瑞星卡卡安全论坛

2008-05-01,18:42:31
System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows Vista Ultimate Edition  (Build 6000) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun>  [Microsoft Corporation]
    <WindowsWelcomeCenter><rundll32.exe oobefldr.dll,ShowWelcomeCenter>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><userinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Windows Mail 7><"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Application Experience / AeLookupSvc][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\aelupsvc.dll><Microsoft Corporation>
[Ati External Event Utility / Ati External Event Utility][Running/Auto Start]
  <C:\Windows\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Windows Audio Endpoint Builder / AudioEndpointBuilder][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\Audiosrv.dll><Microsoft Corporation>
[Windows Audio / AudioSrv][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted-->%SystemRoot%\System32\Audiosrv.dll><Microsoft Corporation>
[Base Filtering Engine / BFE][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\System32\bfe.dll><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\qmgr.dll><Microsoft Corporation>
[Computer Browser / Browser][Stopped/Auto Start]
  <C:\Windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><Microsoft Corporation>
[Certificate Propagation / CertPropSvc][Stopped/Manual Start]
  <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\certprop.dll><Microsoft Corporation>
[Offline Files / CscService][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\cscsvc.dll><Microsoft Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Windows Defender / WinDefend][Running/Auto Start]
  <C:\Windows\System32\svchost.exe -k secsvcs-->%ProgramFiles%\Windows Defender\mpsvc.dll><N/A>
[Windows Management Instrumentation / Winmgmt][Running/Auto Start]
  <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
[Windows Remote Management (WS-Management) / WinRM][Stopped/Manual Start]
  <C:\Windows\System32\svchost.exe -k NetworkService-->%SystemRoot%\system32\WsmSvc.dll><Microsoft Corporation>
[WLAN AutoConfig / Wlansvc][Stopped/Manual Start]
  <C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\wlansvc.dll><Microsoft Corporation>
==================================
驱动程序
[adp94xx / adp94xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu160m.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Disabled]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdide / amdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\amdide.sys><Microsoft Corporation>
[arc / arc][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[atikmdag / atikmdag][Running/Manual Start]
  <system32\DRIVERS\atikmdag.sys><ATI Technologies Inc.>
[blbdrive / blbdrive][Stopped/Disabled]
  <\SystemRoot\system32\drivers\blbdrive.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltlo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brfiltup.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Intexxxce Driver (WDM) / Brserid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brserwdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled]
  <\SystemRoot\system32\drivers\brusbmdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\brusbser.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start]
  <system32\DRIVERS\E1G6032E.sys><Intel Corporation>
[elxstor / elxstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[HpCISSs / HpCISSs][Stopped/Disabled]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Intel RAID Controller Vista / iaStorV][Running/Boot Start]
  <\SystemRoot\system32\drivers\iastorv.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RTKVHD64.sys><Realtek Semiconductor Corp.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[ITEATAPI_Service_Install / iteatapi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[ITERAID_Service_Install / iteraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Disabled]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[megasas / megasas][Stopped/Disabled]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[Mraid35x / Mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[nfrd960 / nfrd960][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[nvraid / nvraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Disabled]
  <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start]
  <system32\DRIVERS\nwlnkfwd.sys><N/A>
[QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[SiSRaid2 / SiSRaid2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[Symc8xx / Symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\drivers\symc8xx.sys><LSI Logic>
[Sym_hi / Sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_hi.sys><LSI Logic>
[Sym_u3 / Sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\drivers\sym_u3.sys><LSI Logic>
[uliahci / uliahci][Stopped/Disabled]
  <\SystemRoot\system32\drivers\uliahci.sys><ULi Electronics Inc.>
[UlSata / UlSata][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata.sys><Promise Technology, Inc.>
[ulsata2 / ulsata2][Stopped/Disabled]
  <\SystemRoot\system32\drivers\ulsata2.sys><Promise Technology, Inc.>
[USB Mass Storage Driver / USBSTOR][Stopped/Disabled]
  <\SystemRoot\system32\drivers\usbstor.sys><N/A>
[viaide / viaide][Stopped/Disabled]
  <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Disabled]
  <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller / yukonx64][Running/Manual Start]
  <system32\DRIVERS\yk60x64.sys><Marvell>
==================================
浏览器加载项
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
==================================
正在运行的进程
[PID: 2312 / NewFish][C:\Program Files (x86)\MagicSet\SRIEH.EXE]  [Super Rabbit Soft, 8.60]
    [C:\Windows\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9797]
    [C:\Windows\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Windows\system32\olepro32.dll]  [Microsoft Corporation, 6.0.6000.16386]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.DLL]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2220 / NewFish][C:\Program Files (x86)\Internet Explorer\ieuser.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 2672 / NewFish][C:\Program Files (x86)\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll]  [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\atiumdag.dll]  [ATI Technologies Inc. , 7.14.10.0540]
    [C:\Windows\system32\atiumdva.dll]  [ATI Technologies Inc. , 7.14.10.0170]
[PID: 1204 / NewFish][E:\SOFTS\app\System Repair Engineer\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [E:\SOFTS\app\System Repair Engineer\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
::1            localhost
==================================
进程特权扫描
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================