[CODE] 2009-02-09,14:47:32 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [Microsoft Corporation] [] <金山清理专家实时保护><"C:\Program Files\Kingsoft Antispy\monitor\kastray.exe"> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows 2000 Publisher] [Avance Logic, Inc.] [Intel Corporation] [Intel Corporation] [] [(Verified)Microsoft Corporation] [Nokia] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows 2000 Publisher] <%SystemRoot%\system32\webcheck.dll> [Microsoft Corporation] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <自定义浏览器> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] <%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvcui.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\makereport.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe ] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe] [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows 2000 Publisher] ================================== 启动文件夹 [Adobe Reader Speed Launch] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]> [金山词霸 2006] C:\Program Files\kingsoft\PowerWord 2006\XDICT.EXE [File is missing]> ================================== 服务 [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] [Netos / Netos][Running/Auto Start] [OracleMTSRecoveryService / OracleMTSRecoveryService][Running/Auto Start] [ServiceLayer / ServiceLayer][Running/Manual Start] <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"> [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] C:\WINNT\system32\mspmsnsv.dll> ================================== 驱动程序 [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Rising TDI Base Driver / BaseTDI][Running/Auto Start] [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys> [HookReg / HookReg][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys> [ialm / ialm][Running/Manual Start] [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys> [NAVAPEL / NAVAPEL][Running/Auto Start] <\??\C:\Program Files\NavNT\NAVAPEL.SYS> [Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start] [Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start] [Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start] [Nokia USB Port / Nokia USB Port][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys> [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [SymEvent / SymEvent][Stopped/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS> [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start] [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start] ================================== 浏览器加载项 [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [解霸] {367E0A21-8601-4986-9C9A-153BF5ACA118} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, > [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [Save解霸实时播放] [导出到 Microsoft Office Excel(&X)] [解霸实时播放] ================================== 正在运行的进程 [PID: 144][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601] [PID: 168][\??\C:\WINNT\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601] [PID: 164][\??\C:\WINNT\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6898] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\NavLogon.dll] [N/A, ] [PID: 216][C:\WINNT\system32\services.exe] [(Verified) Microsoft Corporation, 5.00.2195.6700] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 228][C:\WINNT\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.00.2195.6902] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [PID: 412][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [PID: 440][C:\WINNT\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.00.2195.6659] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 468][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0] [PID: 484][C:\WINNT\system32\cisvc.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [PID: 504][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [PID: 524][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 572][C:\WINNT\system32\Netos.exe] [N/A, ] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\URLMON.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [PID: 652][c:\oraclient\ora81\bin\omtsreco.exe] [Oracle Corporation, 9.2.0.1.0] [c:\oraclient\ora81\bin\OCI.dll] [Oracle Corporation, 9.2.0.1.0] [c:\oraclient\ora81\bin\OraClient9.Dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\oracore9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oraunls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oravsn9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\oracommon9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\orageneric9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\oraxml9.dll] [Oracle Corporation, ] [c:\oraclient\ora81\bin\oraxsd9.dll] [Oracle Corporation, ] [c:\oraclient\ora81\bin\orannzsbb9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oran9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranl9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranldap9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oraldapclnt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\orancrypt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\ORATRACE9.dll] [N/A, ] [c:\oraclient\ora81\bin\oranro9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranhost9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranoname9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\orancds9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\orantns9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\oranms.dll] [Oracle Corporation, 9.2.0.0.0] [c:\oraclient\ora81\bin\oranmsp.dll] [Oracle Corporation, 9.2.0.0.0] [c:\oraclient\ora81\bin\orapls9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\oraslax9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\orasnls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\orawtc9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [c:\oraclient\ora81\bin\orasql9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [c:\oraclient\ora81\bin\omtsrecomsgZHS.dll] [Oracle Corporation, 9.0.0.0.0] [c:\oraclient\ora81\bin\omtsrecomsgus.dll] [Oracle Corporation, 9.2.0.0.1] [PID: 740][C:\WINNT\System32\WBEM\WinMgmt.exe] [(Verified) Microsoft Corporation, 1.50.1085.0100] [PID: 772][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\ADVPACK.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [PID: 904][C:\WINNT\Explorer.EXE] [(Verified) Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\msctf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\SHDOCVW.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\browseui.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\URLMON.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\mlang.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\mshtml.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\WININET.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\webcheck.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [C:\WINNT\RichDll.dll] [N/A, ] [C:\WINNT\system32\browselc.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\imgutil.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\mshtmled.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [C:\WINNT\system32\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\WINNT\system32\jscript.dll] [Microsoft Corporation, 5.6.0.6626] [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 7.50.00.846] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\actxprxy.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 80, 37, 4] [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 80, 66, 0] [C:\WINNT\system32\ConnAPI.DLL] [Nokia., 6, 80, 55, 5] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 80, 26, 0] [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 80, 8, 0] [PID: 1064][C:\WINNT\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [PID: 1088][C:\WINNT\system32\igfxtray.exe] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3,0,0,1918] [PID: 1096][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\COMCTL32.dll] [Microsoft Corporation, 5.81] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\igfxhk.dll] [Intel Corporation, 3,0,0,1918] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3,0,0,1918] [PID: 1104][C:\HEROSOFT\Hero3000\SYSEXPLR.EXE] [N/A, ] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\HEROSOFT\Hero3000\AVCDROM.dll] [N/A, ] [C:\HEROSOFT\Hero3000\CoolMenu.dll] [N/A, ] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\HEROSOFT\Hero3000\Sys936.DLL] [N/A, ] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [PID: 1120][C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE] [Nokia, 6, 80, 53, 3] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\ConnAPI.DLL] [Nokia., 6, 80, 55, 5] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\PROGRA~1\Nokia\NOKIAP~1\PCSCM.dll] [Nokia, 6, 80, 66, 0] [C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\Program Files\Common Files\PCSuite\ConfServer\ConfServer.dll] [Nokia, 6, 80, 20, 4] [C:\WINNT\system32\NclTools.dll] [Nokia., 6, 80, 18, 3] [C:\WINNT\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0] [C:\WINNT\system32\mlang.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\PROGRA~1\Nokia\NOKIAP~1\Lang\LaunchApplication_chi-sc.NLR] [Nokia, 6, 80, 56, 0] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0] [PID: 1136][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [PID: 1108][C:\WINNT\system32\drivers\TXPlatform.exe] [N/A, ] [C:\WINNT\system32\wininet.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\URLMON.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\comctl32.dll] [Microsoft Corporation, 5.81] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [PID: 1156][C:\Program Files\Kingsoft Antispy\monitor\kastray.exe] [Kingsoft Corporation, 2008,12,24,182] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\Kingsoft\KAC\Service\kacctl.dll] [Kingsoft Corporation, 2008,10,15,297] [C:\Program Files\Kingsoft Antispy\monitor\kaspop.dll] [Kingsoft Corporation, 2008,12,22,179] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9] [PID: 1344][C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe] [Nokia., 6, 80, 56, 4] [C:\WINNT\system32\NclTools.dll] [Nokia., 6, 80, 18, 3] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 80, 26, 0] [C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll] [Nokia, 6, 80, 33, 0] [C:\Program Files\Common Files\PCSuite\Transports\NCLUSBMM.dll] [Nokia, 6, 80, 37, 0] [PID: 1424][C:\Program Files\Kingsoft Antispy\monitor\kudiskmon.exe] [Kingsoft Corporation, 2008,12,05,106] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106] [PID: 1520][C:\WINNT\system32\conime.exe] [(Verified) Microsoft Corporation, 5.00.2195.6655] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [PID: 292][C:\WINNT\system32\cidaemon.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\mlang.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\comctl32.dll] [Microsoft Corporation, 5.81] [PID: 288][F:\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 1556][F:\sreng2\SREa4d4c09b.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINNT\system32\SHLWAPI.DLL] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\COMCTL32.DLL] [Microsoft Corporation, 5.81] [C:\WINNT\system32\WININET.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N] [C:\WINNT\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N] [F:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINNT\system32\urlmon.dll] [Microsoft Corporation, 6.00.2800.1106] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINNT\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [C:\] [AutoRun] OPEN=　　　.exe shell\open=打开(&O) shell\open\Command=　　　.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=　　　.exe [D:\] [AutoRun] OPEN=　　　.exe shell\open=打开(&O) shell\open\Command=　　　.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=　　　.exe [E:\] [AutoRun] OPEN=　　　.exe shell\open=打开(&O) shell\open\Command=　　　.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=　　　.exe [F:\] [AutoRun] OPEN=　　　.exe shell\open=打开(&O) shell\open\Command=　　　.exe shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=　　　.exe ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 572, C:\WINNT\SYSTEM32\NETOS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 652, C:\ORACLIENT\ORA81\BIN\OMTSRECO.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1064, C:\WINNT\SOUNDMAN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1088, C:\WINNT\SYSTEM32\IGFXTRAY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1096, C:\WINNT\SYSTEM32\HKCMD.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1104, C:\HEROSOFT\HERO3000\SYSEXPLR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1120, C:\PROGRA~1\NOKIA\NOKIAP~1\LAUNCH~1.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1136, C:\WINNT\SYSTEM32\CTFMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\WINNT\SYSTEM32\DRIVERS\TXPLATFORM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1344, C:\PROGRAM FILES\COMMON FILES\PCSUITE\SERVICES\SERVICELAYER.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 288, F:\SRENG2\SRENGLDR.EXE] ================================== 计划任务 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]