[CODE]

2008-08-01,10:28:31

System Repair Engineer 2..4
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <IgfxTray><C:\WINNT\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINNT\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Persistence><C:\WINNT\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SMSERIAL><sm56hlpr.exe>  [Motorola Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)Microsoft Windows 2000 Publisher]
    <NeroFilterCheck><C:\WINNT\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [N/A]
    <360Antiarp><C:\Program Files\360safe\antiarp\antiarp.exe /start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[EPSON Status Monitor 3 Environment Check 2]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Status Monitor 3 Environment Check 2.lnk --> C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [SEIKO EPSON CORPORATION]><N>
[EPSON Online Register]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Online Register.lnk --> C:\PROGRA~1\EPSON\ONLINE~1\ONLINE~1.EXE []><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[OracleMTSRecoveryService / OracleMTSRecoveryService][Running/Auto Start]
  <E:\oracle\ora92\bin\omtsreco.exe "OracleMTSRecoveryService"><Oracle Corporation>
[OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start]
  <E:\oracle\ora92\BIN\ONRSD.EXE><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINNT\system32\drivers\360AntiArp.sys><360安全中心>
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[Standard IDE/ESDI Hard Disk Controller / atapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57w2k.sys><Broadcom Corporation>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[DDK PACKET Protocol / Packet][Stopped/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll, BitComet>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINNT\system32\CCTVKO~1.OCX, Koos>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.274.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.274.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用维棠下载视频]
  <C:\Program Files\ViDown\vd_link.htm, N/A>

==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1112][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
[PID: 1212][C:\WINNT\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 1224][C:\WINNT\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4670]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]
    [C:\WINNT\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4670]
[PID: 1244][C:\WINNT\sm56hlpr.exe]  [Motorola Inc., 6.09.07]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]
    [C:\WINNT\sm56eng.dll]  [N/A, ]
    [C:\WINNT\sm56fra.dll]  [N/A, ]
    [C:\WINNT\sm56brz.dll]  [N/A, ]
    [C:\WINNT\sm56chs.dll]  [N/A, ]
    [C:\WINNT\sm56cht.dll]  [N/A, ]
    [C:\WINNT\sm56ger.dll]  [N/A, ]
    [C:\WINNT\sm56itl.dll]  [N/A, ]
    [C:\WINNT\sm56jpn.dll]  [N/A, ]
    [C:\WINNT\sm56spn.dll]  [N/A, ]
[PID: 1288][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.4053]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]
[PID: 1484][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 1156][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]
[PID: 1764][C:\Documents and Settings\Administrator\桌面\SREng\修改的2.4版SREng.EXE]  [1111, 2..4]
    [C:\WINNT\system32\qxk.dll]  [N/A, ]
    [C:\WINNT\system32\ipc.dll]  [Microsoft Corporation, 5.00.2195.7038]
    [C:\WINNT\system32\ubo.dll]  [Microsoft Corporation, 5.00.2195.7135]

==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
入口点错误：RegEnumValueA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\qxk.dll)
入口点错误：RegEnumValueW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\qxk.dll)
入口点错误：RegOpenKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\qxk.dll)
入口点错误：CreateFileA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\qxk.dll)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\qxk.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]