[CODE]

2007-04-04,11:31:19

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TPHOTKEY><C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe>  []
    <QCTRAY><C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE>  [Lenovo]
    <QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [Lenovo]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
    <WinlogonNotify: QConGina><QConGina.dll>  [Lenovo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    <WinlogonNotify: tpfnf2><notifyf2.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    <WinlogonNotify: tphotkey><tphklock.dll>  []

启动文件夹
[Digital Line Detect]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Digital Line Detect.lnk --> C:\PROGRA~1\DIGITA~1\DLG.exe [BVRP Software]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[ACU Configuration Service / ACS][Running/Manual Start]
  <C:\WINDOWS\system32\acs.exe><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================

驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[ANC / ANC][Running/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[Dual-band Wi-Fi Wireless Mini PCI Adapter / AR5211][Running/Manual Start]
  <system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>
[atmeltpm / atmeltpm][Running/Manual Start]
  <system32\DRIVERS\atmeltpm.sys><Atmel, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\hsx_dpv.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
  <system32\DRIVERS\hsxhwazl.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QCNDISIF / QCNDISIF][Stopped/Manual Start]
  <System32\drivers\qcndisif.SYS><IBM Corporation.>
[Rising Kaka anti-spyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\hsx_cnxt.sys><Conexant Systems, Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>

浏览器加载项
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Herosoft\HeroV8\STHSDVD.EXE, herosoft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[豪杰超级解霸V8实时播放]
  <d:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 660][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 768][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\tphklock.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1548][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[PID: 2124][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2300][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4693]
[PID: 2520][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4693]
[PID: 2560][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4693]

[PID: 2628][C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Oemdspif.dll]  [Intel Corporation, 3.0.0.4693]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4693]
[PID: 2672][C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE]  [Lenovo, 3, 8, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll]  [Lenovo, 3, 8, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\TrayRes.dll]  [N/A, ]
    [C:\Program Files\ThinkPad\ConnectUtilities\atheroswrap.dll]  [N/A, ]
    [C:\WINDOWS\system32\athcfg11.dll]  [Atheros, 4.1.1.226]
    [C:\WINDOWS\system32\athcfg11Res.dll]  [Atheros Communications, Inc., 4.1.1.226]
    [C:\WINDOWS\system32\wcapi.dll]  [Atheros, 4.1.1.226]
    [C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll]  [IBM Corp., 8.3]
    [C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll]  [IBM Corp., 8.3]
[PID: 2676][C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, ]
[PID: 2772][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE]  [Lenovo, 3, 8, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll]  [Lenovo, 3, 8, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\Program Files\ThinkPad\ConnectUtilities\atheroswrap.dll]  [N/A, ]
    [C:\WINDOWS\system32\athcfg11.dll]  [Atheros, 4.1.1.226]
    [C:\WINDOWS\system32\athcfg11Res.dll]  [Atheros Communications, Inc., 4.1.1.226]
    [C:\WINDOWS\system32\wcapi.dll]  [Atheros, 4.1.1.226]
    [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\IconRes.dll]  [N/A, ]
[PID: 3040][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
[PID: 204][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\Program Files\Digital Line Detect\DLG.exe]  [BVRP Software, 1, 0, 0, 1]
    [C:\Program Files\Digital Line Detect\BVRPDIAG.dll]  [BVRP Software, 1.0]
    [C:\WINDOWS\system32\MdmXSdk.dll]  [Conexant, 1.0.2.010]
[PID: 4004][G:\张拉\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

求救啊！！

有没有人啊,哭了

哭求啊

看看，有什么毛病吗？

重新发一次，哪位大侠帮忙给解决一下啊！谢谢了