瑞星卡卡安全论坛技术交流区系统软件 SREng提示CreateProcessA和CreateProcessW被修改!求助(附日志)

1   1  /  1  页   跳转

SREng提示CreateProcessA和CreateProcessW被修改!求助(附日志)

收藏
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 14:08 | 显示全部 短消息 资料
字号: 1楼

SREng提示CreateProcessA和CreateProcessW被修改!求助(附日志)

[CODE]

2007-02-13,13:29:21

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe">  [Nero AG]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <exflashservice><"C:\Program Files\EPOX\EFS\EZ_FLASH_SERVICE.exe" "5000">  [N/A]
    <KvMonXP><"D:\KV2006\kvmonxp.kxp" /auto>  [Jiangmin Co.Ltd]
    <Jiangmin KVFW><D:\KV2006\KVFWMCL.exe -silent>  [Jiangmin Corp]
    <hwmdr><"C:\Program Files\EPOX\EPoX\EPTP\EPTP.EXE" "5000">  [N/A]
    <DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <360Safetray><D:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC][Running/Auto Start]
  <"D:\KV2006\KVwsc.exe"><Jiangmin Co.Ltd>
[NBService / NBService][Stopped/Manual Start]
  <D:\nero 7\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[d343bus / d343bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d343bus.sys><>
[d343port / d343port][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d343port.sys><>
[Network Fire Hydrant / HdFw_slot][Running/Auto Start]
  <\??\D:\KV2006\hdfw.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
  <\??\D:\KV2006\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall Service / KSysCall][Running/System Start]
  <\??\D:\KV2006\KSysCall.sys><Jiangmin Co. Ltd.>
[KVDriver for NT (KVDP) / KVDP][Running/Manual Start]
  <\??\D:\KV2006\KVDP.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Running/Manual Start]
  <\??\D:\KV2006\KvMemon.sys><Jiangmin Co. Ltd.>
[KVREDIR / KVREDIR][Running/Manual Start]
  <\??\D:\KV2006\KVREDIR.sys><Jiangmin Co. Ltd>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\tencent\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PProtect / PProtect][Running/System Start]
  <\??\D:\KV2006\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[U3sHlpDr / U3sHlpDr][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>
[V7 / V7][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\V7.SYS><IBM Corporation>
[WINFLASH / WINFLASH][Stopped/Manual Start]
  <\??\C:\Program Files\EPOX\Magic BIOS\WinFlash.sys><N/A>
[EPScanMemory / EPScanMemory][Running/Manual Start]
  <\??\C:\Program Files\EPOX\EPoX\EPTP\ScanMemory32.sys><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <D:\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, >
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <D:\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\Office\OFFICE11\EXCEL.EXE/3000, N/A>
最后编辑2007-02-15 14:40:26
分享到:
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 14:10 | 显示全部 短消息 资料
字号: 2楼

==================================
正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4140]
[PID: 632][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2503]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2503]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1284][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][D:\KV2006\KVSrvXP.exe]  [Jiangmin Co. Ltd, 9.2.0.50822]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
    [D:\KV2006\SvcSafe.dll]  [Jiangmin Co. Ltd, 9, 2, 0, 51107]
    [D:\KV2006\lang\SvcSafe0804.lng]  [N/A, N/A]
    [D:\KV2006\RegProt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 1212]
    [D:\KV2006\Scan.dll]  [Jiangmin Co., Ltd., 1.0.6.02040]
    [D:\KV2006\SHFOLDER.dll]  [Microsoft Corporation, 9.0.0.500]
    [D:\KV2006\FileGD.dll]  [Jiangmin Co.Ltd, 9.2.0.50809]
    [D:\KV2006\KVSPI.dll]  [Jiangmin Co. Ltd., 1.0.6.04270]
    [D:\KV2006\lang\KVSPI0804.lng]  [N/A, N/A]
    [D:\KV2006\ScanHost.dll]  [Jiangmin Co. Ltd, 9, 2, 0, 50822]
    [D:\KV2006\KVWPSet.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 60220]
    [D:\KV2006\EngPS.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 50817]
    [D:\KV2006\KVEnhS.dll]  [Jiangmin Co., Ltd., 9, 2, 6, 02040]
    [D:\KV2006\KVEnhJ.Dll]  [Jiangmin Co.Ltd, 9, 1, 0, 50822]
    [D:\KV2006\KVExtCab.dll]  [JiangMin Co. Ltd, 9, 2, 0, 50822]
    [D:\KV2006\KVExtEml.dll]  [Jiangmin Co. Ltd., 9, 2, 0, 51207]
    [D:\KV2006\lang\KVExtEml0804.lng]  [N/A, N/A]
    [D:\KV2006\KVExtLZH.dll]  [JiangMin Co. Ltd., 9, 2, 6, 0316]
    [D:\KV2006\KvExtRar.dll]  [JiangMin Co. Ltd., 9, 2, 6, 04020]
    [D:\KV2006\KvExtZip.dll]  [JiangMin Co Ltd., 9, 2, 0, 50822]
    [D:\KV2006\KVExtZ.dll]  [Jiangmin Co. Ltd, 9.2.0.503]
    [D:\KV2006\KVExtGz.dll]  [Jiangmin Co. Ltd, 9, 0, 0, 51031]
    [D:\KV2006\KVExtTar.dll]  [Jiangmin Co. Ltd, 9, 2, 0, 50822]
    [D:\KV2006\KVEnhK.Dll]  [Jiangmin Co.Ltd, 9, 1, 0, 51209]
    [D:\KV2006\Fix.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 51011]
    [D:\KV2006\KVCkMail.dll]  [N/A, N/A]
    [D:\KV2006\lang\PrivateCfg0804.lng]  [TODO: <Company name>, 1.0.0.1]
[PID: 1424][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [D:\Adobe\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\KV2006\KvShell.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 830]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
    [D:\KV2006\lang\KvXP0804.lng]  [N/A, N/A]
    [D:\KV2006\APIImpl.dll]  [JiangMin Ltd., 9.0.0.500]
    [D:\Adobe\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\KV2006\KVBHO.dll]  [Jiangmin Co.Ltd, 9.0.6.0113]
    [D:\KV2006\KVAddrDb.dll]  [Jiangmin Co.Ltd, 9, 0, 0, 1018]
[PID: 1460][D:\KV2006\KVwsc.exe]  [Jiangmin Co.Ltd, 9, 0, 5, 908]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\EngPS.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 50817]
    [D:\KV2006\EngFace.dll]  [Jiangmin Co.Ltd, 9.0.0.50809]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
[PID: 1480][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 1576][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
    [D:\KV2006\kvmonxp.kxp]  [Jiangmin Co.Ltd, 9, 2, 0, 60103]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
    [D:\KV2006\lang\KvXP0804.lng]  [N/A, N/A]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\GUIExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\KV2006\EngFace.dll]  [Jiangmin Co.Ltd, 9.0.0.50809]
    [D:\KV2006\EngPS.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 50817]
    [D:\KV2006\KvMemory.dll]  [Jiangmin Co. Ltd., 9, 0, 6, 0214]
    [D:\KV2006\KvOffice.dll]  [JiangMin New Tech., 9.0.0.1213]
    [D:\KV2006\lang\KVOffice0804.lng]  [N/A, N/A]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [D:\KV2006\PProtect.dll]  [Jiangmin Co. Ltd., 9.0.0.921]
[PID: 1848][D:\KV2006\KVFWMCL.exe]  [Jiangmin Corp, 9, 0, 6, 410]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\KV2006\KvfwUtl.dll]  [Jiangmin Corp, 9, 0, 6, 522]
    [D:\KV2006\Lang\KVFW0804.lng]  [N/A, 9, 0, 5, 1031]
    [D:\KV2006\GuiExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 2, 0, 60405]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1856][C:\Program Files\EPOX\EPoX\EPTP\EPTP.EXE]  [EPoX, 4.0.8.103]
    [C:\Program Files\EPOX\EPoX\EPTP\BMPSRC.DLL]  [EPoX Computer CO,. LTD., 1.0.0.3]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\EPOX\EPoX\EPTP\sfbep.dll]  [N/A, N/A]
    [C:\Program Files\EPOX\EPoX\EPTP\HWMDR.dll]  [EPoX Computer CO., LTD., 1.0.2.30]
    [C:\Program Files\EPOX\EPoX\EPTP\epscanmem.dll]  [N/A, N/A]
    [C:\Program Files\EPOX\EPoX\EPTP\epsf.dll]  [EPoX Computer CO., LTD., 1.1.12.72]
    [C:\Program Files\EPOX\EPoX\EPTP\EPGraph.dll]  [EPoX Computer CO,. LTD., 1.0.0.25]
    [C:\Program Files\EPOX\EPoX\EPTP\epunsydima.dll]  [EPoX, 4.0.2.51]
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 14:10 | 显示全部 短消息 资料
字号: 3楼

[PID: 1864][C:\Program Files\D-Tools\daemon.exe]  [DAEMON'S HOME, 3.43.0.0]
    [C:\WINDOWS\daemon.dll]  [N/A, 3.43.0.0]
    [C:\Program Files\D-Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]  [N/A, 1.0.1.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1884][D:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 1, 0, 1, 1003]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 3001]
    [D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 4, 1000]
[PID: 1892][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 52]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1900][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
[PID: 1908][C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll]  [Nero AG, 7,7,0, 10200]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 7, 11, 0]
[PID: 2000][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll]  [Nero AG, 4,6,15,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 7, 11, 0]
[PID: 544][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556][C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 7, 11, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 7, 11, 0]
[PID: 2072][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2464][D:\Program Files\监控软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1002]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告!System Repair Engineer 提醒
你下面的函数内容与预期值不符,他
们可能被一些恶意的软件所修改:
入口点错误:CreateProcessA
入口点错误:CreateProcessW

==================================


[/CODE]
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 16:23 | 显示全部 短消息 资料
字号: 4楼

请真正的高手看下!应该不是病毒或者木马导致的,不过函数真的不懂~
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 21:19 | 显示全部 短消息 资料
字号: 5楼

没有懂函数的高手愿意帮忙吗?
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-13 23:33 | 显示全部 短消息 资料
字号: 6楼

再顶下!
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-14 13:55 | 显示全部 短消息 资料
字号: 7楼

还是没人,继续顶
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-14 21:37 | 显示全部 短消息 资料
字号: 8楼

我晕,大哥,这是什么?我想了解的是我这个函数问题的来源和具体解决方法!不要那个,你给的那个我知道撒!不过还是谢谢帮顶下
gototop
 
mailliyang
头像
初生襁褓狮
  • 帖子:54
  • 注册: 2007-01-27
  • 来自:
发表于: 2007-02-15 14:49 | 显示全部 短消息 资料
字号: 9楼

高手回家过年了,我继续顶
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT