2009-03-04,09:38:40
System Repair Engineer 2.7.0.1210
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Internat.exe><Internat.exe> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safebox><"d:\Program Files\360\360safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safetray><d:\Program Files\360\360Safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<RavTray><"d:\瑞星杀毒\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
<FTSafeNetRockeyService4.0><D:\tigerock\nrSvr.exe -systray> [Feitian Technologies Co.,Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [(Verified)Microsoft Windows 2000 Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><stobject.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><(无)> [N/A]
==================================
启动文件夹
[Service Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk --> D:\MSSQL7\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[FTSafe Net Rockey Service / FTSafeNetRockeyService4.0][Running/Auto Start]
<d:\tigerock\nrSvr.exe -dispatch><Feitian Technologies Co.,Ltd.>
[MSSQLServer / MSSQLServer][Running/Auto Start]
<d:\MSSQL7\binn\sqlservr.exe><Microsoft Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<d:\瑞星杀毒\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
<"d:\瑞星杀毒\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<d:\瑞星杀毒\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<d:\瑞星杀毒\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[SQLServerAgent / SQLServerAgent][Stopped/Manual Start]
<d:\MSSQL7\binn\sqlagent.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[360procmon / 360procmon][Running/Manual Start]
<\??\d:\Program Files\360\360Safe\safemon\360procmon.sys><>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[i81x / i81x][Stopped/Manual Start]
<system32\DRIVERS\i81xnt5.sys><Intel Corporation>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
<system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINNT\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[sglfb / sglfb][Stopped/Manual Start]
<system32\DRIVERS\sglfb.sys><SGI>
==================================
浏览器加载项
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[JUJU猫]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url]http://www.jujumao.com[/url], N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, (Signed) Microsoft Corporation>
[Java Plug-in 1.5.0]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.5.0]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll, JavaSoft / Sun Microsystems, Inc.>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 176][\??\C:\WINNT\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6997]
[PID: 224][C:\WINNT\system32\services.exe] [(Verified) Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 236][C:\WINNT\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.00.2195.7011]
[PID: 436][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 464][C:\WINNT\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.00.2195.7059]
[PID: 496][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 512][d:\tigerock\nrSvr.exe] [Feitian Technologies Co.,Ltd., 1, 0, 10, 1813]
[PID: 576][d:\MSSQL7\binn\sqlservr.exe] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\opends60.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\ums.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\sqlevn70.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\COMNEVNT.DLL] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\SQLTrace.DLL] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\SSNMPN70.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\SSMSSO70.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\SSMSRP70.dll] [Microsoft Corporation, 1998.11.13]
[d:\MSSQL7\binn\SQLRGSTR.DLL] [N/A, ]
[PID: 652][d:\瑞星杀毒\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[d:\瑞星杀毒\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
[d:\瑞星杀毒\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[d:\瑞星杀毒\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[d:\瑞星杀毒\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 752][C:\WINNT\system32\regsvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6701]
[PID: 800][C:\WINNT\system32\MSTask.exe] [(Verified) Microsoft Corporation, 4.71.2195.6972]
[PID: 896][C:\WINNT\System32\WBEM\WinMgmt.exe] [(Verified) Microsoft Corporation, 1.50.1085.0100]
[PID: 940][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 964][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 1304][C:\WINNT\Explorer.EXE] [(Verified) Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\system32\igfxcpl.cpl] [Intel Corporation, 3.0.0.4396]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4396]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4396]
[C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.4396]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[C:\WINNT\system32\c_g18030.dll] [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
[PID: 1440][D:\tigerock\nrSvr.exe] [Feitian Technologies Co.,Ltd., 1, 0, 10, 1813]
[PID: 1456][C:\WINNT\system32\Internat.exe] [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 1468][D:\MSSQL7\Binn\sqlmangr.exe] [Microsoft Corporation, 1998.11.13]
[D:\MSSQL7\Binn\W95SCM.dll] [Microsoft Corporation, 1998.11.13]
[PID: 604][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[D:\Program Files\360\360Safe\safemon\urlproc.dll] [360.CN, 1, 0, 0, 1002]
[C:\WINNT\system32\c_g18030.dll] [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
[d:\瑞星杀毒\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 1720][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[D:\Program Files\360\360Safe\safemon\urlproc.dll] [360.CN, 1, 0, 0, 1002]
[C:\WINNT\system32\c_g18030.dll] [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
[d:\瑞星杀毒\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60]
[C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINNT\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[C:\WINNT\system32\WINABCX.IME] [PKUETI, 5.22.216]
[PID: 536][E:\下载\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 1416][E:\下载\sreng2\SREd278069b.EXE] [Smallfrogs Studio, 2.7.0.1210]
[D:\Program Files\360\360Safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007]
[E:\下载\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINNT\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 512, D:\TIGEROCK\NRSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 576, D:\MSSQL7\BINN\SQLSERVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1440, D:\TIGEROCK\NRSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1468, D:\MSSQL7\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 536, E:\下载\SRENG2\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: D:\Program Files\360\360Safe\safemon\safemon.dll)
==================================
隐藏进程
N/A
==================================
