1970 |
2007-01-31 09:57 |
[CODE]
2007-01-31,09:05:21
System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件
启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\PROGRA~1\ts300pb\唐诗三~1.SCR> [N/A]
================================== 启动文件夹 N/A
================================== 服务 [Microsoft Update Service / DATEING][Stopped/Auto Start] <><N/A> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Vsn mvvc Service / mvvc][Stopped/Auto Start] <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\syyi\sffp.dll,Service><Microsoft Corporation> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [sqlserver support for winnt / sqlservech][Running/Auto Start] <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation> [Provisioning Transaction Service / ttt_14][Stopped/Auto Start] <><N/A>
================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [ast / ast][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A> [BaseTDI / BaseTDI][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [Cdsys / Cdsys][Stopped/Manual Start] <\??\C:\WINDOWS\system32\cdcd.sys><N/A> [chrz / chrzu][Running/Boot Start] <\SystemRoot\System32\DRIVERS\chrzu.sys><N/A> [dtscsi / dtscsi][Running/Manual Start] <\SystemRoot\System32\Drivers\dtscsi.sys><N/A> [dyyfpm8 / dyyfpm83][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\dyyfpm83.sys><N/A> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys><> [ffpbek / ffpbek][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation> [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd> [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising> [i81x / i81x][Running/Manual Start] <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation> [iAimFP0 / iAimFP0][Stopped/Manual Start] <system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation> [iAimFP1 / iAimFP1][Stopped/Manual Start] <system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation> [iAimFP2 / iAimFP2][Stopped/Manual Start] <system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation> [iAimFP3 / iAimFP3][Stopped/Manual Start] <system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation> [iAimFP4 / iAimFP4][Stopped/Manual Start] <system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation> [iAimFP5 / iAimFP5][Stopped/Manual Start] <system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation> [iAimFP6 / iAimFP6][Stopped/Manual Start] <system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation> [iAimFP7 / iAimFP7][Stopped/Manual Start] <system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation> [iAimTV0 / iAimTV0][Stopped/Manual Start] <system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation> [iAimTV1 / iAimTV1][Stopped/Manual Start] <system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation> [iAimTV3 / iAimTV3][Stopped/Manual Start] <system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation> [iAimTV4 / iAimTV4][Stopped/Manual Start] <system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation> [iAimTV5 / iAimTV5][Stopped/Manual Start] <system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation> [iAimTV6 / iAimTV6][Stopped/Manual Start] <system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司> [Netgroup Packet Filter / NPF][Running/Manual Start] <system32\drivers\npf.sys><Politecnico di Torino> [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.> [nu3i / nu3i][Stopped/System Start] <\??\C:\WINDOWS\system32\drivers\nu3i.sys><N/A> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Running/Auto Start] <system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> [SVKP / SVKP][Running/Auto Start] <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking> [msqmx / msqmx][Running/Manual Start] <2 - 系统找不到指定的文件。 ><N/A>
================================== 浏览器加载项 [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
================================== 正在运行的进程 [PID: 472][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 528][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 552][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 600][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 612][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 764][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 812][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 912][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 928][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\uxtuneup.dll] [TuneUp Software GmbH, 1.0.0.2] [PID: 980][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1100][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1144][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20] [C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2] [C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12] [C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6] [C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35] [C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18] [C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11] [C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16] [C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 47] [C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21] [C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24] [C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10] [C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23] [C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7] [C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6] [PID: 1352][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\rdfdp.dll] [N/A, N/A] [C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll] [TuneUp Software GmbH, 2.0.0.2] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [PID: 1404][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 412][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 520][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [PID: 896][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39] [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 1292][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\1xClient.dll] [联想网络, 2, 0, 0, 0] [C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18] [PID: 2108][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3104][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [PID: 724][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2336][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30] [C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2] [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [PID: 1848][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [PID: 676][F:\Downloads\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}]
================================== Winsock 提供者 N/A
================================== Autorun.inf N/A
================================== HOSTS 文件 127.0.0.1 localhost 192.168.4.4 www.huacw.com 192.168.4.4 www.chinassq.com 192.168.4.4 www.51cpw.com 192.168.4.4 www.zhifasoft.com 192.168.4.4 huacw.com 192.168.4.4 chinassq.com 192.168.4.4 51cpw.com 192.168.4.4 zhifasoft.com
================================== API HOOK N/A
==================================
[/CODE] |
|