[CODE] 2008-06-16,11:25:41 System Repair Engineer 2.6.8.980 Smallfrogs (http://www.KZTechs.com) Windows Vista Home Basic Edition (Build 6000) - 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <%ProgramFiles%\Windows Defender\MSASCui.exe -hide> [(Verified)Microsoft Windows] <%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing] [HKEY_CURRENT_USER\Control Panel\Desktop] [File is missing] ================================== 启动文件夹 N/A ================================== 服务 [Andrea ST Filters Service / AESTFilters][Stopped/Auto Start] [Contrl Center of Storm Media / ccosm][Stopped/Auto Start] <北京暴风网际科技有限公司> [Intel(R) PROSet/Wireless Event Log / EvtEng][Stopped/Auto Start] [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Machine Debug Manager / MDM][Stopped/Auto Start] <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"> [Intel(R) PROSet/Wireless Registry Service / RegSrvc][Stopped/Auto Start] [RoxMediaDB9 / RoxMediaDB9][Stopped/Manual Start] <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"> [Roxio Hard Drive Watcher 9 / RoxWatch9][Stopped/Auto Start] <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"> [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [Rising Vista Scanner / RsVScanner][Stopped/Auto Start] [SigmaTel Audio Service / STacSV][Stopped/Auto Start] [stllssvr / stllssvr][Stopped/Manual Start] <"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> [XAudioService / XAudioService][Stopped/Auto Start] ================================== 驱动程序 [adp94xx / adp94xx][Stopped/Disabled] <\SystemRoot\system32\drivers\adp94xx.sys> [adpahci / adpahci][Stopped/Disabled] <\SystemRoot\system32\drivers\adpahci.sys> [adpu160m / adpu160m][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu160m.sys> [adpu320 / adpu320][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu320.sys> [aic78xx / aic78xx][Stopped/Disabled] <\SystemRoot\system32\drivers\djsvs.sys> [aliide / aliide][Stopped/Disabled] <\SystemRoot\system32\drivers\aliide.sys> [Alps Touch Pad Filter Driver for Windows 2000/XP/Vista / ApfiltrService][Running/Manual Start] [arc / arc][Stopped/Disabled] <\SystemRoot\system32\drivers\arc.sys> [arcsas / arcsas][Stopped/Disabled] <\SystemRoot\system32\drivers\arcsas.sys> [Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start] [blbdrive / blbdrive][Stopped/Disabled] <\SystemRoot\system32\drivers\blbdrive.sys> [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltlo.sys> [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltup.sys> [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled] <\SystemRoot\system32\drivers\brserid.sys> [Brother WDM Serial driver / BrSerWdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brserwdm.sys> [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brusbmdm.sys> [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start] <\SystemRoot\system32\drivers\brusbser.sys> [cmdide / cmdide][Stopped/Disabled] <\SystemRoot\system32\drivers\cmdide.sys> [Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Stopped/Manual Start] [Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start] [elxstor / elxstor][Stopped/Disabled] <\SystemRoot\system32\drivers\elxstor.sys> [Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms / gagp30kx][Stopped/Manual Start] <\SystemRoot\system32\drivers\gagp30kx.sys> [HookNtos / HookNtos][Stopped/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Stopped/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Stopped/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HpCISSs / HpCISSs][Stopped/Disabled] <\SystemRoot\system32\drivers\hpcisss.sys> [HSF_DPV / HSF_DPV][Stopped/Manual Start] [HSXHWAZL / HSXHWAZL][Stopped/Manual Start] [Intel AHCI Controller / iaStor][Running/Boot Start] <\SystemRoot\system32\drivers\iastor.sys> [Intel RAID Controller Vista / iaStorV][Running/Boot Start] <\SystemRoot\system32\drivers\iastorv.sys> [igfx / igfx][Stopped/Manual Start] [iirsp / iirsp][Stopped/Disabled] <\SystemRoot\system32\drivers\iirsp.sys> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [ITEATAPI_Service_Install / iteatapi][Stopped/Disabled] <\SystemRoot\system32\drivers\iteatapi.sys> [ITERAID_Service_Install / iteraid][Stopped/Disabled] <\SystemRoot\system32\drivers\iteraid.sys> [LSI_FC / LSI_FC][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_fc.sys> [LSI_SAS / LSI_SAS][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_sas.sys> [LSI_SCSI / LSI_SCSI][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_scsi.sys> [mdmxsdk / mdmxsdk][Stopped/Auto Start] [megasas / megasas][Stopped/Disabled] <\SystemRoot\system32\drivers\megasas.sys> [Mraid35x / Mraid35x][Stopped/Disabled] <\SystemRoot\system32\drivers\mraid35x.sys> [Intel(R) Wireless WiFi Link 适配器驱动程序(适用于 Windows Vista 32 