未知病毒 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛瑞星产品区 瑞星在线杀毒/查毒[已关闭] 未知病毒

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		请移步新论坛反馈问题或参与讨论		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

未知病毒

7827717 初生襁褓狮帖子:1 注册: 2007-07-26 来自:	发表于： 2007-07-26 01:29 \| 只看楼主短消息资料字号：小中大 1楼未知病毒未知家族病毒分析扫描结果: 无可疑文件系统活动进程 C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL C:\PROGRAM FILES\RISING\RFW\RFWCTRL.DLL C:\PROGRAM FILES\RISING\RFW\RSXML.DLL C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\WINDOWS\SYSTEM32\SMSS.EXE C:\WINDOWS\SYSTEM32\CSRSS.EXE C:\WINDOWS\SYSTEM32\WINLOGON.EXE C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\SERVICES.EXE C:\WINDOWS\SYSTEM32\LSASS.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SOFTWAREDISTRIBUTION\SETUP\SERVICESTARTUP\WUPS2.DLL\7.0.6000.374\WUPS2.DLL C:\WINDOWS\SYSTEM32\SOFTWAREDISTRIBUTION\SETUP\SERVICESTARTUP\WUPS.DLL\7.0.6000.374\WUPS.DLL C:\WINDOWS\SYSTEM32\WUPS2.DLL C:\WINDOWS\SYSTEM32\ALG.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\WUAUCLT.EXE C:\WINDOWS\SYSTEM32\SOFTWAREDISTRIBUTION\SETUP\SERVICESTARTUP\WUPS2.DLL\7.0.6000.374\WUPS2.DLL C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM32\RAVEXT.DLL C:\WINDOWS\SYSTEM32\NVCPL.DLL C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\PROGRAM FILES\WINRAR\RAREXT.DLL C:\WINDOWS\SYSTEM32\AUDIODEV.DLL C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL C:\WINDOWS\SYSTEM32\SPOOLSV.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8.OCX C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\WUPS2.DLL C:\WINDOWS\SYSTEM32\SOFTWAREDISTRIBUTION\SETUP\SERVICESTARTUP\WUAPI.DLL\7.0.6000.374\WUAPI.DLL C:\WINDOWS\SYSTEM32\SOFTWAREDISTRIBUTION\SETUP\SERVICESTARTUP\WUPS.DLL\7.0.6000.374\WUPS.DLL C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\RASGUI.DLL C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\J5ZBD4TS\RSDETECT[1].EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL C:\WINDOWS\MSAGENT\AGENTSVR.EXE C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\PROGRAM FILES\RISING\ANTISPYWARE\IEPROT.DLL 普通自启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP runeip = "C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE" /STARTUP HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce KKDelay = C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNONCE.EXE HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = 系统文件关联 .exe ==> exefile = "%1" %* .com ==> comfile = "%1" %* .cmd ==> cmdfile = "%1" %* .bat ==> batfile = "%1" %* .txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1 .scr ==> scrfile = "%1" /S .reg ==> regfile = regedit.exe "%1" .doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde 其它启动项 WIN.INI 无信息 SYSTEM.INI SHELL = Explorer.exe SCRNSAVE.EXE = d:\Program Files\Herosoft\Hero 9\解霸屏保.SCR Winlogon 启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify crypt32chain = CRYPT32.DLL cryptnet = CRYPTNET.DLL cscdll = CSCDLL.DLL ScCertProp = WLNOTIFY.DLL Schedule = WLNOTIFY.DLL sclgntfy = SCLGNTFY.DLL SensLogn = WLNOTIFY.DLL termsrv = WLNOTIFY.DLL wlballoon = WLNOTIFY.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE, shell = EXPLORER.EXE IE - BHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {54EBD53A-9BC1-480B-966A-843A333CA162} = d:\Program Files\Tencent\QQ\QQIEHelper.dll Winsock SPI MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL MSAFD NetBIOS [\Device\ CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235} CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS 文件驱动 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS 系统驱动项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services a320raid = C:\WINDOWS\SYSTEM32\DRIVERS\A320RAID.SYS AAC = C:\WINDOWS\SYSTEM32\DRIVERS\AAC.SYS aar1210 = C:\WINDOWS\SYSTEM32\DRIVERS\AAR1210.SYS abp480n5 = C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS adpu160m = C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS adpu320 = C:\WINDOWS\SYSTEM32\DRIVERS\ADPU320.SYS aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS aec6210 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6210.SYS aec6260 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6260.SYS aec6280 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6280.SYS AEC6290 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6290.SYS AEC67160 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC67160.SYS AEC671X = C:\WINDOWS\SYSTEM32\DRIVERS\AEC671X.SYS AEC6880 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6880.SYS AEC6890 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC6890.SYS aec68x5 = C:\WINDOWS\SYSTEM32\DRIVERS\AEC68X5.SYS AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS Aha154x = C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS aic78u2 = C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS aic78xx = C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS ALCXWDM = C:\WINDOWS\SYSTEM32\DRIVERS\ALCXWDM.SYS AliIde = C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS AmdK6 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK6.SYS AmdK7 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK7.SYS AmdK8 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK8.SYS amsint = C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS arc = C:\WINDOWS\SYSTEM32\DRIVERS\ARC.SYS Arp1394 = C:\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS asc = C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS asc3550 = C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS symc810 = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS symc8xx = C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS SYMMPI = C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS sym_hi = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS sym_u3 = C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS TosIde = C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS UlSata = C:\WINDOWS\SYSTEM32\DRIVERS\ULSATA.SYS ULSATAS = C:\WINDOWS\SYSTEM32\DRIVERS\ULSATAS.SYS ultra = C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS usbehci = vmscsi = C:\WINDOWS\SYSTEM32\DRIVERS\VMSCSI.SYí ÓYÍ`bbs.ikaka.comzþA´:P2½? 2007-07-26 13:06:57
7827717 初生襁褓狮帖子:1 注册: 2007-07-26 来自:	分享到：

zengjie5927 版主帖子:7974 注册: 2006-01-22 来自:	发表于： 2007-07-26 13:17 \| 短消息资料字号：小中大 2楼建议用卡卡上网助手扫描把日志发到日志求助版块!í ÓYÍ`bbs.ikaka.comzþA´:P2½?
zengjie5927 版主帖子:7974 注册: 2006-01-22 来自:

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT