1. 论坛系统升级为Xenforo,欢迎大家测试!
    排除公告

老鬼及众鬼吖..

本帖由 3000m2006-03-05 发布。版面名称:谈天说地

第 3 页 - 共 3 页
  1. 3000m

    3000m New Member

    注册:
    2005-12-21
    帖子:
    945
    赞:
    21
    2006-03-06,14:01:14

    System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

    以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


    启动项目
    注册表
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\Firewall\pfw.exe>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>

    ==================================
    启动文件夹
    服务
    [kavsvc / kavsvc]
    <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>

    ==================================
    浏览器加载项
    [网址大全]
    {C18CB140-0BBB-11D4-8FE8-0088CC102438} <http://www.k369.com, N/A>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [HHCtrl Object]
    {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Microsoft Web 浏览器]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
    [Microsoft Scriptlet Component]
    {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_ASF Moniker Class]
    {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>

    ==================================
    正在运行的进程
    [PID: 400][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 456][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 480][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 524][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 536][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 688][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 820][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 880][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 1068][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 1984][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.227.1>
    [PID: 200][C:\PROGRA~1\SkyNet\Firewall\pfw.exe] <广州众达天网技术有限公司><2.7.7.1003>
    [C:\PROGRA~1\SkyNet\Firewall\SKYMISC.DLL] <N/A><N/A>
    [C:\PROGRA~1\SkyNet\Firewall\COMPRESSWRAP.DLL] <N/A><N/A>
    [PID: 1784][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 836][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.227.342>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.227.3>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.227.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.227.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\JPWB.IME] <常诚研制><4.00.950>
    [PID: 528][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [PID: 176][C:\h\SREng.exe] <Smallfrogs Studio><2.0.12.350>
    [PID: 352][C:\WINDOWS\system32\NOTEPAD.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

    ==================================
    文件关联
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock 提供者

    ==================================


    看看哪有问题?
     
    #41 3000m, 2006-03-06
  2. wm_chief

    wm_chief New Member

    注册:
    2005-09-05
    帖子:
    17,890
    赞:
    46
    这些都是可疑进程。还有你是在有打开ie的情况下查看进程的?
     
    #42 wm_chief, 2006-03-06
  3. notnull

    notnull New Member

    注册:
    2005-09-27
    帖子:
    11,720
    赞:
    37
    :ft:
     
    #43 notnull, 2006-03-06
  4. 3000m

    3000m New Member

    注册:
    2005-12-21
    帖子:
    945
    赞:
    21

    :ft: :ft: :ft: :sweat:

    昨天以为安装了费尔防火墙就好了呢,结果还是有啊 ,刚才又出现了:cry:
     
    #44 3000m, 2006-03-07
  5. rockguitar

    rockguitar New Member

    注册:
    2006-02-03
    帖子:
    996
    赞:
    1
    :sleep:
     
    #45 rockguitar, 2006-03-07
(您必须注册并登陆后发新主题。)
第 3 页 - 共 3 页
Toggle Width
语言
简体中文