这是我用Malwarebytes查出来的可疑文件报告结果,我根据文件的路径,我也不太懂啊,找到了了几串字符,我认识Image File Execution Options映像劫持,感觉很像间谍木马。
-掃描詳細資料-
處理程序: 2
Generic.Malware/Suspicious, C:\WINDOWS\KMSSERVICE.EXE, 使用者無動作, 0, 392686, , , , , 1FF5AB4F6F3A3EE4BE333E66181C0525, 48108862B5FAE94609F2A7542FD47A945DF49224825FA58A8482433549DC1978
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\SPPEXTCOMOBJPATCHER.EXE, 使用者無動作, 0, 392686, , , , , 94FEF1EEBF8B9EA06F49D7F8B7814826, E4F6906C800671EB0DD1C10DAC364714902B02FE68CCF6BDB08052BDCDAC2543
模組: 2
Generic.Malware/Suspicious, C:\WINDOWS\KMSSERVICE.EXE, 使用者無動作, 0, 392686, , , , , 1FF5AB4F6F3A3EE4BE333E66181C0525, 48108862B5FAE94609F2A7542FD47A945DF49224825FA58A8482433549DC1978
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\SPPEXTCOMOBJPATCHER.EXE, 使用者無動作, 0, 392686, , , , , 94FEF1EEBF8B9EA06F49D7F8B7814826, E4F6906C800671EB0DD1C10DAC364714902B02FE68CCF6BDB08052BDCDAC2543
登錄機碼: 10
Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@xunlei.com/npaplayer, 使用者無動作, 564, 375036, 1.0.38023, , ame, , ,
Adware.ChinAd, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@xunlei.com/npxluser, 使用者無動作, 564, 375036, 1.0.38023, , ame, , ,
Generic.Malware/Suspicious, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KMSServerService, 使用者無動作, 0, 392686, , , , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\osppsvc.exe, 使用者無動作, 0, 392686, , , , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, 使用者無動作, 0, 392686, , , , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\osppsvc.exe, 使用者無動作, 0, 392686, , , , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, 使用者無動作, 0, 392686, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\KMS10, 使用者無動作, 3765, 811686, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2A2C5FD3-5C60-4EEC-9F93-6B972D5E713D}, 使用者無動作, 3765, 811686, , , , , ,
RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{2A2C5FD3-5C60-4EEC-9F93-6B972D5E713D}, 使用者無動作, 3765, 811686, , , , , ,
登錄值: 0
(未偵測到惡意項目)
登錄資料: 0
(未偵測到惡意項目)
資料流: 0
(未偵測到惡意項目)
資料夾: 0
(未偵測到惡意項目)
檔案: 4
Generic.Malware/Suspicious, C:\WINDOWS\KMSSERVICE.EXE, 使用者無動作, 0, 392686, 1.0.38023, , shuriken, , 1FF5AB4F6F3A3EE4BE333E66181C0525, 48108862B5FAE94609F2A7542FD47A945DF49224825FA58A8482433549DC1978
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\SPPEXTCOMOBJPATCHER.EXE, 使用者無動作, 0, 392686, 1.0.38023, , shuriken, , 94FEF1EEBF8B9EA06F49D7F8B7814826, E4F6906C800671EB0DD1C10DAC364714902B02FE68CCF6BDB08052BDCDAC2543
RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\KMS10, 使用者無動作, 3765, 811686, , , , , CE70C41CAA1AC43560DA61A8FDD4F30D, B25CE7AE0231E10D72F8D941C3A7143451903A4C1AAEC730959FF47F9638491D
RiskWare.KMS, C:\WINDOWS\KMS10\KMS10.EXE, 使用者無動作, 3765, 811686, 1.0.38023, DBFE90EAD5AB01DBAB1DECDC, dds, 01153327, 173B6225D42BE7ED01922F472A4BEA18, C5802C7FBAD5CDF257BCC0F71E8B1C8853E06DA411133B5DC78BD6C891F27500
實體磁區: 0
(未偵測到惡意項目)
WMI: 0
(未偵測到惡意項目)
(end)