位) / NETw4v32][Stopped/Manual Start] [nfrd960 / nfrd960][Stopped/Disabled] <\SystemRoot\system32\drivers\nfrd960.sys> [N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled] <\SystemRoot\system32\drivers\ntrigdigi.sys> [nvraid / nvraid][Stopped/Disabled] <\SystemRoot\system32\drivers\nvraid.sys> [nvstor / nvstor][Stopped/Disabled] <\SystemRoot\system32\drivers\nvstor.sys> [IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start] [IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled] <\SystemRoot\system32\drivers\ql2300.sys> [QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled] <\SystemRoot\system32\drivers\ql40xx.sys> [R300 / R300][Stopped/Manual Start] [rimmptsk / rimmptsk][Running/Auto Start] [rimsptsk / rimsptsk][Running/Auto Start] [Ricoh xD-Picture Card Driver / rismxdp][Running/Auto Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [%USBFilterString% / serport][Stopped/Manual Start] [SiSRaid2 / SiSRaid2][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid2.sys> [SiSRaid4 / SiSRaid4][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid4.sys> [SigmaTel High Definition Audio CODEC / STHDA][Stopped/Manual Start] [Symc8xx / Symc8xx][Stopped/Disabled] <\SystemRoot\system32\drivers\symc8xx.sys> [Sym_hi / Sym_hi][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_hi.sys> [Sym_u3 / Sym_u3][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_u3.sys> [uliahci / uliahci][Stopped/Disabled] <\SystemRoot\system32\drivers\uliahci.sys> [UlSata / UlSata][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata.sys> [ulsata2 / ulsata2][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata2.sys> [viaide / viaide][Stopped/Disabled] <\SystemRoot\system32\drivers\viaide.sys> [vsmraid / vsmraid][Stopped/Disabled] <\SystemRoot\system32\drivers\vsmraid.sys> [winachsf / winachsf][Stopped/Manual Start] [XAudio / XAudio][Stopped/Auto Start] ================================== 浏览器加载项 [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [Java Plug-in 1.6.0] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0] {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [Java Plug-in 1.6.0] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [EWA Control] {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A> [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, N/A> [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [XML DOM Document 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [safeInput Class] {ECCBA956-80E5-11D3-9285-0080ADB811C9} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A> [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A> [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A> [InfoCheck Class] {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} [InstallCheck Class] {FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 268 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 412 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 448 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 456 / SYSTEM][C:\Windows\system32\wininit.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 508 / SYSTEM][C:\Windows\system32\services.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [PID: 516 / SYSTEM][C:\Windows\system32\winlogon.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 544 / SYSTEM][C:\Windows\system32\lsass.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 552 / SYSTEM][C:\Windows\system32\lsm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 708 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 760 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.5] [PID: 792 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 884 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 908 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 972 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1272 / Br][C:\Windows\Explorer.EXE] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1688 / Br][C:\Windows\system32\wbem\unsecapp.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1732 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1956 / Br][C:\Users\Br\Desktop\SRE9d2c65c3\SRE9d2c65c3.EXE] [Smallfrogs Studio, 2.6.8.980] [PID: 1972 / Br][C:\Windows\system32\NOTEPAD.EXE] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["%SystemRoot%\hh.exe" %1] .HLP OK. [%SystemRoot%\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 Rising Net Filter over [MSAFD Tcpip [TCP/IP]] C:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi Dll) Rising Net Filter over [RSVP TCP 服务提供商] C:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi Dll) Rising Net Filter C:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL(Beijing Rising Technology Co., Ltd., HookSpi Dll) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]