收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 软件区 解疑答难区 请高手帮我看看SREngine扫描日志!
返回列表 发新帖
查看: 1719|回复: 7
收起左侧

请高手帮我看看SREngine扫描日志!

[复制链接]
++++++
发表于 2007-2-23 17:40:36 | 显示全部楼层 |阅读模式

  2. 2007-02-23,17:34:40
  3. System Repair Engineer 2.3.13.690
  4. Smallfrogs (http://www.KZTechs.com)
  5. Windows XP Professional Service Pack 2 (Build 2600)
  6. - 管理权限用户 - 完整功能
  7. 以下内容被选中:
  8.     所有的启动项目(包括注册表、启动文件夹、服务等)
  9.     浏览器加载项
  10.     正在运行的进程(包括进程模块信息)
  11.     文件关联
  12.     Winsock 提供者
  13.     Autorun.inf
  14.     HOSTS 文件

  16. 启动项目
  17. 注册表
  18. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  19.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
  20. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  21.     <load><>  [N/A]
  22. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  23.     <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
  24. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  25.     <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
  26.     <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Corporation]
  27. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  28.     <AppInit_DLLs><>  [N/A]
  29. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  30.     <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
  31. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  32.     <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
  33. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  34.     <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
  35.     <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
  36.     <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
  37. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  38.     <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
  39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  40.     <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
  41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  42.     <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
  43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
  44.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
  45. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  46.     <WinlogonNotify: termsrv><wlnotify.dll>  [N/A]
  47. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  48.     <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
  49.     <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
  50. ==================================
  51. 启动文件夹
  52. N/A
  53. ==================================
  54. 服务
  55. [Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  56.   <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
  57. [ATI Smart / ATI Smart][Stopped/Disabled]
  58.   <C:\WINDOWS\system32\ati2sgag.exe><>
  59. [卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  60.   <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
  61. [Human Interface Device Access / HidServ][Stopped/Disabled]
  62.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  63. [LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Disabled]
  64.   <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
  65. [SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Disabled]
  66.   <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
  67. ==================================
  68. 驱动程序
  69. [aeaudio / aeaudio][Running/Manual Start]
  70.   <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
  71. [ati2mtag / ati2mtag][Running/Manual Start]
  72.   <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  73. [IdeBusDr / IdeBusDr][Running/Boot Start]
  74.   <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
  75. [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  76.   <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
  77. [ISO CD-ROM Device Driver / ISODrive][Stopped/Manual Start]
  78.   <\??\D:\软件\UltraISO-8.5\drivers\ISODrive.sys><EZB Systems, Inc.>
  79. [kl1 / kl1][Running/Boot Start]
  80.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
  81. [klif / klif][Running/System Start]
  82.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
  83. [npkcrypt / npkcrypt][Stopped/Auto Start]
  84.   <\??\D:\软件\QQ\npkcrypt.sys><N/A>
  85. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  86.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  87. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  88.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  89. [Secdrv / Secdrv][Stopped/Manual Start]
  90.   <system32\DRIVERS\secdrv.sys><N/A>
  91. [smwdm / smwdm][Running/Manual Start]
  92.   <system32\drivers\smwdm.sys><Analog Devices, Inc.>
  93. [sptd / sptd][Running/Boot Start]
  94.   <\SystemRoot\System32\Drivers\sptd.sys><N/A>
  95. [TCP/IP Protocol Driver / Tcpip][Running/System Start]
  96.   <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
  97. [GWIOPM / GWIOPM][Running/Manual Start]
  98.   <\??\D:\软件\Wom_7.69\GWIOPM.sys><N/A>
  99. ==================================
  100. 浏览器加载项
  101. [Thunder Browser Helper]
  102.   {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\软件\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
  103. [Web反病毒保护]
  104.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
  105. [Thunder Browser Helper]
  106.   {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\软件\Thunder\ComDlls\XunLeiBHO_002.dll, N/A>
  107. [Shockwave Flash Object]
  108.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
  109. [使用迅雷下载]
  110.   <, N/A>
  111. [使用迅雷下载全部链接]
  112.   <, N/A>
  113. ==================================
  114. 正在运行的进程
  115. [PID: 532][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  116. [PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  117. [PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  118.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  119.     [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
  120.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
  121. [PID: 672][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  122. [PID: 684][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  123.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  124. [PID: 832][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  125.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  126. [PID: 880][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  127.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  128. [PID: 944][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  129.     [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  130. [PID: 996][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  131.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  132. [PID: 1380][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  133.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  134. [PID: 1972][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  135.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  136. [PID: 1060][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  137.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  138. [PID: 3624][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  139.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  140.     [D:\软件\Thunder\ComDlls\XunLeiBHO_002.dll]  [N/A, N/A]
  141.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
  142.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
  143.     [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
  144.     [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
  145. [PID: 424][D:\软件\Wom_7.69\WoptiUtilities.exe]  [鲁锦, 7.69.7.130]
  146.     [D:\软件\Wom_7.69\woptip2p.dll]  [鲁锦, 1.3.6.1222]
  147.     [D:\软件\Wom_7.69\d3dx81ab.dll]  [鲁锦, 1.0.0.0]
  148.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  149. [PID: 2892][D:\软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
  150.     [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
  151. ==================================
  152. 文件关联
  153. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  154. .EXE  OK. ["%1" %*]
  155. .COM  OK. ["%1" %*]
  156. .PIF  OK. ["%1" %*]
  157. .REG  OK. [regedit.exe "%1"]
  158. .BAT  OK. ["%1" %*]
  159. .SCR  OK. ["%1" /S]
  160. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  161. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
  162. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  163. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  164. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  165. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  166. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  167. ==================================
  168. Winsock 提供者
  169. N/A
  170. ==================================
  171. Autorun.inf
  172. N/A
  173. ==================================
  174. HOSTS 文件
  175. 127.0.0.1       localhost
  176. ==================================
  177. API HOOK
  178. 警告!System Repair Engineer 提醒
  179. 你下面的函数内容与预期值不符,他
  180. 们可能被一些恶意的软件所修改:
  181. RVA  错误: LoadLibraryA
  182. RVA  错误: LoadLibraryExA
  183. RVA  错误: LoadLibraryExW
  184. RVA  错误: LoadLibraryW
  185. ==================================
复制代码





