瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【讨论】大家帮我评论下我分析的扫描日志对不对?谢谢!
王八看绿豆 - 2007-7-30 17:44:00
因为我屡次粘帖之后就是发不上去帖子,只好发文本附件了.希望大家谅解.谢谢!

我认为有几个可疑的地方.
1.<QkOnBtn><C:\PROGRA~1\QBU\QkOnBtn.EXE>  [Dritek System Inc.]
2.    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Nod23 Service><nod23.exe>  [N/A]
    <startdrv><C:\WINDOWS\Temp\startdrv.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Nod23 Service><nod23.exe>  [N/A]
3.[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
4.[Check Point SecuRemote Service / SR_Service][Running/Auto Start]
  <"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"><Check Point Software Technologies>
[Check Point SecuRemote WatchDog / SR_WatchDog][Running/Auto Start]
  <"C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"><Check Point Software Technologies>
5.隐藏进程
    [784] C:\Program Files\Internet Explorer\IEXPLORE.EXE
目前首要的问题是,只要他联上网线,再跟我联Net meeting的时候就会蓝屏死机.


[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)


附件: 8293892007730173342.txt
1
查看完整版本: 【讨论】大家帮我评论下我分析的扫描日志对不对?谢谢!
© 2000 - 2026 Rising Corp. Ltd.