2007-05-14,10:30:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <MisCli><C:\MisCli.exe>  [Jack]
    <MisMsg><C:\MisMsg.exe>  [FOCI]
    <wosa><C:\DOCUME~1\948120\LOCALS~1\Temp\woso.exe>  [N/A]
    <upxdnd><C:\DOCUME~1\948120\LOCALS~1\Temp\upxdnd.exe>  [N/A]
    <mhsa><C:\DOCUME~1\948120\LOCALS~1\Temp\mhso.exe>  [N/A]
    <tlsa><C:\DOCUME~1\948120\LOCALS~1\Temp\tlso.exe>  [N/A]
    <wdsa><C:\DOCUME~1\948120\LOCALS~1\Temp\wdso.exe>  [N/A]
    <wgsa><C:\DOCUME~1\948120\LOCALS~1\Temp\wgso.exe>  [N/A]
    <mppds><C:\WINNT\mppds.exe>  [N/A]
    <cmdbcs><C:\WINNT\cmdbcs.exe>  [N/A]
    <msccrt><C:\WINNT\msccrt.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[OfficeScanNT 实时扫描 / ntrtscan]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[OfficeScanNT 侦听程序 / tmlisten]
  <C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[GEMSER / GEMSER]
  <system32\DRIVERS\gemser.sys><Gemplus>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[Keypro / Keypro]
  <C:\WINNT\SYSTEM32\DRIVERS\Keypro.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139]
  <system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[Trend Micro Filter / TmFilter]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmFilter.sys><Trend Micro Inc.>
[Ufkey / Ufkey]
  <C:\WINNT\SYSTEM32\DRIVERS\Ufkey.SYS><Microsoft Corporation>
[Trend Micro VSAPI NT / VSApiNt]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>

==================================

浏览器加载项
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[ObjWinNTCheck Class]
  {00134F72-5284-44F7-95A8-52A619F70751} <C:\WINNT\Downloaded Program Files\WinNTChk.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupINICtrl Class]
  {08D75BB0-D2B5-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanSetupINI.dll, Trend Micro Inc.>
[OfficeScan Corp Edition Web-Deployment SetupCtrl Class]
  {08D75BC1-D2B5-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanSetup.dll, Trend Micro Inc.>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINNT\Downloaded Program Files\certInStall.dll, >
[Encrypt Class]
  {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} <C:\WINNT\Downloaded Program Files\AtxEnc.dll, Trend Micro Inc.>
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINNT\system32\ICBCNE~1.DLL, Infosec Technologies Co., Ltd.>
[OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class]
  {5EFE8CB1-D095-11D1-88FC-0080C859833B} <C:\WINNT\Downloaded Program Files\OfficeScanRemoveCtrl.dll, Trend Micro Inc.>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[CAClientModule Control]
  {A38A5CB5-7715-4887-8953-C51593BAC416} <C:\WINNT\DOWNLO~1\CACLIE~1.OCX, SHECA>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>

==================================
正在运行的进程
[PID: 152][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 176][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 224][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 236][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 388][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 432][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 484][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\hpdcmon.dll]  [Hewlett-Packard, 03.40.00]
[PID: 732][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 748][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 768][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 852][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 860][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1092][C:\WINNT\TEMP\EX2AD0.EXE]  [N/A, N/A]
[PID: 660][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\nwizwmsjs.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\mhso0.dll]  [N/A, N/A]
    [C:\WINNT\system32\mppds.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\wdso0.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\tlso0.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\wgso0.dll]  [N/A, N/A]
    [C:\WINNT\system32\msccrt.dll]  [N/A, N/A]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\upxdnd.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 1204][C:\MisCli.exe]  [Jack, 1.00]
    [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
    [C:\WINNT\system32\WINSKCHS.DLL]  [Microsoft Corporation, 6.00.8163]
[PID: 1328][C:\MisMsg.exe]  [FOCI, 1.00]
    [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8169]
[PID: 1340][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
[PID: 588][C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe]  [Trend Micro Inc., 6.5.0.1106]
[PID: 976][C:\Documents and Settings\948120\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\upxdnd.dll]  [N/A, N/A]
    [C:\WINNT\system32\msccrt.dll]  [N/A, N/A]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\wdso0.dll]  [N/A, N/A]
    [C:\WINNT\system32\mppds.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\wgso0.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\tlso0.dll]  [N/A, N/A]
    [C:\DOCUME~1\948120\LOCALS~1\Temp\mhso0.dll]  [N/A, N/A]
    [C:\WINNT\system32\NpOpenStore.dll]  [N/A, N/A]
    [C:\WINNT\system32\NPCard.dll]  [N/A, N/A]
    [C:\WINNT\system32\RsaFun.dll]  [N/A, N/A]
    [C:\WINNT\system32\GPKPCSC.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================

公司的监控软件