- ==================================
- 正在运行的进程
- [PID: 584 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [PID: 736 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 748 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 896 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
- [PID: 1172 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1292 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1612 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
- [C:\WINDOWS\system32\CNMLM76.DLL] [CANON INC., 1.90.2.20]
- [C:\WINDOWS\system32\CNMLM6e.DLL] [CANON INC., 1.80.2.50]
- [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD76.DLL] [CANON INC., 1.90.2.20]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL] [CANON INC., 1.80.2.50]
- [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
- [PID: 1616 / Admin][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 7.0]
- [C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 1, 17]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [PID: 1884 / Admin][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [PID: 1892 / Admin][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [PID: 1904 / Admin][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 5, 1, 1001]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
- [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 5, 0, 1001]
- [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 5, 1, 1001]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\Program Files\360safe\live.dll] [360safe.com, 1, 0, 1, 1016]
- [PID: 1912 / Admin][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [PID: 1920 / Admin][C:\WINDOWS\system32\DrvMon.exe] [Alcor Micro, Corp., 1, 0, 0, 9]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [PID: 1956 / Admin][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [PID: 280 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 1532 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
- [PID: 2580 / Admin][D:\江门有线\登陆软件\JMCATVLogin.exe] [江门有线广电网络中心, 3.0.0.14]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [PID: 2716 / Admin][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 1, 17]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll] [腾讯公司, 1, 1, 0, 5]
- [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.5510.0]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [C:\WINDOWS\system32\KIme.ime] [金山软件公司, 1, 0, 0, 1]
- [C:\PROGRA~1\COMMON~1\KingSoft\Extract\KSEngine.dll] [, 1, 0, 0, 1]
- [C:\PROGRA~1\COMMON~1\KingSoft\Extract\xfile.dll] [N/A, ]
- [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
- [PID: 1104 / Admin][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\Program Files\TENCENT\SSPlus\SAddr.dll] [Tencent, 5, 0, 1, 17]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll] [腾讯公司, 1, 1, 0, 5]
- [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.5510.0]
- [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.0.299]
- [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
- [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
- [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
- [PID: 3180 / Admin][C:\Documents and Settings\Admin\桌面\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
- [C:\Program Files\360safe\safemon\safemon.dll] [, 3, 5, 0, 1001]
- [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [TENCENT, 5, 0, 1, 19]
- [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
- [C:\Documents and Settings\Admin\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
- ==================================
- 文件关联
- .TXT Error. [C:\WINDOWS\notepad.exe %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM Error. ["hh.exe" %1]
- .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
- .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
- .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- [C:\]
- [AutoRun]
- open=wscript.exe u.vbe
- shell\open\Command=wscript.exe u.vbe
- shell\explore\Command=wscript.exe u.vbe
- shell\find\Command=wscript.exe u.vbe
- [D:\]
- [AutoRun]
- open=wscript.exe u.vbe
- shell\open\Command=wscript.exe u.vbe
- shell\explore\Command=wscript.exe u.vbe
- shell\find\Command=wscript.exe u.vbe
- [E:\]
- [AutoRun]
- open=wscript.exe u.vbe
- shell\open\Command=wscript.exe u.vbe
- shell\explore\Command=wscript.exe u.vbe
- shell\find\Command=wscript.exe u.vbe
- [F:\]
- [AutoRun]
- open=wscript.exe u.vbe
- shell\open\Command=wscript.exe u.vbe
- shell\explore\Command=wscript.exe u.vbe
- shell\find\Command=wscript.exe u.vbe
- ==================================
- HOSTS 文件
- 127.0.0.1 localhost
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 1884, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 1904, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
- 特殊特权被允许: SeLoadDriverPrivilege [PID = 2580, D:\江门有线\登陆软件\JMCATVLOGIN.EXE]
- ==================================
- API HOOK
- RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码 |