失望于2007 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛失望于2007

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 4 页

跳转页

失望于2007

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:12 \| 只看楼主短消息资料字号：小中大 11楼这个内容如何？瑞星听诊信息：未知家族病毒分析扫描结果: D:\WINDOWS\system\conime.exe --> 与 Backdoor.Gpigeon.Key 42%相似. 系统活动进程 D:\PROGRAM FILES\RISING\RAV1\RAVTASK.EXE D:\PROGRAM FILES\RISING\RAV1\RAVMON.EXE D:\WINDOWS\SYSTEM32\SMSS.EXE D:\WINDOWS\SYSTEM32\CSRSS.EXE D:\WINDOWS\SYSTEM32\WINLOGON.EXE D:\WINDOWS\SYSTEM32\SERVICES.EXE D:\WINDOWS\SYSTEM32\LSASS.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\PROGRAM FILES\RISING\RAV1\CCENTER.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\WINDOWS\EXPLORER.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\RAV\RSDETECT2006-03-15.EXE D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\WINDOWS\SYSTEM32\SPOOLSV.EXE D:\WINDOWS\SYSTEM32\MSDTC.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\WINDOWS\SYSTEM32\SVCHOST.EXE D:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE D:\WINDOWS\SYSTEM32\DFSSVC.EXE D:\TEM\VRV2005\VRV2005\VRV2005\VRVMON.EXE D:\WINDOWS\SYSTEM\CONIME.EXE D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 普通自启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xysecond = D:\TEM\VRV2005\VRV2005\VRV2005\VRVMON.EXE RavTask = "D:\PROGRAM FILES\RISING\RAV1\RAVTASK.EXE" -SYSTEM 系统文件关联 .exe ==> exefile = "%1" %* .com ==> comfile = "%1" %* .cmd ==> cmdfile = "%1" %* .bat ==> batfile = "%1" %* .txt ==> txtfile = notepad.exe %1 .scr ==> scrfile = "%1" /S .reg ==> regfile = regedit.exe %1 .doc ==> WINWORD.exe = D:\OFFICE2003\Office\WINWORD.exe %1 其它启动项 WIN.INI 无信息 SYSTEM.INI SHELL = Explorer.exe SCRNSAVE.EXE = D:\WINDOWS\system32\logon.scr Winlogon 启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify crypt32chain = CRYPT32.DLL cryptnet = CRYPTNET.DLL cscdll = CSCDLL.DLL ScCertProp = WLNOTIFY.DLL Schedule = WLNOTIFY.DLL sclgntfy = SCLGNTFY.DLL SensLogn = WLNOTIFY.DLL termsrv = WLNOTIFY.DLL wlballoon = WLNOTIFY.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = D:\WINDOWS\SYSTEM32\USERINIT.EXE shell = EXPLORER.EXE IE - BHO Winsock SPI MSAFD Tcpip [TCP/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [UDP/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [RAW/IP] = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL RSVP UDP Service Provider = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL RSVP TCP Service Provider = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{46FE3122-F21D-44E2-939B-7CA1F139D112}] SEQPACKET 0 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{46FE3122-F21D-44E2-939B-7CA1F139D112}] DATAGRAM 0 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{39581E09-81B8-4164-9FF4-31B7E8D496A8}] SEQPACKET 1 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{39581E09-81B8-4164-9FF4-31B7E8D496A8}] DATAGRAM 1 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{474C78AD-FCF7-479B-AF1C-6D35825F5CF3}] SEQPACKET 2 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{474C78AD-FCF7-479B-AF1C-6D35825F5CF3}] DATAGRAM 2 = D:\WINDOWS\SYSTEM32\MSWSOCK.DLL 系统服务项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Alerter = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE ALG = D:\WINDOWS\SYSTEM32\ALG.EXE AppMgmt = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS AudioSrv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS BITS = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Browser = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS CiSvc = D:\WINDOWS\SYSTEM32\CISVC.EXE ClipSrv = D:\WINDOWS\SYSTEM32\CLIPSRV.EXE COMSysApp = D:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235} CryptSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Dfs = D:\WINDOWS\SYSTEM32\DFSSVC.EXE Dhcp = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE dmadmin = D:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM dmserver = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Dnscache = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE ERSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WINERR Eventlog = D:\WINDOWS\SYSTEM32\SERVICES.EXE EventSystem = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS helpsvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS HidServ = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS HTTPFilter = D:\WINDOWS\SYSTEM32\LSASS.EXE ImapiService = D:\WINDOWS\SYSTEM32\IMAPI.EXE IsmServ = D:\WINDOWS\SYSTEM32\ISMSERV.EXE kdc = D:\WINDOWS\SYSTEM32\LSASS.EXE lanmanserver = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS lanmanworkstation = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS LicenseService = D:\WINDOWS\SYSTEM32\LLSSRV.EXE LmHosts = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE Messenger = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS mnmsrvc = D:\WINDOWS\SYSTEM32\MNMSRVC.EXE MSDTC = D:\WINDOWS\SYSTEM32\MSDTC.EXE MSIServer = D:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V NetDDE = D:\WINDOWS\SYSTEM32\NETDDE.EXE NetDDEdsdm = D:\WINDOWS\SYSTEM32\NETDDE.EXE Netlogon = D:\WINDOWS\SYSTEM32\LSASS.EXE Netman = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Nla = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS NtFrs = D:\WINDOWS\SYSTEM32\NTFRS.EXE NtLmSsp = D:\WINDOWS\SYSTEM32\LSASS.EXE NtmsSvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS PlugPlay = D:\WINDOWS\SYSTEM32\SERVICES.EXE PolicyAgent = D:\WINDOWS\SYSTEM32\LSASS.EXE ProtectedStorage = D:\WINDOWS\SYSTEM32\LSASS.EXE RasAuto = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RasMan = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RDSessMgr = D:\WINDOWS\SYSTEM32\SESSMGR.EXE RemoteAccess = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS RemoteRegistry = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K REGSVC RpcLocator = D:\WINDOWS\SYSTEM32\LOCATOR.EXE RpcSs = D:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS RsCCenter = "D:\PROGRAM FILES\RISING\RAV1\CCENTER.EXE" RSoPProv = D:\WINDOWS\SYSTEM32\RSOPPROV.EXE RsRavMon = "D:\PROGRAM FILES\RISING\RAV1\RAVMOND.EXE" sacsvr = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SamSs = D:\WINDOWS\SYSTEM32\LSASS.EXE SCardSvr = D:\WINDOWS\SYSTEM32\SCARDSVR.EXE Schedule = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS seclogon = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SENS = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SharedAccess = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS ShellHWDetection = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Spooler = D:\WINDOWS\SYSTEM32\SPOOLSV.EXE stisvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC swprv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K SWPRV SysmonLog = D:\WINDOWS\SYSTEM32\SMLOGSVC.EXE TapiSrv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K TAPISRV TermService = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K TERMSVCS Themes = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS TlntSvr = D:\WINDOWS\SYSTEM32\TLNTSVR.EXE TrkSvr = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS TrkWks = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Tssdis = D:\WINDOWS\SYSTEM32\TSSDIS.EXE uploadmgr = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS UPS = D:\WINDOWS\SYSTEM32\UPS.EXE vds = D:\WINDOWS\SYSTEM32\VDS.EXE VSS = D:\WINDOWS\SYSTEM32\VSSVC.EXE W32Time = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WebClient = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE WinDHCPsvc = D:\WINDOWS\SYSTEM32\RUNDLL32.EXE WINDHCP.OCX,START WinHttpAutoProxySvc = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE winmgmt = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WmdmPmSN = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Wmi = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WmiApSrv = D:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE wuauserv = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WZCSVC = D:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS 文件驱动 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services DfsDriver = D:\WINDOWS\SYSTEM32\DRIVERS\DFS.SYS MRxDAV = D:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRxSmb = D:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS NetBIOS = D:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS Rdbss = D:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS Srv = D:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:12 \| 只看楼主短消息资料字号：小中大 12楼系统驱动项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services ACPI = D:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS AFD = D:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS AsyncMac = D:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS atapi = D:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS ati2mpad = D:\WINDOWS\SYSTEM32\DRIVERS\ATI2MPAD.SYS Atmarpc = D:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS audstub = D:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS BaseTDI = D:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS Cdrom = D:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS ClusDisk = D:\WINDOWS\SYSTEM32\DRIVERS\CLUSDISK.SYS crcdisk = D:\WINDOWS\SYSTEM32\DRIVERS\CRCDISK.SYS Disk = D:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS dmboot = D:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS dmio = D:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS dmload = D:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS E1000 = D:\WINDOWS\SYSTEM32\DRIVERS\E1000325.SYS ExpScaner = D:\PROGRAM FILES\RISING\RAV1\EXPSCAN.SYS Fdc = D:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS FsVga = D:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS Ftdisk = D:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS Gpc = D:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS HookCont = D:\PROGRAM FILES\RISING\RAV1\HOOKCONT.SYS HookReg = D:\PROGRAM FILES\RISING\RAV1\HOOKREG.SYS HookSys = D:\PROGRAM FILES\RISING\RAV1\HOOKSYS.SYS HTTP = D:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS i8042prt = D:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS imapi = D:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS IpFilterDriver = D:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS IpInIp = D:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS IpNat = D:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS IPSec = D:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS isapnp = D:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS Kbdclass = D:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS MediaDrver = D:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\YPOCALLH.SYS MEMSCAN = D:\PROGRAM FILES\RISING\RAV1\MEMSCAN.SYS Mouclass = D:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS NdisTapi = D:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS Ndisuio = D:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS NdisWan = D:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS NetBT = D:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS NPF = D:\WINDOWS\SYSTEM32\DRIVERS\NPF.SYS Parport = D:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS Parvdm = D:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS PCI = D:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS PCIIde = D:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS PptpMiniport = D:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS Processor = D:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS Ptilink = D:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS RasAcd = D:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS Rasl2tp = D:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS RasPppoe = D:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS Raspti = D:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS RDPCDD = D:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS rdpdr = D:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS redbook = D:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS RsNTGDI = D:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS RSPPSYS = D:\PROGRAM FILES\RISING\RAV1\RSPPSYS.SYS ScsiPort = D:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS Secdrv = D:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS serenum = D:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS Serial = D:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS SONYPVU1 = D:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS SVKP = D:\WINDOWS\SYSTEM32\SVKP.SYS swenum = D:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS symmpi = D:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS Tcpip = D:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS TermDD = D:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS Update = D:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS usbhub = D:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS usbohci = D:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS USBSTOR = D:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS VgaSave = D:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS VolSnap = D:\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS Wanarp = D:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS WLBS = D:\WINDOWS\SYSTEM32\DRIVERS\WLBS.SYS xyantivirus = D:\TEM\VRV2005\VRV2005\VRV2005\FILEMON.SYS
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:15 \| 只看楼主短消息资料字号：小中大 13楼 CODE] 2006-12-30,13:03:08 System Repair Engineer 2.3.13.690 Smallfrogs (http://www.KZTechs.com) Windows Server 2003 Enterprise Edition (Build 3790) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <xysecond><D:\tem\VRV2005\VRV2005\vrv2005\vrvmon.exe> [vrv] <RavTask><"D:\Program Files\Rising\Rav1\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><D:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><235780M.BMP> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><D:\WINDOWS\system32\bdscheca100.dll> [N/A] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <csrss><; D:\WINDOWS\csrss.exe> [N/A] <System><; D:\Program Files\Common Files\System\Updaterun.exe> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <Windows installer><; C:\winstall.exe> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <{202718E6-0957-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0957-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A] <{202718E6-0958-2052-1008-030207290056}><; "D:\Program Files\Common Files\{202718E6-0958-2052-1008-030207290056}\Update.exe" te-110-12-0000175> [N/A] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"D:\Program Files\Rising\Rav1\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [RsRavMon Service / RsRavMon][Stopped/Auto Start] <"D:\Program Files\Rising\Rav1\Ravmond.exe"><N/A> [Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start] <D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation> ================================== 驱动程序 [ati2mpad / ati2mpad][Running/Manual Start] <system32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.> [BaseTDI / BaseTDI][Running/Auto Start] <\??\D:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.> [Intel(R) PRO/1000 Device Driver / E1000][Running/Manual Start] <system32\DRIVERS\e1000325.sys><Intel Corporation> [ExpScaner / ExpScaner][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\ExpScan.sys><> [HookCont / HookCont][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\HOOKCONT.sys><Rising> [HookReg / HookReg][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\HookReg.sys><> [HookSys / HookSys][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\HookSys.sys><Rising> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] <system32\DRIVERS\ipinip.sys><N/A> [MicroSoft Media Services / MediaDrver][Stopped/Manual Start] <\??\D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\YpOCalLH.sys><N/A> [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\MEMSCAN.sys><瑞星软件有限公司> [Netgroup Packet Filter / NPF][Stopped/Manual Start] <system32\DRIVERS\npf.sys><CACE Technologies> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\D:\Program Files\Rising\Rav1\RSPPSYS.sys><Rising> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation> [SVKP / SVKP][Running/Auto Start] <\??\D:\WINDOWS\system32\SVKP.sys><AntiCracking> [symmpi / symmpi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\symmpi.sys><LSI Logic> [xyfilemon / xyantivirus][Running/Auto Start] <\??