2007-03-14,19:14:33
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ServUTrayIcon><D:\Serv-U6.2.0.1绿色安装版\Serv-U\ServUTray.exe> [Rhino Software, Inc. +1(262) 560-9627]
<pyjj><C:\Program Files\jj4\jjsvr4.exe> [加加开发组]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
<PhMain><C:\Program Files\PeanutHull3\Phmain.exe> [广东网域]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install> []
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<SyGateManager><C:\Program Files\SyGate\SHN\Sygate.exe> [赛格特(Sygate)技术有限公司]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<WebEasyMail><C:\WINWEB~1\easymail.exe -src> [Ma Jian]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [N/A]
<NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{25E1EECB-E580-4032-97A2-A456D33820D1}><C:\Program Files\Outlook Express\mqq.dll> [N/A]
==================================
启动文件夹
[快捷方式 easymail]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 easymail.lnk --> C:\WINWEB~1\easymail.exe [Ma Jian]><N>
[快捷方式 emsvr]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 emsvr.lnk --> C:\WINWEB~1\emsvr.exe [Ma Jian]><N>
==================================
服务
[Application Experience / AeLookupSvc][Stopped/Auto Start]
<C:\WINNT\ime\sdc><N/A>
[Windows Management Zero / Conation][Stopped/Auto Start]
<C:\WINNT\worcter><N/A>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Google Updater Service / gusvc][Stopped/Disabled]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanuthullCore / PeanuthullCore][Running/Auto Start]
<C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[COMEXE PIPClient / PIPClient][Running/Auto Start]
<"C:\Program Files\winpip\winpip.exe" -service><>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><N/A>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
<C:\WINNT\system32\RpcS.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SyGateService / SaService][Running/Auto Start]
<C:\Program Files\SyGate\SHN\sgserv.exe><Sygate technologies Inc.>
[Serv-U FTP 服务器 / Serv-U][Running/Auto Start]
<D:\Serv-U6.2.0.1绿色安装版\Serv-U\ServUDaemon.exe><Rhino Software, Inc. +1(262) 560-9627>
[Themeis / Themeis][Stopped/Disabled]
<C:\WINNT\svchost><N/A>
[Win32 DHCP Service / Win32DHCPsvc][Stopped/Auto Start]
<C:\WINNT\system32\rundll32.exe windhcp.dll,start><Microsoft Corporation>
[WinWebMail Server / WinWebMail Server][Running/Auto Start]
<C:\WINWEB~1\EMSVR.EXE><Ma Jian>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Disabled]
<C:\WINNT\system32\\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>