请各位帮帮忙看看是不是中病毒了 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛请各位帮帮忙看看是不是中病毒了

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1

1 / 1 页

跳转页

请各位帮帮忙看看是不是中病毒了

jjc93661466 初生襁褓狮帖子:3 注册: 2006-03-30 来自:	发表于： 2006-04-03 09:35 \| 只看楼主短消息资料字号：小中大 1楼请各位帮帮忙看看是不是中病毒了未知家族病毒分析扫描结果: C:\WINNT\system32\00svohost.exe --> 与 Backdoor.Gpigeon.Key 42%相似. 系统活动进程 C:\WINNT\SYSTEM32\SMSS.EXE C:\WINNT\SYSTEM32\CSRSS.EXE C:\WINNT\SYSTEM32\WINLOGON.EXE C:\WINNT\SYSTEM32\SERVICES.EXE C:\WINNT\SYSTEM32\LSASS.EXE C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE C:\WINNT\SYSTEM32\SVCHOST.EXE C:\WINNT\SYSTEM32\SPOOLSV.EXE C:\WINNT\REGEDIT.EXE C:\WINNT\SYSTEM32\SVCHOST.EXE D:\ORACLE\ORA92\BIN\OMTSRECO.EXE C:\WINNT\SYSTEM32\00SVOHOST.EXE C:\WINNT\SYSTEM32\REGSVC.EXE C:\WINNT\SYSTEM32\MSTASK.EXE C:\WINNT\SYSTEM32\SNMP.EXE C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE C:\WINNT\SYSTEM32\ATIPTAXX.EXE C:\WINNT\SYSTEM32\SVCHOST.EXE C:\WINNT\EXPLORER.EXE C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\INTERNAT.EXE F:\DOWNLOADS\RSDETECT.EXE 普通自启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = MOBSYNC.EXE /LOGON AtiPTA = ATIPTAXX.EXE RavTask = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM HisenseUpdater = C:\PROGRA~1\HISENSE\MIS40\UPDATER.EXE Cmaudio = RUNDLL32 CMICNFG.CPL,CMICTRLWND RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP mscfs = RUNDLL32 C:\WINNT\SYSTEM32\MSIBM\CFSYS.DLL,CFS HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internat.exe = INTERNAT.EXE 系统文件关联 .exe ==> exefile = "%1" %* .com ==> comfile = "%1" %* .cmd ==> cmdfile = "%1" %* .bat ==> batfile = "%1" %* .txt ==> txtfile = Notepad.exe %1 .scr ==> scrfile = "%1" /S "%3" .reg ==> regfile = regedit.exe "%1" .doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n 其它启动项 WIN.INI 无信息 SYSTEM.INI SHELL = Explorer.exe Winlogon 启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify crypt32chain = CRYPT32.DLL cryptnet = CRYPTNET.DLL cscdll = CSCDLL.DLL sclgntfy = SCLGNTFY.DLL SensLogn = WLNOTIFY.DLL wzcnotif = WZCDLG.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = C:\WINNT\SYSTEM32\USERINIT.EXE,C:\WINNT\SYSTEM32\00SVOHOST.EXE, shell = EXPLORER.EXE IE - BHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects {16A770A0-0E87-4278-B748-2460D64A8386} = C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006330_8888.dll {54EBD53A-9BC1-480B-966A-843A333CA162} = C:\Program Files\Tencent\QQ\QQIEHelper.dll {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} = C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} = C:\WINNT\system32\msibm\cfsbho.dll {A5366673-E8CA-11D3-9CD9-0090271D075B} = C:\PROGRA~1\FLASHGET\jccatch.dll {F5824EFB-728A-4726-A5A5-85A68B20EDC3} = C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll Winsock SPI MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{78BD03A1-57A3-4089-91C8-E3C4371B5799}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{78BD03A1-57A3-4089-91C8-E3C4371B5799}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E3115D26-D445-4284-AF9C-FE5A028760BB}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{E3115D26-D445-4284-AF9C-FE5A028760BB}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E674BF9-AC1D-4421-A389-7ED5569A6AC5}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E674BF9-AC1D-4421-A389-7ED5569A6AC5}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL 系统服务项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Alerter = C:\WINNT\SYSTEM32\SERVICES.EXE AppMgmt = C:\WINNT\SYSTEM32\SERVICES.EXE Ati HotKey Poller = C:\WINNT\SYSTEM32\ATI2EVXX.EXE BITS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP Browser = C:\WINNT\SYSTEM32\SERVICES.EXE cisvc = C:\WINNT\SYSTEM32\CISVC.EXE ClipSrv = C:\WINNT\SYSTEM32\CLIPSRV.EXE Dhcp = C:\WINNT\SYSTEM32\SERVICES.EXE dmadmin = C:\WINNT\SYSTEM32\DMADMIN.EXE /COM dmserver = C:\WINNT\SYSTEM32\SERVICES.EXE Dnscache = C:\WINNT\SYSTEM32\SERVICES.EXE Eventlog = C:\WINNT\SYSTEM32\SERVICES.EXE EventSystem = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS Fax = C:\WINNT\SYSTEM32\FAXSVC.EXE lanmanserver = C:\WINNT\SYSTEM32\SERVICES.EXE lanmanworkstation = C:\WINNT\SYSTEM32\SERVICES.EXE LmHosts = C:\WINNT\SYSTEM32\SERVICES.EXE Messenger = C:\WINNT\SYSTEM32\SERVICES.EXE mnmsrvc = C:\WINNT\SYSTEM32\MNMSRVC.EXE MSDTC = C:\WINNT\SYSTEM32\MSDTC.EXE MSIServer = C:\WINNT\SYSTEM32\MSIEXEC.EXE /V NetDDE = C:\WINNT\SYSTEM32\NETDDE.EXE NetDDEdsdm = C:\WINNT\SYSTEM32\NETDDE.EXE Netlogon = C:\WINNT\SYSTEM32\LSASS.EXE Netman = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS NtLmSsp = C:\WINNT\SYSTEM32\LSASS.EXE NtmsSvc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS OracleMTSRecoveryService = D:\ORACLE\ORA92\BIN\OMTSRECO.EXE "ORACLEMTSRECOVERYSERVICE" OracleOraHome92ClientCache = D:\ORACLE\ORA92\BIN\ONRSD.EXE PlugPlay = C:\WINNT\SYSTEM32\SERVICES.EXE PolicyAgent = C:\WINNT\SYSTEM32\LSASS.EXE ProtectedStorage = C:\WINNT\SYSTEM32\SERVICES.EXE RasAuto = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS RasMan = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS RemoteAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS RemoteRegistry = C:\WINNT\SYSTEM32\REGSVC.EXE RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE RpcLocator = C:\WINNT\SYSTEM32\LOCATOR.EXE RpcSs = C:\WINNT\SYSTEM32\SVCHOST -K RPCSS RsCCenter = "D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE" RsRavMon = "D:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE" RSVP = C:\WINNT\SYSTEM32\RSVP.EXE -S SamSs = C:\WINNT\SYSTEM32\LSASS.EXE SCardDrv = C:\WINNT\SYSTEM32\SCARDSVR.EXE SCardSvr = C:\WINNT\SYSTEM32\SCARDSVR.EXE Schedule = C:\WINNT\SYSTEM32\MSTASK.EXE seclogon = C:\WINNT\SYSTEM32\SERVICES.EXE SENS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS SharedAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS SNMP = C:\WINNT\SYSTEM32\SNMP.EXE SNMPTRAP = C:\WINNT\SYSTEM32\SNMPTRAP.EXE Spooler = C:\WINNT\SYSTEM32\SPOOLSV.EXE SysmonLog = C:\WINNT\SYSTEM32\SMLOGSVC.EXE TapiSrv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS TlntSvr = C:\WINNT\SYSTEM32\TLNTSVR.EXE TrkWks = C:\WINNT\SYSTEM32\SERVICES.EXE UPS = C:\WINNT\SYSTEM32\UPS.EXE UtilMan = C:\WINNT\SYSTEM32\UTILMAN.EXE W32Time = C:\WINNT\SYSTEM32\SERVICES.EXE WinMgmt = C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE WmdmPmSN = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS Wmi = C:\WINNT\SYSTEM32\SERVICES.EXE wuauserv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP WZCSVC = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS 2006-04-03 09:35:05
jjc93661466 初生襁褓狮帖子:3 注册: 2006-03-30 来自:	分享到：

<<上一主题|下一主题>>

1

1 / 1 页

跳转页

页面顶部

Powered by Discuz!NT