前言

不管是在外网中还是在内网中,信息收集都是重要的第一步。对于内网中的一台机器,其所处内网的结构是什么样
的、其角色是什么、使用这台机器的人的角色是什么,以及这台机器上安装了什么杀毒软件、这台机器是通过什么方式上网的、这台机器是笔记本电脑还是台式机等问题,都需要通过信息收集来解答。

系列文章第一章节之基础知识篇

内网渗透(一)之基础知识-内网渗透介绍和概述
内网渗透(二)之基础知识-工作组介绍
内网渗透(三)之基础知识-域环境的介绍和优点
内网渗透(四)之基础知识-搭建域环境
内网渗透(五)之基础知识-Active Directory活动目录介绍和使用
内网渗透(六)之基础知识-域中的权限划分和基本思想
内网渗透(七)之基础知识-企业常见安全域划分和结构
内网渗透(八)之基础知识-企业域中计算机分类和专业名

注：阅读本编文章前，请先阅读系列文章，以免造成看不懂的情况！！

内网本地信息收集

网络配置信息

获取本机的网络配置信息

ipconfig

操作系统和软件信息

查询操作系统和版本信息

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
systeminfo| findstr /B /C:"OS 名称" /C:"OS 版本"

查看系统体系结构

echo %PROCESSOR_ARCHITECTURE%

查看安装的软件及版本

wmic product get name,version
powershell "Get-WmiObject -class win32_product | Select-Object -Property name,version"

本机服务信息

wmic service list brief

进程信息

tasklist
wmic process list brief

启动程序信息

wmic startup get command,caption

计划任务信息

如果出现无法加载列资源 输入：chcp 437

schtasks /query /fo LIST /v

主机开机时间信息

net statistics workstation

用户列表信息

net user
wmic useraccount get name ,SID

列出会话

net session

查询端口列表

netstat ‐ano

查看补丁列表

systeminfo
wmic qfe get Caption,Description,HotFixID,InstalledOn

查询共享列表

net share
wmic share get name,path,status

路由信息

route print

防火墙相关操作

1、查看防火墙是否开启

netsh firewall show state

2、关闭防火墙强

Windows server 2003: netsh firewall set opmode disable
Windows server 2003之后: netsh firewall set opmode disable 或者 netsh advfirewall set allprofiles state off

3、查看防火墙配置

netsh firewall show config

4、修改防火墙配置

2003及之前的版本,允许指定的程序进行全部的连接：

netsh firewall add allowedprogram c:\nc.exe "allownc" enable

2003之后的版本，允许指定的程序进行全部的连接:

netsh advfirewall firewall add rule name="pass nc"dir=in action=allow program="C:\nc.exe"

允许指定程序退出,命令如下:

netsh advfirewall firewall add rule name="Allownc" dir=out action=allow program="C: \nc.exe"

允许3389端口放行,命令如下:

netsh advfirewall firewall add rule name="RemoteDesktop" protocol=TCP dir=in localport=3389 action=allow
netsh advfirewall firewall add rule name=test dir=in action=allow protocol=tcp localport=4444 #允许4444端口进站
netsh advfirewall firewall add rule name=test dir=in action=allow program=c:\a.exe  #允许a.exe进站
netsh advfirewall firewall add rule name=test dir=out action=allow protocol=tcp localport=4444 #允许4444端口出站 netsh advfirewall firewall add rule name=test dir=out action=allow program=c:\a.exe #允许a.exe出站

开启远程服务

1、在2003机器以前

wmic path win32_terminalservicesetting where (_CLASS !="") call setallowtsconnections 1

2、在server2003机器以后

REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f #开启
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 11111111 /f #关闭

WIFI密码收集

for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @echo %j | findstr ‐i ‐v echo | netsh wlan show profiles %j key=clear

查询RDP端口

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP‐Tcp" /V PortNumber

0xd3d即为3389端口

查看代理配置信息

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

查看当前保存的登陆凭证

cmdkey /list

Arp信息

arp ‐a

查看最近打开的文档

dir %APPDATA%\Microsoft\Windows\Recent

管理员组成员列表

net localgroup administrators

RDP凭证

dir /a %userprofile%\AppData\Local\Microsoft\Credentials\*

杀毒软件查询

wmic /node:localhost /namespace:\\root\securitycenter2 path antivirusproduct get displayname /format:list

常见杀软程序列表，仅供参考

avList = {
"360tray.exe": "360安全卫士‐实时保护",
"360safe.exe": "360安全卫士‐主程序",
"ZhuDongFangYu.exe": "360安全卫士‐主动防御",
"360sd.exe": "360杀毒",
"a2guard.exe": "a‐squared杀毒",
"ad‐watch.exe": "Lavasoft杀毒",
"cleaner8.exe": "The Cleaner杀毒",
"vba32lder.exe": "vb32杀毒",
"MongoosaGUI.exe": "Mongoosa杀毒",
"CorantiControlCenter32.exe": "Coranti2012杀毒",
"F‐PROT.exe": "F‐Prot AntiVirus",
"CMCTrayIcon.exe": "CMC杀毒",
"K7TSecurity.exe": "K7杀毒",
"UnThreat.exe": "UnThreat杀毒",
"CKSoftShiedAntivirus4.exe": "Shield Antivirus杀毒",
"AVWatchService.exe": "VIRUSfighter杀毒",
"ArcaTasksService.exe": "ArcaVir杀毒",
"iptray.exe": "Immunet杀毒",
"PSafeSysTray.exe": "PSafe杀毒",
"nspupsvc.exe": "nProtect杀毒",
"SpywareTerminatorShield.exe": "SpywareTerminator反间谍软件",
"BKavService.exe": "Bkav杀毒",
"MsMpEng.exe": "Microsoft Security Essentials",
"SBAMSvc.exe": "VIPRE",
"ccSvcHst.exe": "Norton杀毒",
"f‐secure.exe": "冰岛",
"avp.exe": "Kaspersky",
"KvMonXP.exe": "江民杀毒",
"RavMonD.exe": "瑞星杀毒",
"Mcshield.exe": "McAfee",
"Tbmon.exe": "McAfee",
"Frameworkservice.exe": "McAfee",
"egui.exe": "ESET NOD32",
"ekrn.exe": "ESET NOD32",
"eguiProxy.exe": "ESET NOD32",
"kxetray.exe": "金山毒霸",
"knsdtray.exe": "可牛杀毒",
"TMBMSRV.exe": "趋势杀毒",
"avcenter.exe": "Avira(小红伞)",
"avguard.exe": "Avira(小红伞)",
"avgnt.exe": "Avira(小红伞)",
"sched.exe": "Avira(小红伞)",
"ashDisp.exe": "Avast网络安全",
"rtvscan.exe": "诺顿杀毒",
"ccapp.exe": "SymantecNorton",
"NPFMntor.exe": "Norton杀毒软件",
"ccSetMgr.exe": "赛门铁克",
"ccRegVfy.exe": "Norton杀毒软件",
"ksafe.exe": "金山卫士",
"QQPCRTP.exe": "QQ电脑管家",
"avgwdsvc.exe": "AVG杀毒",
"QUHLPSVC.exe": "QUICK HEAL杀毒",
"mssecess.exe": "微软杀毒",
"SavProgress.exe": "Sophos杀毒",
"SophosUI.exe": "Sophos杀毒",
"SophosFS.exe": "Sophos杀毒",
"SophosHealth.exe": "Sophos杀毒",
"SophosSafestore64.exe": "Sophos杀毒",
"SophosCleanM.exe": "Sophos杀毒",
