下面的报告是在学校的电脑扫的,大家来会诊一下,看一下这台机器的症状,我们上课的时候,这台机器老是出故障,烦死人了!老机器了,没有办法,整天插U盘,里面病毒奇多无比,毒库一个!
- 2007-04-10,09:40:56
- System Repair Engineer 2.4.12.806
- Smallfrogs (http://www.KZTechs.com)
- Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
- <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
- <DrvMon.exe><C:\WINDOWS\System32\DrvMon.exe> [Alcor Micro, Corp.]
- <Ntcheck><C:\WINDOWS\mapserver.exe> [UNDEATH]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- <Cmpnt><c:\windows\system\mainsv.exe> [UNDEATH]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
- <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
- <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
- <IgfxTray><C:\WINDOWS\System32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
- <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows XP Publisher]
- <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
- <SysExplr><C:\Herosoft\Hero2000\SYSEXPLR.EXE> []
- <RavTimer><C:\Program Files\Rising\Rav\RavTimer.exe> [Beijing Rising Technology Co., Ltd.]
- <RavMon><C:\Program Files\Rising\Rav\RavMon.exe -system> [Beijing Rising Technology Co., Ltd.]
- <Cmpnt><C:\WINDOWS\system\cmpku.exe> [UNDEATH]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
- <Shell><c:\windows\system\mainsv.exe> [UNDEATH]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
- <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
- ==================================
- 启动文件夹
- [Microsoft Office]
- <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\MICROS~1\Office10\OSA.EXE [Microsoft Corporation]><N>
- ==================================
- 服务
- [Lexar JD31 / LxrJD31s][Running/Auto Start]
- <LxrJD31s.exe><N/A>
- [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
- [Rising Process Communication Center / RsCCenter][Running/Auto Start]
- <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
- [RsRavMon Service / RsRavMon][Running/Auto Start]
- <C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>
- [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
- ==================================
- 驱动程序
- [BaseTDI / BaseTDI][Running/Auto Start]
- <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Rising>
- [C-Media WDM Audio Interface / cmuda][Running/Manual Start]
- <system32\drivers\cmuda.sys><C-Media Inc>
- [Rising Exploit Scaner 1.0 / ExpScaner][Running/Manual Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
- [HOOKAPI / HOOKAPI][Running/Auto Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
- [HookCont / HookCont][Running/Auto Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising tech Co. ltd>
- [HookReg / HookReg][Running/Auto Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\HOOKREG.sys><>
- [HookSys / HookSys][Running/Auto Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\hooksys.sys><瑞星>
- [ialm / ialm][Running/Manual Start]
- <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
- [LxrJD31d / LxrJD31d][Running/Auto Start]
- <\??\C:\WINDOWS\System32\Drivers\LxrJD31d.sys><N/A>
- [MEMSCAN / MEMSCAN][Running/Auto Start]
- <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.SYS><瑞星软件有限公司>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
- <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <System32\DRIVERS\secdrv.sys><N/A>
- [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
- <system32\drivers\ialmsbw.sys><Intel Corporation>
- [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
- <system32\drivers\ialmkchw.sys><Intel Corporation>
- ==================================
- 浏览器加载项
- [@shdoclc.dll,-866]
- {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
- [电台(&R)]
- {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\macromed\flash\Flash.ocx, Macromedia, Inc.>
- [导出到 Microsoft Excel(&x)]
- <res://D:\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
- ==================================
- 正在运行的进程
- [PID: 536][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
- [PID: 616][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 640][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
- [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
- [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
- [C:\WINDOWS\System32\RavExt.DLL] [Beijing Rising Technology Co., Ltd., 17, 0, 0, 3]
- [D:\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
- [C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,1918]
- [PID: 1860][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,1918]
- [C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,1918]
- [PID: 1900][C:\WINDOWS\System32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 0, 35]
- [PID: 1936][C:\Herosoft\Hero2000\SYSEXPLR.EXE] [N/A, ]
- [C:\Herosoft\Hero2000\AVCDROM.dll] [N/A, ]
- [PID: 1972][C:\Program Files\Rising\Rav\RavTimer.exe] [Beijing Rising Technology Co., Ltd., 17, 0, 0, 32]
- [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 17, 0, 0, 17]
- [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Rising Corp., 17, 0, 0, 5]
- [C:\Program Files\Rising\Rav\CfgDll.dll] [rising, 17, 0, 0, 39]
- [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 17, 0, 0, 3]
- [PID: 2016][C:\Program Files\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 17, 0, 1, 0]
- [C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 17, 0, 0, 33]
- [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Rising Corp., 17, 0, 0, 5]
- [C:\Program Files\Rising\Rav\CfgDll.dll] [rising, 17, 0, 0, 39]
- [C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 17, 0, 0, 3]
- [C:\Program Files\Rising\Rav\PngDll.dll] [Rising, 17, 0, 0, 2]
- [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 17, 0, 0, 17]
- [PID: 2024][C:\WINDOWS\system\cmpku.exe] [UNDEATH, 3.02]
- [C:\WINDOWS\System32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9237]
- [PID: 124][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
- [PID: 172][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.0041]
- [C:\Program Files\Messenger\MSGSLANG.DLL] [Microsoft Corporation, 4.7.0041]
- [C:\PROGRA~1\MESSEN~1\rtcimsp.dll] [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
- [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\System32\msdmo.dll] [, ]
- [PID: 184][C:\WINDOWS\System32\DrvMon.exe] [Alcor Micro, Corp., 1, 0, 0, 9]
- [PID: 1296][I:\Tools\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [I:\Tools\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]
- ==================================
- 文件关联
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS Error. [超级解霸2000]
- .JS Error. ["C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- [D:\]
- [Autorun]
- open=Iexplores.exe
- [E:\]
- [Autorun]
- open=Iexplores.exe
- [F:\]
- [Autorun]
- open=Iexplores.exe
- [G:\]
- [Autorun]
- open=Iexplores.exe
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- API HOOK
- N/A
- ==================================
- 隐藏进程
- N/A
- ==================================
|
[复制链接]
发表于 2007-4-17 14:12:17
楼主
发表于 2007-4-17 16:48:51
绿色大蜘蛛也不错哦!