«345678910»   7  /  13  页   跳转

[日志分析 1 ]讲义

收藏
本主题由 大版主 networkedition 于 2012-2-24 10:48:44 执行 移动主题 操作
xyz002
头像
飘泊而立狮
  • 帖子:741
  • 注册: 2009-07-02
  • 来自:
发表于: 2009-07-07 20:30 | 短消息 资料
字号: 61楼

回复: 2009年7月7日[日志分析 1 ]讲义



引用:
原帖由 clnfhd 于 2009-7-7 20:22:00 发表
看了课件有很多疑问,请老师解答,太感谢了~!

启动项课件中写的,“黄框标出来的都是病毒文件”,判断原因是没有公司信息吗?还是别的原因?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]


基本我的问题都包含在他这里面了(55楼)
最后编辑xyz002 最后编辑于 2009-07-07 20:31:04
gototop
 
_逸枫_
头像
拙长孩提狮
  • 帖子:133
  • 注册: 2009-06-14
  • 来自:兰州军区
发表于: 2009-07-07 20:30 | 短消息 资料
字号: 62楼

回复: 2009年7月7日[日志分析 1 ]讲义



引用:
原帖由 wy13008218 于 2009-7-7 20:26:00 发表


引用:
原帖由 言兮 于 2009-7-7 20:22:00 发表
搞不懂。老师那[N/A]和PID是什么含义呀? 

一个没有,一个,具体什么用不知道,老师说,具体的病毒表现老师能给一个么?


  N/A:Not Available 不可用  具体讲有没有、不可获得之类的意思 根据实际情况自己理解吧
  PID我不会解释,太概念化了 嘿嘿
gototop
 
se7ensun
头像
自信弱冠狮
  • 帖子:519
  • 注册: 2008-11-02
  • 来自:上海
发表于: 2009-07-07 20:30 | 短消息 资料
字号: 63楼

回复: 2009年7月7日[日志分析 1 ]讲义



引用:
原帖由 a123b_lin 于 2009-7-7 20:13:00 发表
正在运行的进程
[C:\WINDOWS\system32\guard32.dll]  [N/A, ]

我的进程里多是这个,guard32.dll是什么啊?


这个明显是comodo的~呵呵~~~~~~
gototop
 
se7ensun
头像
自信弱冠狮
  • 帖子:519
  • 注册: 2008-11-02
  • 来自:上海
发表于: 2009-07-07 20:31 | 短消息 资料
字号: 64楼

回复: 2009年7月7日[日志分析 1 ]讲义



引用:
原帖由 xyz002 于 2009-7-7 20:30:00 发表
[quote] 原帖由 clnfhd 于 2009-7-7 20:22:00 发表
看了课件有很多疑问,请老师解答,太感谢了~!

启动项课件中写的,“黄框标出来的都是病毒文件”,判断原因是没有公司信息吗?还是别的原因?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Compo


公司信息还要看签名的吧~
gototop
 
bluesonata
头像
初生襁褓狮
  • 帖子:70
  • 注册: 2009-06-18
  • 来自:
发表于: 2009-07-07 20:34 | 短消息 资料
字号: 65楼

回复:2009年7月7日[日志分析 1 ]讲义

host文件被修改了就打不开有些网页了,如果在日志里发现了问题,怎么把它改回来呢?

这个问题差不多可以总结一下,就是在日志里发现可疑文件了怎么去修改?


===================以下内容为lqqk7回复==================
可以找到hosts文件,直接用记事本打开,编辑里面的内容之后保存即可。另外也可以用sreng将hosts重置为初始状态(见图)


sreng修复系统的操作方法可以参考14楼的那两个帖子
最后编辑lqqk7 最后编辑于 2009-07-07 21:31:59
gototop
 
言兮
头像
飘泊而立狮
  • 帖子:839
  • 注册: 2009-06-17
  • 来自:
发表于: 2009-07-07 20:37 | 短消息 资料
字号: 66楼