"fsavgui.exe": "F‐Secure杀毒",
"vsserv.exe": "比特梵德",
"remupd.exe": "熊猫卫士",
"FortiTray.exe": "飞塔",
"safedog.exe": "安全狗",
"parmor.exe": "木马克星",
"Iparmor.exe.exe": "木马克星",
"beikesan.exe": "贝壳云安全",
"KSWebShield.exe": "金山网盾",
"TrojanHunter.exe": "木马猎手",
"GG.exe": "巨盾网游安全盾",
"adam.exe": "绿鹰安全精灵",
"AST.exe": "超级巡警",
"ananwidget.exe": "墨者安全专家",
"AVK.exe": "AntiVirusKit",
"avg.exe": "AVG Anti‐Virus",
"spidernt.exe": "Dr.web",
"avgaurd.exe": "Avira Antivir",
"vsmon.exe": "Zone Alarm",
"cpf.exe": "Comodo",
"outpost.exe": "Outpost Firewall",
"rfwmain.exe": "瑞星防火墙",
"kpfwtray.exe": "金山网镖",
"FYFireWall.exe": "风云防火墙",
"MPMon.exe": "微点主动防御",
"pfw.exe": "天网防火墙",
"BaiduSdSvc.exe": "百度杀毒‐服务进程",
"BaiduSdTray.exe": "百度杀毒‐托盘进程",
"BaiduSd.exe": "百度杀毒‐主程序",
"SafeDogGuardCenter.exe": "安全狗",
"safedogupdatecenter.exe": "安全狗",
"safedogguardcenter.exe": "安全狗",
"SafeDogSiteIIS.exe": "安全狗",
"SafeDogTray.exe": "安全狗",
"SafeDogServerUI.exe": "安全狗",
"D_Safe_Manage.exe": "D盾",
"d_manage.exe": "D盾",
"yunsuo_agent_service.exe": "云锁",
"yunsuo_agent_daemon.exe": "云锁",
"HwsPanel.exe": "护卫神",
"hws_ui.exe": "护卫神",
"hws.exe": "护卫神",
"hwsd.exe": "护卫神",
"hipstray.exe": "火绒",
"wsctrl.exe": "火绒",
"usysdiag.exe": "火绒",
"SPHINX.exe": "SPHINX防火墙",
"bddownloader.exe": "百度卫士",
"baiduansvx.exe": "百度卫士‐主进程",
"AvastUI.exe": "Avast!5主程序",
"emet_agent.exe": "EMET",
"emet_service.exe": "EMET",
"firesvc.exe": "McAfee",
"firetray.exe": "McAfee",
"hipsvc.exe": "McAfee",
"mfevtps.exe": "McAfee",
"mcafeefire.exe": "McAfee",
"scan32.exe": "McAfee",
"shstat.exe": "McAfee",
"vstskmgr.exe": "McAfee",
"engineserver.exe": "McAfee",
"mfeann.exe": "McAfee",
"mcscript.exe": "McAfee",
"updaterui.exe": "McAfee",
"udaterui.exe": "McAfee",
"naprdmgr.exe": "McAfee",
"cleanup.exe": "McAfee",
"cmdagent.exe": "McAfee",
"frminst.exe": "McAfee",
"mcscript_inuse.exe": "McAfee",
"mctray.exe": "McAfee",
"_avp32.exe": "卡巴斯基",
"_avpcc.exe": "卡巴斯基",
"_avpm.exe": "卡巴斯基",
"aAvgApi.exe": "AVG",
"ackwin32.exe": "已知杀软进程,名称暂未收录",
"alertsvc.exe": "Norton AntiVirus",
"alogserv.exe": "McAfee VirusScan",
"anti‐trojan.exe": "Anti‐Trojan Elite",
"arr.exe": "Application Request Route",
"atguard.exe": "AntiVir",
"atupdater.exe": "已知杀软进程,名称暂未收录",
"atwatch.exe": "Mustek",
"au.exe": "NSIS",
"aupdate.exe": "Symantec",
