12   1  /  2  页   跳转

[求助] 网络病毒通过漏洞不停攻击

网络病毒通过漏洞不停攻击

网络病毒通过漏洞不停攻击,电脑里面会莫名其妙多出个HLCMD.exe文件,但是瑞星杀了后是没毒,认为这个不是病毒,我这里所有感染的电脑都能看到HLCMD.EXE进程。不管是去他的目录删除也好,还是用清理工具清理也好,重新启动以后又有了。下面是记录日志

附件: SREngLOG.log (2014-12-15 13:01:04, 34.62 K)
该附件被下载次数 542

最后编辑麦青儿 最后编辑于 2014-12-17 14:47:19
分享到:
gototop
 

回复:网络病毒通过漏洞不停攻击



2014-12-15,11:28:46

System Repair Engineer 2..6..12..1018
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 3 (Build 2600) -

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <ctfmon><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HLCMD><C:\WINDOWS\system32\HLCMD.exe>  [(Verified)Microsoft Windows Component Publisher]
    <360Safetray><"C:\Program Files\360\360Safe\safemon\360tray.exe" /start>  [(Verified)Qihoo 360 Software (Beijing) Company Limited]
    <RSDTRAY><"C:\Program Files\Rising\RSD\popwndexe.exe">  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTRAY><"C:\Program Files\Rising\Rav\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\HLCMD.EXE>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[FTPServer]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\FTPServer.lnk --> D:\FTP服~1.5简\FTPSER~1\FTPSER~1.EXE [Gxnn.com]><N>

==================================


gototop
 

回复:网络病毒通过漏洞不停攻击



服务
[Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe><Adobe Systems Incorporated>
[Google 更新服务 (gupdate) / gupdate][Stopped/Manual Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google 更新服务 (gupdatem) / gupdatem][Stopped/Manual Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc><Google Inc.>
[Intel(R) Capability Licensing Service Interface / Intel(R) Capability Licensing Service Interface][Running/Auto Start]
  <"C:\Program Files\Intel\iCLS Client\HeciServer.exe"><Intel(R) Corporation>
[Intel(R) Dynamic Application Loader Host Interface Service / jhi_service][Running/Auto Start]
  <C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe><Intel Corporation>
[JJJ041 / JJJ041][Stopped/Auto Start]
  <C:\WINDOWS\JJJ041><N/A>
[Intel(R) Management and Security Application Local Management Service / LMS][Running/Auto Start]
  <C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe><Intel Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SmartFssCli / SmartFssCli][Stopped/Auto Start]
  <C:\WINDOWS\system32\SmartFssCli.exe><N/A>
[SogouUpdate / SogouUpdate][Stopped/Manual Start]
  <"D:\Program Files\SogouInput\7.4.0.4502\SogouUpdate.exe"><Sogou.com Inc.>
[Intel(R) Management and Security Application User Notification Service / UNS][Running/Auto Start]
  <"C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"><Intel Corporation>
[Tencent WxBox Update Service / WxBoxUpdate][Stopped/Manual Start]
  <"C:\Program Files\Tencent\WxBox\Update\WxBoxUpdate.exe" /Service><Tencent>
[主动防御 / ZhuDongFangYu][Running/Auto Start]
  <"C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe"><360.cn>

==================================
驱动程序
[360Safe Anti Hacker Service / 360AntiHacker][Running/System Start]
  <System32\Drivers\360AntiHacker.sys><360.cn>
[360Box mini-filter driver / 360Box][Running/System Start]
  <system32\DRIVERS\360Box.sys><360.cn>
[360Safe Camera Filter Service / 360Camera][Stopped/Manual Start]
  <System32\Drivers\360Camera.sys><360.cn>
[360netmon / 360netmon][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360netmon.sys><360.cn>
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[Ambfilt / Ambfilt][Stopped/Manual Start]
  <system32\drivers\Ambfilt.sys><Creative>
[BAPIDRV / BAPIDRV][Running/System Start]
  <system32\DRIVERS\BAPIDRV.sys><360.cn>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><360安全中心>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\gdrv.sys><N/A>
[grmnusb / grmnusb][Stopped/Manual Start]
  <system32\drivers\grmnusb.sys><GARMIN Corp.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[HookShadowSSDT / HookShadowSSDT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\HookShadowSSDT.sys><<company name here>>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kguard / kguard][Running/System Start]
  <system32\DRIVERS\kguard.sys><Beijing Rising Information Technology Co., Ltd.>
[Intel(R) Management Engine Interface  / MEI][Running/Manual Start]
  <system32\DRIVERS\HECI.sys><Intel Corporation>
[Monfilt / Monfilt][Stopped/Manual Start]
  <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[tencent QMUdisk / QMUdisk][Stopped/System Start]
  <\??\C:\Program Files\Tencent\QQPCMgr\10.4.15685.215\QMUdisk.sys><N/A>
[QQFrmMgr / QQFrmMgr][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\QQFrmMgr.sys><Tencent>
[QQProtect / QQProtect][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\QQProtect.sys><Tencent>
[Quantum DeepScanner Servers / quxxxserv][Running/System Start]
  <system32\DRIVERS\quxxxrv.sys><360.cn>
[qutmipc / qutmipc][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360.cn>
[rsd protect / rsdsys][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\protreg.sys><Beijing Rising Information Technology Co., Ltd.>
[rsutils / rsutils][Running/System Start]
  <system32\DRIVERS\rsutils.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[sysmon / sysmon][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sysmon.sys><Beijing Rising Information Technology Co., Ltd.>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[QQMiniDL Helper Class]
  {C9C7334B-5657-41e1-8F79-F6AACECA05F4} <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[AccountProtectBHO Class]
  {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} <C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll, (Signed) Tencent>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {08D512D2-7D97-4E22-B7DB-82791106C086} <, >
[]
  {0F4BF955-A127-41B7-A998-369904AA2578} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <, >
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {29B6CFD5-0064-411A-8C42-9890C83F9921} <, >
[]
  {3E781A73-7A24-2F43-6653-5241EC409C73} <, >
[]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <, >
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[应用宝一键安装插件]
  {50F4150A-48B2-417A-BE4C-C83F580FB904} <C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll, (Signed) 腾讯公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[]
  {6EAAD146-39C4-4F5C-A0A7-DAA160ABD907} <, >
[]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <, >
[]
  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} <, >
[CertEnroll Class]
  {7978461C-CC22-48F2-BC69-02220D3E101D} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\Safelive.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[]
  {98F22D0A-B97F-4AF4-8E4C-A6596C8CDD4C} <, >
[]
  {A8502600-B272-4F68-A67B-A0305D46D297} <, >
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[]
  {B4F3A835-0E21-4959-BA22-42B3008E02FF} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[Google Update Plugin]
  {C442AC41-9200-4770-8CC0-7CDB4F245C55} <C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll, (Signed) Google Inc.>
[QQMiniDL Helper Class]
  {C9C7334B-5657-41E1-8F79-F6AACECA05F4} <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[DownloadMgr Class]
  {D1B878E7-5528-4BAE-8CA0-41567697EF90} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash32_16_0_0_235.ocx, (Signed) Adobe Systems, Inc.>
[AccountProtectBHO Class]
  {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} <C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll, (Signed) Tencent>
[AgControl Class]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll, (Signed)  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.dll, (Signed) Tencent>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[SSOForPTLogin2 Class]
  {EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.95\Bin\npSSOAxCtrlForPTLogin.dll, (Signed) Tencent>
[TimwpCheck Class]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\Program Files\Tencent\QQ\bin\Timwp.dll, (Signed) Tencent>
[]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[]
  {EF7BC8AC-5BDC-4AED-AD63-A9B3AE7A768C} <, >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[腾讯开放平台微端游戏插件]
  {F47EE1CA-AA94-48A3-B9C9-CBB0037AB7BC} <C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll, (Signed) 腾讯公司>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[webmod Class]
  {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <, >
[使用QQ下载助手下载]
  <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm, N/A>
[发送至 OneNote(&N)]
  <res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>


gototop
 

回复:网络病毒通过漏洞不停攻击



==================================
正在运行的进程
[PID: 680 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1024 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1084 / SYSTEM][C:\WINDOWS\system32\logonui.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1148 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1248 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.50]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1284 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 1400 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1512 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1576 / SYSTEM][C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe]  [360.cn, 3, 2, 2, 2045]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\Program Files\360\360Safe\deepscan\cloudcom2.dll]  [360.cn, 3, 3, 10, 1015]
    [C:\Program Files\360\360Safe\SoftMgr\360SoftMgrS.dll]  [360.cn, 2, 1, 6, 1470]
    [C:\Program Files\360\360Safe\360NetBase.dll]  [360.cn, 7, 25, 0, 40]
    [C:\Program Files\360\360Safe\deepscan\heavygate.dll]  [360.cn, 3, 7, 9, 9]
    [C:\Program Files\360\360Safe\SoftMgr\360OptExt.dll]  [360.cn, 2, 0, 2, 1001]
    [C:\Program Files\360\360Safe\deepscan\bapi.dll]  [360.cn, 2.0.0.1053]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360.cn, 7, 2, 1, 1089]
    [C:\Program Files\360\360Safe\sweeper\CleanSoft.dll]  [360.cn, 9, 0, 0, 1130]
    [C:\Program Files\360\360Safe\sweeper\CleanSoftEng.dll]  [360.cn, 9, 0, 0, 1130]
[PID: 1776 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
    [C:\WINDOWS\system32\SH2ELMON.dll]  [SHARP, 1.0.0.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.8166.2]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll]  [Microsoft Corporation, 6.1.2600.5635 (xpsp_sp3_qfe.080704-1744)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\unidrvui.dll]  [Microsoft Corporation, 6.0.6001.22116 (vistasp1_ldr.080215-1730)]
[PID: 252 / SYSTEM][C:\Program Files\Intel\iCLS Client\HeciServer.exe]  [Intel(R) Corporation, 1.24.388.1 SYSTEM]
[PID: 276 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe]  [Intel Corporation, 8.1.0.1252]
    [C:\WINDOWS\system32\MSVCP100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\WINDOWS\system32\MSVCR100.dll]  [Microsoft Corporation, 10.00.40219.325]
[PID: 388 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe]  [Intel Corporation, 8.1.0.1252]
[PID: 516 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll]  [, 6.0.0]
    [C:\WINDOWS\system32\MSVCP100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\WINDOWS\system32\MSVCR100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\WsmanClient.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\Common.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\GmsCommon.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\CONFIGURATOR.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\EVENTMANAGER.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\STATUSEVENTHANDLER.dll]  [Intel Corporation, 8.1.0.1252]
[PID: 1340 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 1908 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2520 / Administrator][C:\WINDOWS\system32\rdpclip.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\imaadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
[PID: 2640 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 8, 5, 0, 1175]
    [C:\Program Files\360\360Safe\safemon\Safehmpg.dll]  [360.cn, 1, 0, 0, 2120]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\safemon\360UDiskGuard.dll]  [360.cn, 2, 0, 0, 1091]
    [C:\Program Files\360\360Safe\360Util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\360\360Safe\safemon\iNetSafe.dll]  [360.cn, 1, 0, 2, 1420]
    [C:\Program Files\360\360Safe\safemon\wdexhelper.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\SoftMgr\SML\SMLLauncher.dll]  [360.cn, 2, 0, 0, 1035]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\360\360Safe\Safelive.dll]  [360.cn, 3, 0, 0, 3050]
    [C:\Program Files\360\360Safe\SoftMgr\SoftMgrExt.dll]  [360.cn, 1, 1, 0, 1021]
    [C:\Program Files\360\360Safe\Utils\shell360ext.dll]  [360.cn, 7, 5, 0, 1275]
    [C:\WINDOWS\system32\ravext.dll]  [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 7]
[PID: 3000 / Administrator][C:\Program Files\360\360Safe\safemon\360Tray.exe]  [360.cn, 7, 7, 3, 1151]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\Program Files\360\360Safe\360common.dll]  [360.cn, 7, 3, 0, 3100]
    [C:\Program Files\360\360Safe\safemon\360compro.dll]  [360.cn, 8, 0, 0, 1051]
    [C:\Program Files\360\360Safe\ipc\ipcservice.dll]  [360.CN, 7, 1, 2, 1181]
    [C:\Program Files\360\360Safe\ipc\fileMgr.dll]  [360.cn, 7, 3, 0, 1061]
    [C:\Program Files\360\360Safe\ipc\yhregd.dll]  [360.cn, 7, 2, 0, 1341]
    [C:\Program Files\360\360Safe\ipc\appd.dll]  [360.cn, 7, 3, 6, 1581]
    [C:\Program Files\360\360Safe\ipc\netdefender.dll]  [360.cn, 1, 0, 0, 1104]
    [C:\Program Files\360\360Safe\deepscan\BAPI.dll]  [360.cn, 2.0.0.1053]
    [C:\Program Files\360\360Safe\safemon\360traylive.dll]  [360.cn, 8, 0, 1, 1009]
    [C:\Program Files\360\360Safe\safemon\360procmon.dll]  [360.CN, 7, 1, 1, 1101]
    [C:\Program Files\360\360Safe\safemon\SelfProtectAPI2.dll]  [360.CN, 7, 1, 1, 1009]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360.cn, 7, 2, 1, 1089]
    [C:\Program Files\360\360Safe\safemon\360bsmon.tpi]  [360.cn, 6, 8, 0, 1161]
    [C:\Program Files\360\360Safe\safemon\360dfsopt.tpi]  [360.cn, 1, 0, 0, 1039]
    [C:\Program Files\360\360Safe\safemon\SMLStarter.tpi]  [360.cn, 2, 0, 0, 1080]
    [C:\Program Files\360\360Safe\safemon\360safemonpro.tpi]  [360.cn, 3, 1, 1, 1720]
    [C:\Program Files\360\360Safe\safemon\netmon.tpi]  [360.cn, 5, 1, 1, 3091]
    [C:\Program Files\360\360Safe\safemon\Netm.tpi]  [360.cn, 7, 2, 10, 2100]
    [C:\Program Files\360\360Safe\safemon\BootLeakFixer.tpi]  [360.cn, 1, 0, 0, 1010]
    [C:\Program Files\360\360Safe\safemon\obtracer.tpi]  [360.cn, 6, 8, 0, 1531]
    [C:\Program Files\360\360Safe\ipc\filedef.dll]  [360.cn, 1, 0, 0, 1131]
    [C:\Program Files\360\360Safe\ipc\qutmipc.dll]  [360.cn, 7, 3, 0, 1065]
    [C:\Program Files\360\360Safe\SoftMgr\SomAdvUtils.dll]  [360.cn, 3, 1, 1, 1600]
    [C:\Program Files\360\360Safe\SoftMgr\somkernl.dll]  [360.cn, 2, 1, 0, 1110]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\360netbase.dll]  [360.cn, 7, 25, 0, 40]
    [C:\Program Files\360\360Safe\ipc\sbmon.dll]  [360互联网安全中心, 3, 0, 0, 1014]
    [C:\Program Files\360\360Safe\ipc\360box.dll]  [360安全中心, 2, 0, 0, 1008]
    [C:\Program Files\360\360Safe\ipc\appdext.dll]  [360.cn, 1, 0, 0, 1191]
    [C:\Program Files\360\360Safe\netmon\Netgm.dll]  [360.cn, 2, 1, 2, 1170]
    [C:\Program Files\360\360Safe\safemon\WDRecord.dll]  [360.cn, 1, 0, 1, 1090]
    [C:\Program Files\360\360Safe\deepscan\heavygate.dll]  [360.cn, 3, 7, 9, 9]
    [C:\Program Files\360\360Safe\deepscan\jcloudscan.dll]  [360.cn, 1, 0, 0, 1007]
    [C:\Program Files\360\360Safe\ipc\360AntiHacker.dll]  [360.cn, 1, 0, 0, 1015]
    [C:\Program Files\360\360Safe\ipc\DrvUtility.dll]  [360.cn, 1, 0, 0, 1035]
    [C:\Program Files\360\360Safe\safemon\360UDiskGuard.dll]  [360.cn, 2, 0, 0, 1091]
    [C:\Program Files\360\360Safe\netmon\360WebIdentify.dll]  [360.cn, 1, 0, 1, 1063]
    [C:\Program Files\360\360Safe\SafeLive.dll]  [360.cn, 3, 0, 0, 3050]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\360\360Safe\pdown.dll]  [360.cn, 1, 3, 0, 1234]
    [C:\Program Files\360\360Safe\safemon\SomProxy.dll]  [360.cn, 1, 0, 0, 1760]
    [C:\Program Files\360\360Safe\safemon\360GuardBase.dll]  [360.cn, 3, 1, 0, 1010]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.cn, 2, 9, 5, 1100]
    [C:\Program Files\360\360Safe\safemon\safemonhlp.dll]  [360.cn, 1, 0, 0, 1250]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 8, 5, 0, 1175]
    [C:\Program Files\360\360Safe\deepscan\Cloudcom2.dll]  [360.cn, 3, 3, 10, 1015]
    [C:\Program Files\360\360Safe\netmon\360netctrl.dll]  [360.cn, 5, 3, 15, 2148]
    [C:\Program Files\360\360Safe\netmon\360wvmon.dll]  [360.cn, 1, 0, 1, 1120]
    [C:\Program Files\360\360Safe\netmon\3GIdentify.dll]  [360.cn, 1, 0, 2, 1135]
    [C:\Program Files\360\360Safe\netmon\360netmisc.dll]  [360.cn, 1, 0, 1, 1090]
    [C:\Program Files\360\360Safe\netmon\360NMConnection.dll]  [360.cn, 2, 0, 1, 1070]
    [C:\Program Files\360\360Safe\netmon\360nmvui.dll]  [360.cn, 1, 0, 2, 1190]
    [C:\Program Files\360\360Safe\netmon\360nmdata.dll]  [360.cn, 1, 0, 1, 1033]
    [C:\Program Files\360\360Safe\360Verify.dll]  [360互联网安全中心, 2, 0, 0, 1005]
    [C:\Program Files\360\360Safe\safemon\360lhsa1da8.dll]  [360.cn, 1, 0, 0, 1001]
    [C:\Program Files\360\360Safe\netmon\360gameidentify.dll]  [360.cn, 1, 0, 1, 1040]
    [C:\Program Files\360\360Safe\netmon\360PerfOptm2.dll]  [360.cn, 1, 0, 3, 1290]
    [C:\Program Files\360\360Safe\ipc\HipsLog.dll]  [360.CN, 1, 0, 0, 1011]
    [C:\Program Files\360\360Safe\netmon\netmpgame.dll]  [360.cn, 1, 0, 3, 3065]
    [C:\Program Files\360\360Safe\safemon\360TrayLogin.tpi]  [360.cn, 9, 0, 3, 1064]
    [C:\Program Files\360\360Safe\safemon\360MobileBase.tpi]  [360.cn, 2, 4, 0, 1035]
    [C:\Program Files\360\360Safe\safemon\DsTpi.tpi]  [360.cn, 1, 0, 0, 3020]
    [C:\Program Files\360\360Safe\deepscan\WifiSafe.dll]  [360.cn, 2, 0, 0, 1024]
    [C:\Program Files\360\360Safe\deepscan\cloudsec3.dll]  [360.cn, 3, 3, 0, 1150]
    [C:\Program Files\360\360Safe\LiveUpd360.dll]  [360.cn, 1, 3, 0, 1234]
    [C:\Program Files\360\360Safe\360net.dll]  [360.cn, 1, 2, 0, 1130]
    [C:\Program Files\360\360Safe\360P2SP.dll]  [360.cn, 1, 3, 0, 1310]
    [C:\Program Files\360\360Safe\safemon\360HipsPopWnd.dll]  [360.cn, 7, 3, 2, 1141]
    [C:\Program Files\360\360Safe\combineext.dll]  [360.cn, 1, 0, 0, 1007]
    [C:\Program Files\360\360Safe\efiproc.dll]  [奇虎360安全卫士, 1, 0, 0, 1011]
    [C:\Program Files\360\360Safe\MiniUI.dll]  [360.cn, 9, 0, 0, 3110]
    [C:\Program Files\360\360Safe\sites.dll]  [360.cn, 9, 0, 0, 2551]
    [C:\Program Files\360\360Safe\Utils\SiteUIProxy.dll]  [360.cn, 9, 0, 0, 2050]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\360\360Safe\deepscan\deepscan.dll]  [360.cn, 3, 3, 0, 1150]
    [C:\Program Files\360\360Safe\deepscan\360Quarant.dll]  [360.cn, 1, 0, 0, 1035]
    [C:\Program Files\360\360Safe\deepscan\360QuarantPlugin.dll]  [360.cn, 1, 0, 0, 1013]
    [C:\Program Files\360\360Safe\safemon\wdexhelper.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3008 / Administrator][C:\Program Files\Rising\RSD\popwndexe.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.7]
    [C:\Program Files\Rising\RSD\rsdk.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.2]
    [C:\Program Files\Rising\RSD\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.34]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
[PID: 3028 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 3120 / Administrator][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3136 / Administrator][D:\Ftp服务器 2.5简体中文绿色免费版\FtpServers\FTPServer.exe]  [Gxnn.com, 1.0.0.1]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3796 / Administrator][C:\Program Files\360\360Safe\SoftMgr\SML\SoftMgrLite.exe]  [360.cn, 3, 1, 0, 1200]
    [C:\Program Files\360\360Safe\360Base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360Util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\safemon\wdefence.dll]  [360.cn, 1, 0, 0, 1050]
    [c:\program files\360\360safe\softmgr\sml\smlcore.dll]  [360.cn, 2, 0, 0, 1190]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3616 / Administrator][C:\Documents and Settings\Administrator\桌面\SREng老版本2.6.12.1018.EXE]  [1111, 2..6..12..1018]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
[PID: 3452 / SYSTEM][C:\WINDOWS\system32\logon.scr]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 3136, D:\FTP服务器 2.5简体中文绿色免费版\FTPSERVERS\FTPSERVER.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


gototop
 

回复: 网络病毒通过漏洞不停攻击

病毒文件
你的下载权限 1 低于此附件所需权限 255, 你无法查看此附件

附件附件:

你的下载权限 1 低于此附件所需权限 255, 你无权查看此附件

最后编辑麦青儿 最后编辑于 2014-12-17 14:47:33
gototop
 

回复:网络病毒通过漏洞不停攻击

hkcmd.exe 这是intel芯片组(含显卡的那种)驱动中自带的支持热键改变显示模式的程序

不知道你的是什么。或者说你是根据什么判断绝对是病毒的
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 

回复 5F girl78979 的帖子

样本已收集。
欢迎加入
瑞星杀毒软件QQ群 47032532
瑞星个人防火墙QQ群 204732153
瑞星路由安全卫士QQ群 213941034
瑞星安全WiFi QQ群 81864985
瑞星手机安全助手QQ群 64866930
gototop
 

回复 5F girl78979 的帖子

hkcmd.exe 不是病毒。
欢迎加入
瑞星杀毒软件QQ群 47032532
瑞星个人防火墙QQ群 204732153
瑞星路由安全卫士QQ群 213941034
瑞星安全WiFi QQ群 81864985
瑞星手机安全助手QQ群 64866930
gototop
 

回复:网络病毒通过漏洞不停攻击

怎么确定是病毒呢,瑞星没报是毒就应该没问题的。
gototop
 

回复:网络病毒通过漏洞不停攻击

注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HLCMD><C:\WINDOWS\system32\HLCMD.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\HLCMD.EXE>  [File is missing]
==================================
服务
[JJJ041 / JJJ041][Stopped/Auto Start]
  <C:\WINDOWS\JJJ041><N/A>
==================================

上面不知道什么DD?
有个C:\WINDOWS\system32\HLCMD.exe,貌似没有hkcmd.exe的事?
打酱油的……
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT