156] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1416 / SYSTEM][C:\Program Files\RealFriend\Rap Server\bin\CASWebServer.exe] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libapr.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libaprutil.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libapriconv.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libhttpd.dll] [RealFriend Software Corp., 3.1.0.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\RealFriend\Rap Server\Modules\UserAdd.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\Bin\CASWebRun.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\bin\php4ts.dll] [, ] [C:\Program Files\RealFriend\Rap Server\Modules\cas_access.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_actions.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_alias.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_asis.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_auth.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_autoindex.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_cgi.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_dir.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_env.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_imap.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_include.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_isapi.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_log_config.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_mime.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_negotiation.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_setenvif.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_userdir.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Bin\CasDecoder.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\Bin\casweb_gd2.dll] [N/A, ] [PID: 1440 / SYSTEM][C:\Program Files\RealFriend\Rap Server\bin\CASXMLService.exe] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1480 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1552 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 1560 / SYSTEM][C:\Program Files\RealFriend\Rap Server\bin\CASWebServer.exe] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libapr.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libaprutil.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libapriconv.dll] [RealFriend Software Corp., 3.1.0.0] [C:\Program Files\RealFriend\Rap Server\bin\libhttpd.dll] [RealFriend Software Corp., 3.1.0.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\RealFriend\Rap Server\Modules\UserAdd.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\Bin\CASWebRun.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\bin\php4ts.dll] [, ] [C:\Program Files\RealFriend\Rap Server\Modules\cas_access.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_actions.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_alias.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_asis.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_auth.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_autoindex.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_cgi.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_dir.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_env.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_imap.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_include.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_isapi.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_log_config.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_mime.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_negotiation.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_setenvif.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Modules\cas_userdir.so] [Apache Software Foundation, 2.0.53] [C:\Program Files\RealFriend\Rap Server\Bin\CasDecoder.dll] [N/A, ] [C:\Program Files\RealFriend\Rap Server\Bin\casweb_gd2.dll] [N/A, ] [PID: 1580 / SYSTEM][C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE] [Gene6, 3.10.0.2] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Gene6 FTP Server\libeay32.dll] [N/A, ] [C:\Program Files\Gene6 FTP Server\libssl32.dll] [N/A, ] [C:\Program Files\Gene6 FTP Server\RemoteAdminServer.dll] [Gene6, 3.10.0.2] [C:\Program Files\Gene6 FTP Server\Plugins\g6_auth_db.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_auth_exe.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_auth_nt.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_compression_zlib.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_fs_empty.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_fs_ftp.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_fs_ramdisk.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_bandwidth.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_custom.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_sitemsg.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_syslog.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_system.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_transfers.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_log_w3c.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_pswd_email.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_pswd_nt.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_pswd_otp_md5.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_pswd_salted_md5.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_pswd_sha1.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_script_js_vb.dll] [Gene6, 1.0.0.0] [C:\Program Files\Gene6 FTP Server\Plugins\g6_tray.dll] [Gene6, 1.0.0.0] [PID: 2024 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2056 / SYSTEM][C:\WINDOWS\System32\ismserv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2076 / NETWORK SERVICE][C:\WINDOWS\System32\llssrv.