1   1  /  1  页   跳转

请问~~

收藏
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-07 21:28 | 显示全部 短消息 资料
字号: 1楼

请问~~

这是不是病毒??一直跳出来~

附件附件:

下载次数:236
文件类型:image/pjpeg
文件大小:
上传时间:2006-1-7 21:28:49
描述:



最后编辑2006-01-09 14:24:30
分享到:
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 12:28 | 显示全部 短消息 资料
字号: 2楼

这可不可以关掉啊~~
以前都没有~
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 12:56 | 显示全部 短消息 资料
字号: 3楼

就是嘛,我都没有发邮件~~是不是病毒?
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 13:36 | 显示全部 短消息 资料
字号: 4楼

保存那一个啊??
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 13:48 | 显示全部 短消息 资料
字号: 5楼

ProcessPIDCPUDescriptionCompany Name
System Idle Process090.71
Interruptsn/a0.71Hardware Interrupts
DPCsn/a0.71Deferred Procedure Calls
System4
  smss.exe600
  csrss.exe660
  winlogon.exe684
    SERVICES.EXE736
    SVCHOST.EXE904
      TIMPlatform.exe3184
      IEXPLORE.EXE3064
    SVCHOST.EXE980
    CCenter.exe1076
    SVCHOST.EXE1092
    SVCHOST.EXE1172
    SVCHOST.EXE1256
    RavMonD.exe1268
      RavStub.exe2020
    spoolsv.exe1632
    SMAgent.exe1832
    wdfmgr.exe1868
    uphclean.exe1912
    alg.exe1060
    SVCHOST.EXE1924
    LSASS.EXE748
Explorer.EXE15840.71
Rundll32.exe1420
realsched.exe1160
SMax4PNP.exe1336
SMax4.exe1564
RavTask.exe2192
  RavMon.exe2276
sfx.exe2284
YLive.exe2300
yassistse.exe2408
daemon.exe2452
CTFMON.EXE2472
QQ.exe2684
  QQPet.exe2708
QQ.exe3640.71
  QQPet.exe2800
QQ.exe3320
  QQPet.exe31360.71
BitSpirit.exe3316
Rav.exe7976
  TTraveler.exe60120.71
IEXPLORE.EXE1812
procexp.exe86645.00

Process: RavMonD.exe Pid: 1268
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 13:48 | 显示全部 短消息 资料
字号: 6楼

TypeName
Desktop\Default
Directory\Windows
Directory\BaseNamedObjects
Directory\KnownDlls
Event\BaseNamedObjects\RSWRITEEVT-2006-PROID10a00006
Event\BaseNamedObjects\Dispinfo
Event\BaseNamedObjects\Protect
Event\BaseNamedObjects\WaitProc
Event\BaseNamedObjects\YOOKP99
Event\BaseNamedObjects\YOOKP99
Event\BaseNamedObjects\RSWRITEEVT-2006-PROID10b00006
Event\BaseNamedObjects\Rising+RAVMOND.EXE+0
File\Device\HOOKREG
File\Device\ExploitScaner
File\Device\Tcp
File\Device\Tcp
File\Device\Ip
File\Device\Ip
File\Device\Ip
FileC:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\HOOKCONT
File\Device\MEMSCAN
File\Device\Afd\AsyncConnectHlp
File\Device\Tcp
FileC:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File\Device\KsecDD
File\Device\Tcp
File\Device\Tcp
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\NamedPipe\net\NtControlPipe8
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\Afd\Endpoint
File\Device\Afd\Endpoint
File\Device\Tcp
File\Device\Tcp
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\Tcp
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\Afd\Endpoint
File\Device\Tcp
File\Device\Tcp
File\Device\Afd\Endpoint
File\Device\Tcp
File\Device\Afd\Endpoint
FileC:\WINDOWS\system32\
File\Device\Afd\Endpoint
File\Device\Tcp
File\Device\hooksys
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 13:49 | 显示全部 短消息 资料
字号: 7楼

KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
KeyHKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
KeyHKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
KeyHKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
KeyHKU\.DEFAULT
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Nls\CodePage
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Services\ContentFilter\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\ContentIndex\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\ISAPISearch\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\PerfDisk\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\PerfNet\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\PerfOS\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\PerfProc\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\PSched\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\RemoteAccess\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\RSVP\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\Spooler\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\TapiSrv\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\Tcpip\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\TermService\Performance
KeyHKLM\SYSTEM\ControlSet001\Services\WmiApRpl\Performance
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Nls\Locale
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
KeyHKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKCR
KeyHKLM\SYSTEM\ControlSet001\Control\Session Manager
KeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
KeyedEvent\KernelObjects\CritSecOutOfMemoryEvent
Mutant\BaseNamedObjects\RSDBMUTEX-2006-PROID10a00006
Mutant\BaseNamedObjects\ShimCacheMutex
Mutant\BaseNamedObjects\RSDBSYLIBMUTEX
Mutant\BaseNamedObjects\DBWinMutex
Mutant\BaseNamedObjects\RSDBMUTEX-2006-PROID10b00006
Mutant\BaseNamedObjects\RSSTORE-AD436956-5F56-4ce8-A0E4-CD6086DD9646
Mutant\BaseNamedObjects\ContentFilter_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\ContentIndex_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\ISAPISearch_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\PerfDisk_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\PerfNet_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\PerfOS_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\PerfProc_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\PSched_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\RemoteAccess_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\RSVP_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\Spooler_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\TapiSrv_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\Tcpip_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\TermService_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\WmiApRpl_Perf_Library_Lock_PID_4f4
Mutant\BaseNamedObjects\{CB508F94-4FFA-4fa7-A4BC-CFC2A25A564A-2005}
Mutant\BaseNamedObjects\CfgDll.dll_MUTEX_WRITE_MEM_Rav_Formal06
Mutant\BaseNamedObjects\Load_Shared_Memory
Mutant\BaseNamedObjects\RSFMAF
Mutant\BaseNamedObjects\RSDBSYLIBMUTEX
gototop
 
guohui1111
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2005-12-19
  • 来自:
发表于: 2006-01-09 13:49 | 显示全部 短消息 资料
字号: 8楼

Port\RPC Control\{5BFA7CA4-EF46-4024-B66C-16384922D8CB}-WEBMON
Port\RPC Control\OLED8A973B7AD0D43F3BC89A328DAB2
Port\RPC Control\B3643ACF-FEC6-4f99-8F80-341BAEA5E14E
Section\BaseNamedObjects\RSTABLE-2006-000c-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\ShimSharedMemory
Section\BaseNamedObjects\RSTABLE-2006-002b-00000000-00000000-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0016-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0017-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0116-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0020-00000001-00000000-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0117-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0120-00000001-00000000-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-001f-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0009-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0002-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0109-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2002-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0102-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0000-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2102-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2000-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0100-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2100-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSDBMAN-2006-PROID10b00006
Section\BaseNamedObjects\RSTABLE-2006-001f-0c000000-12090100-PROID10b00006
Section\BaseNamedObjects\RSTABLE-2006-0001-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2001-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0101-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-2101-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\Perflib_Perfdata_4f4
Section\BaseNamedObjects\RSTABLE-2006-000d-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-010d-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-000b-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-010b-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-000a-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-010a-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-010c-0d000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0015-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0110-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0010-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0105-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0005-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSTABLE-2006-0115-0c000000-12090100-PROID10a00006
Section\BaseNamedObjects\RSREGISTRYRav_Formal06
Section\BaseNamedObjects\RSDBMAN-2006-PROID10a00006
Semaphore\BaseNamedObjects\{248073D0-E0D4-4d32-8D15-36086D4BF43D}-0
Semaphore\BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
ThreadRavMonD.exe(1268): 1788
ThreadRavMonD.exe(1268): 1908
ThreadRavMonD.exe(1268): 1996
ThreadRavMonD.exe(1268): 2000
ThreadRavMonD.exe(1268): 2004
ThreadRavMonD.exe(1268): 2008
ThreadRavMonD.exe(1268): 2012
ThreadRavMonD.exe(1268): 2016
ThreadRavMonD.exe(1268): 2040
ThreadRavMonD.exe(1268): 2036
ThreadRavMonD.exe(1268): 2028
ThreadRavMonD.exe(1268): 2008
ThreadRavMonD.exe(1268): 2032
ThreadRavMonD.exe(1268): 1524
ThreadRavMonD.exe(1268): 180
ThreadRavMonD.exe(1268): 220
ThreadRavMonD.exe(1268): 224
ThreadRavMonD.exe(1268): 224
ThreadRavMonD.exe(1268): 2008
ThreadRavMonD.exe(1268): 2000
ThreadRavMonD.exe(1268): 2004
ThreadRavMonD.exe(1268): 1504
ThreadRavMonD.exe(1268): 696
ThreadRavMonD.exe(1268): 240
ThreadRavMonD.exe(1268): 2000
ThreadRavMonD.exe(1268): 2040
ThreadRavMonD.exe(1268): 936
ThreadRavMonD.exe(1268): 936
ThreadRavMonD.exe(1268): 1064
ThreadRavMonD.exe(1268): 3192
ThreadRavMonD.exe(1268): 1272
ThreadRavMonD.exe(1268): 2012
ThreadRavMonD.exe(1268): 3744
ThreadRavMonD.exe(1268): 1292
ThreadRavMonD.exe(1268): 1292
ThreadRavMonD.exe(1268): 1504
ThreadRavMonD.exe(1268): 1508
ThreadRavMonD.exe(1268): 1512
ThreadRavMonD.exe(1268): 1512
ThreadRavMonD.exe(1268): 8680
ThreadRavMonD.exe(1268): 1672
TokenNT AUTHORITY\SYSTEM
WindowStation\Windows\WindowStations\Service-0x0-3e7$
WindowStation\Windows\WindowStations\Service-0x0-3e7$
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT