瑞星卡卡安全论坛技术交流区可疑文件交流 将可疑文件上报给瑞星官方分析的途径

12345   2  /  5  页   跳转

将可疑文件上报给瑞星官方分析的途径

回复:将可疑文件上报给瑞星官方分析的途径

I SEE

gototop
 

可疑文件

各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2008-08-03  15:01:12
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1022.48MB - 当前可用内存:591.99MB

100 - 未知 - Process: rfwstub.exe [Rising Personal FireWall Service Rfwstub ] - c:\program files\rising\rfw\rfwstub.exe
100 - 未知 - Process: QQ.exe [] -
100 - 未知 - Process: TXPlatform.exe [Tencent Instant Messaging Platform] - D:\Program Files\Tencent\QQ\TXPlatform.exe
100 - 未知 - Process: Maxthon.exe [Maxthon Browser] - C:\Program Files\Maxthon2\Maxthon.exe
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - D:\Program Files\StormII\stormliv.exe /asservice - (not running)
O30 - 未知 - HKCU\..\Desktop: [Scrnsave.exe] [] C:\WINDOWS\system32\梦幻水~1.SCR

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - C:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: RavMonD.exe [瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\ravmond.exe
100 - 安全 - Process: rfwsrv.exe [瑞星出品的防火墙程序,用于抵御黑客攻击。] - c:\program files\rising\rfw\rfwsrv.exe
100 - 安全 - Process: rfwProxy.exe [瑞星防火墙相关进程。] - c:\program files\rising\rfw\rfwproxy.exe
100 - 安全 - Process: RavStub.exe [瑞星出品的杀毒软件相关程序。] - C:\PROGRAM FILES\RISING\RAV\RavStub.exe
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: p2psvr.exe [搜狗下载加速器。] - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: rfwmain.exe [瑞星公司出品的瑞星杀毒软件个人防火墙程序,用于抵御黑客攻击。] - c:\program files\rising\rfw\RfwMain.exe
100 - 安全 - Process: RavMon.exe [瑞星杀毒软件防火墙。] - C:\PROGRAM FILES\RISING\RAV\RavMon.exe -SYSTEM
100 - 安全 - Process: RTHDCPL.EXE [瑞昱出品的声卡相关程序。] - C:\WINDOWS\RTHDCPL.EXE
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360tray.exe
100 - 安全 - Process: safeboxTray.exe [360安全卫士保险箱相关程序。] - C:\Program Files\360Safebox\safeboxTray.exe
100 - 安全 - Process: RavTask.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavTask.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: RsAgent.exe [瑞星助手是瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\RsAgent.exe
100 - 安全 - Process: agentsvr.exe [是一个ActiveX插件,用于多媒体程序。] - C:\WINDOWS\msagent\AgentSvr.exe -Embedding
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe
100 - 安全 - Process: Rav.exe [瑞星杀毒软件。] - C:\PROGRAM FILES\RISING\RAV\Rav.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块。] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder5\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder5\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [RTHDCPL] [realtek声卡特性设置软件相关程序。] RTHDCPL.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [360Safebox] [360安全卫士保险箱相关程序。] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [RfwMain] [瑞星防火墙程序,抵御黑客攻击。] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder5\Program\GetUrl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder5\Program\GetAllUrl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)
O23 - 安全 - Service: P4P Service [搜狐的搜狗下载加速工具。] - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe - (running)
O23 - 安全 - Service: RfwProxySrv [瑞星防火墙相关程序。] - c:\program files\rising\rfw\rfwproxy.exe - (running)
O23 - 安全 - Service: RfwService [是瑞星个人防火墙相关程序。] - c:\program files\rising\rfw\rfwsrv.exe - (running)
O23 - 安全 - Service: RsCCenter [是瑞星杀毒软件控制台相关程序。] - "C:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 安全 - Service: RsRavMon [是瑞星杀毒软件相关监控程序。] - "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (not running)

=======================================

O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - SEApproved: {A70C977A-BF00-412C-90B7-034C51DA2439} - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Corporation - NVIDIA Display Properties Extension - 6.14.11.6939 - 8523776 -
O31 - 未知 - SEApproved: {FFB699E0-306A-11d3-8BD1-00104B6F7516} - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Corporation - NVIDIA Display Properties Extension - 6.14.11.6939 - 8523776 -
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11148 - 466944 - 725a2550b394495853aa587dd34306bd
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11148 - 466944 - 725a2550b394495853aa587dd34306bd
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11148 - 466944 - 725a2550b394495853aa587dd34306bd
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - BootExecute:  bsmain -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -

=======================================

O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder5\Components\ResWorker\DsBho_00.dll - DsBho - 06a9d9c629e947663d96b7ad47ec241d
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder5\Components\ResWorker\DataProcessor_00.dll - DataProcessor - c47e00ede7b805ed0cbbb0f723afabac
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Display Properties Extension -
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\NVRSZHC.DLL - NVIDIA Simplified Chinese language resource library - ec0828c266f1673f1b5a1fe9589854c2
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\nvapi.dll - NVIDIA NVAPI Library, Version 169.39  - dad0ba8c4e3953feb7f8ed1c77682377
O40 - Explorer.EXE -  - C:\WINDOWS\system32\nvshell.dll -  - 725a2550b394495853aa587dd34306bd

=======================================

O41 - AFAMgt - Dell Management Driver - C:\WINDOWS\system32\drivers\afamgt.sys - (running) - Dell Management Driver - Adaptec, Inc. - f08fa97a7eaea09390e743b3fe3468ab
O41 - SiRemFil - Filter driver for Silicon Image SATALink controllers. - C:\WINDOWS\system32\drivers\SiRemFil.sys - (running) - Filter driver for Silicon Image SATALink controllers. - Silicon Image, Inc. - 41a59f484188be629087ba391ff60d74
O41 - aaatimeo - SRB Timout Control Driver - C:\WINDOWS\system32\drivers\aaatimeo.sys - (not running) - SRB Timout Control Driver - Microsoft Corporation - 700eedfd930871e73999e86e86b6e2e4
O41 - ahcix86 - ATI Technology AHCI Compatible Controller Driver for Windows family - C:\WINDOWS\system32\drivers\ahcix86.sys - (not running) - ATI Technology AHCI Compatible Controller Driver for Windows family - ATI Technologies Inc. - f1b9e3a223ca684d98bb91fd82157601
O41 - amdbusdr - AMD IDE Bus Driver - C:\WINDOWS\system32\drivers\AmdBusDr.sys - (not running) - AMD IDE Bus Driver - AMD - eb7fa9d456b37c80e87f2957bb0ba066
O41 - amdeide - AMD IDE Miniport Driver - C:\WINDOWS\system32\drivers\AmdEide.sys - (not running) - AMD IDE Miniport Driver - AMD - 3733b54ceadaddde88f0c30413ea9207
O41 - ASH1205 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\ASH1205.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 83409d0f9c886db038dcc4d377955c6a
O41 - ata1200a - ATA1200A Miniport Driver - C:\WINDOWS\system32\drivers\ata1200a.sys - (not running) - ATA1200A Miniport Driver - Adaptec, Inc. - 0193b0f844d08563d4c546798a4a6071
O41 - atiide - ATI PCI BUS MASTER IDE Controller Driver - C:\WINDOWS\system32\drivers\atiide.sys - (not running) - ATI PCI BUS MASTER IDE Controller Driver - ATI Technologies Inc. - 15fc040d4e946ba968ba83d49d8ad151
O41 - bb-run - Promise Disk Accelerator - C:\WINDOWS\system32\drivers\bb-run.sys - (not running) - Promise Disk Accelerator - Promise Technology, Inc. - 7270d070173b20ac9487ea16bb08b45f
O41 - cercsr6 - DELL CERC SATA1.5/6ch Miniport Driver - C:\WINDOWS\system32\drivers\cercsr6.sys - (not running) - DELL CERC SATA1.5/6ch Miniport Driver - Adaptec, Inc. - b4dda22fcba9af3eb5f6b58a671a447d
O41 - Cpq32fs2 - Hewlett-Packard 32-Bit SCSI-2 Controllers SCSI Miniport Driver - pnp - C:\WINDOWS\system32\drivers\CPQ32FS2.SYS - (not running) - Hewlett-Packard 32-Bit SCSI-2 Controllers SCSI Miniport Driver - pnp - Hewlett-Packard Company - e6c48d714d083d5bd078aa12b826a2c9
O41 - dontgo - Promise Removable Disk Control - C:\WINDOWS\system32\drivers\dontgo.sys - (not running) - Promise Removable Disk Control - Promise Technology, Inc. - ee1cf616037552f4e75fd6592d0677b6
O41 - fttxr52P - Promise FastTRAK TX4200/TX4300 Driver for Windows family - C:\WINDOWS\system32\drivers\fttxr52P.sys - (not running) - Promise FastTRAK TX4200/TX4300 Driver for Windows family - Promise Technology, Inc. - 449e63b8cf7935df63fc4576ee0f1fc8
O41 - HpCISSm2 - Smart Array SAS/SATA Controller Scsiport Driver - C:\WINDOWS\system32\drivers\hpcissm2.sys - (not running) - Smart Array SAS/SATA Controller Scsiport Driver - Hewlett-Packard Company - f574e2f0da565eb7953426bd08c77642
O41 - hptmv6 - hptmv6 Miniport Driver - C:\WINDOWS\system32\drivers\hptmv6.sys - (not running) - hptmv6 Miniport Driver - HighPoint Technologies, Inc. - ca91cb60e08f18f4d678b74040f7c58e
