[C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll] [N/A, ]
[C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\vsupdcpl.dll] [McAfee, Inc., 8.5.0.857]
[PID: 1520 / SYSTEM][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 32 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, ]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, ]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, ]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 16 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 39 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, ]
[PID: 1588 / SYSTEM][C:\Program Files\McAfee\Common Framework\naPrdMgr.exe] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\NaiSign.DLL] [N/A, ]
[C:\WINDOWS\system32\epoPGPSDK.dll] [PGP Corporation, 3.5.3]
[C:\Program Files\McAfee\Common Framework\naXML71.dll] [N/A, ]
[C:\Program Files\McAfee\Common Framework\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\McAfee\Common Framework\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\McAfee\Common Framework\nailog.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\naCmnLib71.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\applib.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll] [McAfee, Inc., 8.5.0.895]
[PID: 1628 / Administrator][D:\360safe\safemon\360tray.exe] [奇虎网, 3, 6, 4, 3003]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[D:\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 6, 0, 1001]
[D:\360safe\AntiAdwa.dll] [360Safe.com, 3, 6, 3, 1001]
[D:\360safe\live.dll] [360safe.com, 1, 0, 1, 1021]
[PID: 1656 / Administrator][C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll] [McAfee, Inc., VSCORE.13.3.2.123]
[C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll] [McAfee, Inc., 8.5.0.781]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 1668 / Administrator][C:\Program Files\McAfee\Common Framework\UdaterUI.exe] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\nailog.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\McAfee\Common Framework\naCmnLib71.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\naXML71.dll] [N/A, ]
[C:\Program Files\McAfee\Common Framework\NaiSign.DLL] [N/A, ]
[C:\WINDOWS\system32\epoPGPSDK.dll] [PGP Corporation, 3.5.3]
[C:\Program Files\McAfee\Common Framework\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\McAfee\Common Framework\applib.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\cmalib.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll] [McAfee, Inc., 3.6.0.480]
[C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll] [McAfee, Inc., 3.6.0.480]
[PID: 1684 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1736 / Administrator][C:\Program Files\McAfee\Common Framework\McTray.exe] [McAfee, Inc., 1.0.0.125]
[C:\Program Files\McAfee\Common Framework\JrMac.dll] [McAfee, Inc., 1.0.0.125]
[PID: 1316 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3572 / Administrator][F:\GOMPLA~1\GOM.exe] [Gretech Corp., 2, 1, 8, 3683]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[F:\GOMPLA~1\lang\GomCHS.dll] [Gretech Corp., 2, 1, 8, 3683]
[F:\GomPlayer\GVF.ax] [N/A, ]
[F:\GomPlayer\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[F:\GomPlayer\GAF.ax] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[F:\GomPlayer\codecs\real\RealMediaSplitter.ax] [Gabest, 1, 0, 1, 0]
[F:\GomPlayer\codecs\real\COOK.dll] [RealNetworks, Inc., 10.0.0.1338]
[F:\GOMPLA~1\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[F:\GomPlayer\codecs\real\drvc.dll] [RealNetworks, Inc., 10.0.0.1172]
[PID: 1360 / Administrator][C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\consl.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\McAfee\VirusScan Enterprise\condl.dll] [McAfee, Inc., 8.5.0.857]
[C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[C:\Program Files\McAfee\VirusScan Enterprise\bbcpl.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\coptcpl.dll] [McAfee, Inc., 8.5.0.857]
[C:\Program Files\McAfee\VirusScan Enterprise\emcfgcpl.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\McAfee\VirusScan Enterprise\nvpcpl.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\mytilus2.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\mytilus.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll] [McAfee, Inc., VSCORE.13.3.2.123]
[C:\Program Files\McAfee\VirusScan Enterprise\oascpl.dll] [McAfee, Inc., 8.5.0.857]
[C:\Program Files\McAfee\VirusScan Enterprise\quarcpl.dll] [McAfee, Inc., 8.5.0.781]
[C:\Program Files\McAfee\VirusScan Enterprise\vsodscpl.dll] [McAfee, Inc., 8.5.0.895]
[C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll] [N/A, ]
[C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\ftl.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[C:\Program Files\McAfee\VirusScan Enterprise\vsupdcpl.dll] [McAfee, Inc., 8.5.0.857]
[C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll] [McAfee, Inc., 8.5.0.781]
[PID: 3824 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 1548 / Administrator][C:\WINDOWS\regedit.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[PID: 2244 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[E:\快车\FlashGet\ComDlls\bhoCATCH.dll] [FlashGet, 2, 0, 2, 1011]
[C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll] [McAfee, Inc., VSCORE.13.3.2.123.x86]
[E:\迅雷\ComDlls\XunLeiBHO_004.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 2004 / Administrator][D:\新建文件夹\Reg\SREngPS_du110.EXE] [Smallfrogs Studio, 2.5.16.900]
[D:\360safe\safemon\safemon.dll] [奇虎网, 3, 6, 4, 1001]
[D:\新建文件夹\Reg\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.177dvd.cn
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1628, D:\360SAFE\SAFEMON\360TRAY.EXE]
==================================
API HOOK
RVA 错误: LoadLibraryA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExA (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: LoadLibraryW (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA 错误: GetProcAddress (危险等级: 高, 被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================
[/CODE] |