谁可以看明白SREng的日记帮帮我好吗~~谢谢您了

fanyu919

我今天下了1个叫做SREng的东西 运行以后报告出现API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02B25)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02D67)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02F0B)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02C49)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF3F02E8F)
上网查了下说是什么病毒和灰鸽子才用什么API HOOK

扫描日记在下面 各位老大帮帮我好吗 看看有什么错误好吗

fanyu919

[CODE]

2007-03-25,17:22:38

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <kis><"E:\安全软件\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <FY_FireWall><E:\安全软件\风云防火墙\FengYun\FYFireWall.exe>  [www.218.cc]
    <RunShadowTip><C:\windows\system32\Shadow\ShadowTip.exe>  [PowerShadow]
    <NvCplDaemon><RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <360Safetray><E:\安全软件\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><E:\安全软件\AVG\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <E:\安全软件\AVG\guard.exe><Anti-Malware Development a.s.>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"E:\安全软件\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Manual Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\windows\system32\nvsvc32.exe><NVIDIA Corporation>
[Shadow System Service / ShadowSystemService][Running/Auto Start]
  <C:\windows\system32\shadow\ShadowService.exe><N/A>

==================================
驱动程序
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[AEC6210 / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6210.sys><ACARD Technology Corp.>
[AEC6260 / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\asc.sys><Advanced System Products, Inc.>
[NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter / AtcL001][Running/Manual Start]
  <system32\DRIVERS\atl01_xp.sys><Attansic Technology corporation.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\E:\安全软件\AVG\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[buslogic / buslogic][Running/Boot Start]
  <\SystemRoot\System32\bird\buslogic.sys><Microsoft Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\BIRD\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Running/Boot Start]
  <\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[DMX3191 / DMX3191][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\DMX3191.sys><Microsoft Corporation>
[DMX3194 / DMX3194][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dmx3194.sys><Microsoft Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dptscsi.sys><Distributed Processing Technology Corp.>
[FASTSX / FASTSX][Running/Boot Start]
  <\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Running/Boot Start]
  <\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Running/Boot Start]
  <\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[fd16_700 / fd16_700][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fd16_700.sys><Microsoft Corporation>
[fireport / fireport][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fireport.sys><Microsoft Corporation>
[flashpnt / flashpnt][Running/Boot Start]
  <\SystemRoot\System32\BIRD\flashpnt.sys><Mylex,Corp.>
[FT8300 / FT8300][Running/Boot Start]
  <\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><N/A>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>
[IASTOR / IASTOR][Running/Boot Start]
  <\SystemRoot\System32\BIRD\iaStor.sys><Intel Corporation>
[IFT2000 / IFT2000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ift2000.sys><Infortrend Technology, Inc.>
[ini910u / ini910u][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\INIA100.sys><Initio corp.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\System32\BIRD\JRAID.SYS><JMicron Technology Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[KxTdifltDrv / KxTdifltDrv][Running/System Start]
  <\??\E:\安全软件\风云防火墙\FengYun\KxTdiDrv.sys><N/A>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5228.sys><ALi Corporation.>
[M5281 / M5281][Running/Boot Start]
  <\SystemRoot\System32\BIRD\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Running/Boot Start]
  <\SystemRoot\System32\BIRD\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Running/Boot Start]
  <\SystemRoot\System32\BIRD\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\mraid35x.sys><LSI Logic Corporation>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[mv614x / mv614x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mv614x.sys><N/A>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\nfrd960.sys><IBM Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
  <\SystemRoot\System32\BIRD\NVATABUS.SYS><NVIDIA Corporation>
[NVRAID / NVRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVRAID.SYS><NVIDIA Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\raidsrc.sys><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\rr232x.sys><HighPoint Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]

fanyu919

<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Running/Boot Start]
  <\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[SPTRAK / SPTRAK][Running/Boot Start]
  <\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Running/Boot Start]
  <\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\trm3x5.sys><Tekram Technology Co., Ltd.>
[ULSATA / ULSATA][Running/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[W2KADV / W2KADV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\wd7296a.sys><Western Digital Corporation>

==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安全软件\360safe\safemon\safemon.dll, >
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\安全软件\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\安全软件\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[使用迅雷下载]
  <F1910-F110-11D2-BB9E-00C04F795683}, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 632][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1964][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\Shadow\pDeskTop.dll]  [N/A, ]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
    [E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\安全软件\AVG\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [E:\安全软件\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, ]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\安全软件\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1784][E:\安全软件\风云防火墙\FengYun\FYFireWall.exe]  [www.218.cc, 1.2.0.191]
    [E:\安全软件\风云防火墙\FengYun\arpinfo.dll]  [N/A, ]
    [E:\安全软件\风云防火墙\FengYun\portinfo.dll]  [www.218.cc, 1.2.0.5]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
[PID: 1816][C:\windows\system32\Shadow\ShadowTip.exe]  [PowerShadow, 1, 0, 0, 1]
    [C:\windows\system32\Shadow\pDeskTop.dll]  [N/A, ]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
    [E:\安全软件\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 508][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
[PID: 3268][E:\安全软件\360safe\safemon\360Tray.exe]  [奇虎网, 3, 2, 0, 1001]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
    [E:\安全软件\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\安全软件\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 2, 0, 1001]
    [E:\安全软件\360safe\AntiAdwa.dll]  [360Safe.com, 3, 2, 0, 1001]
[PID: 1740][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\安全软件\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
    [E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\安全软件\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [E:\安全软件\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\安全软件\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\安全软件\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [E:\安全软件\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [e:\安全软件\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [e:\安全软件\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [e:\安全软件\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\windows\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\windows\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [e:\安全软件\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [e:\安全软件\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2104][C:\Documents and Settings\Administrator\桌面\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [E:\安全软件\风云防火墙\FengYun\fymon.dll]  [www.218.cc, 1.2.3.1]
    [E:\安全软件\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\安全软件\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02B25)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02D67)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02F0B)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF3F02C49)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: E:\安全软件\360safe\safemon\safemon.dll)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF3F02E8F)

==================================
隐藏进程
N/A

==================================


[/CODE]

pamier2001

大概看了看，没问题，那个API HOOK报错，是奇虎360弄的
楼主卡巴，风云，360，影子，想中毒也难啊

DJ

除了装了多一点之外,没有大的问题.

zea10t

原帖由 pamier2001 于 2007-3-25 17:47 发表
大概看了看，没问题，那个API HOOK报错，是奇虎360弄的
楼主卡巴，风云，360，影子，想中毒也难啊

还有SSM和AVG，楼主看来是安全局工作的。