[CODE]

2007-05-15,08:36:08

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <CM-SmWizard><; C:\WINDOWS\System\SmWizard.exe>  [C-Media Electronics Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[FirebirdGuardianDefaultInstance / FirebirdGuardianDefaultInstance][Stopped/Auto Start]
  <C:\PROGRA~1\广东省~1\FireBird\bin\fbguard.exe -s><The Firebird Project>
[FirebirdServerDefaultInstance / FirebirdServerDefaultInstance][Stopped/Auto Start]
  <C:\PROGRA~1\广东省~1\FireBird\bin\fbserver.exe -s -g><The Firebird Project>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SSL / HTTPFilter][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k HTTPFilter-->%SystemRoot%\System32\w3ssl.dll><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>

==================================
驱动程序
[067026 / 067026][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\067026.sys><N/A>
[46885 / 46885][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\46885.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
  <system32\drivers\ADProt.sys><N/A>
[agdefbbg / agdefbbg][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\agdefbbg.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[boot002 / boot002][Stopped/Disabled]
  <system32\drivers\boot002.sys><N/A>
[c31765718 / c31765718][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\c31765718.sys><N/A>
[cbgjdjjg / cbgjdjjg][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cbgjdjjg.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dbiabhbb / dbiabhbb][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dbiabhbb.sys><N/A>
[defcjaie / defcjaie][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\defcjaie.sys><N/A>
[dhfheafa / dhfheafa][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhfheafa.sys><N/A>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gjccjdij / gjccjdij][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\gjccjdij.sys><N/A>
[hardlock / hardlock][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[hcgcjbji / hcgcjbji][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hcgcjbji.sys><N/A>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><N/A>
[HTTP / HTTP][Stopped/Manual Start]
  <System32\Drivers\HTTP.sys><N/A>
[ibgbdeja / ibgbdeja][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ibgbdeja.sys><N/A>
[ideaaief / ideaaief][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ideaaief.sys><N/A>
[ifgdaeei / ifgdaeei][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ifgdaeei.sys><N/A>
[IPv6 Windows Firewall Driver / ip6fw][Stopped/Manual Start]
  <system32\drivers\ip6fw.sys><N/A>
[jbibifjg / jbibifjg][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\jbibifjg.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R2A / R2A][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32a2.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><N/A>
[S3Psddr / S3Psddr][Stopped/Manual Start]
  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SetupNT / SetupNT][Stopped/Auto Start]
  <\SystemRoot\system32\SetupNT.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>

==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 200][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 224][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 268][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 280][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 440][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 464][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Documents and Settings\user\桌面\sreng2.3\123.com]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Documents and Settings\user\桌面\sreng2.3\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>