SREng.EXE说有个可疑进程帮忙看下 bbs.ikaka.com

osnbabw - 2007-4-10 20:10:00

之前不知道中了是没病毒直接用瑞星全盘杀了杀了14个
开SREng.EXE说有个可疑进程帮忙看下瑞星说没
[CODE]

2007-04-10,19:46:07

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<igfxhkcmd><; C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><; C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<upxdnd><C:\DOCUME~1\TT\LOCALS~1\Temp\upxdnd.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\TT\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[48701 / 48701][Stopped/Manual Start]
<\\219.131.58.33\c$\windows\system32\eraseme_15663.exe><N/A>
[Alerter / Alerter ][Stopped/Auto Start]
<C:\WINDOWS\save.com.cn.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Uninterruptible Power Suppay / Uninterruptible][Running/Auto Start]
<c:\windows\Config\svchost.exe><N/A>
[windows server / windows server][Stopped/Auto Start]
<C:\WINDOWS\haha.exe><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
<C:\Program Files\Windows Media Connect 2\wmccds.exe><N/A>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[559093 / 559093][Stopped/Boot Start]
<\SystemRoot\System32\drivers\559093.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Conexant AMC Audio / CAMCAUD][Running/Manual Start]
<system32\drivers\camcaud.sys><Conexant Systems Inc.>
[CAMCHALA / CAMCHALA][Running/Manual Start]
<system32\drivers\camchal.sys><Conexant Systems Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\d:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[tifm21 / tifm21][Running/Manual Start]
<system32\drivers\tifm21.sys><Texas Instruments>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51][Stopped/Manual Start]
<system32\DRIVERS\w22n51.sys><Intel? Corporation>
[Sony Ericsson W800 driver (WDM) / w800bus][Stopped/Manual Start]
<system32\DRIVERS\w800bus.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Filter / w800mdfl][Stopped/Manual Start]
<system32\DRIVERS\w800mdfl.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Drivers / w800mdm][Stopped/Manual Start]
<system32\DRIVERS\w800mdm.sys><MCCI>
[Sony Ericsson W800 USB WMC Device Management Drivers / w800mgmt][Stopped/Manual Start]
<system32\DRIVERS\w800mgmt.sys><MCCI>
[Sony Ericsson W800 USB WMC OBEX Interface Drivers / w800obex][Stopped/Manual Start]
<system32\DRIVERS\w800obex.sys><MCCI>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
<system32\DRIVERS\wudfrd.sys><Microsoft Corporation>

==================================
浏览器加载项
N/A

osnbabw - 2007-4-10 20:10:00

==================================
正在运行的进程
[PID: 408][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[D:\Program Files\QQ\qdshm.dll] [, 1, 0, 101, 20]
[D:\Program Files\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[d:\PROGRA~1\3721\木马助手\contmenu.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4497]
[PID: 1196][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[PID: 1692][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3904][d:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe] [Gabest, 6, 4, 9, 0]
[d:\Program Files\Ringz Studio\Storm Codec\stormupd.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\imaadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msg711.acm] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msgsm32.acm] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
[C:\WINDOWS\system32\tsd32.dll] [, ]
[C:\WINDOWS\system32\msg723.acm] [Microsoft Corporation, 4.4.3400]
[C:\WINDOWS\system32\msaud32.acm] [Microsoft Corporation, 8.00.00.4487]
[C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\vct3216.acm] [Voxware, Inc., 1.6.0.17]
[C:\WINDOWS\system32\vct3216.dll] [Voxware, Inc., 1.6.0.12]
[C:\WINDOWS\system32\msms001.vwp] [Voxware, Inc., 2.0.2.61]
[C:\WINDOWS\system32\mvoice.vwp] [Voxware, Inc., 2.0.0.12.01]
[C:\WINDOWS\system32\vorbis.acm] [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\KuGoo3\OggSplitter.dll] [RadLight, 1.0.0.2]
[D:\Program Files\KuGoo3\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax] [cooleyes, 1, 0, 0, 8]
[D:\Program Files\KuGoo3\mp3parse.dll] [ , 1, 0, 2, 1]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\ff_liba52.dll] [N/A, ]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\atidvdv.ax] [CyberLink Corp., 6.0.1625 ]
[C:\WINDOWS\system32\IGFXEXPS.DLL] [Intel Corporation, 3.0.0.4497]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll] [N/A, ]
[d:\Program Files\Ringz Studio\Storm Codec\Codecs\Vid1Dec.dll] [N/A, ]
[PID: 4088][C:\WINDOWS\system32\igfxext.exe] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\IGFXEXPS.DLL] [Intel Corporation, 3.0.0.4497]
[PID: 3484][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4497]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4497]
[PID: 1900][D:\Program Files\金山词霸 2005\xdict.exe] [Kingsoft Co, Ltd., 8, 5, 0, 0]
[D:\Program Files\金山词霸 2005\DicMngr.dll] [Kingsoft, 1, 0, 0, 0]
[D:\Program Files\金山词霸 2005\doshow.dll] [N/A, ]
[D:\Program Files\金山词霸 2005\ITextOut.dll] [Kingsoft, 1, 1, 0, 0]
[D:\Program Files\金山词霸 2005\KPic10.dll] [N/A, ]
[D:\Program Files\金山词霸 2005\ijl11.dll] [Intel Corporation, 1.1.2]
[D:\Program Files\金山词霸 2005\NormGrab.DLL] [Kingsoft Co, Ltd., 6, 0, 0, 0]
[D:\Program Files\金山词霸 2005\toTTSEngine50.dll] [Kingsoft Corporation, 1, 0, 0, 1]
[D:\Program Files\金山词霸 2005\xfile.dll] [N/A, ]
[D:\Program Files\金山词霸 2005\DBCore10.dll] [Kingsoft Corp., 1, 0, 0, 0]
[D:\Program Files\金山词霸 2005\XdictGrb.dll] [Kingsoft Co, Ltd., 8, 5, 0, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2828][F:\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
[224] C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================================

[/CODE]

瑞星卡卡安全论坛