- 听众
- 收听
- 积分
- 332
- 主题
- 回帖
- 0
- 精华
注册时间2006-9-19
最后登录1970-1-1
该用户从未签到
|
楼主 |
发表于 2007-12-1 11:06:02
|
显示全部楼层
- 2007-12-01,11:01:53
- System Repair Engineer 2.5.16.900
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <switch><c:\windows\system32\壁纸自动换.exe> []
- <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
- <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
- <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
- <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
- <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
- <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
- <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
- <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
- <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
- ==================================
- 驱动程序
- [100133 / 100133][Running/Boot Start]
- <\SystemRoot\System32\drivers\100133.sys><N/A>
- [a0 / a0][Running/Boot Start]
- <\SystemRoot\\SystemRoot\System32\drivers\100133.sys><N/A>
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
- <system32\drivers\ac97intc.sys><Intel Corporation>
- [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
- <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
- [AliIde / AliIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
- [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
- <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
- [ati2mtag / ati2mtag][Running/Manual Start]
- <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
- [CmdIde / CmdIde][Running/Boot Start]
- <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
- [CnsMinKP / CnsMinKP][Running/Boot Start]
- <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件(北京)有限公司>
- [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
- <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
- [nv / nv][Stopped/Manual Start]
- <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
- <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <system32\DRIVERS\secdrv.sys><N/A>
- ==================================
- 浏览器加载项
- [CnsHook Class]
- {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
- [SrchHook Class]
- {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
- [Yahoo 3.5G电邮]
- {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
- [名品折扣]
- {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
- [雅虎助手]
- {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
- [雅虎WIDGET]
- {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
- [情景聊天]
- {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
- []
- {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
- []
- {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
- [IE搜索工具条]
- {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
- [AutoLive]
- {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, >
- [IE搜索工具条]
- {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
- [CnsHook Class]
- {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件(北京)有限公司>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
- [SrchHook Class]
- {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- ==================================
- 正在运行的进程
- [PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 528 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 584 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 736 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146]
- [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
- [PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 816 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 892 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
- [PID: 968 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146]
- [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504]
- [C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146]
- [PID: 1032 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1060 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1340 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [C:\PROGRA~1\3721\helper.dll] [, 1, 1, 1, 1327]
- [C:\PROGRA~1\3721\alrex.dll] [, 1, 0, 1, 1001]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\WINDOWS\DOWNLO~1\CnsHook.dll] [国风因特软件(北京)有限公司, 2.5.1.7]
- [C:\PROGRA~1\3721\autolive.dll] [, 1, 1, 9, 1329]
- [C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [PID: 1444 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- [PID: 1580 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [国风因特软件(北京)有限公司, 2.5.0.6]
- [C:\WINDOWS\DOWNLO~1\cnsio.dll] [国风因特软件(北京)有限公司, 2.5.0.4]
- [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll] [国风因特软件(北京)有限公司, 2.5.0.4]
- [PID: 1600 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\PROGRA~1\3721\helper.dll] [, 1, 1, 1, 1327]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [C:\PROGRA~1\3721\autolive.dll] [, 1, 1, 9, 1329]
- [C:\PROGRA~1\3721\notifier.dll] [, 1, 0, 0, 5]
- [C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
- [PID: 1616 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 52]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [PID: 1624 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [PID: 1768 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
- [PID: 852 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1760 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
- [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
- [PID: 2000 / Administrator][D:\新建文件夹\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
- [C:\PROGRA~1\3721\helper.dll] [, 1, 1, 1, 1327]
- [C:\WINDOWS\DOWNLO~1\CnsMin.dll] [国风因特软件(北京)有限公司, 2.5.1.2]
- [D:\新建文件夹\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- N/A
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- 0.0.0.0 182838.com
- 0.0.0.0 204.177.92.68
- 0.0.0.0 asiafriendfinder.com
- 0.0.0.0 asqin123.51.net
- 0.0.0.0 babe520.5188.org
- 0.0.0.0 music.feifa.com
- 0.0.0.0 music.v111.com
- 0.0.0.0 www.jpbeauty.com
- 0.0.0.0 beautishow.com
- 0.0.0.0 goodmovies88.com
- 0.0.0.0 hothack.home.chinaren.com
- 0.0.0.0 hualiao.net
- 0.0.0.0 iplus.allyes.com
- 0.0.0.0 jjkafei.longcity.net
- 0.0.0.0 kaomm.8m.cn
- 0.0.0.0 l3iaoliao.com
- 0.0.0.0 lingaonbvm.myrice.com
- 0.0.0.0 lovejava.boy.net.cn
- 0.0.0.0 love7liao.com
- 0.0.0.0 asqin123.51.net
- 0.0.0.0 babe520.5188.org
- 0.0.0.0 music.feifa.com
- 0.0.0.0 jjkafei.longcity.net
- 0.0.0.0 kaomm.8m.cn
- 0.0.0.0 l3iaoliao.com
- 0.0.0.0 l3iaoliao.com
- 0.0.0.0 lingaonbvm.myrice.com
- 0.0.0.0 lovejava.boy.net.cn
- 0.0.0.0 love7liao.com
- 0.0.0.0 babe520.5188.org
- 0.0.0.0 music.feifa.com
- 0.0.0.0 music.v111.com
- 0.0.0.0 babe520.5188.org
- 0.0.0.0 music.feifa.com
- 0.0.0.0 jjkafei.longcity.net
- 0.0.0.0 kaomm.8m.cn
- 0.0.0.0 l3iaoliao.com
- 0.0.0.0 l3iaoliao.com
- 0.0.0.0 lingaonbvm.myrice.com
- 0.0.0.0 lovejava.boy.net.cn
- 0.0.0.0 love7liao.com
- 0.0.0.0 babe520.5188.org
- 0.0.0.0 music.feifa.com
- 0.0.0.0 music.v111.com
- 219.153.32.215 auto.search.msn.com
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 528, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 584, C:\WINDOWS\SYSTEM32\LSASS.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 1340, C:\WINDOWS\EXPLORER.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1340, C:\WINDOWS\EXPLORER.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1444, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 1600, C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 1616, C:\WINDOWS\SOUNDMAN.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1616, C:\WINDOWS\SOUNDMAN.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 1624, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1356, C:\WINDOWS\SYSTEM32\DRWTSN32.EXE]
- 特殊特权被允许: SeSystemtimePrivilege [PID = 1356, C:\WINDOWS\SYSTEM32\DRWTSN32.EXE]
- ==================================
- API HOOK
- N/A
- ==================================
- 隐藏进程
- N/A
- ==================================
|
|
IP卡
狗仔卡
显身卡
发表于 2007-12-1 11:54:44
建议升级到最新):
