[CODE] 2008-08-25,14:09:47 System Repair Engineer 2..4 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows XP Publisher] [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher] [(Verified)Microsoft Windows XP Publisher] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows XP Publisher] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows XP Publisher] ================================== 启动文件夹 [腾讯QQ] C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]> ================================== 服务 [Virtual PC Services Application / 1-vpcsrvc][Running/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Virtual PC Shared Folder Mapper / VPCMap][Running/Auto Start] ================================== 驱动程序 [Virtual PC Services Driver / 1-driver-vpcsrvc][Running/Auto Start] <\??\C:\WINDOWS\CNTX\VPCSRVC.SYS> [Creative SB16/AWE32/AWE64 Driver (WDM) / ctlsb16][Running/Manual Start] [DC21x4 Based Network Adapter Driver / DC21x4][Running/Manual Start] [i8042 键盘及 PS/2 鼠标端口驱动程序 / i8042prt][Running/System Start] [Virtual PC Folder Sharing Driver / MRxVPC][Running/Auto Start] <\??\C:\WINDOWS\System32\drivers\MRxVPC.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [s3legacy / s3legacy][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] ================================== 浏览器加载项 [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [添加到QQ表情] ================================== 正在运行的进程 [PID: 292][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 372][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 396][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 440][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 452][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 696][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 748][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 868][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 928][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1136][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\MRxVPCNP.dll] [Connectix, 4.0.2] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [PID: 1192][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [PID: 1428][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 1452][C:\WINDOWS\CNTX\VPCSRVC.EXE] [Connectix, 4, 0, 2, 0] [PID: 1576][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [PID: 1692][C:\WINDOWS\System32\VPCMap.exe] [Connectix, 4.0.2] [PID: 584][C:\DOCUME~1\admlbc\LOCALS~1\Temp\Rar$EX00.515\修改的2.4版SREng.EXE] [1111, 2..4] [PID: 792][C:\WINDOWS\System32\drivers\svchosL.exe] [N/A, ] [PID: 1036][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] OPEN=   .exe shell\open=打开(&O) shell\open\Command=   .exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=   .exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]