瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 [求助]瑞星监控被禁用(好象不是置顶那几个问题)

12   2  /  2  页   跳转

[求助]瑞星监控被禁用(好象不是置顶那几个问题)

收藏
nya115
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-08-02
  • 来自:
发表于: 2007-08-02 11:50 | 只看楼主 短消息 资料
字号: 11楼

[PID: 2356 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2496 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2536 / Administrator][C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE]  [Hewlett-Packard Company, 2.01.0]
    [C:\Program Files\Hewlett-Packard\HP Mobile Printing\libexpat.dll]  [http://www.libexpat.org, 1.95.5]
    [C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBR_0804.DLL]  [Hewlett-Packard Company, 2.01.0]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2716 / Administrator][C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe]  [WIDCOMM, Inc., 1.4.2 Build 19 SP1]
    [C:\WINDOWS\system32\wbtapi.dll]  [WIDCOMM, Inc., 1.4.2 Build 19 SP1]
    [C:\WINDOWS\system32\btosif.dll]  [WIDCOMM, Inc., 1.4.2 Build 19 SP1]
    [C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll]  [WIDCOMM, Inc., 1.4.2 Build 19]
    [C:\WINDOWS\system32\btrez.dll]  [, 1.4.1 Build 2]
    [C:\WINDOWS\system32\CSH.dll]  [Blue Sky Software Corporation, 2.00.039]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2996 / Administrator][C:\Program Files\flvplayer\flvplayer.exe]  [N/A, ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3148 / Administrator][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\6xsd0.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [C:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 95]
[PID: 3916 / Administrator][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2584 / Administrator][C:\Program Files\Edu Supplicant\supplicant.exe]  [, 3.2.0]
    [C:\WINDOWS\system32\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\wpcap.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3268 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2340 / Administrator][C:\WINDOWS\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\6xsd0.dll]  [N/A, ]
[PID: 2696 / Administrator][C:\WINDOWS\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\6xsd0.dll]  [N/A, ]
[PID: 3524 / Administrator][E:\fterm-2004memory\FTERM.exe]  [, 2.5.0.130]
    [E:\fterm-2004memory\libeay32.dll]  [N/A, ]
    [E:\fterm-2004memory\convcode.dll]  [N/A, ]
    [E:\fterm-2004memory\libcurl.dll]  [The cURL library, http://curl.haxx.se/, 7.11.1]
    [E:\fterm-2004memory\ipsearcher.dll]  [, 1.0.0.3]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\6xsd0.dll]  [N/A, ]
[PID: 3104 / Administrator][E:\软件\杀毒及优化软件\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.18.1 15Jul03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\6xsd0.dll]  [N/A, ]
    [E:\软件\杀毒及优化软件\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
nya115
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-08-02
  • 来自:
发表于: 2007-08-02 11:50 | 只看楼主 短消息 资料
字号: 12楼

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1596, C:\PROGRAM FILES\INTEL\NCS\PROSET\PRONOMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1644, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1104, C:\PROGRAM FILES\JAVA\J2RE1.4.2_02\BIN\JUSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 676, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2072, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2256, C:\WINDOWS\SYSTEM32\1XCONFIG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2536, C:\PROGRAM FILES\HEWLETT-PACKARD\HP MOBILE PRINTING\HPBMOBIL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2716, C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2996, C:\PROGRAM FILES\FLVPLAYER\FLVPLAYER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3148, C:\PROGRAM FILES\TENCENT\QQ\QQ.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3916, C:\PROGRAM FILES\TENCENT\QQ\TIMPLATFORM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2584, C:\PROGRAM FILES\EDU SUPPLICANT\SUPPLICANT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3524, E:\FTERM-2004MEMORY\FTERM.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
暗焰欣空
头像
拙长孩提狮
  • 帖子:142
  • 注册: 2007-03-23
  • 来自:
发表于: 2007-08-02 12:03 | 短消息 资料
字号: 13楼

<{325AB2F3-234A-7469-2F43-E341713ABFA3}><C:\WINDOWS\system32\wgcpri.dll>
<{4A65498A-7653-9801-1647-987114AB7F44}><C:\WINDOWS\system32\zxdpri.dll>

毒还没有删干净
gototop
 
nya115
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-08-02
  • 来自:
发表于: 2007-08-02 13:04 | 只看楼主 短消息 资料
字号: 14楼

在注册表里找到删掉了.暂时没啥问题。再观察一下。
谢谢~~~
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT