2006-05-26,09:00:06

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavPFW><"C:\KAV2006\KPFW32.EXE">
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KvXP><; >
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavStart><"C:\KAV2006\KAVStart.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <mmsk><D:\木马克星\mmsk.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KvMonXP><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StormCodec_Helper><; "F:\暴风影音\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
  <mmsk><D:\木马克星\mmsk.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <DTService><rundll32.exe C:\WINDOWS\system32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <Power><rundll32.exe C:\DOCUME~1\new\LOCALS~1\Temp\f3\pnxpwf.dll,Start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>

==================================
启动文件夹
服务
[Download Service / Download Service]
  <><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[Local Network Service / Local Network Service]
  <><N/A>
[Internet Protect Service / NHLscA]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[SmartLinkService / SLService]
  <slserv.exe><Smart Link>
[Network System / Universal Disk Manager]
  <><N/A>
[User Profile Hive Cleanup / UPHClean]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[windows driver manager / windows driver manager]
  <><N/A>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]
  <NetManager.exe -exe_start><N/A>

==================================
浏览器加载项
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[MICROQIL2]
  {832C0563-0820-4fef-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[IEMax_Toolbar_Helper]
  {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <c:\WINDOWS\system32\HelperService.dll, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方网络对战平台3.4.5\HFGame3\Gameclient.exe, 上海浩方在线信息技术有限公司>
[系统标准按钮(&E)]
  {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <c:\WINDOWS\system32\SystemToolbar.dll, N/A>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <F:\新转码~1\PowerPlr.ocx, Powerise Digital>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[MICROQIL2]
  {832C0563-0820-4FEF-83D8-418261DBC233} <C:\WINDOWS\system32\RAdminl.dll, RAdminl>
[IEMax_Toolbar_Helper]
  {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <c:\WINDOWS\system32\HelperService.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 728][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 876][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 940][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 976][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1024][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1140][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1244][C:\KAV2006\KWatch.EXE]  <Kingsoft Corporation><2005, 9, 27, 51>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 1312][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\hpzsnt09.dll]  <HP><2.236.4.0>
[PID: 1456][C:\KAV2006\KPfwSvc.EXE]  <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1488][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1540][C:\WINDOWS\system32\slserv.exe]  <Smart Link><3.80.01MC15>
[PID: 1564][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1604][C:\Program Files\UPHClean\uphclean.exe]  <Microsoft Corporation><1.5.5.21>
[PID: 1728][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 280][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\COMMON~1\system\msdc32.dll]  <C1NETHELPER><1, 0, 0, 1>
    [C:\WINDOWS\system32\DTSERV~1.DLL]  <><1, 3, 0, 0>
    [C:\DOCUME~1\new\LOCALS~1\Temp\f3\pnxpwf.dll]  <><1, 0, 0, 0>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\PROGRA~1\COMMON~1\system\mod\ca.dll]  <N/A><N/A>
    [C:\PROGRA~1\COMMON~1\system\mod\ca32.dll]  <N/A><N/A>
    [C:\KAV2006\KAScript.DLL]  <Kingsoft Corporation><2006, 2, 10, 60>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [C:\DOCUME~1\new\LOCALS~1\Temp\f3\ex\mcl.dll]  <N/A><N/A>
    [c:\WINDOWS\system32\HelperService.dll]  <N/A><N/A>
[PID: 408][C:\KAV2006\KAVStart.exe]  <Kingsoft Corporation><2005, 12, 15, 192>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\PopSprt3.dll]  <Kingsoft Corporation><2005, 12, 6, 30>
    [C:\KAV2006\KAVPassp.dll]  <Kingsoft Corporation><2005, 12, 14, 227>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 424][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3427>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 464][D:\木马克星\mmsk.exe]  <木马杀客><2,0,0,6>
    [D:\木马克星\krnln.fnr]  <><1, 0, 0, 1>
    [D:\木马克星\HtmlView.fne]  <><1, 0, 0, 1>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\木马克星\iext.fnr]  <><1, 0, 0, 1>
    [D:\木马克星\TrayIcon.fne]  <><1, 0, 0, 1>
    [D:\木马克星\iext2.fne]  <><1, 0, 0, 1>
    [D:\木马克星\iext3.fne]  <><1, 0, 0, 1>
    [D:\木马克星\xplib.fne]  <N/A><N/A>
    [D:\木马克星\shell.fne]  <N/A><N/A>
    [D:\木马克星\dp1.fne]  <N/A><N/A>
[PID: 484][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 500][C:\KAV2006\KPFW32.EXE]  <Kingsoft Corporation><2005, 11, 22, 606>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [C:\KAV2006\FiltList.dll]  <N/A><N/A>
    [C:\KAV2006\KAVPassp.DLL]  <Kingsoft Corporation><2005, 12, 14, 227>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 556][C:\KAV2006\KMailMon.EXE]  <Kingsoft Corporation><2005, 10, 8, 85>
    [C:\KAV2006\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [C:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1196][D:\System Repair Engineer 2.0.12.350 版本发布\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

除了在另外一帖中我指出的项目要修复删除外

用sreng删除启动项目
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Power><rundll32.exe C:\DOCUME~1\new\LOCALS~1\Temp\f3\pnxpwf.dll,Start>
服务
[Internet Protect Service / NHLscA]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]
<NetManager.exe -exe_start><N/A>

重启后删除

C:\PROGRA~1\COMMON~1\system\msdc32.dll
C:\WINDOWS\system32\DTSERV~1.DLL
C:\DOCUME~1\new\LOCALS~1\Temp\f3\
C:\PROGRA~1\COMMON~1\system\mod\
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
NetManager.exe