006-11-13,15:39:51

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [N/A]
    <ws_d><; C:\WINDOWS\ws32.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PreAnnotate><; C:\WINDOWS\System32\PreAnntt.exe>  [N/A]
    <SubOlccr><; C:\Patriot\SubOlccr.exe>  [N/A]
    <RfwMain><"F:\Program Files\rav\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"F:\Program Files\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [Apple Computer, Inc.]
    <QuickTime Task><"F:\新建文件夹\Storm Codec\qttask.exe" -atboottime>  [N/A]
    <Lexmark 4200 Series><"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe">  [Lexmark International, Inc.]
    <FaxCenterServer4_in_1><"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s>  [N/A]
    <C:\WINDOWS\System32\15.exe><C:\WINDOWS\System32\15.exe>  [N/A]
    <assistse><; "C:\PROGRA~1\3721\assistse.exe">  [N/A]
    <ccenter><; d:\Program Files\rising\Rav\CCenter.exe>  [N/A]
    <EyeTel><; F:\EyeTel\EyeTel.exe -a>  [N/A]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <MINI_BFYY><; F:\新建文件夹\Storm Downloader\StormDownloader.exe>  [N/A]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <RavMon><; F:\Program Files\rav\RavMon.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTimer><; F:\Program Files\rav\RavTimer.exe>  [N/A]
    <RealTray><; d:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER>  [N/A]
    <rfw><; F:\Program Files\rav\Rfw\Rfw.exe>  [N/A]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [N/A]
    <WinampAgent><; "E:\zqz\winnap\Winampa.exe">  [N/A]
    <WService><; WService.EXE>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [N/A]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
    <NetWork><C:\WINDOWS\System32\cmspl.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><%SystemRoot%\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================

启动文件夹
N/A

==================================
服务
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[EpsonBidirectionalService / EpsonBidirectionalService]
  <C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe><N/A>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
  <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[Imsvc / Imsvc]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Webmail.dll><>
[Indexing Service / IndexingService]
  <2 - 系统找不到指定的文件。
><N/A>
[iPodService / iPodService]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[LexBce Server / LexBceS]
  <C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[MessageService / MessageService]
  <C:\WINDOWS\System32\Svchost.exe -k MessageService-->C:\WINDOWS\System32\MsServices\svchost.dll><N/A>
[msgsat / msgsat]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnhost.dll><>
[Rising Personal Firewall Service / RfwService]
  <f:\program files\rav\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"F:\Program Files\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"F:\Program Files\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[WindowService / WindowService]
  <C:\WINDOWS\System32\Svchost.exe -k WindowService-->C:\WINDOWS\System32\drivers\Register_nos.dll><N/A>
[WinTab Service / WinTabService]
  <"C:\WINDOWS\System32\Drivers\WTSRV.EXE"><N/A>

==================================

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdsys / Cdsys]
  <\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[dwntrk8 / dwntrk81]
  <\SystemRoot\System32\DRIVERS\dwntrk81.sys><N/A>
[ebiugd6 / ebiugd65]
  <\SystemRoot\System32\DRIVERS\ebiugd65.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\F:\Program Files\Rav\ExpScan.sys><>
[GEARAspiWDM / GEARAspiWDM]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[HookCont / HookCont]
  <\??\F:\Program Files\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\F:\Program Files\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\F:\Program Files\Rav\HookSys.sys><Rising>
[jr / jr]
  <\??\C:\WINDOWS\System32\drivers\jr.sys><N/A>
[kkicfc8 / kkicfc80]
  <\SystemRoot\System32\DRIVERS\kkicfc80.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\F:\Program Files\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\f:\program files\rav\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NetworkX / NetworkX]
  <\SystemRoot\system32\ckldrv.sys><N/A>
[New0 / New0]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\F:\Program Files\rav\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Helper Driver / sfhlp01]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SiS315 / SiS315]
  <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Serial Tablet Port Driver / Tablet2k]
  <System32\DRIVERS\Tablet2k.sys><Windows (R) 2000 DDK provider>
[Tablet Class Driver / TClass2k]
  <System32\DRIVERS\TClass2k.sys><Windows (R) 2000 DDK provider>
[HID Tablet Port Driver / UCTblHid]
  <"C:\WINDOWS\System32\Drivers\UCTblHid.sys"><Windows (R) 2000 DDK provider>
[udsvmgg / udsvmggf]
  <\SystemRoot\System32\DRIVERS\udsvmggf.sys><N/A>

==================================

浏览器加载项
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <F:\BitComet\BitCometBar\BitCometBar0.1.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, N/A>
[Abobe Flash Play9]
  {BD328E49-38AB-42CB-8EEA-73AA4CD2A6FD} <C:\Program Files\Abobe Flash Play9\Abobe Flash Player 9.dll, IE Toolbar>
[Abobe Flash Play 9]
  {055187D9-1D7B-4C60-8324-F53F935E8AEE} <C:\Program Files\Abobe Flash Play 9\tbu03305\Cab301b48.dll, N/A>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Tech. Co., Ltd.>

==================================
正在运行的进程
[PID: 288][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 340][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 364][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 408][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 420][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 572][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 616][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1136][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\WINDOWS\System32\mp3infp.dll]  [win32lab.com, 2.50.5.0]
    [F:\Program Files\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1524][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1380][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1820][C:\Program Files\Super Rabbit\MagicSet\SRIEH.EXE]  [Super Rabbit Soft, 7.86.0001]
[PID: 1924][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [F:\Program Files\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 516][E:\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. []
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

版主进来看看嘛，急死了.

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Imsvc
MessageService
msgsat
WindowService
WinTab Service
，选择“删除服务”
点“设置”选择“否”
运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
New0
，选择“删除服务”
点“设置”选择“否”
运行SREng2,使用“启动项目”－－注册表－－删除
C:\WINDOWS\ws32.exe
C:\WINDOWS\System32\15.exe


重启按F８进入安全模式下修复
显示隐藏文件
删除：                 
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\Webmail.dll
C:\WINDOWS\System32\MsServices\svchost.dll
C:\WINDOWS\System32\drivers\Register_nos.dll
C:\Program Files\Messenger\msnhost.dll
C:\WINDOWS\System32\new.sys
C:\WINDOWS\System32\mp3infp.dll
C:\WINDOWS\ws32.exe
C:\WINDOWS\System32\15.exe

使用360安全卫士清理一下

.360下载地址:
http://www.360safe.com/
http://www.xdowns.com/soft/8/9/2006/Soft_31554.html
使用后删除360安全卫士

C:\WINDOWS\System32\mp3infp.dll
这一项删不掉。
所有的hosts项，即使用360修复掉，还是会出现的。

高，实在是高！！！！

红夜鬼1再来看看嘛。