收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 SREng扫描API HOOK 入口点错误
12下一页
返回列表 发新帖
查看: 4751|回复: 11
收起左侧

[已解决] SREng扫描API HOOK 入口点错误

 关闭 [复制链接]
lvcan
发表于 2012-2-26 03:33:00 | 显示全部楼层 |阅读模式
本帖最后由 fivezy361 于 2012-3-2 06:58 编辑

U盘安装 Windows 7 With SP1 64位简体中文旗舰版
文件名 cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso
发布日期 (UTC): 5/12/2011 2:46:19 PM 上次更新日期 (UTC): 5/12/2011 2:46:19 PM
SHA1: 2CE0B2DB34D76ED3F697CE148CB7594432405E23 ISO/CRC: 69F54CA4

SREng扫描API HOOK  入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xB999DDE6)


windows 7旗舰版64 安装之初的SRENG日志:


  3. 2012-02-25,07:48:14

  5. System Repair Engineer 2.8.4.1331
  6. Smallfrogs (http://www.KZTechs.com)

  8. Windows 7 Ultimate Edition Service Pack 1 (Build 7601) - 管理权限用户 - 完整功能

  10. 以下内容被选中:
  11.     所有的启动项目(包括注册表、启动文件夹、服务等)
  12.     浏览器加载项
  13.     正在运行的进程(包括进程模块信息)
  14.     文件关联
  15.     Winsock 提供者
  16.     Autorun.inf
  17.     HOSTS 文件
  18.     进程特权扫描
  19.     计划任务
  20.     Windows 安全更新检查
  21.     API HOOK
  22.     隐藏进程


  25. 启动项目
  26. 注册表
  27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  28.     <shell><explorer.exe>  [(Verified)Microsoft Windows]
  29.     <Userinit><userinit.exe>  [(Verified)Microsoft Windows]
  30. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  31.     <AppInit_DLLs><>  [N/A]
  32. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  33.     <WebCheck><>  [N/A]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  35.     <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  37.     <Internet Explorer><C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
  39.     <Browser Customizations><"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  41.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  43.     <Microsoft Windows><"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  45.     <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  47.     <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  49.     <Web Platform Customizations><C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  51.     <N/A><C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install>  [(Verified)Microsoft Corporation]

  53. ==================================
  54. 启动文件夹
  55. N/A

  57. ==================================
  58. 服务
  59. [Application Experience / AeLookupSvc][Running/Manual Start]
  60.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\aelupsvc.dll><Microsoft Corporation>
  61. [Windows Defender / WinDefend][Running/Auto Start]
  62.   <C:\Windows\System32\svchost.exe -k secsvcs-->%ProgramFiles%\Windows Defender\mpsvc.dll><N/A>
  63. [Windows Management Instrumentation / Winmgmt][Running/Auto Start]
  64.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
  65. [WLAN AutoConfig / Wlansvc][Stopped/Manual Start]
  66.   <C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\wlansvc.dll><Microsoft Corporation>

  68. ==================================
  69. 驱动程序
  70. [adp94xx / adp94xx][Stopped/Manual Start]
  71.   <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
  72. [adpahci / adpahci][Stopped/Manual Start]
  73.   <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
  74. [adpu320 / adpu320][Stopped/Manual Start]
  75.   <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
  76. [aliide / aliide][Stopped/Manual Start]
  77.   <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
  78. [amdsata / amdsata][Stopped/Manual Start]
  79.   <\SystemRoot\system32\drivers\amdsata.sys><Advanced Micro Devices>
  80. [amdsbs / amdsbs][Stopped/Manual Start]
  81.   <\SystemRoot\system32\drivers\amdsbs.sys><AMD Technologies Inc.>
  82. [amdxata / amdxata][Running/Boot Start]
  83.   <\SystemRoot\system32\drivers\amdxata.sys><Advanced Micro Devices>
  84. [arc / arc][Stopped/Manual Start]
  85.   <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
  86. [arcsas / arcsas][Stopped/Manual Start]
  87.   <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
  88. [Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
  89.   <\SystemRoot\system32\drivers\bxvbda.sys><Broadcom Corporation>
  90. [Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60a][Stopped/Manual Start]
  91.   <system32\DRIVERS\b57nd60a.sys><Broadcom Corporation>
  92. [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  93.   <\SystemRoot\system32\drivers\BrFiltLo.sys><Brother Industries, Ltd.>
  94. [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  95.   <\SystemRoot\system32\drivers\BrFiltUp.sys><Brother Industries, Ltd.>
  96. [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
  97.   <\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
  98. [Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
  99.   <\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
  100. [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
  101.   <\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
  102. [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  103.   <\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
  104. [cmdide / cmdide][Stopped/Manual Start]
  105.   <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
  106. [Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
  107.   <\SystemRoot\system32\drivers\evbda.sys><Broadcom Corporation>
  108. [elxstor / elxstor][Stopped/Manual Start]
  109.   <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
  110. [Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
  111.   <\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
  112. [HpSAMD / HpSAMD][Stopped/Manual Start]
  113.   <\SystemRoot\system32\drivers\HpSAMD.sys><Hewlett-Packard Company>
  114. [iaStorV / iaStorV][Stopped/Manual Start]
  115.   <\SystemRoot\system32\drivers\iaStorV.sys><Intel Corporation>
  116. [iirsp / iirsp][Stopped/Manual Start]
  117.   <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
  118. [LSI_FC / LSI_FC][Stopped/Manual Start]
  119.   <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Corporation>
  120. [LSI_SAS / LSI_SAS][Stopped/Manual Start]
  121.   <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Corporation>
  122. [LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
  123.   <\SystemRoot\system32\drivers\lsi_sas2.sys><LSI Corporation>
  124. [LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
  125.   <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Corporation>
  126. [megasas / megasas][Stopped/Manual Start]
  127.   <\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
  128. [MegaSR / MegaSR][Stopped/Manual Start]
  129.   <\SystemRoot\system32\drivers\MegaSR.sys><LSI Corporation, Inc.>
  130. [nfrd960 / nfrd960][Stopped/Manual Start]
  131.   <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
  132. [nvraid / nvraid][Stopped/Manual Start]
  133.   <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
  134. [nvstor / nvstor][Stopped/Manual Start]
  135.   <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
  136. [ql2300 / ql2300][Stopped/Manual Start]
  137.   <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
  138. [ql40xx / ql40xx][Stopped/Manual Start]
  139.   <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
  140. [Serial port driver / Serial][Running/System Start]
  141.   <system32\DRIVERS\serial.sys><Brother Industries Ltd.>
  142. [SiSRaid2 / SiSRaid2][Stopped/Manual Start]
  143.   <\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp.>
  144. [SiSRaid4 / SiSRaid4][Stopped/Manual Start]
  145.   <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
  146. [stexstor / stexstor][Stopped/Manual Start]
  147.   <\SystemRoot\system32\drivers\stexstor.sys><Promise Technology>
  148. [VGPU / VGPU][Stopped/Manual Start]
  149.   <System32\drivers\rdvgkmd.sys><N/A>
  150. [viaide / viaide][Stopped/Manual Start]
  151.   <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
  152. [vsmraid / vsmraid][Stopped/Manual Start]
  153.   <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

  155. ==================================
  156. 浏览器加载项
  157. N/A

  159. ==================================
  160. 正在运行的进程
  161. [PID: 2344 / SYSTEM][C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]  [(Verified) Microsoft Corporation, 2.0.50727.4927 (NetFXspW7.050727-4900)]
  162. [PID: 2060 / LUCK][D:\TDDOWNLOAD\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  163. [PID: 2056 / LUCK][D:\TDDOWNLOAD\sreng2\SREb5d7fb6a.EXE]  [Smallfrogs Studio, 2.8.4.1331]

  165. ==================================
  166. 文件关联
  167. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  168. .EXE  OK. ["%1" %*]
  169. .COM  OK. ["%1" %*]
  170. .PIF  OK. ["%1" %*]
  171. .REG  OK. [regedit.exe "%1"]
  172. .BAT  OK. ["%1" %*]
  173. .SCR  OK. ["%1" /S]
  174. .CHM  OK. ["%SystemRoot%\hh.exe" %1]
  175. .HLP  OK. [%SystemRoot%\winhlp32.exe %1]
  176. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  177. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  178. .VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
  179. .JS   Error. [C:\Windows\System32\WScript.exe "%1" %*]
  180. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  182. ==================================
  183. Winsock 提供者
  184. N/A

  186. ==================================
  187. Autorun.inf
  188. N/A

  190. ==================================
  191. HOSTS 文件
  192. N/A

  194. ==================================
  195. 进程特权扫描
  196. N/A

  198. ==================================
  199. 计划任务
  200. [已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
  201.         N/A
  202. [已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
  203.         N/A
  204. [已禁用] \Microsoft\Windows\AppID\PolicyConverter
  205.         %windir%\system32\appidpolicyconverter.exe
  206. [已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
  207.         %windir%\system32\appidcertstorecheck.exe
  208. [已启用] \Microsoft\Windows\Application Experience\AitAgent
  209.         aitagent
  210. [已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
  211.         %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
  212. [已启用] \Microsoft\Windows\Autochk\Proxy
  213.         %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
  214. [已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
  215.         BthUdTask.exe $(Arg0)
  216. [已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
  217.         N/A
  218. [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
  219.         N/A
  220. [已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
  221.         N/A
  222. [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
  223.         %SystemRoot%\System32\wsqmcons.exe
  224. [已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
  225.         %windir%\system32\defrag.exe -c
  226. [已启用] \Microsoft\Windows\Location\Notifications
  227.         %windir%\System32\LocationNotifications.exe
  228. [已启用] \Microsoft\Windows\Maintenance\WinSAT
  229.         N/A
  230. [已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
  231.         %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
  232. [已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
  233.         %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
  234. [已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
  235.         %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
  236. [已启用] \Microsoft\Windows\Media Center\ehDRMInit
  237.         %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
  238. [已启用] \Microsoft\Windows\Media Center\InstallPlayReady
  239.         %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
  240. [已启用] \Microsoft\Windows\Media Center\mcupdate
  241.         %SystemRoot%\ehome\mcupdate $(Arg0)
  242. [已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
  243.         %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
  244. [已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
  245.         %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
  246. [已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
  247.         %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
  248. [已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
  249.         %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
  250. [已启用] \Microsoft\Windows\Media Center\OCURActivate
  251.         %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
  252. [已启用] \Microsoft\Windows\Media Center\OCURDiscovery
  253.         %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
  254. [已启用] \Microsoft\Windows\Media Center\PBDADiscovery
  255.         %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
  256. [已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
  257.         %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
  258. [已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
  259.         %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
  260. [已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
  261.         %windir%\ehome\MCUpdate.exe -pscn 0
  262. [已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
  263.         %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
  264. [已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
  265.         %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
  266. [已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
  267.         %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
  268. [已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
  269.         %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
  270. [已禁用] \Microsoft\Windows\Media Center\RecordingRestart
  271.         %SystemRoot%\ehome\ehrec /RestartRecording
  272. [已启用] \Microsoft\Windows\Media Center\RegisterSearch
  273.         %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
  274. [已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
  275.         %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
  276. [已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
  277.         %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
  278. [已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
  279.         %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
  280. [已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
  281.         %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
  282. [已启用] \Microsoft\Windows\MobilePC\HotStart
  283.         N/A
  284. [已启用] \Microsoft\Windows\MUI\LPRemove
  285.         %windir%\system32\lpremove.exe
  286. [已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
  287.         N/A
  288. [已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
  289.         %windir%\system32\gatherNetworkInfo.vbs
  290. [已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
  291.         N/A
  292. [已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
  293.         N/A
  294. [已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
  295.         %SystemRoot%\System32\powercfg.exe -energy -auto
  296. [已启用] \Microsoft\Windows\Ras\MobilityManager
  297.         N/A
  298. [已禁用] \Microsoft\Windows\SideShow\AutoWake
  299.         N/A
  300. [已启用] \Microsoft\Windows\SideShow\GadgetManager
  301.         N/A
  302. [已禁用] \Microsoft\Windows\SideShow\SessionAgent
  303.         N/A
  304. [已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
  305.         N/A
  306. [已启用] \Microsoft\Windows\SystemRestore\SR
  307.         %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
  308. [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
  309.         %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
  310. [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
  311.         %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
  312. [已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
  313.         %windir%\system32\sc.exe start w32time task_started
  314. [已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
  315.         sc.exe config upnphost start= auto
  316. [已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
  317.         N/A
  318. [已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
  319.         %windir%\system32\wermgr.exe -queuereporting
  320. [已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
  321.         "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
  322. [已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
  323.         %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
  324. [已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
  325.         N/A

  327. ==================================
  328. Windows 安全更新检查
  329. N/A

  331. ==================================
  332. API HOOK
  333. 入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xB999DDE6)

  335. ==================================
  336. 隐藏进程
  337. N/A

  339. ==================================


复制代码
回复

举报

lvcan
 楼主| 发表于 2012-2-26 03:34:08 | 显示全部楼层
安装系统程序 后的SRENG日志:  

API HOOK
入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xBA76DDB6)


  3. 2012-02-26,01:05:29

  5. System Repair Engineer 2.8.4.1331
  6. Smallfrogs (http://www.KZTechs.com)

  8. Windows 7 Ultimate Edition Service Pack 1 (Build 7601) - 管理权限用户 - 完整功能

  10. 以下内容被选中:
  11.     所有的启动项目(包括注册表、启动文件夹、服务等)
  12.     浏览器加载项
  13.     正在运行的进程(包括进程模块信息)
  14.     文件关联
  15.     Winsock 提供者
  16.     Autorun.inf
  17.     HOSTS 文件
  18.     进程特权扫描
  19.     计划任务
  20.     Windows 安全更新检查
  21.     API HOOK
  22.     隐藏进程


  25. 启动项目
  26. 注册表
  27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  28.     <IAStorIcon><C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe>  [(Verified)Intel Corporation]
  29. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  30.     <shell><explorer.exe>  [(Verified)Microsoft Windows]
  31.     <Userinit><userinit.exe>  [(Verified)Microsoft Windows]
  32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  33.     <AppInit_DLLs><>  [N/A]
  34. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  35.     <WebCheck><>  [N/A]
  36. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  37.     <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
  38. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
  39.     <Internet Explorer><C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
  40. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
  41.     <Browser Customizations><"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Corporation]
  42. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  43.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  45.     <Microsoft Windows><"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE>  [File is missing]
  46. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  47.     <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI>  [(Verified)Microsoft Windows]
  48. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  49.     <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows]
  50. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  51.     <Web Platform Customizations><C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
  52. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  53.     <N/A><C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install>  [(Verified)Microsoft Corporation]

  55. ==================================
  56. 启动文件夹
  57. N/A

  59. ==================================
  60. 服务
  61. [Application Experience / AeLookupSvc][Running/Manual Start]
  62.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\aelupsvc.dll><Microsoft Corporation>
  63. [ESET Service / ekrn][Running/Auto Start]
  64.   <"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"><ESET>
  65. [Intel(R) Rapid Storage Technology / IAStorDataMgrSvc][Running/Auto Start]
  66.   <"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"><Intel Corporation>
  67. [IKE and AuthIP IPsec Keying Modules / IKEEXT][Running/Auto Start]
  68.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ikeext.dll><Microsoft Corporation>
  69. [PnP-X IP Bus Enumerator / IPBusEnum][Stopped/Manual Start]
  70.   <C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\system32\ipbusenum.dll><Microsoft Corporation>
  71. [IP Helper / iphlpsvc][Running/Auto Start]
  72.   <C:\Windows\System32\svchost.exe -k NetSvcs-->%SystemRoot%\System32\iphlpsvc.dll><Microsoft Corporation>
  73. [Intel(R) Management and Security Application Local Management Service / LMS][Running/Auto Start]
  74.   <C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe><Intel Corporation>
  75. [Media Center Extender Service / Mcx2Svc][Stopped/Disabled]
  76.   <C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation-->%SystemRoot%\system32\Mcx2Svc.dll><Microsoft Corporation>
  77. [Multimedia Class Scheduler / MMCSS][Running/Auto Start]
  78.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\mmcss.dll><Microsoft Corporation>
  79. [Windows Firewall / MpsSvc][Running/Auto Start]
  80.   <C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork-->%SystemRoot%\system32\mpssvc.dll><Microsoft Corporation>
  81. [Intel(R) Management and Security Application User Notification Service / UNS][Running/Auto Start]
  82.   <"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"><Intel Corporation>
  83. [Desktop Window Manager Session Manager / UxSms][Running/Auto Start]
  84.   <C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\uxsms.dll><Microsoft Corporation>
  85. [Windows Defender / WinDefend][Running/Auto Start]
  86.   <C:\Windows\System32\svchost.exe -k secsvcs-->%ProgramFiles%\Windows Defender\mpsvc.dll><N/A>
  87. [Windows Management Instrumentation / Winmgmt][Running/Auto Start]
  88.   <C:\Windows\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
  89. [WLAN AutoConfig / Wlansvc][Running/Manual Start]
  90.   <C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted-->%SystemRoot%\System32\wlansvc.dll><Microsoft Corporation>

  92. ==================================
  93. 驱动程序
  94. [adp94xx / adp94xx][Stopped/Manual Start]
  95.   <\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
  96. [adpahci / adpahci][Stopped/Manual Start]
  97.   <\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
  98. [adpu320 / adpu320][Stopped/Manual Start]
  99.   <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
  100. [aliide / aliide][Stopped/Manual Start]
  101.   <\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
  102. [amdsata / amdsata][Stopped/Manual Start]
  103.   <\SystemRoot\system32\drivers\amdsata.sys><Advanced Micro Devices>
  104. [amdsbs / amdsbs][Stopped/Manual Start]
  105.   <\SystemRoot\system32\drivers\amdsbs.sys><AMD Technologies Inc.>
  106. [amdxata / amdxata][Running/Boot Start]
  107.   <\SystemRoot\system32\drivers\amdxata.sys><Advanced Micro Devices>
  108. [arc / arc][Stopped/Manual Start]
  109.   <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
  110. [arcsas / arcsas][Stopped/Manual Start]
  111.   <\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
  112. [Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
  113.   <\SystemRoot\system32\drivers\bxvbda.sys><Broadcom Corporation>
  114. [Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60a][Stopped/Manual Start]
  115.   <system32\DRIVERS\b57nd60a.sys><Broadcom Corporation>
  116. [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
  117.   <\SystemRoot\system32\drivers\BrFiltLo.sys><Brother Industries, Ltd.>
  118. [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
  119.   <\SystemRoot\system32\drivers\BrFiltUp.sys><Brother Industries, Ltd.>
  120. [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
  121.   <\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
  122. [Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
  123.   <\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
  124. [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
  125.   <\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
  126. [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
  127.   <\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
  128. [cmdide / cmdide][Stopped/Manual Start]
  129.   <\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
  130. [eamonm / eamonm][Running/Auto Start]
  131.   <system32\DRIVERS\eamonm.sys><ESET>
  132. [Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
  133.   <\SystemRoot\system32\drivers\evbda.sys><Broadcom Corporation>
  134. [ehdrv / ehdrv][Running/System Start]
  135.   <system32\DRIVERS\ehdrv.sys><ESET>
  136. [elxstor / elxstor][Stopped/Manual Start]
  137.   <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
  138. [epfw / epfw][Running/Auto Start]
  139.   <system32\DRIVERS\epfw.sys><ESET>
  140. [Epfw NDIS LightWeight Filter / EpfwLWF][Running/System Start]
  141.   <system32\DRIVERS\EpfwLWF.sys><ESET>
  142. [epfwwfp / epfwwfp][Running/Boot Start]
  143.   <\SystemRoot\system32\DRIVERS\epfwwfp.sys><ESET>
  144. [Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
  145.   <\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
  146. [HpSAMD / HpSAMD][Stopped/Manual Start]
  147.   <\SystemRoot\system32\drivers\HpSAMD.sys><Hewlett-Packard Company>
  148. [Intel AHCI Controller / iaStor][Running/Boot Start]
  149.   <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
  150. [iaStorV / iaStorV][Stopped/Manual Start]
  151.   <\SystemRoot\system32\drivers\iaStorV.sys><Intel Corporation>
  152. [igfx / igfx][Running/Manual Start]
  153.   <system32\DRIVERS\igdkmd64.sys><Intel Corporation>
  154. [iirsp / iirsp][Stopped/Manual Start]
  155.   <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
  156. [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  157.   <system32\drivers\RTKVHD64.sys><Realtek Semiconductor Corp.>
  158. [英特尔(R) 显示器音频 / IntcDAud][Running/Manual Start]
  159.   <system32\DRIVERS\IntcDAud.sys><Intel(R) Corporation>
  160. [NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller / L1C][Running/Manual Start]
  161.   <system32\DRIVERS\L1C62x64.sys><Atheros Communications, Inc.>
  162. [LSI_FC / LSI_FC][Stopped/Manual Start]
  163.   <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Corporation>
  164. [LSI_SAS / LSI_SAS][Stopped/Manual Start]
  165.   <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Corporation>
  166. [LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
  167.   <\SystemRoot\system32\drivers\lsi_sas2.sys><LSI Corporation>
  168. [LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
  169.   <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Corporation>
  170. [megasas / megasas][Stopped/Manual Start]
  171.   <\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
  172. [MegaSR / MegaSR][Stopped/Manual Start]
  173.   <\SystemRoot\system32\drivers\MegaSR.sys><LSI Corporation, Inc.>
  174. [Intel(R) Management Engine Interface / MEIx64][Running/Manual Start]
  175.   <system32\DRIVERS\HECIx64.sys><Intel Corporation>
  176. [nfrd960 / nfrd960][Stopped/Manual Start]
  177.   <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
  178. [nvraid / nvraid][Stopped/Manual Start]
  179.   <\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
  180. [nvstor / nvstor][Stopped/Manual Start]
  181.   <\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
  182. [ql2300 / ql2300][Stopped/Manual Start]
  183.   <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
  184. [ql40xx / ql40xx][Stopped/Manual Start]
  185.   <\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
  186. [SiSRaid2 / SiSRaid2][Stopped/Manual Start]
  187.   <\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp.>
  188. [SiSRaid4 / SiSRaid4][Stopped/Manual Start]
  189.   <\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
  190. [stexstor / stexstor][Stopped/Manual Start]
  191.   <\SystemRoot\system32\drivers\stexstor.sys><Promise Technology>
  192. [VGPU / VGPU][Stopped/Manual Start]
  193.   <System32\drivers\rdvgkmd.sys><N/A>
  194. [viaide / viaide][Stopped/Manual Start]
  195.   <\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
  196. [vsmraid / vsmraid][Stopped/Manual Start]
  197.   <\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>

  199. ==================================
  200. 浏览器加载项
  201. [Shockwave Flash Object]
  202.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\SysWOW64\Macromed\Flash\Flash11f.ocx, (Signed) Adobe Systems, Inc.>
  203. [HTML Document]
  204.   {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\SysWOW64\mshtml.dll, (Signed) Microsoft Corporation>
  205. [XML DOM Document]
  206.   {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
  207. [Windows Media Player]
  208.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
  209. [XML DOM Document 6.0]
  210.   {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
  211. [XML HTTP 6.0]
  212.   {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
  213. [Shockwave Flash Object]
  214.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\SysWOW64\Macromed\Flash\Flash11f.ocx, (Signed) Adobe Systems, Inc.>
  215. [XML HTTP Request]
  216.   {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
  217. [XML HTTP]
  218.   {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>

  220. ==================================
  221. 正在运行的进程
  222. [PID: 1368 / SYSTEM][C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe]  [ESET, 5.0.94.4 ]
  223.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnHips.dll]  [ESET, 5.0.94.4 ]
  224.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnScan.dll]  [ESET, 5.0.94.4 ]
  225.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnAmon.dll]  [ESET, 5.0.95.0 ]
  226.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnEmon.dll]  [ESET, 5.0.94.4 ]
  227.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnDmon.dll]  [ESET, 5.0.94.4 ]
  228.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnEpfw.dll]  [ESET, 5.0.94.4 ]
  229.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnSmon.dll]  [ESET, 5.0.94.4 ]
  230.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnUpdate.dll]  [ESET, 5.0.94.4 ]
  231.     [C:\Program Files\ESET\ESET Smart Security\x86\updater.dll]  [ESET, 5.0.94.4 ]
  232.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnMailPlugins.dll]  [ESET, 5.0.94.4 ]
  233.     [C:\Program Files\ESET\ESET Smart Security\x86\ekrnParental.dll]  [ESET, 5.0.94.4 ]
  234. [PID: 2460 / LUCK][C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe]  [Intel Corporation, 10.1.0.1008]
  235.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.5448 (Win7SP1GDR.050727-5400)]
  236.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll]  [Microsoft Corporation, 2.0.50727.5453 (Win7SP1GDR.050727-5400)]
  237.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll]  [Intel Corporation, 10.1.0.1008]
  238.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  239.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.5446 (Win7SP1GDR.050727-5400)]
  240.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  241.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  242.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\zh-CN\IAStorIcon.resources.dll]  [Intel Corporation, 10.1.0.1008]
  243.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll]  [Intel Corporation, 0.0.0.0]
  244.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\zh-CN\IntelVisualDesign.resources.dll]  [Intel Corporation, 0.0.0.0]
  245.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  246.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll]  [Microsoft Corporation, 3.0.6920.5011 built by: Win7SP1]
  247.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll]  [Intel Corp., 1.0.0.0]
  248.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll]  [Intel Corporation, 10.1.0.1008]
  249. [PID: 384 / SYSTEM][C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]  [(Verified) Microsoft Corporation, 2.0.50727.4927 (NetFXspW7.050727-4900)]
  250. [PID: 2500 / SYSTEM][C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe]  [Intel Corporation, 10.1.0.1008]
  251.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.5448 (Win7SP1GDR.050727-5400)]
  252.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll]  [Microsoft Corporation, 2.0.50727.5453 (Win7SP1GDR.050727-5400)]
  253.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\6ca46fe242ee129f64382347606a3ce4\IAStorDataMgrSvc.ni.exe]  [Intel Corporation, 10.1.0.1008]
  254.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  255.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\65c33a2173a7f24592123e723aca73db\IAStorDataMgr.ni.dll]  [Intel Corporation, 10.1.0.1008]
  256.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll]  [Intel Corporation, 10.1.0.1008]
  257.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  258.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  259.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.5420 (Win7SP1.050727-5400)]
  260.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a4ffd1822f036fe7e4eb9b7ba72b7cdc\IsdiInterop.ni.dll]  [N/A, ]
  261.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll]  [N/A, ]
  262.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll]  [Intel Corporation, 10.1.0.1008]
  263.     [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\zh-CN\IAStorDataMgr.resources.dll]  [Intel Corporation, 10.1.0.1008]
  264.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll]  [Microsoft Corporation, 3.0.6920.5011 built by: Win7SP1]
  265.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll]  [Intel Corp., 1.0.0.0]
  266.     [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.5456 (Win7SP1GDR.050727-5400)]
  267. [PID: 2396 / SYSTEM][C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe]  [Intel Corporation, 7.0.4.1197]
  268. [PID: 1848 / SYSTEM][C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe]  [Intel Corporation, 7.0.4.1197]
  269.     [C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll]  [Intel Corporation, 3.0.0.1]
  270.     [C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll]  [Apache Software Foundation, 2, 7, 0]
  271. [PID: 2796 / LUCK][D:\TDDOWNLOAD\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
  272. [PID: 808 / LUCK][D:\TDDOWNLOAD\sreng2\SREb5d7fb6a.EXE]  [Smallfrogs Studio, 2.8.4.1331]

  274. ==================================
  275. 文件关联
  276. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  277. .EXE  OK. ["%1" %*]
  278. .COM  OK. ["%1" %*]
  279. .PIF  OK. ["%1" %*]
  280. .REG  OK. [regedit.exe "%1"]
  281. .BAT  OK. ["%1" %*]
  282. .SCR  OK. ["%1" /S]
  283. .CHM  OK. ["%SystemRoot%\hh.exe" %1]
  284. .HLP  OK. [%SystemRoot%\winhlp32.exe %1]
  285. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  286. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  287. .VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
  288. .JS   Error. [C:\Windows\System32\WScript.exe "%1" %*]
  289. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]

  291. ==================================
  292. Winsock 提供者
  293. N/A

  295. ==================================
  296. Autorun.inf
  297. N/A

  299. ==================================
  300. HOSTS 文件
  301. N/A

  303. ==================================
  304. 进程特权扫描
  305. N/A

  307. ==================================
  308. 计划任务
  309. [已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
  310.         N/A
  311. [已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
  312.         N/A
  313. [已禁用] \Microsoft\Windows\AppID\PolicyConverter
  314.         %windir%\system32\appidpolicyconverter.exe
  315. [已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
  316.         %windir%\system32\appidcertstorecheck.exe
  317. [已启用] \Microsoft\Windows\Application Experience\AitAgent
  318.         aitagent
  319. [已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
  320.         %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
  321. [已启用] \Microsoft\Windows\Autochk\Proxy
  322.         %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
  323. [已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
  324.         BthUdTask.exe $(Arg0)
  325. [已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
  326.         N/A
  327. [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
  328.         N/A
  329. [已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
  330.         N/A
  331. [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
  332.         %SystemRoot%\System32\wsqmcons.exe
  333. [已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
  334.         %windir%\system32\defrag.exe -c
  335. [已启用] \Microsoft\Windows\Location\Notifications
  336.         %windir%\System32\LocationNotifications.exe
  337. [已启用] \Microsoft\Windows\Maintenance\WinSAT
  338.         N/A
  339. [已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
  340.         %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
  341. [已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
  342.         %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
  343. [已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
  344.         %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
  345. [已启用] \Microsoft\Windows\Media Center\ehDRMInit
  346.         %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
  347. [已启用] \Microsoft\Windows\Media Center\InstallPlayReady
  348.         %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
  349. [已启用] \Microsoft\Windows\Media Center\mcupdate
  350.         %SystemRoot%\ehome\mcupdate $(Arg0)
  351. [已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
  352.         %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
  353. [已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
  354.         %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
  355. [已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
  356.         %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
  357. [已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
  358.         %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
  359. [已启用] \Microsoft\Windows\Media Center\OCURActivate
  360.         %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
  361. [已启用] \Microsoft\Windows\Media Center\OCURDiscovery
  362.         %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
  363. [已启用] \Microsoft\Windows\Media Center\PBDADiscovery
  364.         %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
  365. [已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
  366.         %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
  367. [已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
  368.         %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
  369. [已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
  370.         %windir%\ehome\MCUpdate.exe -pscn 0
  371. [已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
  372.         %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
  373. [已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
  374.         %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
  375. [已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
  376.         %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
  377. [已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
  378.         %SystemRoot%\ehome\mcupdate.exe -PvrSchedule
  379. [已禁用] \Microsoft\Windows\Media Center\RecordingRestart
  380.         %SystemRoot%\ehome\ehrec /RestartRecording
  381. [已启用] \Microsoft\Windows\Media Center\RegisterSearch
  382.         %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
  383. [已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
  384.         %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
  385. [已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
  386.         %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
  387. [已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
  388.         %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
  389. [已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
  390.         %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
  391. [已启用] \Microsoft\Windows\MobilePC\HotStart
  392.         N/A
  393. [已启用] \Microsoft\Windows\MUI\LPRemove
  394.         %windir%\system32\lpremove.exe
  395. [已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
  396.         N/A
  397. [已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
  398.         %windir%\system32\gatherNetworkInfo.vbs
  399. [已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
  400.         N/A
  401. [已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
  402.         N/A
  403. [已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
  404.         %SystemRoot%\System32\powercfg.exe -energy -auto
  405. [已启用] \Microsoft\Windows\Ras\MobilityManager
  406.         N/A
  407. [已禁用] \Microsoft\Windows\SideShow\AutoWake
  408.         N/A
  409. [已启用] \Microsoft\Windows\SideShow\GadgetManager
  410.         N/A
  411. [已禁用] \Microsoft\Windows\SideShow\SessionAgent
  412.         N/A
  413. [已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
  414.         N/A
  415. [已启用] \Microsoft\Windows\SystemRestore\SR
  416.         %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
  417. [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
  418.         %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
  419. [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
  420.         %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
  421. [已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
  422.         %windir%\system32\sc.exe start w32time task_started
  423. [已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
  424.         sc.exe config upnphost start= auto
  425. [已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
  426.         N/A
  427. [已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
  428.         %windir%\system32\wermgr.exe -queuereporting
  429. [已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
  430.         "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
  431. [已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
  432.         %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
  433. [已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
  434.         N/A

  436. ==================================
  437. Windows 安全更新检查
  438. KB2483139,  拉脱维亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  439. KB2483139,  捷克语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  440. KB2483139,  俄语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  441. KB2483139,  英语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  442. KB2483139,  丹麦语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  443. KB2483139,  意大利语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  444. KB2483139,  匈牙利语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  445. KB2483139,  朝鲜语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  446. KB2483139,  瑞典语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  447. KB2483139,  波兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  448. KB2483139,  克罗地亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  449. KB2483139,  乌克兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  450. KB2483139,  挪威语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  451. KB2483139,  希腊语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  452. KB2483139,  保加利亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  453. KB2483139,  葡萄牙语(葡萄牙)语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  454. KB2483139,  荷兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  455. KB2483139,  葡萄牙语(巴西)语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  456. KB2483139,  西班牙语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  457. KB2483139,  斯洛文尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  458. KB2483139,  繁体中文语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  459. KB2483139,  日语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  460. KB2483139,  泰国语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  461. KB2483139,  德语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  462. KB2483139,  爱沙尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  463. KB2483139,  立陶宛语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  464. KB2483139,  斯洛伐克语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  465. KB2483139,  芬兰语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  466. KB2483139,  阿拉伯语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  467. KB2483139,  希伯来语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  468. KB2483139,  塞尔维亚语(拉丁语)语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  469. KB2483139,  罗马尼亚语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  470. KB2483139,  法语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  471. KB2483139,  土耳其语语言包 - 适用于 x64 系统的 Windows 7 Service Pack 1 (KB2483139)
  472. KB2505438,  用于基于 x64 的系统的 Windows 7 更新程序 (KB2505438)
  473. KB2529073,  用于基于 x64 的系统的 Windows 7 更新程序 (KB2529073)
  474. KB982018,  用于基于 x64 的系统的 Windows 7 更新程序 (KB982018)
  475. KB2532531,  用于基于 x64 的系统的 Windows 7 安全更新程序 (KB2532531) MS11-053
  476. KB982670,  用于基于 x64 的系统的 Windows 7 的 Microsoft .NET Framework 4 Client Profile (KB982670)
  477. KB890830,  Windows 恶意软件删除工具 x64 - 2012 年 2 月 (KB890830)

  479. ==================================
  480. API HOOK
  481. 入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xBA76DDB6)

  483. ==================================
  484. 隐藏进程
  485. N/A

  487. ==================================


复制代码
回复

举报

sspa668
发表于 2012-2-26 12:53:48 | 显示全部楼层
这个是正常的,我的也经常提示这个的。我忽略了。
回复

举报

强妈威武
发表于 2012-2-26 15:12:43 | 显示全部楼层
楼主以后上日志的时候请打包好么,话说这个有可能是软替换的
回复

举报

青春虎
发表于 2012-2-26 15:42:38 | 显示全部楼层


可能是杀软造成的,我的也有这提示
回复

举报

lvcan
 楼主| 发表于 2012-2-26 18:35:09 | 显示全部楼层
windows 7旗舰版64 安装之初的SRENG日志:  API HOOK
入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xB999DDE6)
那时还没有安装杀软!!!

安装系统程序后(包括杀软)的SRENG日志: API HOOK
入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xBA76DDB6)
回复

举报

lvcan
 楼主| 发表于 2012-2-26 18:35:29 | 显示全部楼层
青春虎 发表于 2012-2-26 15:42
可能是杀软造成的,我的也有这提示

windows 7旗舰版64 安装之初的SRENG日志:  API HOOK
入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xB999DDE6)
那时还没有安装杀软!!!

安装系统程序后(包括杀软)的SRENG日志: API HOOK
入口点错误:FindFirstFileA (危险等级: 高,  被下面模块所HOOK: 0xBA76DDB6)
回复

举报

sasalemma
发表于 2012-2-26 18:37:02 来自手机 | 显示全部楼层
什么软件都没装?别忘了Win7自带的那个反间谍的Df
回复

举报

tacmot
发表于 2012-2-26 19:32:35 | 显示全部楼层
用XT之类的ARK工具看看这个函数是被谁挂了,如果是已知的就不要紧。
回复

举报

lvcan
 楼主| 发表于 2012-2-26 19:44:16 | 显示全部楼层
sasalemma 发表于 2012-2-26 18:37
什么软件都没装?别忘了Win7自带的那个反间谍的Df

对啊!!!谢谢!!!
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-14 16:28 , Processed in 0.138386 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表