瑞星卡卡安全论坛技术交流区系统软件 SREng.EXE说有个可疑进程 帮忙看下

1   1  /  1  页   跳转

SREng.EXE说有个可疑进程 帮忙看下

收藏
osnbabw
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-03-27
  • 来自:
发表于: 2007-04-10 20:10 | 只看楼主 短消息 资料
字号: 1楼

SREng.EXE说有个可疑进程 帮忙看下

之前不知道中了是没病毒  直接用瑞星全盘杀了  杀了14个
开SREng.EXE说有个可疑进程  帮忙看下  瑞星说没
[CODE]

2007-04-10,19:46:07

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <igfxhkcmd><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <upxdnd><C:\DOCUME~1\TT\LOCALS~1\Temp\upxdnd.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\TT\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[48701 / 48701][Stopped/Manual Start]
  <\\219.131.58.33\c$\windows\system32\eraseme_15663.exe><N/A>
[Alerter  / Alerter ][Stopped/Auto Start]
  <C:\WINDOWS\save.com.cn.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Uninterruptible Power Suppay / Uninterruptible][Running/Auto Start]
  <c:\windows\Config\svchost.exe><N/A>
[windows server / windows server][Stopped/Auto Start]
  <C:\WINDOWS\haha.exe><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><N/A>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[559093 / 559093][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\559093.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Conexant AMC Audio / CAMCAUD][Running/Manual Start]
  <system32\drivers\camcaud.sys><Conexant Systems Inc.>
[CAMCHALA / CAMCHALA][Running/Manual Start]
  <system32\drivers\camchal.sys><Conexant Systems Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\d:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51][Stopped/Manual Start]
  <system32\DRIVERS\w22n51.sys><Intel? Corporation>
[Sony Ericsson W800 driver (WDM) / w800bus][Stopped/Manual Start]
  <system32\DRIVERS\w800bus.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Filter / w800mdfl][Stopped/Manual Start]
  <system32\DRIVERS\w800mdfl.sys><MCCI>
[Sony Ericsson W800 USB WMC Modem Drivers / w800mdm][Stopped/Manual Start]
  <system32\DRIVERS\w800mdm.sys><MCCI>
[Sony Ericsson W800 USB WMC Device Management Drivers / w800mgmt][Stopped/Manual Start]
  <system32\DRIVERS\w800mgmt.sys><MCCI>
[Sony Ericsson W800 USB WMC OBEX Interface Drivers / w800obex][Stopped/Manual Start]
  <system32\DRIVERS\w800obex.sys><MCCI>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>

==================================
浏览器加载项
N/A
最后编辑2007-04-10 22:27:25.873000000
分享到:
gototop
 
osnbabw
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-03-27
  • 来自:
发表于: 2007-04-10 20:10 | 只看楼主 短消息 资料
字号: 2楼


==================================
正在运行的进程
[PID: 408][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\Program Files\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [D:\Program Files\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\PROGRA~1\3721\木马助手\contmenu.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
[PID: 1196][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3536]
[PID: 1692][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3904][d:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe]  [Gabest, 6, 4, 9, 0]
    [d:\Program Files\Ringz Studio\Storm Codec\stormupd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\imaadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msg711.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msgsm32.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINDOWS\system32\tsd32.dll]  [, ]
    [C:\WINDOWS\system32\msg723.acm]  [Microsoft Corporation, 4.4.3400]
    [C:\WINDOWS\system32\msaud32.acm]  [Microsoft Corporation, 8.00.00.4487]
    [C:\WINDOWS\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 3.02]
    [C:\WINDOWS\system32\iac25_32.ax]  [Intel Corporation, 2.05.53]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\system32\vct3216.acm]  [Voxware, Inc., 1.6.0.17]
    [C:\WINDOWS\system32\vct3216.dll]  [Voxware, Inc., 1.6.0.12]
    [C:\WINDOWS\system32\msms001.vwp]  [Voxware, Inc., 2.0.2.61]
    [C:\WINDOWS\system32\mvoice.vwp]  [Voxware, Inc., 2.0.0.12.01]
    [C:\WINDOWS\system32\vorbis.acm]  [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\KuGoo3\OggSplitter.dll]  [RadLight, 1.0.0.2]
    [D:\Program Files\KuGoo3\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
    [D:\Program Files\KuGoo3\mp3parse.dll]  [ , 1, 0, 2, 1]
    [C:\WINDOWS\system32\mpg2splt.ax]  [, ]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\ff_liba52.dll]  [N/A, ]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\atidvdv.ax]  [CyberLink Corp., 6.0.1625 ]
    [C:\WINDOWS\system32\IGFXEXPS.DLL]  [Intel Corporation, 3.0.0.4497]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll]  [N/A, ]
    [d:\Program Files\Ringz Studio\Storm Codec\Codecs\Vid1Dec.dll]  [N/A, ]
[PID: 4088][C:\WINDOWS\system32\igfxext.exe]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\IGFXEXPS.DLL]  [Intel Corporation, 3.0.0.4497]
[PID: 3484][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4497]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4497]
[PID: 1900][D:\Program Files\金山词霸 2005\xdict.exe]  [Kingsoft Co, Ltd., 8, 5, 0, 0]
    [D:\Program Files\金山词霸 2005\DicMngr.dll]  [Kingsoft, 1, 0, 0, 0]
    [D:\Program Files\金山词霸 2005\doshow.dll]  [N/A, ]
    [D:\Program Files\金山词霸 2005\ITextOut.dll]  [Kingsoft, 1, 1, 0, 0]
    [D:\Program Files\金山词霸 2005\KPic10.dll]  [N/A, ]
    [D:\Program Files\金山词霸 2005\ijl11.dll]  [Intel Corporation, 1.1.2]
    [D:\Program Files\金山词霸 2005\NormGrab.DLL]  [Kingsoft Co, Ltd., 6, 0, 0, 0]
    [D:\Program Files\金山词霸 2005\toTTSEngine50.dll]  [Kingsoft Corporation, 1, 0, 0, 1]
    [D:\Program Files\金山词霸 2005\xfile.dll]  [N/A, ]
    [D:\Program Files\金山词霸 2005\DBCore10.dll]  [Kingsoft  Corp., 1, 0, 0, 0]
    [D:\Program Files\金山词霸 2005\XdictGrb.dll]  [Kingsoft Co, Ltd., 8, 5, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2828][F:\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
    [224] C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================================


[/CODE]
gototop
 
超级游戏迷
头像
卡卡技术团队
  • 帖子:25779
  • 注册: 2007-01-14
  • 来自:
卡卡名人堂论坛9周年纪念瑞星金牌用户
发表于: 2007-04-10 22:27 | 短消息 资料
字号: 3楼

<upxdnd><C:\DOCUME~1\TT\LOCALS~1\Temp\upxdnd.exe> []
一眼就看到这个。请到毒区置顶帖找“**木马群,专杀整合”的帖子!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT