2006-09-30,21:10:02

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <zz><C:\WINDOWS\system32\lsrx.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SKYNET Personal FireWall><C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\网游\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\网游\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\网游\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\网游\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 580][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 592][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 868][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1080][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\rxxx.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\igfxpph.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\igfxress.dll]  <Intel Corporation><3,0,0,1918>
[PID: 1416][C:\WINDOWS\system32\hkcmd.exe]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxhk.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3,0,0,1918>
[PID: 1424][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3208>
[PID: 1432][C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe]  <广州众达天网技术有限公司><2.7.7.1004>
    [C:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL]  <N/A><N/A>
    [C:\PROGRA~1\SKYNET\FIREWALL\COMPRESSWRAP.DLL]  <N/A><N/A>
[PID: 1448][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1656][C:\Program Files\ADSL拨号王\HNMainUI.exe]  <N/A><2, 3, 0, 1>
    [C:\Program Files\ADSL拨号王\HNKernel.dll]  <HelloNet><2.2.0.1>
    [C:\Program Files\ADSL拨号王\HNUtils.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\HNRes_0804.dll]  <N/A><2, 2, 0, 1>
    [C:\Program Files\ADSL拨号王\plugins\Diagnose.dll]  <HelloNet><2.2.0.1>

接 上
[PID: 816][C:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 2, 21>
    [C:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\WINDOWS\Downloaded Program Files\OL2005.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\RavWeb\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
    [C:\Program Files\Rising\RavWeb\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
    [C:\Program Files\Rising\RavWeb\Engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
    [C:\Program Files\Rising\RavWeb\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 27>
    [C:\Program Files\Rising\RavWeb\RSUnpack.dll]  <Beijing Rising Technology Co., Ltd.><1, 0, 0, 17>
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\RavWeb\ScanElf.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 336][D:\网游\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\网游\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [D:\网游\QQ\PYKer.dll]  <飘云 http://www.pyqq.cn><飘云>
    [D:\网游\QQ\ipsearcher.dll]  <><1.0.0.3>
    [D:\网游\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [D:\网游\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\网游\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\网游\QQ\QQMainFrame.dll]  <N/A><N/A>
    [D:\网游\QQ\CQQApplication.dll]  <N/A><N/A>
    [D:\网游\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\网游\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\GroupLive.dll]  <N/A><N/A>
    [D:\网游\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [D:\网游\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\网游\QQ\ShareFiles.dll]  <N/A><N/A>
    [D:\网游\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
    [D:\网游\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\网游\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\网游\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [D:\网游\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\网游\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [D:\网游\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\网游\QQ\SCCore.dll]  <N/A><N/A>
    [D:\网游\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\QQCustomFace.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [D:\网游\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\网游\QQ\BQQApplication.dll]  <N/A><N/A>
    [D:\网游\QQ\QQFileTransfer.dll]  <Tencent><0, 3, 3, 5>
    [D:\网游\QQ\QQMagicFace.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\网游\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\网游\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [D:\网游\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 1, 10>
    [D:\网游\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [D:\网游\QQ\GroupConnection.dll]  <Tencent><0, 3, 3, 5>
    [C:\pagefile.pif]  <N/A><N/A>
[PID: 848][C:\Documents and Settings\Administrator\桌面\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. []
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

咱俩的日至都挺简略。

恩..好象是的

汗~~~你的那么多。

刚刚的高人呢？

运行SRENG
启动项 注册表 删除
<zz><C:\WINDOWS\system32\lsrx.exe>

下载KILLBOX删除
C:\WINDOWS\system32\rxxx.dll

描述下你的病毒路径和故障现象，谢谢