O41 - iaStor55 - Intel Matrix Storage Manager driver - C:\WINDOWS\system32\drivers\iaStor55.sys - (not running) - Intel Matrix Storage Manager driver - Intel Corporation - 309c4d86d989fb1fcf64bd30dc81c51b
O41 - mv61xx - Marvell Thor and Odin Windows Driver - C:\WINDOWS\system32\drivers\mv61xx.sys - (not running) - Marvell Thor and Odin Windows Driver - Marvell Semiconductor, Inc. - a1b3c2fbad3cf585c64065a3c64bea46
O41 - mvSata - MV88SX50XX/MV88SX60X1 WINDOWS 2000/XP/2003 driver - C:\WINDOWS\system32\drivers\mvsata.sys - (not running) - MV88SX50XX/MV88SX60X1 WINDOWS 2000/XP/2003 driver - Marvell Semiconductors Inc. - 2c9ac0974bbc1bef1c9c24a3f1917a8e
O41 - nvgts - NVIDIA? nForce(TM) Sata Performance Driver - C:\WINDOWS\system32\drivers\nvgts.sys - (not running) - NVIDIA? nForce(TM) Sata Performance Driver - NVIDIA Corporation - f0bf71e77bb6d96d0a34537d151b78d1
O41 - nvrd32 - NVIDIA? nForce(TM) RAID Driver - C:\WINDOWS\system32\drivers\nvrd32.sys - (not running) - NVIDIA? nForce(TM) RAID Driver - NVIDIA Corporation - b42efd48258527426231b584a9b23b86
O41 - ql2100 - Miniport Driver for QLA2100 Adapter - C:\WINDOWS\system32\drivers\ql2100.sys - (not running) - Miniport Driver for QLA2100 Adapter - QLogic Corporation - f45653edd1fad90b2e3d97d5978f8b09
O41 - ql2200 - Miniport Driver for QLA2200 Adapter - C:\WINDOWS\system32\drivers\ql2200.sys - (not running) - Miniport Driver for QLA2200 Adapter - QLogic Corporation - dae89cadc5ad026f5f0b15baf2a5837b
O41 - rr172x - rr172x Miniport Driver - C:\WINDOWS\system32\drivers\rr172x.sys - (not running) - rr172x Miniport Driver - HighPoint Technologies, Inc. - a203f18d51cebdf181f6259c6bed5842
O41 - rr174x - rr174x Miniport Driver - C:\WINDOWS\system32\drivers\rr174x.sys - (not running) - rr174x Miniport Driver - HighPoint Technologies, Inc. - 3744bfaf89093d47f64e47a94073fe1b
O41 - rr2340 - RR2340 Miniport Driver - C:\WINDOWS\system32\drivers\rr2340.sys - (not running) - RR2340 Miniport Driver - HighPoint Technologies, Inc. - 4d53eca8b80101685be689031672b0b9
O41 - sisraidx - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\sisraidx.sys - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems Corp. - 5ddfc6750d2d65a3d43aa7021c4efc28
O41 - ViBus - VIA SATA IDE Driver - C:\WINDOWS\system32\drivers\ViBus.sys - (not running) - VIA SATA IDE Driver - VIA Technologies, Inc. - fd85c55b66797542a8c8a7348ed0675a
O41 - videX32 - VIA Generic PCI IDE Bus Driver - C:\WINDOWS\system32\drivers\videX32.sys - (not running) - VIA Generic PCI IDE Bus Driver - VIA Technologies, Inc. - f95c0fcfbcbda6d8f202d2df4052f88d
O41 - ViPrt - VIA SATA IDE Driver - C:\WINDOWS\system32\drivers\ViPrt.sys - (not running) - VIA SATA IDE Driver - VIA Technologies, Inc. - 7c69b1b6dec5f8584aa352e522af1476
O41 - xfilt - ATA/ATAPI devices hot-plug monitor - C:\WINDOWS\system32\drivers\xfilt.sys - (not running) - ATA/ATAPI devices hot-plug monitor - VIA Technologies,Inc - bec604cdc548a528ebd3d7aa1dd46a89

=======================================
360Safe.exe=4.2.0.1010
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.2.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1027

=======================================
操作历史报告:

=======================================

360安全卫士,彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载:[url]http://www.360.cn/download.html[/url]
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

明白了
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

明白了
自己看到和聽到的..吔吥一定會是眞的...*(@_@)*
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

知道了
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

是安全软件提示可疑才能上报吗?我电脑总发现些莫明奇妙的文件。我是菜鸟,不能分辨文件的好坏。
人来到世上,要学习的东西很多,永远都要学习.
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

来学习了
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

学些贴,做个记号
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

明白了
gototop
 

回复:将可疑文件上报给瑞星官方分析的途径

呵呵  知道了  还可以这样啊
gototop
 
12345   2  /  5  页   跳转
页面顶部
Powered by Discuz!NT