1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
|
Run Values:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"KernelFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,6b,\
00,00,00
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"hpWirelessAssistant"=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,48,00,50,00,51,00,5c,00,48,\
00,50,00,20,00,57,00,69,00,72,00,65,00,6c,00,65,00,73,00,73,00,20,00,41,00,\
73,00,73,00,69,00,73,00,74,00,61,00,6e,00,74,00,5c,00,48,00,50,00,20,00,57,\
00,69,00,72,00,65,00,6c,00,65,00,73,00,73,00,20,00,41,00,73,00,73,00,69,00,\
73,00,74,00,61,00,6e,00,74,00,2e,00,65,00,78,00,65,00,22,00,00,00
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"ChangeResolution"="C:\\Documents and Settings\\Administrator\\ChangeResolution.exe"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UdaterUI.exe\" /StartedFromRunKey"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"NoteBurner"="C:\\Program Files\\NoteBurner\\VTBurnerGUI.exe /silence"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"runner1"="C:\\WINDOWS\\mrofinu1864.exe 61A847B5BBF728133A9D3C466188719AB689201522886B092CBD44BD8689220221DD3257"
"5f91a3fd"="rundll32.exe \"C:\\WINDOWS\\system32\\uryofegd.dll\",b"
"BM5ca29061"="Rundll32.exe \"C:\\WINDOWS\\system32\\hxbqttnx.dll\",s"
"EPM Agent"="c:\\PROGRA~1\\ipass\\epm\\rstate.exe /LOGON"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\""
"SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"
Bot Check:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START
SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START
SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 4 DISABLED
SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
@=""
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"
ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"=""
Environment:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
OS REG_SZ Windows_NT
Path REG_EXPAND_SZ C:\Program Files\Windows Resource Kits\Tools\;C:\Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\ULTRAE~2
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PrintComTraffic REG_SZ YES
TEMP REG_SZ c:\TEMP
TMP REG_SZ c:\TEMP
WEBFGROOT REG_SZ C:\AREVA\e_terrabrowser\
windir REG_EXPAND_SZ %SystemRoot%
SDImgTemp REG_SZ C:\Program Files\Sharp\Sharpdesk\Imaging\Temp
SAFEBOOT_OPTION REG_SZ MINIMAL
SecurityProviders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Authentication Packages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\hgGyyvuR\0\0
Subsystem Startup:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
Midi Drivers:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
Non-Default IFEO Debugger:
Non-Default Installed Components:
Non-Default Safeboot Minimal:
File Associations:
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"
Finished! |
Partager