奇怪的注册表项是木马吗?!【求助】 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛奇怪的注册表项是木马吗?!【求助】

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

奇怪的注册表项是木马吗?!【求助】

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-09 16:44 \| 只看楼主短消息资料字号：小中大 11楼各位大侠多帮忙！（作打千状）
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山	发表于： 2005-11-09 16:45 \| 短消息资料字号：小中大 12楼啊~~~~~还在用98的系统
独孤豪侠横据古稀狮帖子:11896 注册: 2005-08-10 来自:花果山

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-09 16:46 \| 只看楼主短消息资料字号：小中大 13楼小黑们爱扫我机器的135端口，求助：怎么关闭？！
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-09 16:54 \| 只看楼主短消息资料字号：小中大 14楼 TCP0.0.0.0:1350.0.0.0:0LISTENING TCP0.0.0.0:19790.0.0.0:0LISTENING TCP10.4.168.53:1370.0.0.0:0LISTENING TCP10.4.168.53:1380.0.0.0:0LISTENING TCP10.4.168.53:1390.0.0.0:0LISTENING TCP127.0.0.1:10290.0.0.0:0LISTENING TCP127.0.0.1:10550.0.0.0:0LISTENING TCP0.0.0.0:11850.0.0.0:0LISTENING TCP10.4.168.53:1185219.238.233.238:80ESTABLISHED TCP0.0.0.0:11860.0.0.0:0LISTENING TCP0.0.0.0:11870.0.0.0:0LISTENING TCP10.4.168.53:1186219.238.233.252:80ESTABLISHED TCP10.4.168.53:1187218.17.247.25:80ESTABLISHED TCP0.0.0.0:11880.0.0.0:0LISTENING TCP10.4.168.53:1188219.238.233.249:80ESTABLISHED TCP0.0.0.0:11890.0.0.0:0LISTENING TCP10.4.168.53:1189219.238.233.252:80ESTABLISHED TCP0.0.0.0:11910.0.0.0:0LISTENING TCP10.4.168.53:1191219.133.38.144:80SYN_SENT UDP10.4.168.53:137: UDP10.4.168.53:138: UDP127.0.0.1:1055:
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-09 17:01 \| 只看楼主短消息资料字号：小中大 15楼以下是瑞星听诊器的扫描纪录：自启动项 HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run internat.exe = internat.exe TaskMonitor = D:\WINDOWS\taskmon.exe SystemTray = SysTray.Exe C-Media Mixer = D:\Program Files\PCI Audio Applications\Mixer.exe /startup RavTimer = D:\PROGRAM FILES\RISING\RAV\RavTimer.exe CCenter = d:\Program Files\Rising\Rav\CCenter.exe RavTray = d:\Program Files\Rising\Rav\RavTray.exe SKYNET Personal FireWall = D:\PROGRAM FILES\SKYNET\FIREWALL\PFW.EXE iparmor = C:\PROGRAM FILES\IPARMOR\IPARMOR.EXE mini HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\RunServices RavService = d:\Program Files\Rising\Rav\RavService.exe /service RavMon = d:\Program Files\Rising\Rav\RavMon.exe -system RavMond = d:\Program Files\Rising\Rav\RavMond.exe HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks shell32.dll = HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad WebCheck = D:\WINDOWS\SYSTEM\WEBCHECK.DLL HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler D:\WINDOWS\SYSTEM\BROWSEUI.DLL= Browseui 预加载程序 D:\WINDOWS\SYSTEM\BROWSEUI.DLL= 组件类别缓存程序 SYSTEM.INI BOOT SHELL Explorer.exe 其他相关项 HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> www.hao123.com/index3.htm HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main local page ----> http://www.jsing.net/index1.htm HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main SearchURL ----> http://www.jsing.net/index1.htm HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main search page ----> http://home.microsoft.com/intl/cn/access/allinone.asp HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main search bar ----> http://www.jsing.net/index1.htm HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> APIHookDll.dll HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main start page ----> www.hao123.com/index3.htm HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main search page ----> http://home.microsoft.com/intl/cn/access/allinone.asp 诊断信息 1 RAREXT.DLL 60% 您要搜索的 C:\PROGRAM FILES\WINRAR\RAREXT.DLL 2 NVDD32.DLL 60% 您要搜索的 D:\WINDOWS\SYSTEM\NVDD32.DLL 进程列表 D:\WINDOWS\SYSTEM\KERNEL32.DLL D:\WINDOWS\SYSTEM\MSGSRV32.EXE D:\WINDOWS\SYSTEM\MPREXE.EXE D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE D:\WINDOWS\SYSTEM\mmtask.tsk D:\WINDOWS\EXPLORER.EXE D:\WINDOWS\SYSTEM\RPCSS.EXE D:\WINDOWS\SYSTEM\INTERNAT.EXE D:\WINDOWS\TASKMON.EXE D:\WINDOWS\SYSTEM\SYSTRAY.EXE D:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE D:\PROGRAM FILES\RISING\RAV\RAVTIMER.EXE D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE D:\PROGRAM FILES\RISING\RAV\RAVTRAY.EXE D:\WINDOWS\SYSTEM\WMIEXE.EXE D:\WINDOWS\SYSTEM\DDHELP.EXE D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE F:\RISINGTOOLS\RAVDETECT.EXE 进程详细信息 D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB FOLDERS\MSONSEXT.DLL D:\WINDOWS\SYSTEM\DDHELP.EXE D:\WINDOWS\SYSTEM\NVDD32.DLL (made by NVidia Corporation) D:\WINDOWS\SYSTEM\NVARCH32.DLL (made by NVidia Corporation) D:\WINDOWS\EXPLORER.EXE D:\WINDOWS\SYSTEM\WINABC.IME (made by PKUETI) C:\PROGRAM FILES\WINRAR\RAREXT.DLL D:\PROGRAM FILES\RISING\RAV\RAVSERVICE.EXE D:\WINDOWS\SYSTEM\NETBIOS.DLL
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-09 18:23 \| 只看楼主短消息资料字号：小中大 16楼 help~help~help
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:	发表于： 2005-11-11 09:35 \| 只看楼主短消息资料字号：小中大 17楼高手们请进！！！
司马青衫初生襁褓狮帖子:13 注册: 2005-11-01 来自:

BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:	发表于： 2005-11-11 10:14 \| 短消息资料字号：小中大 18楼是的QQ是不是有QQ宠物啊
BlackStone 叱咤花甲狮帖子:2616 注册: 2005-09-27 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT