2007-08-02,11:42:43

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat><\WINDOWS\System32\internat.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <H8MovAutoRun><d:\Program Files\8mov\movieservice.exe>  [网吧电影管理者]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [Intel Corporation]
    <Server><"C:\server\raserver.exe" -servicehelper>  [上海金俊坤计算机技术服务有限公司]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><dimsntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser>  [(Verified)Microsoft Windows Publisher]


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)

==================================
启动文件夹
[internat.exe]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\internat.exe.lnk --> C:\WINDOWS\system32\internat.exe [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[VNC Server / winvnc][Running/Auto Start]
  <"C:\server\raserver.exe" -service><上海金俊坤计算机技术服务有限公司>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[VIA Rhine Family Fast Ethernet Adapter Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VMware Pointing Device / vmmouse][Stopped/Manual Start]
  <system32\DRIVERS\vmmouse.sys><VMware, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[用比特精灵下载(&B)]
  <D:\BitSpirit\bsurl.htm, N/A>

正在运行的进程
[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 596 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1012 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1068 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1168 / SYSTEM][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 73]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 47]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
[PID: 1336 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1376 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [c:\windows\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1520 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1904 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 132 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 284 / SYSTEM][C:\server\raserver.exe]  [上海金俊坤计算机技术服务有限公司, 1.0.0.0]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 464 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1060 / Administrator][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system\cmicnfg.cpl]  [C-Media Corporation, 1. 0. 47.9]
    [C:\WINDOWS\System32\udaprop.dll]  [C-Media Corporation, 1.0.2.3]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1120 / Administrator][d:\Program Files\8mov\movieservice.exe]  [网吧电影管理者, 1.04.0001]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1152 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1200 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1280 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4384]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4384]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4384]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1488 / Administrator][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4384]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4384]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1564 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\faultrep.DLL]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1640 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3536]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1720 / Administrator][C:\WINDOWS\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 560 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2032 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 540 / Administrator][d:\Program Files\8mov\MovieNoExit.exe]  [, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
[PID: 1768 / NETWORK SERVICE][c:\windows\system32\inetsrv\w3wp.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [\\?\C:\WINDOWS\system32\ViewGood\WebMedia\TransportSvr.dll]  [N/A, ]
[PID: 1732 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\INDICDLL.dll]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\server\vnchooks.dll]  [上海金俊坤计算机技术服务有限公司, 1, 1, 0, 0]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
218.22.51.34www.8mov.net
218.22.51.348mov.net
218.22.51.34ad.8mov.net
218.22.51.34bt.8mov.net
218.22.51.34bbs.8mov.net

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

这台机子是网吧电影服务器，在别的机子上一打开服务器的地址看电影就提示有病毒，Trojan.PSW.Win32.OnlineGames.dlb

在电影服务器上用瑞星扫描是没发现在病毒的

顶啊！大哥帮帮忙啊！快急死了

引用:

【baohe的贴子】【回复“yessky”的帖子】 C:\server\raserver.exe————什么东西？不认识。 ………………

这个是我装的远程控制软件

瑞星卡卡电脑诊断日志 v1.30 (2007-8-2 16:56:29)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      AeLookupSvc
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 2. c:\windows\system32\aelupsvc.dll
          Microsoft Corporation
          Application Experience Lookup Service
          .text,.data,.rsrc,.reloc,


      Alerter
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 3. c:\windows\system32\alrsvc.dll
          Microsoft Corporation
          Alerter Service DLL
          .text,.data,.rsrc,.reloc,


      ALG
        [A ] 4. c:\windows\system32\alg.exe
          Microsoft Corporation
          Application Layer Gateway Service
          .text,.data,.rsrc,


      AppMgmt
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 5. c:\windows\system32\appmgmts.dll
          Microsoft Corporation
          Software installation Service
          .text,.data,.rsrc,.reloc,


      AudioSrv
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 6. c:\windows\system32\audiosrv.dll
          Microsoft Corporation
          Windows Audio Service
          .text,.data,.rsrc,.reloc,


      BITS
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 7. c:\windows\system32\qmgr.dll
          Microsoft Corporation
          Background Intelligent Transfer Service
          .text,.data,.rsrc,.reloc,


      Browser
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 8. c:\windows\system32\browser.dll
          Microsoft Corporation
          Computer Browser Service DLL
          .text,.data,.rsrc,.reloc,


      ClipSrv
        [A ] 9. c:\windows\system32\clipsrv.exe
          Microsoft Corporation
          Windows Clipbook DDE Server
          .text,.data,.rsrc,


      COMSysApp
        [A ] 10. c:\windows\system32\dllhost.exe
          Microsoft Corporation
          COM Surrogate
          .text,.data,.rsrc,


      CryptSvc
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 11. c:\windows\system32\cryptsvc.dll
          Microsoft Corporation
          Cryptographic Services
          .text,.data,.rsrc,.reloc,

DcomLaunch
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 12. c:\windows\system32\rpcss.dll
          Microsoft Corporation
          Distributed COM Services
          .text,.data,.rsrc,.reloc,


      Dfs
        [A ] 13. c:\windows\system32\dfssvc.exe
          Microsoft Corporation
          Windows NT Distributed File System Service
          .text,.data,.tls,.rsrc,


      Dhcp
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 14. c:\windows\system32\dhcpcsvc.dll
          Microsoft Corporation
          DHCP Client Service
          .text,.data,.rsrc,.reloc,


      dmadmin
        [A ] 15. c:\windows\system32\dmadmin.exe
          Microsoft Corporation
          Logical Disk Manager Adminstrative Service
          .text,.data,.rsrc,


      dmserver
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 16. c:\windows\system32\dmserver.dll
          Microsoft Corporation
          Logical Disk Manager Service
          .text,.data,.rsrc,.reloc,


      Dnscache
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 17. c:\windows\system32\dnsrslvr.dll
          Microsoft Corporation
          DNS Caching Resolver Service
          .text,.data,.rsrc,.reloc,


      ERSvc
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 18. c:\windows\system32\ersvc.dll
          Microsoft Corporation
          Windows Error Reporting Service
          .text,.data,.rsrc,.reloc,


      Eventlog
        [AM] 19. c:\windows\system32\services.exe
          Microsoft Corporation
          Services and Controller app
          .text,.data,.rsrc,


      EventSystem
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 20. c:\windows\system32\es.dll
          Microsoft Corporation
          COM+
          .text,.orpc,.data,.rsrc,.reloc,


      HidServ
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,


      HTTPFilter
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,

        [AM] 22. c:\windows\system32\w3ssl.dll
          Microsoft Corporation
          SSL service for HTTP
          .text,.data,.rsrc,.reloc,


      IISADMIN
        [AM] 23. c:\windows\system32\inetsrv\inetinfo.exe
          Microsoft Corporation
          Internet Information Services
          .text,.data,.rsrc,


      IsmServ
        [A ] 24. c:\windows\system32\ismserv.exe
          Microsoft Corporation
          Windows NT Intersite Messaging Service
          .text,.data,.tls,.rsrc,


      kdc
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,


      lanmanserver
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 25. c:\windows\system32\srvsvc.dll
          Microsoft Corporation
          Server Service DLL
          .text,.data,.rsrc,.reloc,


      lanmanworkstation
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 26. c:\windows\system32\wkssvc.dll
          Microsoft Corporation
          Workstation Service DLL
          .text,.data,.rsrc,.reloc,

        [AM] 27. c:\windows\system32\ntlanman.dll
          Microsoft Corporation
          Microsoft(R) Lan Manager
          .text,.data,.rsrc,.reloc,


      LicenseService
        [A ] 28. c:\windows\system32\llssrv.exe
          Microsoft Corporation
          Microsoft? License Server
          .text,.data,.rsrc,

LmHosts
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 29. c:\windows\system32\lmhsvc.dll
          Microsoft Corporation
          TCPIP NetBios Transport Services DLL
          .text,.data,.rsrc,.reloc,


      Messenger
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 30. c:\windows\system32\msgsvc.dll
          Microsoft Corporation
          NT Messenger Service
          .text,.data,.rsrc,.reloc,


      MSDTC
        [A ] 31. c:\windows\system32\msdtc.exe
          Microsoft Corporation
          MS DTCconsole program
          .text,.data,.rsrc,


      MSIServer
        [A ] 32. c:\windows\system32\msiexec.exe
          Microsoft Corporation
          Windows? installer
          .text,.data,.rsrc,


      NetDDE
        [A ] 33. c:\windows\system32\netdde.exe
          Microsoft Corporation
          Network DDE - DDE Communication
          .text,.data,.rsrc,


      NetDDEdsdm
        [A ] 33. c:\windows\system32\netdde.exe
          Microsoft Corporation
          Network DDE - DDE Communication
          .text,.data,.rsrc,


      Netlogon
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,


      Netman
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 34. c:\windows\system32\netman.dll
          Microsoft Corporation
          Network Connections Manager
          .text,.data,.rsrc,.reloc,


      Nla
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 35. c:\windows\system32\mswsock.dll
          Microsoft Corporation
          Microsoft Windows Sockets 2.0 Service Provider
          .text,SANONTCP,.data,.rsrc,.reloc,


      NtFrs
        [A ] 36. c:\windows\system32\ntfrs.exe
          Microsoft Corporation
          File Replication Service
          .text,.data,.rsrc,


      NtLmSsp
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,


      NtmsSvc
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 37. c:\windows\system32\ntmssvc.dll
          Microsoft Corporation
          Removable Storage Manager
          .text,.data,.rsrc,.reloc,


      PlugPlay
        [AM] 19. c:\windows\system32\services.exe
          Microsoft Corporation
          Services and Controller app
          .text,.data,.rsrc,


      PolicyAgent
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,


      ProtectedStorage
        [AM] 21. c:\windows\system32\lsass.exe
          Microsoft Corporation
          LSA Shell
          .text,.data,.rsrc,


      RasAuto
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 38. c:\windows\system32\rasauto.dll
          Microsoft Corporation
          Remote Access AutoDial Manager
          .text,.data,.rsrc,.reloc,


      RasMan
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 39. c:\windows\system32\rasmans.dll
          Microsoft Corporation
          Remote Access Connection Manager
          .text,.data,.rsrc,.reloc,


      RDSessMgr
        [A ] 40. c:\windows\system32\sessmgr.exe
          Microsoft Corporation
          Microsoft(R) Remote Desktop Help Session Manager
          .text,.data,.rsrc,


      RemoteAccess
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [A ] 41. c:\windows\system32\mprdim.dll
          Microsoft Corporation
          Dynamic Interface Manager
          .text,.data,.rsrc,.reloc,


      RemoteRegistry
        [AM] 1. c:\windows\system32\svchost.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
          .text,.data,.rsrc,

        [AM] 42. c:\windows\system32\regsvc.dll
          Microsoft Corporation
          Remote Registry Service
          .text,.data,.rsrc,.reloc,