以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<LocalSystem><; C:\WINDOWS\system\svchost.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><; ; ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pbmini><; ; C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<svc><C:\WINDOWS\svchost.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<会话 1 中 192.168.0.8 上的 EPSON ME 1 (来自 LIKEJUNSRV)><C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE /P55 "会话 1 中 192.168.0.8 上的 EPSON ME 1 (来自 LIKEJUNSRV)" /O5 "TS002" /M "ME 1">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSConfig><"C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><; ; C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DWPersistentQueuedReporting><; C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMig><; ; ; ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><; ; ; C:\WINDOWS\temp\realsched.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Windows SVC><C:\WINDOWS\system\svchost.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Update><C:\Program Files\Common Files\UPDAT\Update.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<会话 1 中 192.168.0.8 上的 EPSON ME 1 (来自 LIKE><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>
==================================
启动文件夹
服务
[Routing Protect Access / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Conference Machine Loader / Conference Machine Loader]
<C:\PROGRA~1\V2CONF~1\server\ML.exe><>
[ConfMachineLoader / ConfMachineLoader]
<C:\PROGRA~1\V2CONF~1\server\ML.exe><>
[ConfMySQL / ConfMySQL]
<C:\PROGRA~1\V2CONF~1\CONFMY~1\bin\mysqld.exe --defaults-file=C:\PROGRA~1\V2CONF~1\ConfMySql\Confsql.ini ConfMySQL><N/A>
[ConfTomcat / ConfTomcat]
<C:\Program Files\V2ConfServer\Management\bin\tomcat.exe><Alexandria Software Consulting>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[MySql / MySql]
<C:/mysql/bin/mysqld-nt.exe><N/A>
[Rising Process Communication Center / RsCCenter]
<"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sample NT Service / SampleService]
<C:\WINDOWS\NTService.exe><Ceramiche Ariostea>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[StdService / StdService]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
==================================
浏览器加载项
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[std software]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, >
[QuickBtn]
{D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[std software]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, >
[QuickBtn]
{D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
==================================
正在运行的进程
[PID: 348][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 396][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 420][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><9.0.0.338>
[PID: 464][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 484][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 672][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 760][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 808][D:\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 840][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 908][D:\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