\D:\tem\VRV2005\VRV2005\vrv2005\filemon.sys><BXY> ================================== 浏览器加载项 [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [上传到QQ网络硬盘] <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [添加到QQ自定义面板] <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [添加到QQ表情] <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用QQ彩信发送该图片] <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A> ================================== 正在运行的进程 [PID: 404][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 464][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 488][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 540][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 552][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 748][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 796][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 916][D:\Program Files\Rising\Rav1\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 980][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1080][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1120][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1344][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1380][D:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1492][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [PID: 1568][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 1912][D:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [PID: 2044][D:\tem\VRV2005\VRV2005\vrv2005\vrvmon.exe] [vrv, 1, 0, 0, 1] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\tem\VRV2005\VRV2005\vrv2005\vrvmonsc.dll] [BeiXinYuan, 1, 0, 0, 1] [D:\tem\VRV2005\VRV2005\vrv2005\vrvcfg.dll] [N/A, N/A] [D:\tem\VRV2005\VRV2005\vrv2005\vrvdll.dll] [N/A, N/A] [D:\tem\VRV2005\VRV2005\vrv2005\UNARJ.dll] [N/A, N/A] [D:\tem\VRV2005\VRV2005\vrv2005\UNZIP.dll] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [PID: 216][D:\Program Files\Rising\Rav1\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\Program Files\Rising\Rav1\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav1\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav1\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav1\RsCommX.dll] [rising, 18, 0, 0, 1]
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:15 \| 只看楼主短消息资料字号：小中大 14楼 [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [PID: 340][D:\Program Files\Rising\Rav1\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36] [D:\Program Files\Rising\Rav1\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28] [D:\Program Files\Rising\Rav1\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\Program Files\Rising\Rav1\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2] [D:\Program Files\Rising\Rav1\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13] [D:\Program Files\Rising\Rav1\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [D:\Program Files\Rising\Rav1\RsCommX.dll] [rising, 18, 0, 0, 1] [D:\Program Files\Rising\Rav1\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [D:\Program Files\Rising\Rav1\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [PID: 1044][D:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] [D:\winrar\rarext.dll] [N/A, N/A] [D:\Program Files\Rising\Rav1\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 1616][D:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [PID: 804][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [D:\Program Files\Rising\Rav1\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [D:\WINDOWS\system32\001836F9.IME] [LongWen Corporation, 3.8.200] [D:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)] [PID: 2772][D:\WINDOWS\system\conime.exe] [N/A, N/A] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [PID: 3912][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [D:\Program Files\Rising\Rav1\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [D:\WINDOWS\system32\001836F9.IME] [LongWen Corporation, 3.8.200] [PID: 1316][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] [D:\Program Files\Rising\Rav1\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] [D:\WINDOWS\system32\001836F9.IME] [LongWen Corporation, 3.8.200] [D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [PID: 2172][D:\RAV\SRENG\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [D:\WINDOWS\235780M.BMP] [N/A, N/A] [D:\WINDOWS\system32\windhcp.ocx] [N/A, N/A] [D:\WINDOWS\system32\bdscheca100.dll] [N/A, N/A] ================================== 文件关联 .TXT Error. [notepad.exe %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG Error. [regedit.exe %1] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM Error. [D:\WINDOWS\hh.exe %1] .HLP Error. [D:\WINDOWS\winhlp32.exe %1] .INI Error. [notepad.exe %1] .INF Error. [D:\WINDOWS\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== API HOOK N/A ================================== [/CODE]
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:18 \| 只看楼主短消息资料字号：小中大 15楼这是进程中的那个图片。附件: 文件名:34650520061230130905.BMP 下载次数:153 文件类型:application/octet-stream 文件大小: 上传时间:2006-12-30 13:18:04 描述:
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:20 \| 只看楼主短消息资料字号：小中大 16楼该图片名为235780M.BMP，属性HS，64K大小。打开后无任何反应。在网上发了，你看也不显示图片。现在一些家伙把EXE等文件捆绑图片之中，只留图片的文件头，而且可以执行，真是可恶。
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:46 \| 只看楼主短消息资料字号：小中大 17楼？怎么没答案？
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 13:52 \| 只看楼主短消息资料字号：小中大 18楼 ???已有扫描结果，为何没有答案？
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 14:42 \| 只看楼主短消息资料字号：小中大 19楼？？？
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:	发表于： 2006-12-30 15:01 \| 只看楼主短消息资料字号：小中大 20楼怎么没人回答一下
小呀小顽童快乐黄口狮帖子:172 注册: 2004-08-07 来自:

<<上一主题|下一主题>>

2 / 4 页

跳转页

页面顶部

Powered by Discuz!NT