瑞星卡卡安全论坛
lqqk7 - 2009-7-8 16:12:00
即日起每日会给大家提供一些染毒环境的SREng日志,因为部分实习生是第一次接触SREng这个工具,对日志分析不熟悉,如果冒然跑去反病毒区回帖,一旦出现误判,可能对求助者不利,因此采用这种“内部”交流的方式,希望大家能够多练习,真正分析日志的方法是靠自己实践摸索出来的!注:日志分析练习情况与大家的实习期总成绩没有关联,请大家不要有顾虑,放心大胆的练习!
附件:
您所在的用户组无法下载或查看附件========以下为参考分析结果========异常项见附件(仅保留日志中可疑度较高的项)
注意:1、眼花了么?要学着习惯,这样的日志虽然不多见,但是偶尔一个也不能出现误判;
2、很多富士的软件,应该不是病毒;
3、C:\WINDOWS\gdrv.sys比较可以,驱动不应该出现在C:\WINDOWS目录下,可以通过搜索或询问用户进一步判断是否正常;
附件:
您所在的用户组无法下载或查看附件
精神病院看门的 - 2009-7-8 19:20:00
该用户帖子内容已被屏蔽
skaka7941455 - 2009-7-8 19:38:00
zapline - 2009-7-8 19:40:00
:kaka6: 我感觉没问题
dipahole - 2009-7-8 21:05:00
phoenixeagle - 2009-7-8 23:22:00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
这项应该有问题:kaka3:
初殇 - 2009-7-9 1:22:00
这个有问题么??还请老师明示,没有找到问题唉~
Lighting_Cui - 2009-7-9 2:31:00
原帖由 phoenixeagle 于 2009-7-8 23:22:00 发表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserC......
貌似文件丢失 不算问题吧。。顶多当系统垃圾。。。。当然 丢失的不能是系统文件
daemonz - 2009-7-9 8:33:00
D:\FUJIFILM 这个文件夹下的东西 ,我不清楚它是什么,觉得有点可疑
把这整个文件夹都删掉吧
D:\FUJIFILM\FRONTIER\BIN\EZMAIN.EXE
D:\FUJIFILM\DNACOMMON\BIN\EZTMR.EXE
D:\FUJIFILM\DNACOMMON\BIN\DNAACNETSVR.EXE
D:\FUJIFILM\DNACOMMON\BIN\DNADEVINFOMGR.EXE
D:\FUJIFILM\DNACOMMON\BIN\EZERR.EXE
D:\FUJIFILM\DNACOMMON\BIN\DNAJOBQUEMGR.EXE
D:\FUJIFILM\DNACOMMON\BIN\EZERRWND.EXE
D:\FUJIFILM\DNAAPPS\Q0\BIN\WFINIT.EXE
D:\FUJIFILM\DNAAPPS\Q0\BIN\WFMONITOR.EXE
D:\FUJIFILM\DNAAPPS\Q0\BIN\WFA.EXE
D:\FUJIFILM\FRONTIER\BIN\EZOPE.EXE
D:\FUJIFILM\STGLAYER\PROGRAMS\FDMSTGMGR.EXE
D:\FUJIFILM\FRONTIER\BIN\SHINOPEGUI.EXE
D:\FUJIFILM\FRONTIER\BIN\SHOPSETTINGBAR.EXE
D:\FUJIFILM\STGLAYER\MODULES\DSCFS.EXE
D:\FUJIFILM\STGLAYER\MODULES\DSCFS_FDIACONV.EXE
D:\FUJIFILM\STGLAYER\MODULES\MULTISPOOL.EXE
D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS.EXE
D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS_P0P1.EXE
D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS.EXE
D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS_FDIACONV.EXE
D:\FUJIFILM\STGLAYER\MODULES\PDR8BUFR.EXE
D:\FUJIFILM\STGLAYER\MODULES\PDR8MEMS.EXE
D:\FUJIFILM\STGLAYER\MODULES\PDR8NETSPOOLFR.EXE
D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE.EXE
D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE_LEGACY.EXE
D:\FUJIFILM\STGLAYER\MODULES\SRGBJPEGNETSPOOLFR.EXE
D:\FUJIFILM\STGLAYER\MODULES\SRGBR8NETSPOOLFR.EXE
D:\FUJIFILM\FRONTIER\BIN\IEFSWEEPER.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQ.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQCMD.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQJGN.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE
D:\FUJIFILM\FRONTIER\BIN\EZPRINT.EXE
D:\FUJIFILM\DNAAPPS\P6\AC_IMGCONV.EXE
D:\FUJIFILM\DNAAPPS\P6\AC_CDROUT.EXE
D:\FUJIFILM\FRONTIER\BIN\TERMAC.EXE
D:\FUJIFILM\FRONTIER\BIN\EXECLSEQOBJ.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE
D:\FUJIFILM\STGLAYER\PROGRAMS\SOFTENGINEPROC.EXE
D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE
merrk_chuan - 2009-7-10 12:02:00
这个日志没发现问题啊:kaka5:
基牛 - 2009-7-10 13:15:00
总感觉他的这个富士驱动 很可疑。:kaka3: 要是我的话 必删!
