2007-04-01,21:16:41

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"d:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <twister><"D:\Program Files\Filseclab\Twister\twister.exe" -a>  [Filseclab Corporation]
    <nortonq><C:\WINDOWS\nortonq.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[费尔消息服务]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\费尔消息服务.lnk --> C:\PROGRA~1\COMMON~1\FILSEC~1\FilMsg.exe [费尔安全实验室]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"d:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\ExpScan.sys><>
[Filseclab Dynamic Defense System Driver / filar][Running/System Start]
  <\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><Filseclab Corporation>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\HookSys.sys><Rising>
[IMMDRV / IMMDRV][Running/Manual Start]
  <\??\D:\PROGRA~1\FILSEC~1\Twister\immdrv.sys><Filseclab Corp.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Stopped/System Start]
  <2 - 系统找不到指定的文件。
><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Program Files\rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Common Files\Kingsoft\Extract\AddIns\IEBand.dll, 金山软件股份有限公司>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <d:\PROGRA~1\PHOTO_~1\PHOTO_~1.OCX, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Common Files\Kingsoft\Extract\AddIns\IEBand.dll, 金山软件股份有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <d:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <d:\Program Files\SSREADER36\ss_select.htm, N/A>

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 9.00.00.3250]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\Program Files\Filseclab\Twister\Twshlext.dll]  [Filseclab Corp., 2, 0, 1, 988]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [d:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 972][D:\Program Files\Filseclab\Twister\twister.exe]  [Filseclab Corporation, 7, 0, 3, 21929]
    [D:\Program Files\Filseclab\Twister\Twshlext.DLL]  [Filseclab Corp., 2, 0, 1, 988]
    [D:\Program Files\Filseclab\Twister\Quarantine.dll]  [Filseclab Corp., 2, 0, 0, 581]
    [D:\Program Files\Filseclab\Twister\W32Tools.dll]  [Filseclab Corp., 1, 0, 2, 1772]
    [D:\Program Files\Filseclab\Twister\virsubm.dll]  [Filseclab Corp., 2, 0, 2, 496]
    [D:\Program Files\Filseclab\Twister\psmgr.dll]  [Filseclab Corp., 1, 0, 1, 1071]
    [D:\Program Files\Filseclab\Twister\zipexp.dll]  [Filseclab Corp., 1, 0, 1, 164]
    [D:\Program Files\Filseclab\Twister\emlib.dll]  [Filseclab Corp., 1, 0, 2, 1250]
    [D:\Program Files\Filseclab\Twister\ctools.dll]  [Filseclab Corp., 1, 0, 0, 19]
    [D:\Program Files\Filseclab\Twister\Regpro.dll]  [Filseclab Corp., 2, 0, 1, 1236]
    [D:\Program Files\Filseclab\Twister\twsupdate.dll]  [Filseclab Corp., 1, 0, 1, 499]
    [D:\Program Files\Filseclab\Twister\FAPIConv.dll]  [Filseclab Corp., 1, 0, 0, 45]
    [D:\Program Files\Filseclab\Twister\mdcoder.dll]  [Filseclab Corp., 1, 0, 0, 21]
    [D:\Program Files\Filseclab\Twister\Schedule.dll]  [Filseclab Corp., 1, 0, 1, 32]
    [D:\Program Files\Filseclab\Twister\lsf.dll]  [Filseclab Corp., 1, 0, 1, 280]
    [D:\Program Files\Filseclab\Twister\falgorit.dll]  [Filseclab Corp., 1, 0, 0, 446]
    [D:\Program Files\Filseclab\Twister\message.dll]  [Filseclab Corp., 1, 0, 1, 1598]
    [D:\Program Files\Filseclab\Twister\fgui.dll]  [Filseclab Corp., 1, 0, 1, 128]
    [D:\Program Files\Filseclab\Twister\kdf.dll]  [Filseclab Corp., 1, 0, 3, 1019]
    [D:\Program Files\Filseclab\Twister\Decexp.dll]  [Filseclab Corp., 2, 0, 2, 1940]
    [D:\Program Files\Filseclab\Twister\Unchm.dll]  [Filseclab Corp., 1, 0, 2, 114]
    [D:\Program Files\Filseclab\Twister\unrar.dll]  [N/A, ]
    [D:\Program Files\Filseclab\Twister\unemb.dll]  [Filseclab Corp., 2, 0, 2, 528]
    [D:\Program Files\Filseclab\Twister\unsevzip.dll]  [Filseclab Corp., 1, 0, 1, 95]
    [D:\Program Files\Filseclab\Twister\unmisc.dll]  [Filseclab Corp., 1, 0, 1, 211]
    [D:\Program Files\Filseclab\Twister\AntiRK.dll]  [Filseclab Corporation, 2, 0, 0, 2132]
    [D:\Program Files\Filseclab\Twister\filvss.dll]  [Filseclab Corporation, 2, 0, 0, 816]
    [D:\Program Files\Filseclab\Twister\tsc.dll]  [Filseclab Corp., 1, 0, 1, 71]
    [D:\Program Files\Filseclab\Twister\filau.dll]  [Filseclab, 1, 0, 0, 10]
    [D:\Program Files\Filseclab\Twister\unzip32.dll]  [Info-ZIP, 5.52]
    [D:\Program Files\Filseclab\Twister\unacev2.dll]  [N/A, ]
    [D:\Program Files\Filseclab\Twister\filvss.cn]  [Filseclab Corporation, 2, 0, 0, 817]
    [D:\Program Files\Filseclab\Twister\AntiRK.cn]  [Filseclab Corporation, 2, 0, 0, 2133]
    [D:\Program Files\Filseclab\Twister\plus.dll]  [Filseclab Corporation, 2.0.502.1050]
[PID: 1164][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1608][C:\Program Files\Common Files\Filseclab\FilMsg.exe]  [费尔安全实验室, 4, 0, 0, 985]
    [C:\Program Files\Common Files\Filseclab\twsupdate.dll]  [Filseclab Corp., 1, 0, 1, 497]
    [C:\Program Files\Common Files\Filseclab\W32Tools.dll]  [Filseclab Corp., 1, 0, 2, 1642]
    [C:\Program Files\Common Files\Filseclab\FAPIConv.dll]  [Filseclab Corp., 1, 0, 0, 45]
    [C:\Program Files\Common Files\Filseclab\mdcoder.dll]  [Filseclab Corp., 1, 0, 0, 21]
[PID: 2572][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2600][D:\sreng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

帮忙看看吧，谢谢！！！！！！

555555555555555
没人理我