回复:2009年7月7日[日志分析 1 ]讲义

正在运行的进程太多了,各位老大帮忙分析下看有问题没有,另外谁有好的工具清理垃圾进程的,传到群共享里个,我到时候下下来用用。

正在运行的进程
[PID: 828][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 900][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 924][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 968][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 980][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1168][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1416][C:\Program Files\Rising\Ris\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\Program Files\Rising\Ris\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1424][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1468][C:\Program Files\Rising\Ris\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Ris\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [C:\Program Files\Rising\Ris\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1504][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1632][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1952][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UNISPIM6.IME]  [北京紫光华宇软件股份有限公司, 6.2.0.7]
[PID: 1988][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 160][C:\Program Files\Rising\Ris\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Ris\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [C:\Program Files\Rising\Ris\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [C:\Program Files\Rising\Ris\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.4]
    [C:\Program Files\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [C:\Program Files\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\Ris\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 12]
    [C:\Program Files\Rising\Ris\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[PID: 204][C:\WINDOWS\ZSSnp211.exe]  [ZSMCSNAP, 3, 6, 818, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\ZS211Prp.Ax]  [ZSMC, 3, 6, 703, 15]
[PID: 424][C:\Program Files\Rising\Ris\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Ris\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 448][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 604][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[PID: 620][C:\Program Files\Rising\Ris\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Ris\ScanSimT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [C:\Program Files\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\Program Files\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [C:\Program Files\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.27]
    [C:\Program Files\Rising\Ris\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 47]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Ris\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 628][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1884][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1576][D:\Program Files\QQ2009\Bin\QQ.exe]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\Common.dll]  [Tencent, 1, 30, 860, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Program Files\QQ2009\Bin\KernelUtil.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\HookQQ.dll]  [N/A, ]
    [D:\Program Files\QQ2009\Bin\GF.dll]  [Tencent, 1, 30, 860, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [D:\Program Files\QQ2009\Bin\AppUtil.dll]  [Tencent, 1, 30, 860, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\QQ2009\Bin\LoadPatch.dll]  [N/A, ]
    [D:\Program Files\QQ2009\Bin\TheTools.dll]  [N/A, ]
    [d:\Program Files\QQ2009\bin\HKDlls\KillQQAd.dll]  [N/A, ]
    [D:\Program Files\QQ2009\Bin\MainFrame.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\TaskTray.dll]  [Tencent, 1, 30, 860, 0]
    [d:\Program Files\QQ2009\bin\txpfproxy.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll]  [Tencent, 1.26.1.26]
    [D:\Program Files\QQ2009\Bin\IM.dll]  [Tencent, 1, 30, 860, 0]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll]  [Tencent, 1.1.1.9]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL]  [Tencent, 1.1.1.3]
    [D:\Program Files\QQ2009\Bin\BasicCtrlDll.dll]  [TENCENT, 8,0,773,1801]
    [D:\Program Files\QQ2009\Bin\SkinMgr.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\AppCtrl.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\KernelMisc.dll]  [Tencent, 1, 30, 860, 0]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\QQ2009\Bin\AppMisc.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\QInterLive.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\SystemMsg.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\ChatFrame.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\GroupApp.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.snsapp\Bin\SNSApp.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.soso\Bin\Soso.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.paycenter\Bin\PayCenter.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qbar\Bin\QBar.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.wenwen\Bin\WenWen.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.NetBar\Bin\NetBar.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.paipai\Bin\PaiPai.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.wireless\Bin\Wireless.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.paipaigift\Bin\PaiPaiGift.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqshow\Bin\QQShow.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qzone\Bin\Qzone.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.audiovideo\Bin\AudioVideo.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.weather\Bin\Weather.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.crm\Bin\CRM.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.mmog\Bin\MMOG.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqgame\Bin\QQGame.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqlive\Bin\QQLive.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqmusic\Bin\QQMusic.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqpet\Bin\QQPet.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.taotao\Bin\taotao.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.mail\Bin\Mail.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.memo\Bin\Memo.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.advertisement\Bin\Advertisement.dll]  [Tencent, 1, 30, 860, 0]
寻找一个梦想存放年轻时的心,每一个回忆都是走过的成绩!
gototop
 
言兮
头像
飘泊而立狮
  • 帖子:839
  • 注册: 2009-06-17
  • 来自:
发表于: 2009-07-07 20:37 | 短消息 资料
字号: 67楼

