2006-09-20,16:16:36

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(CTFMON.EXE) [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)(; ?翽翽?膑矹?矹????) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [Microsoft Corporation]
(qcsszjcz)(c:\chenhu2\chenqxms.exe) []
(Super Rabbit SRRestore)(E:\SUPERR~1\MAGICSET\SRRest.exe /autosave) [Super Rabbit Soft]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [Microsoft Corporation]
(LanTalk)("C:\Program Files\CEZEO software\LanTalk XP\LanTalk.exe") [CEZEO software (c)]
(Tray)(C:\WINNT\command\rundll32.exe) []
(SKYNET Personal FireWall)(E:\SkyNet\FireWall\PFW.exe) [广州众达天网技术有限公司]
(vptray)(E:\SYMANT~1\SYMANT~1\vptray.exe) [Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(9)(C:\WINNT\system32\Ravdm.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINNT\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({25E1EECB-E580-4032-97A2-A456D33820D1})(C:\Program Files\Outlook Express\mqq.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
(WinlogonNotify: NavLogon)(C:\WINNT\system32\NavLogon.dll) []




--------------------------------------------------------------------------------


启动文件夹

服务

[Logical Disk Manager Administrative Service / dmadmin]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[InterBase Guardian / InterBaseGuardian]
(C:\Program Files\Borland\InterBase\bin\ibguard.exe)(Borland Software Corporation)
[InterBase Server / InterBaseServer]
(C:\Program Files\Borland\InterBase\bin\ibserver.exe)(Borland Software Corporation)
[DefWatch / DefWatch]
(E:\SYMANT~1\SYMANT~1\DefWatch.exe)(Symantec Corporation)
[Symantec AntiVirus Client / Norton AntiVirus Server]
(E:\SYMANT~1\SYMANT~1\Rtvscan.exe)(Symantec Corporation)



--------------------------------------------------------------------------------



浏览器加载项

[Shockwave Flash BrowserHelpObject]
{1002C84D-A326-2D3C-13F3-2C2474392A91} (C:\WINNT\system32\FlashHlp.dll, N/A)
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} (E:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[NXIECatcher Class]
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} (e:\Xi\NetXfer\NXIEHelper.dll, Xi)
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} (c:\program files\google\googletoolbar1.dll, Google Inc.)
[shdocvwhlp Class]
{BE442802-3911-46E0-B227-076B15A4EAD3} (C:\WINNT\system32\mskey16.dll, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (E:\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (E:\Tencent\QQ\QQ.EXE, TENCENT)
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} (E:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司)
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINNT\system32\msdxm.ocx, Microsoft Corporation)
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} (c:\program files\google\googletoolbar1.dll, Google Inc.)
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} (C:\WINNT\system32\macromed\Shockwave 10\Download.dll, Macromedia, Inc.)
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} (C:\WINNT\system32\GLIEDown2.dll, N/A)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[上传到QQ网络硬盘]
(E:\Tencent\QQ\AddToNetDisk.htm, N/A)
[导出到 Microsoft Excel(&x)]
(res://E:\MICROS~1\Office10\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(E:\Tencent\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(E:\Tencent\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(E:\Tencent\QQ\SendMMS.htm, N/A)

正在运行的进程

[PID: 140][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 164][\??\C:\WINNT\system32\csrss.exe] (Microsoft Corporation)(5.00.2195.6601)
[PID: 160][\??\C:\WINNT\system32\winlogon.exe] (Microsoft Corporation)(5.00.2195.6714)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\WINNT\system32\NavLogon.dll] (N/A)(N/A)
[PID: 212][C:\WINNT\system32\services.exe] (Microsoft Corporation)(5.00.2195.6700)
[C:\WINNT\system32\dmserver.dll] (VERITAS Software Corp.)(2195.6605.297.3)
[PID: 224][C:\WINNT\system32\lsass.exe] (Microsoft Corporation)(5.00.2195.6695)
[PID: 400][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 424][C:\WINNT\system32\spoolsv.exe] (Microsoft Corporation)(5.00.2195.6659)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617U.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617C.DLL] (RICOH)(1.0.9.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617L.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617X.DLL] (RICOH)(3.0.1.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617ZU.DLL] (RICOH Corp)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617WU.DLL] (RICOH)(1.3.6.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617K.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617P.DLL] (RICOH)(3.0.1.10)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617J.DLL] (RICOH)(2.1.1.9)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617ZK.DLL] (RICOH Corp)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617WK.DLL] (RICOH)(1.3.6.0)
[PID: 496][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 520][C:\WINNT\System32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 536][C:\Program Files\Borland\InterBase\bin\ibguard.exe] (Borland Software Corporation)(WI-V6.5.0.28)
[C:\WINNT\system32\gds32.dll] (Borland Software Corporation)(WI-V6.5.0.28)
[PID: 596][C:\WINNT\system32\regsvc.exe] (Microsoft Corporation)(5.00.2195.6701)
[PID: 616][C:\WINNT\system32\MSTask.exe] (Microsoft Corporation)(4.71.2195.6704)
[PID: 728][C:\WINNT\System32\WBEM\WinMgmt.exe] (Microsoft Corporation)(1.50.1085.0100)
[PID: 740][C:\WINNT\system32\svchost.exe] (Microsoft Corporation)(5.00.2134.1)
[PID: 888][C:\WINNT\Explorer.EXE] (Microsoft Corporation)(5.00.3700.6690)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[C:\WINNT\system32\mskey16.dll] (N/A)(N/A)
[C:\WINNT\system32\ibmgr.cpl] (Borland Software Corporation.)(6.5.0.2)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617U.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617C.DLL] (RICOH)(1.0.9.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617L.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617X.DLL] (RICOH)(3.0.1.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617ZU.DLL] (RICOH Corp)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617WU.DLL] (RICOH)(1.3.6.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617K.DLL] (RICOH)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617P.DLL] (RICOH)(3.0.1.10)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617J.DLL] (RICOH)(2.1.1.9)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617ZK.DLL] (RICOH Corp)(1.5.0.0)
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\RIC617WK.DLL] (RICOH)(1.3.6.0)
[e:\Xi\NetXfer\NXIEHelper.dll] (Xi)(2.0.300)
[E:\Tencent\QQ\qdshm.dll] ()(1, 0, 1, 2)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] (Symantec Corporation)(8.1.0.821)
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[PID: 920][C:\WINNT\system32\conime.exe] (Microsoft Corporation)(5.00.2195.6655)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[PID: 1052][C:\WINNT\command\rundll32.exe] (N/A)(N/A)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[PID: 1060][E:\SkyNet\FireWall\PFW.exe] (广州众达天网技术有限公司)(2.5.1.160)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[PID: 1032][C:\WINNT\system32\ctfmon.exe] (Microsoft Corporation)(1.00.2409.34 built by: Lab06_N)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[PID: 928][C:\Program Files\Borland\InterBase\bin\ibserver.exe] (Borland Software Corporation)(WI-V6.5.0.28)
[PID: 948][E:\SYMANT~1\SYMANT~1\DefWatch.exe] (Symantec Corporation)(8.1.0.821)
[PID: 1208][E:\SYMANT~1\SYMANT~1\Rtvscan.exe] (Symantec Corporation)(8.1.0.821)
[C:\WINNT\system32\CBA.DLL] (Intel? Corporation)(6.12.0.105 E)
[C:\WINNT\system32\MsgSys.dll] (Intel? Corporation)(6.12.0.105 E)
[C:\WINNT\system32\NTS.dll] (Intel? Corporation)(6.12.0.105 E)
[C:\WINNT\system32\PDS.DLL] (Intel? Corporation)(6.12.0.105 E)
[E:\SYMANT~1\SYMANT~1\NAVLU.dll] (Symantec Corporation)(8.1.0.821)
[E:\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] (Symantec/Peter Norton Group)(1, 0, 0, 1)
[E:\SYMANT~1\SYMANT~1\i2ldvp3.dll] (Symantec Corporation)(8.1.0.821)
[E:\SYMANT~1\SYMANT~1\NAVAPI32.DLL] (Symantec Corp.)(4.2.0.7)
[E:\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] (Symantec Corporation)(9.1.0.26)
[E:\Symantec_Client_Security\Symantec AntiVirus\vpmsece.dll] (Symantec Corporation)(8.1.0.821)
[C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll] (Symantec Corporation)(8.1.0.821)
[C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx] (Symantec Corporation)(8.1.0.821)
[E:\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] (Symantec Corporation)(8.1.0.821)
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060913.019\NAVEX32a.DLL] (Symantec Corporation)(20061.2.0.26)
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060913.019\NAVENG32.DLL] (Symantec Corporation)(20061.2.0.26)
[E:\Symantec_Client_Security\Symantec AntiVirus\DecSDK.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2ID.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2UUE.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2AMG.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2ARJ.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2CAB.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2EXE.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2GZIP.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2HQX.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2LHA.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2LZ.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2MIME.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2SS.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2RTF.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2TAR.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2TNEF.dll] (Symantec Corporation)(3.02.09.07)
[E:\Symantec_Client_Security\Symantec AntiVirus\Dec2ZIP.dll] (Symantec Corporation)(3.02.09.07)
[PID: 1320][E:\SYMANT~1\SYMANT~1\vptray.exe] (Symantec Corporation)(8.1.0.821)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[E:\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] (Symantec Corporation)(8.1.0.821)
[E:\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] (Symantec/Peter Norton Group)(1, 0, 0, 1)
[E:\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] (Symantec Corporation)(8.1.0.821)
[PID: 1184][E:\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE] (Symantec Corporation)(8.1.0.821)
[E:\Symantec_Client_Security\Symantec AntiVirus\S32NAVS.DLL] (Symantec Corporation)(5.3.0.180)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx] (Symantec Corporation)(8.1.0.821)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[C:\Program Files\Common Files\Symantec Shared\SSC\LDVPView.ocx] (Symantec Corporation)(8.1.0.821)
[C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\LDVPTask.ocx] (Symantec Corporation)(8.1.0.821)
[E:\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] (Symantec Corporation)(8.1.0.821)
[E:\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL] (Symantec/Peter Norton Group)(1, 0, 0, 1)
[E:\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] (Symantec Corporation)(8.1.0.821)
[E:\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] (Symantec Corporation)(9.1.0.26)
[C:\WINNT\system32\tdll.dll] (N/A)(N/A)
[PID: 1044][C:\Program Files\Internet Explorer\IEXPLORE.EXE] (Microsoft Corporation)(6.00.2800.1106)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[C:\WINNT\system32\CHENHU4.IME] (chenhu)(5.8)
[E:\Tencent\QQ\QQIEHelper.dll] (深圳市腾讯计算机系统有限公司)(1, 1, 0, 5)
[e:\Xi\NetXfer\NXIEHelper.dll] (Xi)(2.0.300)
[c:\program files\google\googletoolbar1.dll] (Google Inc.)(3, 0, 131, 0)
[C:\WINNT\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[PID: 352][C:\Program Files\WinRAR\WinRAR.exe] (N/A)(N/A)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)
[PID: 1516][C:\DOCUME~1\ygk\LOCALS~1\Temp\Rar$EX00.332\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\Program Files\Outlook Express\mqq.dll] (N/A)(N/A)



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]