[CODE]
2007-04-01,12:26:02
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<z><C:\DOCUME~1\paladin\LOCALS~1\Temp\rundl132.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"D:\瑞星软件\防火墙\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<StormCodec_Helper><"E:\暴风播放器不可删除\Storm Codec\StormSet.exe" /S /opti> []
<tppoll><C:\Program Files\TOPRO\TPPOLL.EXE> []
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<CertificateRegistration><SafeSignCertReg.exe> [A.E.T. Europe B.V.]
<MenuOrder><C:\Program Files\ICBCPe~1\ICBC\BHDC(Personal)\MenuOrder\MenuOrder.exe> [N/A]
<ROST><C:\DOCUME~1\妈妈\LOCALS~1\Temp\mh.exe> []
<wsttrs><C:\WINDOWS\wsttrs.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<upxdnd><C:\DOCUME~1\paladin\LOCALS~1\Temp\zt.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<360Safe><Rundll32.exe D:\360安~1\360safe\AntiAdwa.dll,KillAdware> [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\system32\twunk32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
==================================
启动文件夹
[瑞星监控中心]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\瑞星监控中心.lnk --> D:\瑞星软件\Rising\Rising\Rav\RavMon.exe [Beijing Rising Technology Co., Ltd.]><N>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Messenger / Messenger][Stopped/Boot Start]
<\SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\瑞星软件\防火墙\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\瑞星软件\Rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\瑞星软件\Rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[TomDemoService / TomDemoService][Stopped/Auto Start]
<C:\CONFIG.EXE><N/A>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[USB Video Camera / DCamUSBIntel][Running/Manual Start]
<System32\Drivers\TP6800.sys><Microsoft Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\ExpScan.sys><>
[usb Card Device / ft2kEnum][Running/Manual Start]
<system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
<system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
<system32\DRIVERS\Chip_usb.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\瑞星软件\防火墙\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\瑞星软件\防火墙\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\QQ2007BETA1\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device / Reader_Device][Running/Manual Start]
<system32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\瑞星软件\防火墙\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\瑞星软件\Rising\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[StarForce Cure Driver (version 1.x) / sfcure01][Stopped/Manual Start]
<System32\drivers\sfcure01.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[360015 / 360015][Running/]
<2 - 系统找不到指定的文件。
><N/A>
==================================
浏览器加载项
[IeControler Class]
{9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} <D:\NET\IEMate.dll, Superhunter Inc.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷5.5.6.274\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\OFFICE~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ2007BETA1\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[163Uploader Control]
{8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan
Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[IeControler Class]
{9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} <D:\NET\IEMate.dll, Superhunter Inc.>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360安~1\360safe\safemon\safemon.dll, >
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[ 添加到新浪点点通阅读器]
<res://D:\RssReader新浪新闻阅读器\rssreader.exe/RSSFEED.js, N/A>
[&使用迅雷下载]
<E:\迅雷5.5.6.274\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<E:\迅雷5.5.6.274\Program\getallurl.htm, N/A>
[E&xport to Microsoft Excel]
<res://D:\OFFICE~2\Office12\EXCEL.EXE/3000, N/A>
[上传到QQ网络硬盘]
<D:\QQ2007BETA1\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[添加到eREAD表情]
<, N/A>
[添加到QQ自定义面板]
<D:\QQ2007BETA1\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\QQ2007BETA1\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\QQ2007BETA1\SendMMS.htm, N/A>
