2006-11-25,08:16:11
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows Server 2003 Standard Edition (Build 3790)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<MSConfig><"C:\WINDOWS\system32\msconfig.exe" /auto> [(Verified)Microsoft Corporation]
<传奇杀手克星><F:\ARP1.5\arp.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<WIAWizardMenu><RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><C:\WINDOWS\system32\st
object.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
<WinlogonNotify: DfLogon><LogonDll.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [N/A]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [N/A]
<nwiz><; nwiz.exe /install> [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<SoundMan><; SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
==================================
启动文件夹
[INTERNAT]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\INTERNAT.lnk --> C:\WINDOWS\system32\internat.exe [Microsoft Corporation]><N>
[Pubwin EP服务控制器]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Pubwin EP服务控制器.lnk --> D:\Hintsoft\PUBWIN~1\version\bin\SERVIC~1.EXE [N/A]><N>
[run]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\run.bat --> [N/A]><N>
==================================
服务
[Pubwin Application Server / AppServer]
<D:\Hintsoft\PubwinServer\appServ\bin\wrapper.exe -s D:\Hintsoft\PubwinServer\appServ\conf\wrapper.conf><N/A>
[DF5Serv / DF5Serv]
<C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe><Faronics Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Pubwin Database / MySQL]
<D:\Hintsoft\PubwinServer\database\bin\mysqld-nt.exe><N/A>
[Pubwin Update / PubwinUpdate]
<D:\Hintsoft\PubwinServer\version\bin\wrapper.exe -s D:\Hintsoft\PubwinServer\version\conf\wrapper.conf><N/A>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[C-Media WDM Audio Interface / cmuda]
<system32\drivers\cmuda.sys><N/A>
[DeepFrz / DeepFrz]
<C:\WINDOWS\SYSTEM32\DRIVERS\DeepFrz.SYS><Faronics Corporation>
[Intel(R) PRO Adapter Driver / E100B]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SetupNT / SetupNT]
<\SystemRoot\system32\SetupNT.sys><N/A>
==================================
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
==================================
正在运行的进程
[PID: 972][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[PID: 1096][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3275]
[PID: 1104][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.27]
[PID: 1112][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 4, 3, 625, 61]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 4.3. 625.61]
[PID: 1144][C:\WINDOWS\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[PID: 1152][D:\Hintsoft\PubwinServer\version\bin\ServiceManager.exe] [N/A, N/A]
[PID: 1240][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1484][F:\AntiArp_防ARP攻击小工具\Antiarp.exe] [N/A, N/A]
[PID: 1500][F:\ARP1.5\arp.exe] [N/A, N/A]
[PID: 1248][D:\Hintsoft\PubwinConsole\PubwinConsole.exe] [N/A, N/A]
[D:\Hintsoft\PubwinConsole\log4cpp.dll] [Bastiaan Bakker, LifeLine Networks bv , 0.3.2rc2]
[D:\Hintsoft\PubwinConsole\LIBEAY32.dll] [N/A, N/A]
[D:\Hintsoft\PubwinConsole\Crypto.dll] [N/A, N/A]
[D:\Hintsoft\PubwinConsole\RealName.dll] [TODO: <公司名>, 1.0.0.1]
[D:\Hintsoft\PubwinConsole\Drv\MifareReader\MifareReader.dll] [TODO: <公司名>, 1.0.0.1]
[D:\Hintsoft\PubwinConsole\Drv\MifareReader\MF1\Advic32.dll] [N/A, N/A]
[PID: 2008][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\WINABC.IME] [PKUETI, 5.22.216]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 1324][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[PID: 1452][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.891\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
==================================
文件关联
.TXT Error. [Notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
