瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 网络病毒通过漏洞不停攻击
girl78979 - 2014-12-15 13:00:00
网络病毒通过漏洞不停攻击,电脑里面会莫名其妙多出个HLCMD.exe文件,但是瑞星杀了后是没毒,认为这个不是病毒,我这里所有感染的电脑都能看到HLCMD.EXE进程。不管是去他的目录删除也好,还是用清理工具清理也好,重新启动以后又有了。下面是记录日志

附件: SREngLOG.log (2014-12-15 13:01:04, 34.62 K)
该附件被下载次数 542

girl78979 - 2014-12-15 13:02:00


2014-12-15,11:28:46

System Repair Engineer 2..6..12..1018
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 3 (Build 2600) -

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <ctfmon><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HLCMD><C:\WINDOWS\system32\HLCMD.exe>  [(Verified)Microsoft Windows Component Publisher]
    <360Safetray><"C:\Program Files\360\360Safe\safemon\360tray.exe" /start>  [(Verified)Qihoo 360 Software (Beijing) Company Limited]
    <RSDTRAY><"C:\Program Files\Rising\RSD\popwndexe.exe">  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTRAY><"C:\Program Files\Rising\Rav\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\HLCMD.EXE>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <Internet Explorer 版本更新><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[FTPServer]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\FTPServer.lnk --> D:\FTP服~1.5简\FTPSER~1\FTPSER~1.EXE [Gxnn.com]><N>

==================================


girl78979 - 2014-12-15 13:03:00


服务
[Adobe Flash Player Update Service / AdobeFlashPlayerUpdateSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe><Adobe Systems Incorporated>
[Google 更新服务 (gupdate) / gupdate][Stopped/Manual Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc><Google Inc.>
[Google 更新服务 (gupdatem) / gupdatem][Stopped/Manual Start]
  <"C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc><Google Inc.>
[Intel(R) Capability Licensing Service Interface / Intel(R) Capability Licensing Service Interface][Running/Auto Start]
  <"C:\Program Files\Intel\iCLS Client\HeciServer.exe"><Intel(R) Corporation>
[Intel(R) Dynamic Application Loader Host Interface Service / jhi_service][Running/Auto Start]
  <C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe><Intel Corporation>
[JJJ041 / JJJ041][Stopped/Auto Start]
  <C:\WINDOWS\JJJ041><N/A>
[Intel(R) Management and Security Application Local Management Service / LMS][Running/Auto Start]
  <C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe><Intel Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SmartFssCli / SmartFssCli][Stopped/Auto Start]
  <C:\WINDOWS\system32\SmartFssCli.exe><N/A>
[SogouUpdate / SogouUpdate][Stopped/Manual Start]
  <"D:\Program Files\SogouInput\7.4.0.4502\SogouUpdate.exe"><Sogou.com Inc.>
[Intel(R) Management and Security Application User Notification Service / UNS][Running/Auto Start]
  <"C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"><Intel Corporation>
[Tencent WxBox Update Service / WxBoxUpdate][Stopped/Manual Start]
  <"C:\Program Files\Tencent\WxBox\Update\WxBoxUpdate.exe" /Service><Tencent>
[主动防御 / ZhuDongFangYu][Running/Auto Start]
  <"C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe"><360.cn>

==================================
驱动程序
[360Safe Anti Hacker Service / 360AntiHacker][Running/System Start]
  <System32\Drivers\360AntiHacker.sys><360.cn>
[360Box mini-filter driver / 360Box][Running/System Start]
  <system32\DRIVERS\360Box.sys><360.cn>
[360Safe Camera Filter Service / 360Camera][Stopped/Manual Start]
  <System32\Drivers\360Camera.sys><360.cn>
[360netmon / 360netmon][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360netmon.sys><360.cn>
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[Ambfilt / Ambfilt][Stopped/Manual Start]
  <system32\drivers\Ambfilt.sys><Creative>
[BAPIDRV / BAPIDRV][Running/System Start]
  <system32\DRIVERS\BAPIDRV.sys><360.cn>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><360安全中心>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\gdrv.sys><N/A>
[grmnusb / grmnusb][Stopped/Manual Start]
  <system32\drivers\grmnusb.sys><GARMIN Corp.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[HookShadowSSDT / HookShadowSSDT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\HookShadowSSDT.sys><<company name here>>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kguard / kguard][Running/System Start]
  <system32\DRIVERS\kguard.sys><Beijing Rising Information Technology Co., Ltd.>
[Intel(R) Management Engine Interface  / MEI][Running/Manual Start]
  <system32\DRIVERS\HECI.sys><Intel Corporation>
[Monfilt / Monfilt][Stopped/Manual Start]
  <system32\drivers\Monfilt.sys><Creative Technology Ltd.>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[tencent QMUdisk / QMUdisk][Stopped/System Start]
  <\??\C:\Program Files\Tencent\QQPCMgr\10.4.15685.215\QMUdisk.sys><N/A>
[QQFrmMgr / QQFrmMgr][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\QQFrmMgr.sys><Tencent>
[QQProtect / QQProtect][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\QQProtect.sys><Tencent>
[Quantum DeepScanner Servers / quxxxserv][Running/System Start]
  <system32\DRIVERS\quxxxrv.sys><360.cn>
[qutmipc / qutmipc][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360.cn>
[rsd protect / rsdsys][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\protreg.sys><Beijing Rising Information Technology Co., Ltd.>
[rsutils / rsutils][Running/System Start]
  <system32\DRIVERS\rsutils.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[sysmon / sysmon][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sysmon.sys><Beijing Rising Information Technology Co., Ltd.>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[QQMiniDL Helper Class]
  {C9C7334B-5657-41e1-8F79-F6AACECA05F4} <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[AccountProtectBHO Class]
  {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} <C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll, (Signed) Tencent>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {08D512D2-7D97-4E22-B7DB-82791106C086} <, >
[]
  {0F4BF955-A127-41B7-A998-369904AA2578} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <, >
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {29B6CFD5-0064-411A-8C42-9890C83F9921} <, >
[]
  {3E781A73-7A24-2F43-6653-5241EC409C73} <, >
[]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <, >
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[应用宝一键安装插件]
  {50F4150A-48B2-417A-BE4C-C83F580FB904} <C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll, (Signed) 腾讯公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[]
  {6EAAD146-39C4-4F5C-A0A7-DAA160ABD907} <, >
[]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <, >
[]
  {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} <, >
[CertEnroll Class]
  {7978461C-CC22-48F2-BC69-02220D3E101D} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\Safelive.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[]
  {98F22D0A-B97F-4AF4-8E4C-A6596C8CDD4C} <, >
[]
  {A8502600-B272-4F68-A67B-A0305D46D297} <, >
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[]
  {B4F3A835-0E21-4959-BA22-42B3008E02FF} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[Google Update Plugin]
  {C442AC41-9200-4770-8CC0-7CDB4F245C55} <C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll, (Signed) Google Inc.>
[QQMiniDL Helper Class]
  {C9C7334B-5657-41E1-8F79-F6AACECA05F4} <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[DownloadMgr Class]
  {D1B878E7-5528-4BAE-8CA0-41567697EF90} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash32_16_0_0_235.ocx, (Signed) Adobe Systems, Inc.>
[AccountProtectBHO Class]
  {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} <C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\QQAntiPhishing\AccountProtect.dll, (Signed) Tencent>
[AgControl Class]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll, (Signed)  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4a32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.dll, (Signed) Tencent>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[SSOForPTLogin2 Class]
  {EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.95\Bin\npSSOAxCtrlForPTLogin.dll, (Signed) Tencent>
[TimwpCheck Class]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\Program Files\Tencent\QQ\bin\Timwp.dll, (Signed) Tencent>
[]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[]
  {EF7BC8AC-5BDC-4AED-AD63-A9B3AE7A768C} <, >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[腾讯开放平台微端游戏插件]
  {F47EE1CA-AA94-48A3-B9C9-CBB0037AB7BC} <C:\Program Files\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll, (Signed) 腾讯公司>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[webmod Class]
  {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <, >
[使用QQ下载助手下载]
  <C:\Program Files\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm, N/A>
[发送至 OneNote(&N)]
  <res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>


girl78979 - 2014-12-15 13:04:00


==================================
正在运行的进程
[PID: 680 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1024 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1084 / SYSTEM][C:\WINDOWS\system32\logonui.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1148 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1248 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.50]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1284 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 1400 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1512 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\vpatch.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1576 / SYSTEM][C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe]  [360.cn, 3, 2, 2, 2045]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\Program Files\360\360Safe\deepscan\cloudcom2.dll]  [360.cn, 3, 3, 10, 1015]
    [C:\Program Files\360\360Safe\SoftMgr\360SoftMgrS.dll]  [360.cn, 2, 1, 6, 1470]
    [C:\Program Files\360\360Safe\360NetBase.dll]  [360.cn, 7, 25, 0, 40]
    [C:\Program Files\360\360Safe\deepscan\heavygate.dll]  [360.cn, 3, 7, 9, 9]
    [C:\Program Files\360\360Safe\SoftMgr\360OptExt.dll]  [360.cn, 2, 0, 2, 1001]
    [C:\Program Files\360\360Safe\deepscan\bapi.dll]  [360.cn, 2.0.0.1053]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360.cn, 7, 2, 1, 1089]
    [C:\Program Files\360\360Safe\sweeper\CleanSoft.dll]  [360.cn, 9, 0, 0, 1130]
    [C:\Program Files\360\360Safe\sweeper\CleanSoftEng.dll]  [360.cn, 9, 0, 0, 1130]
[PID: 1776 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
    [C:\WINDOWS\system32\SH2ELMON.dll]  [SHARP, 1.0.0.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.8166.2]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll]  [Microsoft Corporation, 6.1.2600.5635 (xpsp_sp3_qfe.080704-1744)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\unidrvui.dll]  [Microsoft Corporation, 6.0.6001.22116 (vistasp1_ldr.080215-1730)]
[PID: 252 / SYSTEM][C:\Program Files\Intel\iCLS Client\HeciServer.exe]  [Intel(R) Corporation, 1.24.388.1 SYSTEM]
[PID: 276 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe]  [Intel Corporation, 8.1.0.1252]
    [C:\WINDOWS\system32\MSVCP100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\WINDOWS\system32\MSVCR100.dll]  [Microsoft Corporation, 10.00.40219.325]
[PID: 388 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe]  [Intel Corporation, 8.1.0.1252]
[PID: 516 / SYSTEM][C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll]  [, 6.0.0]
    [C:\WINDOWS\system32\MSVCP100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\WINDOWS\system32\MSVCR100.dll]  [Microsoft Corporation, 10.00.40219.325]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\WsmanClient.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\Common.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\GmsCommon.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\CONFIGURATOR.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\EVENTMANAGER.dll]  [Intel Corporation, 8.1.0.1252]
    [C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\STATUSEVENTHANDLER.dll]  [Intel Corporation, 8.1.0.1252]
[PID: 1340 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 1908 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2520 / Administrator][C:\WINDOWS\system32\rdpclip.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\imaadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
[PID: 2640 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 8, 5, 0, 1175]
    [C:\Program Files\360\360Safe\safemon\Safehmpg.dll]  [360.cn, 1, 0, 0, 2120]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\safemon\360UDiskGuard.dll]  [360.cn, 2, 0, 0, 1091]
    [C:\Program Files\360\360Safe\360Util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5262 (WMP_11.090130-1421)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\360\360Safe\safemon\iNetSafe.dll]  [360.cn, 1, 0, 2, 1420]
    [C:\Program Files\360\360Safe\safemon\wdexhelper.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\SoftMgr\SML\SMLLauncher.dll]  [360.cn, 2, 0, 0, 1035]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\360\360Safe\Safelive.dll]  [360.cn, 3, 0, 0, 3050]
    [C:\Program Files\360\360Safe\SoftMgr\SoftMgrExt.dll]  [360.cn, 1, 1, 0, 1021]
    [C:\Program Files\360\360Safe\Utils\shell360ext.dll]  [360.cn, 7, 5, 0, 1275]
    [C:\WINDOWS\system32\ravext.dll]  [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 7]
[PID: 3000 / Administrator][C:\Program Files\360\360Safe\safemon\360Tray.exe]  [360.cn, 7, 7, 3, 1151]
    [C:\Program Files\360\360Safe\360base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\360conf.dll]  [360.cn, 1, 0, 0, 1016]
    [C:\Program Files\360\360Safe\360common.dll]  [360.cn, 7, 3, 0, 3100]
    [C:\Program Files\360\360Safe\safemon\360compro.dll]  [360.cn, 8, 0, 0, 1051]
    [C:\Program Files\360\360Safe\ipc\ipcservice.dll]  [360.CN, 7, 1, 2, 1181]
    [C:\Program Files\360\360Safe\ipc\fileMgr.dll]  [360.cn, 7, 3, 0, 1061]
    [C:\Program Files\360\360Safe\ipc\yhregd.dll]  [360.cn, 7, 2, 0, 1341]
    [C:\Program Files\360\360Safe\ipc\appd.dll]  [360.cn, 7, 3, 6, 1581]
    [C:\Program Files\360\360Safe\ipc\netdefender.dll]  [360.cn, 1, 0, 0, 1104]
    [C:\Program Files\360\360Safe\deepscan\BAPI.dll]  [360.cn, 2.0.0.1053]
    [C:\Program Files\360\360Safe\safemon\360traylive.dll]  [360.cn, 8, 0, 1, 1009]
    [C:\Program Files\360\360Safe\safemon\360procmon.dll]  [360.CN, 7, 1, 1, 1101]
    [C:\Program Files\360\360Safe\safemon\SelfProtectAPI2.dll]  [360.CN, 7, 1, 1, 1009]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360.cn, 7, 2, 1, 1089]
    [C:\Program Files\360\360Safe\safemon\360bsmon.tpi]  [360.cn, 6, 8, 0, 1161]
    [C:\Program Files\360\360Safe\safemon\360dfsopt.tpi]  [360.cn, 1, 0, 0, 1039]
    [C:\Program Files\360\360Safe\safemon\SMLStarter.tpi]  [360.cn, 2, 0, 0, 1080]
    [C:\Program Files\360\360Safe\safemon\360safemonpro.tpi]  [360.cn, 3, 1, 1, 1720]
    [C:\Program Files\360\360Safe\safemon\netmon.tpi]  [360.cn, 5, 1, 1, 3091]
    [C:\Program Files\360\360Safe\safemon\Netm.tpi]  [360.cn, 7, 2, 10, 2100]
    [C:\Program Files\360\360Safe\safemon\BootLeakFixer.tpi]  [360.cn, 1, 0, 0, 1010]
    [C:\Program Files\360\360Safe\safemon\obtracer.tpi]  [360.cn, 6, 8, 0, 1531]
    [C:\Program Files\360\360Safe\ipc\filedef.dll]  [360.cn, 1, 0, 0, 1131]
    [C:\Program Files\360\360Safe\ipc\qutmipc.dll]  [360.cn, 7, 3, 0, 1065]
    [C:\Program Files\360\360Safe\SoftMgr\SomAdvUtils.dll]  [360.cn, 3, 1, 1, 1600]
    [C:\Program Files\360\360Safe\SoftMgr\somkernl.dll]  [360.cn, 2, 1, 0, 1110]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\360\360Safe\360netbase.dll]  [360.cn, 7, 25, 0, 40]
    [C:\Program Files\360\360Safe\ipc\sbmon.dll]  [360互联网安全中心, 3, 0, 0, 1014]
    [C:\Program Files\360\360Safe\ipc\360box.dll]  [360安全中心, 2, 0, 0, 1008]
    [C:\Program Files\360\360Safe\ipc\appdext.dll]  [360.cn, 1, 0, 0, 1191]
    [C:\Program Files\360\360Safe\netmon\Netgm.dll]  [360.cn, 2, 1, 2, 1170]
    [C:\Program Files\360\360Safe\safemon\WDRecord.dll]  [360.cn, 1, 0, 1, 1090]
    [C:\Program Files\360\360Safe\deepscan\heavygate.dll]  [360.cn, 3, 7, 9, 9]
    [C:\Program Files\360\360Safe\deepscan\jcloudscan.dll]  [360.cn, 1, 0, 0, 1007]
    [C:\Program Files\360\360Safe\ipc\360AntiHacker.dll]  [360.cn, 1, 0, 0, 1015]
    [C:\Program Files\360\360Safe\ipc\DrvUtility.dll]  [360.cn, 1, 0, 0, 1035]
    [C:\Program Files\360\360Safe\safemon\360UDiskGuard.dll]  [360.cn, 2, 0, 0, 1091]
    [C:\Program Files\360\360Safe\netmon\360WebIdentify.dll]  [360.cn, 1, 0, 1, 1063]
    [C:\Program Files\360\360Safe\SafeLive.dll]  [360.cn, 3, 0, 0, 3050]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\360\360Safe\pdown.dll]  [360.cn, 1, 3, 0, 1234]
    [C:\Program Files\360\360Safe\safemon\SomProxy.dll]  [360.cn, 1, 0, 0, 1760]
    [C:\Program Files\360\360Safe\safemon\360GuardBase.dll]  [360.cn, 3, 1, 0, 1010]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.cn, 2, 9, 5, 1100]
    [C:\Program Files\360\360Safe\safemon\safemonhlp.dll]  [360.cn, 1, 0, 0, 1250]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 8, 5, 0, 1175]
    [C:\Program Files\360\360Safe\deepscan\Cloudcom2.dll]  [360.cn, 3, 3, 10, 1015]
    [C:\Program Files\360\360Safe\netmon\360netctrl.dll]  [360.cn, 5, 3, 15, 2148]
    [C:\Program Files\360\360Safe\netmon\360wvmon.dll]  [360.cn, 1, 0, 1, 1120]
    [C:\Program Files\360\360Safe\netmon\3GIdentify.dll]  [360.cn, 1, 0, 2, 1135]
    [C:\Program Files\360\360Safe\netmon\360netmisc.dll]  [360.cn, 1, 0, 1, 1090]
    [C:\Program Files\360\360Safe\netmon\360NMConnection.dll]  [360.cn, 2, 0, 1, 1070]
    [C:\Program Files\360\360Safe\netmon\360nmvui.dll]  [360.cn, 1, 0, 2, 1190]
    [C:\Program Files\360\360Safe\netmon\360nmdata.dll]  [360.cn, 1, 0, 1, 1033]
    [C:\Program Files\360\360Safe\360Verify.dll]  [360互联网安全中心, 2, 0, 0, 1005]
    [C:\Program Files\360\360Safe\safemon\360lhsa1da8.dll]  [360.cn, 1, 0, 0, 1001]
    [C:\Program Files\360\360Safe\netmon\360gameidentify.dll]  [360.cn, 1, 0, 1, 1040]
    [C:\Program Files\360\360Safe\netmon\360PerfOptm2.dll]  [360.cn, 1, 0, 3, 1290]
    [C:\Program Files\360\360Safe\ipc\HipsLog.dll]  [360.CN, 1, 0, 0, 1011]
    [C:\Program Files\360\360Safe\netmon\netmpgame.dll]  [360.cn, 1, 0, 3, 3065]
    [C:\Program Files\360\360Safe\safemon\360TrayLogin.tpi]  [360.cn, 9, 0, 3, 1064]
    [C:\Program Files\360\360Safe\safemon\360MobileBase.tpi]  [360.cn, 2, 4, 0, 1035]
    [C:\Program Files\360\360Safe\safemon\DsTpi.tpi]  [360.cn, 1, 0, 0, 3020]
    [C:\Program Files\360\360Safe\deepscan\WifiSafe.dll]  [360.cn, 2, 0, 0, 1024]
    [C:\Program Files\360\360Safe\deepscan\cloudsec3.dll]  [360.cn, 3, 3, 0, 1150]
    [C:\Program Files\360\360Safe\LiveUpd360.dll]  [360.cn, 1, 3, 0, 1234]
    [C:\Program Files\360\360Safe\360net.dll]  [360.cn, 1, 2, 0, 1130]
    [C:\Program Files\360\360Safe\360P2SP.dll]  [360.cn, 1, 3, 0, 1310]
    [C:\Program Files\360\360Safe\safemon\360HipsPopWnd.dll]  [360.cn, 7, 3, 2, 1141]
    [C:\Program Files\360\360Safe\combineext.dll]  [360.cn, 1, 0, 0, 1007]
    [C:\Program Files\360\360Safe\efiproc.dll]  [奇虎360安全卫士, 1, 0, 0, 1011]
    [C:\Program Files\360\360Safe\MiniUI.dll]  [360.cn, 9, 0, 0, 3110]
    [C:\Program Files\360\360Safe\sites.dll]  [360.cn, 9, 0, 0, 2551]
    [C:\Program Files\360\360Safe\Utils\SiteUIProxy.dll]  [360.cn, 9, 0, 0, 2050]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\360\360Safe\deepscan\deepscan.dll]  [360.cn, 3, 3, 0, 1150]
    [C:\Program Files\360\360Safe\deepscan\360Quarant.dll]  [360.cn, 1, 0, 0, 1035]
    [C:\Program Files\360\360Safe\deepscan\360QuarantPlugin.dll]  [360.cn, 1, 0, 0, 1013]
    [C:\Program Files\360\360Safe\safemon\wdexhelper.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3008 / Administrator][C:\Program Files\Rising\RSD\popwndexe.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.7]
    [C:\Program Files\Rising\RSD\rsdk.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.2]
    [C:\Program Files\Rising\RSD\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.34]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
[PID: 3028 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 3120 / Administrator][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3136 / Administrator][D:\Ftp服务器 2.5简体中文绿色免费版\FtpServers\FTPServer.exe]  [Gxnn.com, 1.0.0.1]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3796 / Administrator][C:\Program Files\360\360Safe\SoftMgr\SML\SoftMgrLite.exe]  [360.cn, 3, 1, 0, 1200]
    [C:\Program Files\360\360Safe\360Base.dll]  [360.cn, 1, 0, 0, 1050]
    [C:\Program Files\360\360Safe\360Util.dll]  [360.cn, 1, 0, 0, 1207]
    [C:\Program Files\360\360Safe\safemon\wdefence.dll]  [360.cn, 1, 0, 0, 1050]
    [c:\program files\360\360safe\softmgr\sml\smlcore.dll]  [360.cn, 2, 0, 0, 1190]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
[PID: 3616 / Administrator][C:\Documents and Settings\Administrator\桌面\SREng老版本2.6.12.1018.EXE]  [1111, 2..6..12..1018]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 8.00.6001.23580 (longhorn_ie8_ldr.140222-1715)]
    [C:\Program Files\Rising\Rav\rsmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
[PID: 3452 / SYSTEM][C:\WINDOWS\system32\logon.scr]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 3136, D:\FTP服务器 2.5简体中文绿色免费版\FTPSERVERS\FTPSERVER.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


girl78979 - 2014-12-15 13:16:00
病毒文件
你的下载权限 1 低于此附件所需权限 255, 你无法查看此附件

附件: hkcmd.rar
天月来了 - 2014-12-15 14:02:00
hkcmd.exe 这是intel芯片组(含显卡的那种)驱动中自带的支持热键改变显示模式的程序:kaka6:

不知道你的是什么。或者说你是根据什么判断绝对是病毒的:kaka6:
瑞星工程师12 - 2014-12-15 14:12:00
样本已收集。
瑞星工程师12 - 2014-12-15 14:18:00
hkcmd.exe 不是病毒。
琳琅雨幕 - 2014-12-16 10:36:00
怎么确定是病毒呢,瑞星没报是毒就应该没问题的。
超级游戏迷 - 2014-12-16 18:07:00
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HLCMD><C:\WINDOWS\system32\HLCMD.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\HLCMD.EXE>  [File is missing]
==================================
服务
[JJJ041 / JJJ041][Stopped/Auto Start]
  <C:\WINDOWS\JJJ041><N/A>
==================================

上面不知道什么DD?
有个C:\WINDOWS\system32\HLCMD.exe,貌似没有hkcmd.exe的事?
天月来了 - 2014-12-16 18:49:00
关键是SRENG日志里没看见有HLCMD.EXE进程

难道他自己结束了这个进程后再扫描的日志?

要是这样的话,楼主倒是应该去找找C:\WINDOWS\system32\目录下的HLCMD.exe文件,这文件可能是隐藏的系统的属性。

建议下面工具翻找:

下载Filefox:
附件:Filefox.rar
天月来了 - 2014-12-16 19:00:00
顺带看看C:\WINDOWS\JJJ041文件是否存在
girl78979 - 2014-12-17 14:02:00


引用:
原帖由 超级游戏迷 于 2014-12-16 18:07:00 发表
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <HLCMD><C:\WINDOWS\system32\HLCMD.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHI......


说一下,之所以说HLCMD.exe是病毒,是因为,即使删除他,或者把注册表清理后,重新启动电脑又有这个文件了。


还有那个JJJ041,这个我找出来了。大家帮忙看看,感谢各位专家了


解压缩密码是1

你的下载权限 1 低于此附件所需权限 255, 你无法查看此附件
girl78979 - 2014-12-17 14:03:00


引用:
原帖由 天月来了 于 2014-12-16 19:00:00 发表
顺带看看C:\WINDOWS\JJJ041文件是否存在

JJJ041上面已经上传了,麻烦您看下。
瑞星工程师12 - 2014-12-17 14:28:00
样本已收集。
瑞星工程师12 - 2014-12-17 14:49:00
bd.rar中,都不是病毒。
天月来了 - 2014-12-17 15:09:00
文件都不是病毒,去问问你家领导人们以及网管们,是否使用了什么宝贝软件向所有网内电脑添加此文件,进行所谓的安全监控类的操作。

我猜的哟

要不怎么老出现呢

你去相同目录内创建和那文件同名的文件,取消NTFS权限,看能否阻止它恶意重新出现。
1
查看完整版本: 网络病毒通过漏洞不停攻击