(病毒类型)(Trojan.BootKit.d)(Adware.SeadBar)(TrojanDropper.Win32.Joiner.p)(病毒已经删处,但是机子仍然运行很慢)
Process PID CPU Description Company Name
System Idle Process 0 84.93
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 400 Windows NT Session Manager Microsoft Corporation
csrss.exe 468 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 536 2.74 Services and Controller app Microsoft Corporation
svchost.exe 704 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 784 Generic Host Process for Win32 Services Microsoft Corporation
CCenter.exe 860 CCenter Beijing Rising Technology Co., Ltd.
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 956 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 992 Generic Host Process for Win32 Services Microsoft Corporation
RavMonD.exe 1004 RavMond Beijing Rising Technology Co., Ltd.
rfwsrv.exe 1056 Rising Personal FireWall Service Beijing Rising Technology Co., Ltd.
rfwmain.exe 1828 Rising Personal FireWall Main Program Beijing Rising Technology Co., Ltd.
spoolsv.exe 1180 Spooler SubSystem App Microsoft Corporation
nvsvc32.exe 1312 NVIDIA Driver Helper Service, Version 82.04 NVIDIA Corporation
wdfmgr.exe 1364 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 280 Application Layer Gateway Service Microsoft Corporation
lsass.exe 548 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1756 Windows Explorer Microsoft Corporation
CnxDslTb.exe 1232 Anwendung für Taskleiste Conexant Systems Inc.
realsched.exe 1340 RealNetworks Scheduler RealNetworks, Inc.
RavTask.exe 1536 RavTimer Beijing Rising Technology Co., Ltd.
ctfmon.exe 1572 CTF Loader Microsoft Corporation
IEXPLORE.EXE 2256 Internet Explorer Microsoft Corporation
Rav.exe 3352 Rising Antivirus Main exe Beijing Rising Technology Co., Ltd.
notepad.exe 3628 记事本 Microsoft Corporation
procexp.exe 4044 12.33 Sysinternals Process Explorer Sysinternals
conime.exe 3920 Console IME Microsoft Corporation
Process: services.exe Pid: 536
Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamed
Objects
Directory \KnownDlls
Event \BaseNamed
Objects\DINPUTWINMM
Event \BaseNamed
Objects\SC_AutoStartComplete
Event \BaseNamed
Objects\SvcctrlStartEvent_A3752DX
Event \BaseNamed
Objects\ScNetDrvMsg
Event \BaseNamed
Objects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamed
Objects\PnP_No_Pending_Install_Events
Event \BaseNamed
Objects\userenv: User Profile setup event
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\NamedPipe\ntsvcs
File \Device\NamedPipe\ntsvcs
File \Device\NamedPipe\scerpc
File \Device\NamedPipe\scerpc
File \Device\NamedPipe\net\NtControlPipe1
File \Device\NamedPipe\net\NtControlPipe2
File \Device\NamedPipe\net\NtControlPipe2
File C:\WINDOWS\system32\config\AppEvent.Evt
File C:\WINDOWS\system32\config\SecEvent.Evt
File C:\WINDOWS\system32\config\SysEvent.Evt
File \Device\NamedPipe\net\NtControlPipe5
File \Device\NamedPipe\net\NtControlPipe3
File \Device\NamedPipe\net\NtControlPipe4
File \Device\NamedPipe\net\NtControlPipe0
File \Device\NamedPipe\net\NtControlPipe6
File \Device\NamedPipe\net\NtControlPipe8
File \Device\NamedPipe\net\NtControlPipe7
File \Device\NamedPipe\net\NtControlPipe10
File \Device\NamedPipe\net\NtControlPipe9
File \Device\NamedPipe\net\NtControlPipe11
File \Device\NamedPipe\net\NtControlPipe12
File \Device\NamedPipe\ntsvcs
File \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
File \Device\NamedPipe\net\NtControlPipe13
File C:\WINDOWS\system32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet002\Control\NetworkProvider\Order
Key HKLM
Key HKLM\SYSTEM\ControlSet002\Control\ServiceGroupOrder
Key HKU\S-1-5-19
Key HKLM\SYSTEM\ControlSet002\Control\ServiceCurrent
Key HKLM\SYSTEM\ControlSet002\Services\Eventlog
Key HKLM\SYSTEM\ControlSet002\Control\ComputerName\ActiveComputerName
Key HKU
Key HKU\S-1-5-20
Key HKU\.DEFAULT
Key HKU\S-1-5-20
Key HKLM\SYSTEM\ControlSet002\Control\Nls\Locale
Key HKU\S-1-5-19
Key HKU\S-1-5-19
Key HKLM\SYSTEM\ControlSet002\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet002\Control\Nls\Language Groups
Key HKLM\SYSTEM\ControlSet002\Enum
Key HKLM\SYSTEM\ControlSet002\Services
Key HKLM\SYSTEM\ControlSet002\Control\Class
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
KeyedEvent \Kernel
Objects\CritSecOutOfMemoryEvent
Mutant \BaseNamed
Objects\SHIMLIB_LOG_MUTEX
Mutant \BaseNamed
Objects\ShimCacheMutex
Mutant \BaseNamed
Objects\PnP_Init_Mutex
Port \RPC Control\ntsvcs
Port \ErrorLogPort
Process alg.exe(280)
Process svchost.exe(704)
Process svchost.exe(784)
Process CCenter.exe(860)
Process svchost.exe(876)
Process (956)
Process svchost.exe(992)
Process RavMonD.exe(1004)
Process (1056)
Process spoolsv.exe(1180)
Process (1312)
Process wdfmgr.exe(1364)
Section \BaseNamed
Objects\ShimSharedMemory
Semaphore \BaseNamed
Objects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Thread services.exe(536): 664
Thread services.exe(536): 668
Thread services.exe(536): 672
Thread services.exe(536): 240
Thread services.exe(536): 684
Thread services.exe(536): 688
Thread services.exe(536): 692
Thread services.exe(536): 676
Thread services.exe(536): 700
Thread services.exe(536): 716
Thread services.exe(536): 724
Thread services.exe(536): 932
Thread services.exe(536): 1588
Thread services.exe(536): 2216
Thread services.exe(536): 940
Thread services.exe(536): 944
Thread services.exe(536): 252
Thread services.exe(536): 248
Token NT AUTHORITY\LOCAL SERVICE
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\NETWORK SERVICE
Token NT AUTHORITY\LOCAL SERVICE
Token NT AUTHORITY\LOCAL SERVICE
Token KUSH-41365DBECD\Kurosaki
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
附件:
6378372005121620009.BMP