基牛 - 2009-7-10 13:15:00
??? 我的个性签名不见了:kaka3: :kaka3:
学飞的龙 - 2009-7-10 15:16:00
原帖由 phoenixeagle 于 2009-7-8 23:22:00 发表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserC......
这个没问题,老师说过,这几个都是正常信息,看到后无需判断
1.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
2.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
3.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
5.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
6.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
7.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
8.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
9.<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
10.<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
11.<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
Dongi_Wu - 2009-7-10 15:45:00
看着头疼, 有没有什么标准或者参考答案之类的标准呢 ?
研究半天,结果自己都还搞不明白到底哪错那对?
零度的穷浪漫 - 2009-7-29 4:05:00
1.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]为什么每篇日志里这项总是丢失啊?
2.垃圾问题不想再重复了,还有进程被很多.dll加载
这个FujiFilm是什么东东啊?
3.进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 520, D:\FUJIFILM\FRONTIER\BIN\EZMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, D:\FUJIFILM\DNACOMMON\BIN\EZTMR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 280, D:\FUJIFILM\DNACOMMON\BIN\DNAACNETSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1120, D:\FUJIFILM\DNACOMMON\BIN\DNADEVINFOMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 964, D:\FUJIFILM\DNACOMMON\BIN\EZERR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1800, D:\FUJIFILM\DNACOMMON\BIN\DNAJOBQUEMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 236, D:\FUJIFILM\DNACOMMON\BIN\EZERRWND.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 572, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFINIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 592, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFMONITOR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1644, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFA.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1680, D:\FUJIFILM\FRONTIER\BIN\EZOPE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1640, D:\FUJIFILM\STGLAYER\PROGRAMS\FDMSTGMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1824, D:\FUJIFILM\FRONTIER\BIN\SHINOPEGUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1668, D:\FUJIFILM\FRONTIER\BIN\SHOPSETTINGBAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1736, D:\FUJIFILM\STGLAYER\MODULES\DSCFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 784, D:\FUJIFILM\STGLAYER\MODULES\DSCFS_FDIACONV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1208, D:\FUJIFILM\STGLAYER\MODULES\MULTISPOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 796, D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1584, D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS_P0P1.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1600, D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1732, D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS_FDIACONV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 664, D:\FUJIFILM\STGLAYER\MODULES\PDR8BUFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1676, D:\FUJIFILM\STGLAYER\MODULES\PDR8MEMS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1188, D:\FUJIFILM\STGLAYER\MODULES\PDR8NETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1036, D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2076, D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE_LEGACY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2108, D:\FUJIFILM\STGLAYER\MODULES\SRGBJPEGNETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2140, D:\FUJIFILM\STGLAYER\MODULES\SRGBR8NETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2172, D:\FUJIFILM\FRONTIER\BIN\IEFSWEEPER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, D:\FUJIFILM\FRONTIER\BIN\EZSEQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2208, D:\FUJIFILM\FRONTIER\BIN\EZSEQCMD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2220, D:\FUJIFILM\FRONTIER\BIN\EZSEQJGN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2232, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2244, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2292, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2304, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2316, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2328, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2340, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2400, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2880, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2900, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2920, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3072, D:\FUJIFILM\FRONTIER\BIN\EZPRINT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3084, D:\FUJIFILM\DNAAPPS\P6\AC_IMGCONV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3096, D:\FUJIFILM\DNAAPPS\P6\AC_CDROUT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3108, D:\FUJIFILM\FRONTIER\BIN\TERMAC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3192, D:\FUJIFILM\FRONTIER\BIN\EXECLSEQOBJ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2444, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3932, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3968, D:\FUJIFILM\STGLAYER\PROGRAMS\SOFTENGINEPROC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3592, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3652, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3060, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2288, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]这么多都不认识
still刀刀 - 2009-7-30 1:58:00
驱动程序
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
==================================
没有公司签名
浏览器加载项
[Yahoo! Companion BHO]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, >
没有公司签名
==================================
正在运行的进程
[C:\WINDOWS\system32\eswia7a.dll] [SEIKO EPSON CORP., 1.73]
[D:\FujiFilm\Frontier\Dll\ShOpKeyHook.dll] [, 1, 0, 0, 1]
[D:\Fujifilm\PC-COM1\dll\Common.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\LogMan.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\TShotComm.dll] [N/A, ]
[D:\FujiFilm\Frontier\Dll\ShOpKeyEvent.dll] [, 1, 0, 0, 1]
[D:\FujiFilm\Frontier\Dll\MngKey.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\CMemMan.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\DNACommonLib.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\LogRec.dll] [N/A, ]
[D:\Fujifilm\PC-COM1\dll\FileDirAcc.dll] [N/A, ]
[D:\FujiFilm\StgLayer\Programs\StgIpc.dll] [N/A, ]
[D:\FujiFilm\StgLayer\Programs\FileUrl.dll] [N/A, ]
[D:\FujiFilm\StgLayer\Programs\ImgUrl.dll] [N/A, ]
[D:\FujiFilm\StgLayer\Programs\StgErr.dll] [N/A, ]
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 520, D:\FUJIFILM\FRONTIER\BIN\EZMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, D:\FUJIFILM\DNACOMMON\BIN\EZTMR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 280, D:\FUJIFILM\DNACOMMON\BIN\DNAACNETSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1120, D:\FUJIFILM\DNACOMMON\BIN\DNADEVINFOMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 964, D:\FUJIFILM\DNACOMMON\BIN\EZERR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1800, D:\FUJIFILM\DNACOMMON\BIN\DNAJOBQUEMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 236, D:\FUJIFILM\DNACOMMON\BIN\EZERRWND.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 572, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFINIT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 592, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFMONITOR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1644, D:\FUJIFILM\DNAAPPS\Q0\BIN\WFA.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1680, D:\FUJIFILM\FRONTIER\BIN\EZOPE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1640, D:\FUJIFILM\STGLAYER\PROGRAMS\FDMSTGMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1824, D:\FUJIFILM\FRONTIER\BIN\SHINOPEGUI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1668, D:\FUJIFILM\FRONTIER\BIN\SHOPSETTINGBAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1736, D:\FUJIFILM\STGLAYER\MODULES\DSCFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 784, D:\FUJIFILM\STGLAYER\MODULES\DSCFS_FDIACONV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1208, D:\FUJIFILM\STGLAYER\MODULES\MULTISPOOL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 796, D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1584, D:\FUJIFILM\STGLAYER\MODULES\NETSPOOLFS_P0P1.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1600, D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1732, D:\FUJIFILM\STGLAYER\MODULES\PDDSCFS_FDIACONV.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 664, D:\FUJIFILM\STGLAYER\MODULES\PDR8BUFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1676, D:\FUJIFILM\STGLAYER\MODULES\PDR8MEMS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1188, D:\FUJIFILM\STGLAYER\MODULES\PDR8NETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1036, D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2076, D:\FUJIFILM\STGLAYER\MODULES\SRGBFILE_LEGACY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2108, D:\FUJIFILM\STGLAYER\MODULES\SRGBJPEGNETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2140, D:\FUJIFILM\STGLAYER\MODULES\SRGBR8NETSPOOLFR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2172, D:\FUJIFILM\FRONTIER\BIN\IEFSWEEPER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, D:\FUJIFILM\FRONTIER\BIN\EZSEQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2208, D:\FUJIFILM\FRONTIER\BIN\EZSEQCMD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2220, D:\FUJIFILM\FRONTIER\BIN\EZSEQJGN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2232, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2244, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2292, D:\FUJIFILM\FRONTIER\BIN\EZSEQJPR.EXE]
没有问题?感觉疑惑
乐陶猪 - 2009-8-4 22:37:00
==================================
驱动程序
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
PID: 684 / FRONTIER][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\FujiFilm\Frontier\Dll\ShOpKeyHook.dll] [, 1, 0, 0, 1]
[D:\Fujifilm\PC-COM1\dll\Common.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\LogMan.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\TShotComm.dll] [N/A, ]
[D:\FujiFilm\Frontier\Dll\ShOpKeyEvent.dll] [, 1, 0, 0, 1]
[D:\FujiFilm\Frontier\Dll\MngKey.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\CMemMan.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\DNACommonLib.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\LogRec.dll] [N/A, ]
[D:\Fujifilm\DNACommon\bin\VMMAP.dll] [N/A, ]
[D:\FujiFilm\Frontier\Dll\ComData.dll] [N/A, ]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
==================================
进程特权扫描也有问题!!
莫非这就是因为系统漏洞而引起的毒霸?
乐陶猪 - 2009-8-4 22:39:00
看完参考答案,正能用一个字形容,晕:kaka6: …………
1
© 2000 - 2026 Rising Corp. Ltd.