瑞星卡卡安全论坛

2007-03-23,10:02:25
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 3 (Build 2195)
- 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <winform><C:\WINNT\SMSS.EXE>  [N/A]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINNT\system32\ctfnom.exe>  [Microsoft Corporation]
    <usrinit><C:\WINNT\system32\usrinit.exe>  []
    <WinAutoUp><C:\WINNT\AutoUp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
    <{A172A3DC-945E-5618-AD6E-F3D542D55C22}><C:\WINNT\system32\respri.dll>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[86DDCAF9 / 86DDCAF9][Stopped/Auto Start]
  <C:\WINNT\system32\86DDCAF9.EXE -service><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Std ebus Service / ebus][Running/Auto Start]
  <C:\WINNT\system32\rundll32.exe C:\PROGRA~1\COMMON~1\swmk\jgwx.dll,Service -s><Microsoft Corporation>
[fismopd / fismopd][Running/Auto Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\COMMON~1\lismupd\lismupd.dll>< >
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MySql / MySql][Running/Auto Start]
  <C:/mysql/bin/mysqld-nt.exe><N/A>
[Vsn nkay Service / nkay][Running/Auto Start]
  <C:\WINNT\system32\rundll32.exe C:\PROGRA~1\COMMON~1\aqge\axnl.dll,Service><Microsoft Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[WDelMgr20 / WDelMgr20][Running/Auto Start]
  <C:\WINNT\system32\drivers\WDelMgr20.exe><N/A>
浏览器加载项
[khxv]
  {11AE42BA-6A9C-4C0A-9F26-B1EAEE45A299} <C:\PROGRA~1\COMMON~1\aqge\xuki.dll, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.5382]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.5265]
[PID: 216][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.3940]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.3649.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 440][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 504][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.4299]
[PID: 812][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.3649]
[PID: 856][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\COMMON~1\swmk\jgwx.dll]  [ , 4, 1, 0, 4]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\olbs.dll]  [ , 1, 0, 0, 6]
[PID: 884][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [c:\progra~1\common~1\lismupd\lismupd.dll]  [ , 2, 8, 0, 1]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 900][C:\WINNT\System32\ismserv.exe]  [Microsoft Corporation, 5.00.2195.4827]
[PID: 936][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.4907]
[PID: 1008][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 1080][C:\mysql\bin\mysqld-nt.exe]  [N/A, N/A]
[PID: 1104][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\COMMON~1\aqge\axnl.dll]  [, 1, 2, 0, 8]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 1120][C:\WINNT\system32\ntfrs.exe]  [Microsoft Corporation, 5.00.2195.5429]
[PID: 1180][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.3649]
[PID: 1192][C:\WINNT\System32\locator.exe]  [Microsoft Corporation, 5.00.2195.3761]
[PID: 1204][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.1]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 1244][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 1336][C:\WINNT\system32\drivers\WDelMgr20.exe]  [N/A, N/A]
[PID: 1380][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0070]
[PID: 1348][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1404][C:\WINNT\System32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
    [C:\php\sapi\php4isapi.dll]  [N/A, N/A]
    [C:\WINNT\system32\php4ts.dll]  [N/A, N/A]
[PID: 1440][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.5512.0]
[PID: 1872][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3502.5321]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
    [C:\WINNT\system32\respri.dll]  [N/A, N/A]
    [C:\WINNT\system32\mdkzn.dll]  [N/A, N/A]
    [C:\Program Files\eyrp\fssq.nls]  [N/A, N/A]
    [C:\WINNT\system32\winform.dll]  [N/A, N/A]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for File Servers 5\scr_ch_pg.dll]  [N/A, N/A]
[PID: 2048][C:\WINNT\system32\usrinit.exe]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 2052][C:\WINNT\AutoUp.exe]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
[PID: 568][D:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\PROGRA~1\COMMON~1\swmk\mjsx.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\COMMON~1\swmk\roec.dll]  [ , 1, 0, 0, 6]
    [D:\sreng2\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
==================================

附件: 857566200732491713.jpg