- 2007-05-17,16:18:01
- System Repair Engineer 2.4.12.806
- Smallfrogs ([url]http://www.KZTechs.com[/url])
- Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed
- Follow item(s) have been choosed:
- All Boot Items (Including Registry, Startup Folders, Services and so on)
- Browser Add-ons
- Runing Processes (Including process model information)
- File Associations
- Winsock Provider
- Autorun.Inf
- HOSTS File
- Boot Items
- Registry
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <load><> [N/A]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
- <Userinit><userinit.exe> [(Verified)Microsoft Windows XP Publisher]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [Kaspersky Lab]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
- <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <ApabiAgent><; "C:\Program Files\Founder\Apabi Reader 3.0\ApabiAgent.exe"> []
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
- <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- <MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows XP Publisher]
- <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
- <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
- <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
- <UnlockerAssistant><; "C:\Program Files\Unlocker\UnlockerAssistant.exe"> []
- <WangWang><; > [N/A]
- ==================================
- Startup Folders
- N/A
- ==================================
- Services
- [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
- [ASP.NET State Service / aspnet_state][Stopped/Manual Start]
- <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
- [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
- <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
- [卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
- <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe -r><Kaspersky Lab>
- [dnWhoDisp / dnWhoDisp][Stopped/Manual Start]
- <C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe><>
- [Harmony / Harmony][Stopped/Manual Start]
- <C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE><Rockwell Software Inc.>
- [Human Interface Device Access / HidServ][Stopped/Disabled]
- <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
- [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
- <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
- [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
- <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
- [OPCEnum / OPCEnum][Stopped/Manual Start]
- <C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE><>
- [RSLinx / RSLinx][Stopped/Manual Start]
- <C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE /SERVICE><Rockwell Software, Inc.>
- [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
- <C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
- [Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
- <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
- ==================================
- Drivers
- [Rockwell Software 1784-KTC(X) Driver / ABKTCX][Stopped/Manual Start]
- <\SystemRoot\System32\Drivers\ABKTCX.sys><Rockwell Software Inc.>
- [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
- <system32\drivers\ac97intc.sys><Intel Corporation>
- [Apaidi / Apaidi][Running/Auto Start]
- <\??\C:\WINDOWS\System32\drivers\Apaidi.sys><N/A>
- [D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
- <System32\DRIVERS\dlkfet5b.sys><D-Link>
- [kl1 / kl1][Running/Boot Start]
- <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
- [klif / klif][Running/System Start]
- <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
- [npkcrypt / npkcrypt][Stopped/Auto Start]
- <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
- [nv4 / nv4][Running/Manual Start]
- <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
- [PDRJNDL / PDRJNDL][Running/Auto Start]
- <\??\E:\software\AB授权166个\PDRJNDL.SYS><Dekart>
- [PRVDISK / PRVDISK][Running/Auto Start]
- <\??\E:\software\AB授权166个\PRVDISK.SYS><Dekart>
- [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
- <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
- [RsiKtControl / RsiKtControl][Stopped/Manual Start]
- <\SystemRoot\system32\RSIKT.SYS><Rockwell Software, Inc.>
- [RSLinx Serial Driver / RSSERIAL][Stopped/Manual Start]
- <\SystemRoot\SYSTEM32\RSSERIAL.SYS><Rockwell Software Inc.>
- [RSLinx S-S SD/SD2 Device Driver / RS_SS_NT][Stopped/Manual Start]
- <\SystemRoot\SYSTEM32\RS_SS_NT.SYS><Rockwell Software, Inc.>
- [Secdrv / Secdrv][Stopped/Manual Start]
- <System32\DRIVERS\secdrv.sys><N/A>
- [A-B Virtual Backplane / VirtualBackplane][Running/System Start]
- <\SystemRoot\System32\Drivers\VirtualBackplane.sys><Rockwell Automation>
- ==================================
- Browser Add-ons
- [Adobe PDF Reader Link Helper]
- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
- [Web反病毒保护]
- {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
- [信息检索(&R)]
- {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
- [@shdoclc.dll,-866]
- {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
- [QQ]
- {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
- [&Radio]
- {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, >
- [CEnroll Class]
- {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\Downloaded Program Files\xenroll.dll, Microsoft Corporation>
- [Windows Genuine Advantage Validation Tool]
- {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
- [SSReaderPlug]
- {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\DOWNLO~1\SSREAD~1.DLL, 北京超星>
- [iTrusPTA Class]
- {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
- [WUWebControl Class]
- {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
- [Shockwave Flash Object]
- {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
- [上传到QQ网络硬盘]
- <, N/A>
- [导出到 Microsoft Office Excel(&X)]
- <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
- [添加到QQ自定义面板]
- <, N/A>
- [添加到QQ表情]
- <, N/A>
- [用QQ彩信发送该图片]
- <, N/A>
- ==================================
- Running Processes
- [PID: 640][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 696][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 764][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 776][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 948][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 1072][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [c:\windows\system32\WINHTTP.dll] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
- [PID: 1192][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 1204][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 1596][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
- [C:\WINDOWS\System32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
- [C:\PROGRA~1\WINDOW~3\wmpband.dll] [Microsoft Corporation, 10.00.00.3802]
- [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1712][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 1792][C:\WINDOWS\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll] [Microsoft Corporation, 1.1.4322.573]
- [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
- [PID: 1916][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
- [PID: 356][C:\Documents and Settings\Lee\Desktop\ipmsg.exe] [Azhi.net, 2.03]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [PID: 200][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
- [C:\WINDOWS\System32\AcSignIcon.dll] [Autodesk, 16.2.54.0]
- [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800]
- [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
- [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\System32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.5510.0]
- [C:\WINDOWS\System32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
- [PID: 852][C:\DOCUME~1\Lee\LOCALS~1\Temp\Rar$EX00.860\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
- [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
- ==================================
- File Associations
- .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR Error. [AutoCADScriptFile]
- .CHM OK. ["C:\WINDOWS\hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock Provider
- N/A
- ==================================
- Autorun.Inf
- N/A
- ==================================
- HOSTS File
- 127.0.0.1 localhost
- ==================================
- API HOOK
- RVA Error: LoadLibraryA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF8471B25)
- RVA Error: LoadLibraryExA (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF8471D67)
- RVA Error: LoadLibraryExW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF8471F0B)
- RVA Error: LoadLibraryW (Dangerous Level: Generic, Hooked by Module: Dest Addr: 0xF8471C49)
- RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: Dest Addr: 0xF8471E8F)
- ==================================
- Hidden Process
- N/A
- ==================================
复制代码 |