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2144 / SYSTEM][C:\WINDOWS\system32\macdetect.exe] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2188 / SYSTEM][f:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2055.00 Hotfix 2280] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [f:\PROGRA~1\MICROS~1\MSSQL\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [f:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Common Files\System\Ole DB\sqloledb.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\odsole70.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\xplog70.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\xplog70.RLL] [Microsoft Corporation, 2000.080.2039.00] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\xpstar.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [f:\PROGRA~1\MICROS~1\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\SQLUNIRL.dll] [Microsoft Corporation, 2000.080.0728.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [f:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\xpstar.RLL] [Microsoft Corporation, 2000.080.2039.00] [f:\PROGRA~1\MICROS~1\MSSQL\binn\xpweb70.dll] [Microsoft Corporation, 2000.080.2039.00] [PID: 2248 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2280 / SYSTEM][C:\Program Files\Oray\PeanutHull5\PhCore.exe] [上海贝锐, 1, 0, 0, 21] [C:\Program Files\Oray\PeanutHull5\iconv.dll] [Free Software Foundation, 1.9] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Oray\PeanutHull5\PhAlive.dll] [上海贝锐, 1, 0, 0, 26] [PID: 2316 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 2352 / SYSTEM][C:\Program Files\Rising\Ris\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [C:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Ris\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [PID: 2396 / SYSTEM][C:\Program Files\Rising\Ris\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Ris\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23] [C:\Program Files\Rising\Ris\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [C:\Program Files\Rising\Ris\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.8] [C:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\Program Files\Rising\Ris\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [C:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25] [PID: 2416 / SYSTEM][C:\WINDOWS\system32\r_server.exe] [, 2, 2, 0, 0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2900 / SYSTEM][C:\WINDOWS\system32\lserver.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2924 / SYSTEM][E:\宏电后台运行程序\tynetsrv.exe] [N/A, ] [E:\宏电后台运行程序\wcomm_dll.dll] [深圳宏电技术开发有限公司, 1, 0, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 3096 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 3124 / SYSTEM][C:\Program Files\RealFriend\Rap Server\bin\CASBalanceServer.exe] [, 4.0.0.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [PID: 3244 / SYSTEM][C:\WINDOWS\system32\tcpsvcs.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 3264 / SYSTEM][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll] [Microsoft Corporation, 9.107.8320.9] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll] [Microsoft Corporation, 9.107.8320.9] [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll] [Microsoft Corporation, 9.107.8320.9] [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll] [Microsoft Corporation, 9.107.8320.9] [PID: 3312 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 3772 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 4040 / SYSTEM][C:\Program Files\Rising\Ris\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [C:\Program Files\Rising\Ris\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [PID: 2700 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.4455 (srv03_sp2_gdr.090203-1205)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 3672 / tysys][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2544 / tysys][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [PID: 776 / tysys][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.43] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [PID: 4036 / tysys][C:\Program Files\Rising\Ris\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22] [C:\Program Files\Rising\Ris\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Ris\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Ris\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\Ris\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12] [C:\Program Files\Rising\Ris\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 71] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.6041.0] [C:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files\Rising\Ris\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [C:\Program Files\Rising\Ris\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [C:\Program Files\Rising\Ris\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.93] [C:\Program Files\Rising\Ris\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [C:\Program Files\Rising\Ris\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\Program Files\Rising\Ris\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 9] [C:\Program Files\Rising\Ris\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [PID: 3292 / tysys][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 4104 / tysys][C:\WINDOWS\system32\KISCOM\KISManager.exe] [金蝶软件(中国)有限公司, 1.00] [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\VB6CHS.DLL] [Microsoft Corporation, 6.00.8169] [C:\WINDOWS\system32\mscomctl.ocx] [Microsoft Corporation, 6.00.8498] [C:\WINDOWS\system32\MSWINSCK.OCX] [Microsoft Corporation, 6.00.8169] [C:\Program Files\Common Files\System\Ole DB\sqloledb.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\DBNETLIB.DLL] [Microsoft Corporation, 2000.086.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\kfo10.dll] [Kingdee Corporation, 1, 0, 1, 1] [C:\WINDOWS\system32\KFOX.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\SENSE4.dll] [北京深思洛克数据保护中心, 2, 30, 3, 7] [C:\Program Files\Common Files\System\Ole DB\SQLOLEDB.RLL] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [PID: 4116 / tysys][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\SQLUNIRL.dll] [Microsoft Corporation, 2000.080.0728.00] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00] [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00] [PID: 4180 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [PID: 5092 / tysys][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 1588 / tysys][C:\Program Files\Rising\Ris\rssafety.exe] [Beijing Rising Information Technology Co., Ltd., 3.0.0.60] [PID: 5132 / SYSTEM][C:\WINDOWS\system32\SVCHOST.EXE] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [c:\windows\system32\flmomt.fdf] [N/A, ] [PID: 7276 / SYSTEM][C:\Program Files\Rising\Ris\CopyRun\RavCopy.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files\Rising\Ris\CopyRun\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [PID: 7424 / SYSTEM][C:\PROGRAM FILES\RISING\RIS\Update\Setup.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.61] [C:\PROGRAM FILES\RISING\RIS\Update\Setup.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\PROGRAM FILES\RISING\RIS\Update\RsLang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [C:\PROGRAM FILES\RISING\RIS\Update\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\PROGRAM FILES\RISING\RIS\Update\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRAM FILES\RISING\RIS\Update\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 7696 / tysys][C:\Program Files\Rising\Ris\RsAgent.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [PID: 7764 / tysys][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 5.2.3790.1242] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2528 / tysys][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\CHENHU4.IME] [chenhu, 5.8] [PID: 5428 / tysys][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 7004 / SYSTEM][E:\Program Files\softbar.com\Sentry6\SentryAgentA.exe] [N/A, ] [E:\Program Files\softbar.com\Sentry6\zlib.dll] [, 1.1.4.0] [C:\WINDOWS\system32\packet.dll] [CACE Technologies, 4.0.0.901] [C:\WINDOWS\system32\WanPacket.dll] [CACE Technologies, 4.0.0.901] [C:\WINDOWS\system32\wpcap.dll] [CACE Technologies, 4.0.0.901] [E:\Program Files\softbar.com\Sentry6\ndisapi.dll] [Softxp.net, 1, 1, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 6184 / tysys][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\system32\CHENHU4.IME] [chenhu, 5.8] [PID: 6560 / SYSTEM][e:\Program Files\softbar.com\Sentry6\SentryAgentC.exe] [N/A, ] [e:\Program Files\softbar.com\Sentry6\Report.dll] [, 1, 0, 0, 1] [e:\Program Files\softbar.com\Sentry6\SentryDll.dll] [深圳市德尔软件技术有限公司[www.softbar.com], 1, 0, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 6644 / SYSTEM][E:\Program Files\softbar.com\Sentry6\SentryDog.exe] [N/A, ] [E:\Program Files\softbar.com\Sentry6\Alarm.dll] [, 1, 0, 0, 1] [E:\Program Files\softbar.com\Sentry6\Email.dll] [, 1, 0, 0, 1] [E:\Program Files\softbar.com\Sentry6\JmLib.dll] [, 1, 0, 0, 1] [E:\Program Files\softbar.com\Sentry6\GSM.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 536 / tysys][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [C:\WINDOWS\system32\CHENHU4.IME] [chenhu, 5.8] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [PID: 4752 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.4455 (srv03_sp2_gdr.090203-1205)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 7084 / tysys][E:\Program Files\softbar.com\Sentry6\SentryCenter.exe] [, 1, 0, 0, 1] [C:\WINDOWS\system32\wpcap.dll] [CACE Technologies, 4.0.0.901] [C:\WINDOWS\system32\packet.dll] [CACE Technologies, 4.0.0.901] [C:\WINDOWS\system32\WanPacket.dll] [CACE Technologies, 4.0.0.901] [E:\Program Files\softbar.com\Sentry6\chartdir40.dll] [Advanced Software Engineering Limited, 4.0.1.0] [E:\Program Files\softbar.com\Sentry6\ndisapi.dll] [Softxp.net, 1, 1, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [E:\Program Files\softbar.com\Sentry6\ETC\Office2007.cjstyles] [Codejock Software, 10, 0, 0, 0] [PID: 6728 / tysys][E:\专杀工具\sreng2\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 6748 / tysys][E:\专杀工具\sreng2\sreng2\SRE820ace6e.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描 N/A ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D56E5) 入口点错误：NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D5885) 入口点错误：NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x003D5FD5) 入口点错误：NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D5955) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D57B5) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D56E5) 入口点错误：ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D5885) 入口点错误：ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D5955) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D57B5) 入口点错误：CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x003D5C95) 入口点错误：CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x003D5D65) 入口点错误：LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x003D6995) 入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x003D557D) 入口点错误：CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x003D64B5) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003D68C5) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003D6725) ================================== 隐藏进程 N/A ================================== [/CODE]