2006-12-25,13:16:12
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <HotKeysCmds><; C:\WINNT\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <CertificateRegistration><; SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <Taxawoke.exe><; C:\Program Files\个人所得税明细申报系统\报税提醒\Taxawoke.exe>  [box-hill]
    <ShStatEXE><; "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <McAfeeUpdaterUI><; "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
    <Network Associates Error Reporting Service><; "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe">  [Network Associates, Inc.]
    <WinStar><C:\WINNT\IEXPL0RE.exe>  [N/A]
    <MSConfig><C:\Documents and Settings\user\桌面\msconfig.exe /auto>  [N/A]
    <cwldjr29><; %systemroot%\system32\Rundll32.exe %systemroot%\system32\cwldjr29.dll,DllUnregisterServer>  [N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[McAfee Framework 服务 / McAfeeFramework]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[TudingService / Tuding]
  <"C:\Program Files\tuding\TudingService.exe" -service><体现时代科技(北京)有限公司>
==================================
驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Broadcom 440x 10/100 Integrated Controller Driver / bcm4sbe5]
  <System32\DRIVERS\bcm4sbe5.sys><Broadcom Corporation>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[usb Card Device / ft2kEnum]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc]
  <system32\DRIVERS\smccardb.sys><OEM>
[USB Chip Service / GD_USB]
  <system32\DRIVERS\usbtoken.sys><N/A>
[grck / grckx]
  <\SystemRoot\System32\DRIVERS\grckx.sys><N/A>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[msqmx / msqmx]
  <\SystemRoot\system32\drivers\msqmx.sys><Microsoft Corporation>
[NaiAvFilter1 / NaiAvFilter1]
  <system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device]
  <system32\DRIVERS\usbic2k.sys><OEM>
[Sense3 / Sense3]
  <System32\Drivers\sense3.sys><Beijing Senselock>
[Prolific Serial port driver / Ser2pl]
  <System32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Superk53 / Superk53]
  <\SystemRoot\System32\drivers\superk53.sys><Microsoft Corporation>
[Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境 / WS2IFSL]
  <\SystemRoot\System32\drivers\ws2ifsl.sys><N/A>
[wsfit32 / wsfit32]
  <\SystemRoot\system32\DRIVERS\wsfit32.sys><Windows (R) Server 2003 DDK provider>
[World Standard Teletext Codec / WSTCODEC]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
==================================
浏览器加载项
[C:\WINNT\system32\zkPeCrypt.dll]
  {8A5849C4-93F3-429D-FF34-660A2068897C} <C:\WINNT\system32\zkPeCrypt.dll, N/A>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\office2k\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[BitComet工具栏]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A>
[Bar888]
  {C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{38B17~1\Bar888.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Abobe Flash Play 9]
  {772546DC-8719-4F80-B82F-B3A92AAC96C7} <C:\Program Files\Abobe Flash Play 9\Cab301b48.dll, N/A>
[CellWeb5 Control]

{3F166327-8030-4881-8BD2-EA25350E574A} <C:\WINNT\System32\cellweb5.ocx, Cell Software, Inc.>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINNT\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\system32\INPUTC~1.DLL, >
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[TV Stream Source]
  {BE9535B7-76FB-4572-AD20-B32BADB3643B} <C:\WINNT\system32\FAggr.ax, www.sina.com.cn>
[Java Plug-in]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
  {DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINNT\system32\USBKey.dll, >
[ActiveFormX Control]
  {E9497245-75A2-11D4-8D49-0080C8BCDEB7} <C:\WINNT\DOWNLO~1\ACTIVE~1.OCX, 杭州恒生信息技术有限公司>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINNT\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[&使用下载加速专家下载]
  <C:\Program Files\3721\Dlaccel\geturl.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\office2k\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246, N/A>
==================================
正在运行的进程
[PID: 156][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 228][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 240][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 368][C:\WINNT\System32\SCardSvr.exe]  [Microsoft Corporation, 5.00.2195.6609]
[PID: 288][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 524][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 540][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\0804\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\UserSpace.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 576][C:\Program Files\Network Associates\VirusScan\Mcshield.exe]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res04\McShield.DLL]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\FTL.Dll]  [Network Associates, Inc., 8.0.0.135]
    [C:\Program Files\Network Associates\VirusScan\naiann.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\Common Framework\GenEvtInf.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\VirusScan\NaEventU.DLL]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\Res04\naEvtRes.dll]  [Network Associates, Inc., 8.0.0.342]
    [C:\Program Files\Network Associates\VirusScan\VSIDSvr.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Common Files\Network Associates\Engine\MCSCAN32.DLL]  [McAfee, Inc., 5.1.00]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\VirusScan\EntSrv.Dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 592][C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naicondl.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\VsTskMgr.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\MIDUtil.Dll]  [McAfee, Inc., 8.0.0.152]
[PID: 620][C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe]  [Network Associates, Inc., 3.5.0.412]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\PROGRA~1\NETWOR~1\COMMON~1\0804\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 696][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
[PID: 748][C:\Program Files\tuding\TudingService.exe]  [体现时代科技(北京)有限公司, 1.0.0.2]
    [C:\Program Files\tuding\Plugin\ScanObject.dll]  [体现时代科技(北京)有限公司, 1.0.0.2]
[PID: 792][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 896][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.277]
    [C:\WINNT\System32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Network Associates\VirusScan\shext.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 1072][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 312][E:\123\sreng最新版\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================

好久都没来咯

修复这4个
<WinStar><C:\WINNT\IEXPL0RE.exe> [N/A]
<MSConfig><C:\Documents and Settings\user\桌面\msconfig.exe /auto> [N/A]
<cwldjr29><; %systemroot%\system32\Rundll32.exe %systemroot%\system32\cwldjr29.dll,DllUnregisterServer> [N/A]
[Bar888]
{C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{38B17~1\Bar888.dll, N/A>


删除\WINNT\IEXPL0RE.exe
%systemroot%\system32\cwldjr29.dll
C:\PROGRA~1\COMMON~1\{38B17~1\Bar888.dll