用SRENG时出现一个http://img04.album.enorth.com.cn/big/06/26/59/6265988_973895.jpg请帮忙谢谢了!!!我是在报纸上看到这个社区的,所以来求助的
2007-02-13,18:37:16
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safetray><D:\360safe\safemon\360Tray.exe /start> [奇虎网]
<!AVG Anti-Spyware><"D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
==================================
启动文件夹
[核新SSL通讯安全代理]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\核新SSL通讯安全代理.lnk --> D:\sslproxy\SSLCnt.exe [杭州核新软件技术有限公司]><N>
==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server Advance / ServerAC][Stopped/Disabled]
<C:\WINDOWS\system32\Security.exe><N/A>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<D:\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[A4Tech Mouse Filter Driver / Amfilter][Running/System Start]
<system32\DRIVERS\Amfilter.sys><A4Tech Co.,Ltd.>
[A4Tech HID-compliant Mouse Driver / Amusbprt][Running/Manual Start]
<system32\DRIVERS\Amusbprt.sys><A4Tech Co.,Ltd.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[DigitalChina DCN-530TX Fast Ethernet Adapter Windows Driver / DCN530][Running/Manual Start]
<system32\DRIVERS\DCN530N5.sys><Digitalchina Networks Limited.>
[KRegEx / KRegEx][Stopped/System Start]
<\??\D:\KV2006\KRegEx.sys><N/A>
[MouseCapture Driver / MouseCap][Running/Manual Start]
<System32\Drivers\MouseCap.sys><>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\QQ\npkcrypt.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[PProtect / PProtect][Stopped/System Start]
<\??\D:\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SFI Service / sf][Running/System Start]
<system32\drivers\sf.sys><Sonic Focus, Inc>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology (StarForce)>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Stopped/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\D:\AVG Anti-Spyware 7.5\guard.sys><N/A>
==================================
浏览器加载项
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{39F7E360-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
==================================
正在运行的进程
[PID: 508][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 824][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1644][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WinRAR\rarext.dll] [N/A, N/A]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[D:\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 1708][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 392][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1956][D:\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[D:\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[D:\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 700][D:\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[D:\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 2476][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3480][D:\360safe\safemon\360tray.exe] [奇虎网, 1, 0, 1, 1004]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[D:\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 3001]
[D:\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 5, 1000]
[PID: 2752][C:\Documents and Settings\spike\My Documents\tsbb.v1.7C(1222)\TSBB.EXE] [天使宝宝开发组, 1.0.0.431]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 1396][C:\Documents and Settings\spike\My Documents\tsbb.v1.7C(1222)\TSBB.EXE] [天使宝宝开发组, 1.0.0.431]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
[PID: 4060][C:\Documents and Settings\spike\My Documents\毒\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\360safe\safemon\safemon.dll] [, 1, 0, 0, 1004]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
入口点错误:CreateProcessA
入口点错误:CreateProcessW
==================================
[/CODE]
