瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 防火墙已经把我弄晕高手看看防火墙显示的灰鸽子正确不(日志补上了在线等待)

12   2  /  2  页   跳转

防火墙已经把我弄晕高手看看防火墙显示的灰鸽子正确不(日志补上了在线等待)

收藏
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-31 23:25 | 只看楼主 短消息 资料
字号: 11楼

大家帮忙看下上面的日志哦 谢谢 还有这个图
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-31 23:25 | 只看楼主 短消息 资料
字号: 12楼

我顶
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-31 23:28 | 只看楼主 短消息 资料
字号: 13楼

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimer(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main Program(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ SpybotSD TeaTimerSystem settings protector(已核实) Safer Networking Ltd.c:\program files\spybot - search & destroy\teatimer.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Classes\Protocols\Filter

HKLM\SOFTWARE\Classes\Protocols\Handler

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0文件未找到: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext Module(未核实) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL Extension文件未找到: deskpan.dll

+ RISINGRising Shell Ext Module(未核实) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

HKLM\Software\Microsoft\Internet Explorer\Toolbar

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Extensions

HKLM\Software\Microsoft\Internet Explorer\Extensions

Task Scheduler

HKLM\System\CurrentControlSet\Services

+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe

+ RfwServiceRising Personal FireWall Service(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenter(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMond(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ AliIde文件未找到: System32\DRIVERS\aliide.sys

+ BaseTDIbasetdi(未核实) Beijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ HookContHookCont(未核实) Risingc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksys(未核实) Risingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrl(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ MegaIDELSI MegaRAID IDE Driver(未核实) LSI Logic Corporation.c:\windows\system32\drivers\megaide.sys

+ MEMSCANMemScan Driver(未核实) 瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sys(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ RsFwDrvnt_fwdrv(未核实) Beijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKLM\Software\Microsoft\Command Processor\Autorun

HKCU\Software\Microsoft\Command Processor\Autorun

HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

HKCU\Control Panel\Desktop\Scrnsave.exe

HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor文件未找到: cnbjmon.dll

+ PJL Language Monitor文件未找到: pjlmon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

是不是隐藏有薇软签名的项目啊?不知道做的对不对
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-31 23:39 | 只看楼主 短消息 资料
字号: 14楼

还没人来哦?
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-08-31 23:45 | 只看楼主 短消息 资料
字号: 15楼

来人啊
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-09-01 00:02 | 只看楼主 短消息 资料
字号: 16楼

来人哦谢谢
gototop
 
失去你的日子
头像
初生襁褓狮
  • 帖子:86
  • 注册: 2006-08-27
  • 来自:
发表于: 2006-09-01 01:07 | 只看楼主 短消息 资料
字号: 17楼

有人么
gototop
 
mopery
头像
卡卡技术团队
  • 帖子:17737
  • 注册: 2005-12-06
  • 来自:New York
卡卡名人堂论坛9周年纪念
发表于: 2006-09-01 09:57 | 短消息 资料
字号: 18楼

清空IE临时文件夹..

没发现灰鸽子..

附件附件:

下载次数:110
文件类型:image/pjpeg
文件大小:
上传时间:2006-9-1 9:57:28
描述:
gototop
 
闪电风暴
头像
特邀体验者
  • 帖子:5462
  • 注册: 2005-01-12
  • 来自:0GiNr
发表于: 2006-09-01 20:04 | 短消息 资料
字号: 19楼

非正常的AUTORUNS日志
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT