以下是瑞星听诊器的扫描纪录:
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
internat.exe = internat.exe
TaskMonitor = D:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
C-Media Mixer = D:\Program Files\PCI Audio Applications\Mixer.exe /startup
RavTimer = D:\PROGRAM FILES\RISING\RAV\RavTimer.exe
CCenter = d:\Program Files\Rising\Rav\CCenter.exe
RavTray = d:\Program Files\Rising\Rav\RavTray.exe
SKYNET Personal FireWall = D:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE
iparmor = C:\PROGRAM FILES\IPARMOR\IPARMOR.EXE mini
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\RunServices
RavService = d:\Program Files\Rising\Rav\RavService.exe /service
RavMon = d:\Program Files\Rising\Rav\RavMon.exe -system
RavMond = d:\Program Files\Rising\Rav\RavMond.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll =
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad
WebCheck = D:\WINDOWS\SYSTEM\WEBCHECK.DLL
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
D:\WINDOWS\SYSTEM\BROWSEUI.DLL= Browseui 预加载程序
D:\WINDOWS\SYSTEM\BROWSEUI.DLL= 组件类别缓存程序
SYSTEM.INI BOOT SHELL Explorer.exe
其他相关项
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> www.hao123.com/index3.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main local page ----> http://www.jsing.net/index1.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main SearchURL ----> http://www.jsing.net/index1.htm
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main search page ----> http://home.microsoft.com/intl/cn/access/allinone.asp
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main search bar ----> http://www.jsing.net/index1.htm
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> APIHookDll.dll
HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main start page ----> www.hao123.com/index3.htm
HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main search page ----> http://home.microsoft.com/intl/cn/access/allinone.asp
诊断信息
1 RAREXT.DLL 60% 您要搜索的 C:\PROGRAM FILES\WINRAR\RAREXT.DLL
2 NVDD32.DLL 60% 您要搜索的 D:\WINDOWS\SYSTEM\NVDD32.DLL
进程列表
D:\WINDOWS\SYSTEM\KERNEL32.DLL
D:\WINDOWS\SYSTEM\MSGSRV32.EXE
D:\WINDOWS\SYSTEM\MPREXE.EXE
D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE
D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
D:\WINDOWS\SYSTEM\mmtask.tsk
D:\WINDOWS\EXPLORER.EXE
D:\WINDOWS\SYSTEM\RPCSS.EXE
D:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\WINDOWS\TASKMON.EXE
D:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
D:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE
D:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
F:\RISINGTOOLS\RAVDETECT.EXE
进程详细信息
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\WINDOWS\SYSTEM\NVDD32.DLL (made by NVidia Corporation)
D:\WINDOWS\SYSTEM\NVARCH32.DLL (made by NVidia Corporation)
D:\WINDOWS\EXPLORER.EXE
D:\WINDOWS\SYSTEM\WINABC.IME (made by PKUETI)
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE
D:\WINDOWS\SYSTEM\NETBIOS.DLL