回复:2009年7月7日[日志分析 1 ]讲义

[D:\Program Files\QQ2009\Plugin\com.tencent.qqvip\Bin\QQVip.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.today\Bin\Today.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqring\Bin\QQRing.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\vqqsdl.dll]  [Tencent, 5, 0, 3, 24]
    [D:\Program Files\QQ2009\Bin\InformationBox.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\ContactInfoFrame.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\MsgMgr.dll]  [Tencent, 1, 30, 860, 0]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.75]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\QQ2009\Bin\ConfigCenter.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\LongCnn.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Program Files\QQ2009\Bin\AddrSearch.dll]  [Tencent, 2, 3, 12, 11]
[PID: 708][D:\Program Files\QQ2009\Bin\HKDlls\KQAdTray.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\QQ2009\Bin\HKDlls\IPSearcher.dll]  [N/A, ]
[PID: 3244][d:\Program Files\QQ2009\bin\TXPlatform.exe]  [Tencent, 1, 30, 860, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [d:\Program Files\QQ2009\bin\txpfproxy.dll]  [Tencent, 1, 30, 860, 0]
[PID: 484][C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\Misc\QQExp.exe]  [Tencent, 1, 26, 748, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [d:\Program Files\QQ2009\bin\txpfproxy.dll]  [Tencent, 1, 30, 860, 0]
[PID: 3720][D:\Temp\zgtxqq2009\Bin\QQ.exe]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\Common.dll]  [Tencent, 1, 5, 225, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Temp\zgtxqq2009\Bin\KernelUtil.dll]  [Tencent, 1, 5, 225, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Temp\zgtxqq2009\Bin\GF.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\MainFrame.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\AppUtil.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\TaskTray.dll]  [Tencent, 1, 5, 225, 0]
    [d:\Program Files\QQ2009\bin\txpfproxy.dll]  [Tencent, 1, 30, 860, 0]
    [D:\Temp\zgtxqq2009\Bin\AppMisc.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\ChatFrame.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\IM.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\KernelMisc.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\LongCnn.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\MsgMgr.dll]  [Tencent, 1, 5, 225, 0]
    [D:\Temp\zgtxqq2009\Bin\SystemMsg.dll]  [Tencent, 1, 5, 225, 0]
[PID: 2512][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2488][C:\Program Files\Rising\Ris\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [C:\Program Files\Rising\Ris\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [C:\Program Files\Rising\Ris\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Ris\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.89]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [C:\Program Files\Rising\Ris\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [C:\Program Files\Rising\Ris\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Ris\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Ris\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [C:\Program Files\Rising\Ris\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\Ris\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [C:\Program Files\Rising\Ris\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 47]
    [C:\Program Files\Rising\Ris\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Ris\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\ur023.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[PID: 3220][E:\日志\sr-engldr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3584][E:\日志\SRE5adef2a7.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [E:\日志\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]


===================以下内容为lqqk7回复==================
进程部分没有发现明显异常
最后编辑lqqk7 最后编辑于 2009-07-07 21:35:03
寻找一个梦想存放年轻时的心,每一个回忆都是走过的成绩!
gototop
 
zapline
头像
飘泊而立狮
  • 帖子:582
  • 注册: 2009-06-17
  • 来自:hunan
发表于: 2009-07-07 20:38 | 短消息 资料
字号: 68楼

回复: 2009年7月7日[日志分析 1 ]讲义



引用:
原帖由 言兮 于 2009-7-7 20:37:00 发表
正在运行的进程太多了,各位老大帮忙分析下看有问题没有,另外谁有好的工具清理垃圾进程的,传到群共享里个,我到时候下下来用用。

正在运行的进程
[PID: 828][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 900][\?


没问题
毕竟回忆是远了暗了的暮霭,希望才是近了亮了的晨光!
gototop
 
坤前独后
头像
初生襁褓狮
  • 帖子:66
  • 注册: 2009-06-13
  • 来自:
发表于: 2009-07-07 20:39 | 短消息 资料
字号: 69楼

回复 43F 坤前独后 的帖子

知道了,十分感谢
gototop
 
言兮
头像
飘泊而立狮
  • 帖子:839
  • 注册: 2009-06-17
  • 来自:
发表于: 2009-07-07 20:40 | 短消息 资料
字号: 70楼

回复:2009年7月7日[日志分析 1 ]讲义

如果日志里发现可疑文件怎样解决处理呢?


===================以下内容为lqqk7回复==================
具体问题具体分析了,比如发现一个可疑文件,通常需要将文件删除,之后要将与其相关的注册表项清除掉
如果发现某个正常的系统文件被篡改(即无法通过签名验证),需要将正常的文件替换回来
最后编辑lqqk7 最后编辑于 2009-07-07 21:36:58
寻找一个梦想存放年轻时的心,每一个回忆都是走过的成绩!
gototop
 
<<上一主题|下一主题>>
«345678910»   7  /  13  页   跳转
页面顶部
Powered by Discuz!NT