2007-01-25,14:13:39

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SysExplr><F:\常用软件\豪杰超级解霸 V8 精简零售版\SYSEXPLR.EXE> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<wsvbs><C:\WINDOWS\wsvbs.exe> [N/A]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<DVDUpgrade><DVDUpgrd.exe /async> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Execute><C:\WINDOWS\System32\Tools\DelFolders.exe> [N/A]
<KKDelay><F:\常用软件\杀毒软件\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\豪杰多~1.SCR> [N/A]

==================================
启动文件夹
[Reboot]
<C:\Documents and Settings\ZHANGYING\「开始」菜单\程序\启动\Reboot.exe --> [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[MSN90 Class]
{472D2206-4ADE-40C1-BD86-1E2968EF00FC} <C:\WINDOWS\061220zr.dll, >
[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <F:\常用软件\豪杰超级解霸 V8 精简零售版\STHSDVD.EXE, N/A>
[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MSN90 Class]
{472D2206-4ADE-40C1-BD86-1E2968EF00FC} <C:\WINDOWS\061220zr.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[百度Flash搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
<res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
<F:\常用软件\豪杰超级解霸 V8 精简零售版\MPURLGET.HTM, N/A>

正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 744][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 864][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 912][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 996][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1224][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsvbs.dll] [N/A, N/A]
[F:\常用软件\豪杰超级解霸 V8 精简零售版\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\BaiDuBar.dll] [, 2, 0, 0, 0]
[PID: 1276][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1524][F:\常用软件\豪杰超级解霸 V8 精简零售版\SYSEXPLR.EXE] [N/A, N/A]
[F:\常用软件\豪杰超级解霸 V8 精简零售版\AVCDROM.dll] [N/A, N/A]
[F:\常用软件\豪杰超级解霸 V8 精简零售版\CoolMenu.dll] [N/A, N/A]
[F:\常用软件\豪杰超级解霸 V8 精简零售版\Sys936.DLL] [N/A, N/A]
[PID: 1532][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3275]
[PID: 1580][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.40]
[PID: 1588][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 1088][C:\Program Files\Dr.COM 宽带登录客户端\ishare_user.exe] [N/A, N/A]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[PID: 828][C:\WINDOWS\ALCFDRTM.EXE] [Realtek Semiconductor Corp., 1.01]
[PID: 388][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][E:\淘宝网\淘宝旺旺\WangWang.exe] [淘宝（中国）软件有限公司, 1, 6, 6, 616]
[E:\淘宝网\淘宝旺旺\AliViewCtrl.dll] [vline, 1, 0, 0, 1]
[E:\淘宝网\淘宝旺旺\VLNetwork.dll] [, 1, 0, 0, 6]
[E:\淘宝网\淘宝旺旺\AliViewMedia.dll] [vline, 1, 0, 0, 1]
[E:\淘宝网\淘宝旺旺\VideoCAP.dll] [, 1, 0, 0, 4]
[E:\淘宝网\淘宝旺旺\VLAudio.dll] [, 1, 0, 0, 4]
[E:\淘宝网\淘宝旺旺\JsmShow.dll] [, 1, 0, 0, 3]
[E:\淘宝网\淘宝旺旺\Ali_Res.DLL] [N/A, N/A]
[E:\淘宝网\淘宝旺旺\RichOne.dll] [淘宝(中国)软件有限公司, 1.0.0.1]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[E:\淘宝网\淘宝旺旺\WangWangX.dll] [, 1, 0, 0, 1]
[PID: 1216][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BaiDuBar.dll] [, 2, 0, 0, 0]
[C:\WINDOWS\061220zr.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[E:\淘宝网\淘宝旺旺\WangWangX.dll] [, 1, 0, 0, 1]
[F:\常用软件\豪杰超级解霸 V8 精简零售版\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[PID: 1544][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BaiDuBar.dll] [, 2, 0, 0, 0]
[C:\WINDOWS\061220zr.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\TcpIpDog0.dll] [N/A, N/A]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\WINDOWS\system32\rmoc3260.dll] [RealNetworks, Inc., 6.0.9.2085]
[C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] [RealNetworks, Inc., 6.0.9.3833]
[C:\Program Files\Common Files\Real\Codecs\hxltcolor.dll] [RealNetworks, Inc., 10.0.0.526]
[C:\Program Files\Real\RealOne Player\rpplugins\embd3260.dll] [RealNetworks, Inc., 6.0.12.1069]
[C:\Program Files\Common Files\Real\Common\pngu3267.dll] [RealNetworks, Inc., 6.7.0.2477]
[C:\Program Files\Common Files\Real\Common\objb3201.dll] [RealNetworks, Inc., 0.1.0.6092]
[C:\Program Files\Real\RealOne Player\rpplugins\rpcl3260.dll] [RealNetworks, Inc., 6.0.9.2871]
[C:\Program Files\Real\RealOne Player\rpplugins\rput3260.dll] [RealNetworks, Inc., 6.0.9.2853]
[C:\Program Files\Common Files\Real\Common\pnen3260.dll] [RealNetworks, Inc., 10.0.0.692]
[C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll] [RealNetworks, Inc., 10.1.0.596]
[C:\Program Files\Common Files\Real\Plugins\zipf3260.dll] [RealNetworks, Inc., 6.0.8.2317]
[C:\Program Files\Common Files\Real\Plugins\vidsite.dll] [RealNetworks, Inc., 10.0.0.669]
[C:\Program Files\Common Files\Real\Plugins\vsrl3260.dll] [RealNetworks, Inc., 6.0.7.3261]
[C:\Program Files\Common Files\Real\Plugins\clntxres.dll] [RealNetworks, Inc., 10.0.0.3020]
[C:\Program Files\Real\RealOne Player\lang\cdplay_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\dbcomp_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\embed_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\gemctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\pngui_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\pdgenxfer_cn.dll] [N/A, N/A]
[C:\Program Files\Real\RealOne Player\lang\rjctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjeq_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjres_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjskin_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjviz_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjfade_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjdlg_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjmisc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rjprog_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpapp_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpclsvc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpclutil_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealOne Player\lang\rpdemand_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealOne Player\lang\rpdsplyr_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpgutil_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpmnpane_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpplylst_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\rpwebctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tcdinfo_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tclsvc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tdwnmgr_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tmp3_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\twave_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\teasdk_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tearm_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\tmdedit_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealOne Player\lang\mydevices_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Common Files\Real\Plugins\memfsys.dll] [RealNetworks, Inc., 10.0.0.656]
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll] [RealNetworks, Inc., 10.0.0.2404]
[C:\Program Files\Real\RealOne Player\rpplugins\rpap3260.dll] [RealNetworks, Inc., 6.0.9.2798]
[C:\Program Files\Common Files\Real\Plugins\authmgr.dll] [RealNetworks, Inc., 10.0.0.1116]
[C:\Program Files\Common Files\Real\Plugins\ramfformat.dll] [RealNetworks, Inc., 10.0.0.1847]
[C:\Program Files\Common Files\Real\Plugins\rmfformat.dll] [RealNetworks, Inc., 10.0.0.890]
[C:\Program Files\Common Files\Real\Plugins\rarender.dll] [RealNetworks, Inc., 10.0.0.675]
[C:\Program Files\Common Files\Real\Codecs\cook.dll] [RealNetworks, Inc., 10.0.0.1270]
[C:\Program Files\Common Files\Real\Plugins\rvrender.dll] [RealNetworks, Inc., 10.0.0.995]
[C:\Program Files\Common Files\Real\Codecs\RV40.DLL] [RealNetworks, Inc., 10.0.0.1155]
[C:\Program Files\Common Files\Real\Codecs\drvc.dll] [RealNetworks, Inc., 10.0.0.1155]
[PID: 1408][C:\DOCUME~1\ZHANGY~1\LOCALS~1\Temp\sreng2.zip 的临时目录 2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================


[/CODE]

运行SRENG 启动 注册表
删除<wsvbs><C:\WINDOWS\wsvbs.exe> [N/A]

安全模式下删除
[C:\WINDOWS\DOWNLO~1\BaiDuBar.dll] [, 2, 0, 0, 0]
[C:\WINDOWS\061220zr.dll] [, 1, 0, 0, 1]

C:\WINDOWS\system32\wsvbs.dll