请帮我看看有什么不对的地方
谢谢拉
回复

举报

++++++
 楼主| 发表于 2007-2-23 19:23:48 | 显示全部楼层
静静地期待高手的到来
回复

举报

wangjay1980
发表于 2007-2-23 20:49:37 | 显示全部楼层
看不出什么问题,如果你已经卸载了deamon tools就把[sptd / sptd][Running/Boot Start]  <\SystemRoot\System32\Drivers\sptd.sys><N/A>这个驱动删除吧
回复

举报

++++++
 楼主| 发表于 2007-2-24 14:26:51 | 显示全部楼层
看不出什么问题,如果你已经卸载了deamon tools就把[sptd / sptd][Running/Boot Start]  <\SystemRoot\System32\Drivers\sptd.sys><N/A>这个驱动删除吧


我用的是酒精
能删除吗?
回复

举报

jimmyleo
发表于 2007-2-24 15:20:30 | 显示全部楼层
这个是DAEMON TOOLS的防拷贝驱动 如果确认自己没装的话 删除
回复

举报

++++++
 楼主| 发表于 2007-2-25 15:02:30 | 显示全部楼层

谢谢你
回复

举报

DietCoke
发表于 2007-2-25 17:56:31 | 显示全部楼层
C:\WINDOWS\system32\SYNCOR11.DLL, 这个文件怎么会插入这么多进程?

如果把启动项SoundMAX 项去掉,看看,还是会插入这些进程?
回复

举报

wangjay1980
发表于 2007-2-25 20:43:40 | 显示全部楼层
SoundMAX虽然是个正常的软件,但是还是比较流氓的,插入了每一个进程
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-24 07:31 , Processed in 0.122333 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表