"auto‐protect.nav80try.exe": "已知杀软进程,名称暂未收录",
"autodown.exe": "AntiVirus AutoUpdater",
"avconsol.exe": "McAfee",
"avgcc32.exe": "AVG",
"avgctrl.exe": "AVG",
"avgemc.exe": "AVG",
"avgrsx.exe": "AVG",
"avgserv.exe": "AVG",
"avgserv9.exe": "AVG",
"avgw.exe": "AVG",
"avkpop.exe": "G DATA SOFTWARE AG",
"avkserv.exe": "G DATA SOFTWARE AG",
"avkservice.exe": "G DATA SOFTWARE AG",
"avkwctl9.exe": "G DATA SOFTWARE AG",
"avltmain.exe": "Panda Software Aplication",
"avnt.exe": "H+BEDV Datentechnik GmbH",
"avp32.exe": "Kaspersky Anti‐Virus",
"avpcc.exe": " Kaspersky AntiVirus",
"avpdos32.exe": " Kaspersky AntiVirus",
"avpm.exe": " Kaspersky AntiVirus",
"avptc32.exe": " Kaspersky AntiVirus",
"avpupd.exe": " Kaspersky AntiVirus",
"avsynmgr.exe": "McAfee",
"avwin.exe": " H+BEDV",
"bargains.exe": "Exact Advertising SpyWare",
"beagle.exe": "Avast",
"blackd.exe": "BlackICE",
"blackice.exe": "BlackICE",
"blink.exe": "micromedia",
"blss.exe": "CBlaster",
"bootwarn.exe": "Symantec",
"bpc.exe": "Grokster",
"brasil.exe": "Exact Advertising",
"ccevtmgr.exe": "Norton Internet Security",
"cdp.exe": "CyberLink Corp.",
"cfd.exe": "Motive Communications",
"cfgwiz.exe": " Norton AntiVirus",
"claw95.exe": "已知杀软进程,名称暂未收录",
"claw95cf.exe": "已知杀软进程,名称暂未收录",
"clean.exe": "windows流氓软件清理大师",
"cleaner.exe": "windows流氓软件清理大师",
"cleaner3.exe": "windows流氓软件清理大师",
"cleanpc.exe": "windows流氓软件清理大师",
"cpd.exe": "McAfee",
"ctrl.exe": "已知杀软进程,名称暂未收录",
"cv.exe": "已知杀软进程,名称暂未收录",
"defalert.exe": "Symantec",
"defscangui.exe": "Symantec",
"defwatch.exe": "Norton Antivirus",
"doors.exe": "已知杀软进程,名称暂未收录",
"dpf.exe": "已知杀软进程,名称暂未收录",
"dpps2.exe": "PanicWare",
"dssagent.exe": "Broderbund",
"ecengine.exe": "已知杀软进程,名称暂未收录",
"emsw.exe": "Alset Inc",
"ent.exe": "已知杀软进程,名称暂未收录",
"espwatch.exe": "已知杀软进程,名称暂未收录",
"ethereal.exe": "RationalClearCase",
"exe.avxw.exe": "已知杀软进程,名称暂未收录",
"expert.exe": "已知杀软进程,名称暂未收录",
"f‐prot95.exe": "已知杀软进程,名称暂未收录",
"fameh32.exe": "F‐Secure",
"fast.exe": " FastUsr",
"fch32.exe": "F‐Secure",
"fih32.exe": "F‐Secure",
"findviru.exe": "F‐Secure",
"firewall.exe": "AshampooSoftware",
"fnrb32.exe": "F‐Secure",
"fp‐win.exe": " F‐Prot Antivirus OnDemand",
"fsaa.exe": "F‐Secure",
"fsav.exe": "F‐Secure",
"fsav32.exe": "F‐Secure",
"fsav530stbyb.exe": "F‐Secure",
"fsav530wtbyb.exe": "F‐Secure",
"fsav95.exe": "F‐Secure",
"fsgk32.exe": "F‐Secure",
"fsm32.exe": "F‐Secure",
"fsma32.exe": "F‐Secure",
"fsmb32.exe": "F‐Secure",
"gbmenu.exe": "已知杀软进程,名称暂未收录",
"guard.exe": "ewido",
"guarddog.exe": "ewido",
"htlog.exe": "已知杀软进程,名称暂未收录",
"htpatch.exe": "Silicon Integrated Systems Corporation",
"hwpe.exe": "已知杀软进程,名称暂未收录",
"iamapp.exe": "Symantec",
"iamserv.exe": "Symantec",
"iamstats.exe": "Symantec",
"iedriver.exe": " Urlblaze.com",
"iface.exe": "Panda Antivirus Module",
"infus.exe": "Infus Dialer",
"infwin.exe": "Msviewparasite",
"intdel.exe": "Inet Delivery",
"intren.exe": "已知杀软进程,名称暂未收录",
"jammer.exe": "已知杀软进程,名称暂未收录",
"kavpf.exe": "Kapersky",
"kazza.exe": "Kapersky",
"keenvalue.exe": "EUNIVERSE INC",
"launcher.exe": "Intercort Systems",
"ldpro.exe": "已知杀软进程,名称暂未收录",
"ldscan.exe": "Windows Trojans Inspector",
"localnet.exe": "已知杀软进程,名称暂未收录",
"luall.exe": "Symantec",
"luau.exe": "Symantec",
"lucomserver.exe": "Norton",
"mcagent.exe": "McAfee",
"mcmnhdlr.exe": "McAfee",
"mctool.exe": "McAfee",
"mcupdate.exe": "McAfee",
"mcvsrte.exe": "McAfee",
"mcvsshld.exe": "McAfee",
"mfin32.exe": "MyFreeInternetUpdate",
"mfw2en.exe": "MyFreeInternetUpdate",
"mfweng3.02d30.exe": "MyFreeInternetUpdate",
"mgavrtcl.exe": "McAfee",
"mgavrte.exe": "McAfee",
"mghtml.exe": "McAfee",
"mgui.exe": "BullGuard",
"minilog.exe": "Zone Labs Inc",
"mmod.exe": "EzulaInc",
"mostat.exe": "WurldMediaInc",
"mpfagent.exe": "McAfee",
"mpfservice.exe": "McAfee",
"mpftray.exe": "McAfee",
"mscache.exe": "Integrated Search Technologies Spyware",
"mscman.exe": "OdysseusMarketingInc",
"msmgt.exe": "Total Velocity Spyware",
"msvxd.exe": "W32/Datom‐A",
"mwatch.exe": "已知杀软进程,名称暂未收录",
"nav.exe": "Reuters Limited",
"navapsvc.exe": "Norton AntiVirus",
"navapw32.exe": "Norton AntiVirus",
"navw32.exe": "Norton Antivirus",
"ndd32.exe": "诺顿磁盘医生",
"neowatchlog.exe": "已知杀软进程,名称暂未收录",
"netutils.exe": "已知杀软进程,名称暂未收录",
"nisserv.exe": "Norton",
"nisum.exe": "Norton",
"nmain.exe": "Norton",
"nod32.exe": "ESET Smart Security",
"norton_internet_secu_3.0_407.exe": "已知杀软进程,名称暂未收录",
"notstart.exe": "已知杀软进程,名称暂未收录",
"nprotect.exe": "Symantec",
"npscheck.exe": "Norton",
"npssvc.exe": "Norton",
"ntrtscan.exe": "趋势反病毒应用程序",
"nui.exe": "已知杀软进程,名称暂未收录",
"otfix.exe": "已知杀软进程,名称暂未收录",
"outpostinstall.exe": "Outpost",
"patch.exe": "趋势科技",
"pavw.exe": "已知杀软进程,名称暂未收录",
"pcscan.exe": "趋势科技",
"pdsetup.exe": "已知杀软进程,名称暂未收录",
"persfw.exe": "Tiny Personal Firewall",
"pgmonitr.exe": "PromulGate SpyWare",
"pingscan.exe": "已知杀软进程,名称暂未收录",
"platin.exe": "已知杀软进程,名称暂未收录",
"pop3trap.exe": "PC‐cillin",
"poproxy.exe": "NortonAntiVirus",
"popscan.exe": "已知杀软进程,名称暂未收录",
"powerscan.exe": "Integrated Search Technologies",
"ppinupdt.exe": "已知杀软进程,名称暂未收录",
"pptbc.exe": "已知杀软进程,名称暂未收录",
"ppvstop.exe": "已知杀软进程,名称暂未收录",
"prizesurfer.exe": "Prizesurfer",
"prmt.exe": "OpiStat",
"prmvr.exe": "Adtomi",
"processmonitor.exe": "Sysinternals",
"proport.exe": "已知杀软进程,名称暂未收录",
"protectx.exe": "ProtectX",
"pspf.exe": "已知杀软进程,名称暂未收录",
"purge.exe": "已知杀软进程,名称暂未收录",
"qconsole.exe": "Norton AntiVirus Quarantine Console",
"qserver.exe": "Norton Internet Security",
"rapapp.exe": "BlackICE",
"rb32.exe": "RapidBlaster",
"rcsync.exe": "PrizeSurfer",
"realmon.exe": "Realmon ",
"rescue.exe": "已知杀软进程,名称暂未收录",
"rescue32.exe": "卡巴斯基互联网安全套装",
"rshell.exe": "已知杀软进程,名称暂未收录",
"rtvscn95.exe": "Real‐time virus scanner ",
"rulaunch.exe": "McAfee User Interface",
"run32dll.exe": "PAL PC Spy",
"safeweb.exe": "PSafe Tecnologia",
"sbserv.exe": "Norton Antivirus",
"scrscan.exe": "360杀毒",
"sfc.exe": "System file checker",
"sh.exe": "MKS Toolkit for Win3",
"showbehind.exe": "MicroSmarts Enterprise Component ",
"soap.exe": "System Soap Pro",
"sofi.exe": "已知杀软进程,名称暂未收录",
"sperm.exe": "已知杀软进程,名称暂未收录",
"supporter5.exe": "eScorcher反病毒",
"symproxysvc.exe": "Symantec",
"symtray.exe": "Symantec",
"tbscan.exe": "ThunderBYTE",
"tc.exe": "TimeCalende",
"titanin.exe": "TitanHide",
"tvmd.exe": "Total Velocity",
"tvtmd.exe": " Total Velocity",
"vettray.exe": "eTrust",
"vir‐help.exe": "已知杀软进程,名称暂未收录",
"vnpc3000.exe": "已知杀软进程,名称暂未收录",
"vpc32.exe": "Symantec",
"vpc42.exe": "Symantec",
"vshwin32.exe": "McAfee",
"vsmain.exe": "McAfee",
"vsstat.exe": "McAfee",
"wfindv32.exe": "已知杀软进程,名称暂未收录",
"zapro.exe": "Zone Alarm",
"zonealarm.exe": "Zone Alarm",
"AVPM.exe": "Kaspersky",
"A2CMD.exe": "Emsisoft Anti‐Malware",
"A2SERVICE.exe": "a‐squared free",
"A2FREE.exe": "a‐squared Free",
"ADVCHK.exe": "Norton AntiVirus",
"AGB.exe": "安天防线",
"AHPROCMONSERVER.exe": "安天防线",
"AIRDEFENSE.exe": "AirDefense",
"ALERTSVC.exe": "Norton AntiVirus",
"AVIRA.exe": "小红伞杀毒",
"AMON.exe": "Tiny Personal Firewall",
"AVZ.exe": "AVZ",
"ANTIVIR.exe": "已知杀软进程,名称暂未收录",
"APVXDWIN.exe": "熊猫卫士",
"ASHMAISV.exe": "Alwil",
"ASHSERV.exe": "Avast Anti‐virus",
"ASHSIMPL.exe": "AVAST!VirusCleaner",
"ASHWEBSV.exe": "Avast",
"ASWUPDSV.exe": "Avast",
"ASWSCAN.exe": "Avast",
"AVCIMAN.exe": "熊猫卫士",
"AVCONSOL.exe": "McAfee",
"AVENGINE.exe": "熊猫卫士",
"AVESVC.exe": "Avira AntiVir Security Service",
"AVEVL32.exe": "已知杀软进程,名称暂未收录",
"AVGAM.exe": "AVG",
"AVGCC.exe": "AVG",
"AVGCHSVX.exe": "AVG",
"AVGCSRVX": "AVG",
"AVGNSX.exe": "AVG",
"AVGCC32.exe": "AVG",
"AVGCTRL.exe": "AVG",
"AVGEMC.exe": "AVG",
"AVGFWSRV.exe": "AVG",
"AVGNTMGR.exe": "AVG",
"AVGSERV.exe": "AVG",
"AVGTRAY.exe": "AVG",
"AVGUPSVC.exe": "AVG",
"AVINITNT.exe": "Command AntiVirus for NT Server",
"AVPCC.exe": "Kaspersky",
"AVSERVER.exe": "Kerio MailServer",
"AVSCHED32.exe": "H+BEDV",
"AVSYNMGR.exe": "McAfee",
"AVWUPSRV.exe": "H+BEDV",
"BDSWITCH.exe": "BitDefender Module",
"BLACKD.exe": "BlackICE",
"CCEVTMGR.exe": "Symantec",
"CFP.exe": "COMODO",
"CLAMWIN.exe": "ClamWin Portable",
"CUREIT.exe": "DrWeb CureIT",
"DEFWATCH.exe": "Norton Antivirus",
"DRWADINS.exe": "Dr.Web",
"DRWEB.exe": "Dr.Web",
"DEFENDERDAEMON.exe": "ShadowDefender",
"EWIDOCTRL.exe": "Ewido Security Suite",
"EZANTIVIRUSREGISTRATIONCHECK.exe": "e‐Trust Antivirus",
"FIREWALL.exe": "AshampooSoftware",
"FPROTTRAY.exe": "F‐PROT Antivirus",
"FPWIN.exe": "Verizon",
"FRESHCLAM.exe": "ClamAV",
"FSAV32.exe": "F‐Secure",
"FSBWSYS.exe": "F‐secure",
"FSDFWD.exe": "F‐Secure",
"FSGK32.exe": "F‐Secure",
"FSGK32ST.exe": "F‐Secure",
"FSMA32.exe": "F‐Secure",
"FSMB32.exe": "F‐Secure",
"FSSM32.exe": "F‐Secure",
"GUARDGUI.exe": "网游保镖",
"GUARDNT.exe": "IKARUS",
"IAMAPP.exe": "Symantec",
"INOCIT.exe": "eTrust",
"INORPC.exe": "eTrust",
"INORT.exe": "eTrust",
"INOTASK.exe": "eTrust",
"INOUPTNG.exe": "eTrust",
"ISAFE.exe": "eTrust",
"KAV.exe": "Kaspersky",
"KAVMM.exe": "Kaspersky",
"KAVPF.exe": "Kaspersky",
"KAVPFW.exe": "Kaspersky",
"KAVSTART.exe": "Kaspersky",
"KAVSVC.exe": "Kaspersky",
"KAVSVCUI.exe": "Kaspersky",
"KMAILMON.exe": "金山毒霸",
"MCAGENT.exe": "McAfee",
"MCMNHDLR.exe": "McAfee",
"MCREGWIZ.exe": "McAfee",
"MCUPDATE.exe": "McAfee",
"MCVSSHLD.exe": "McAfee",
"MINILOG.exe": "Zone Alarm",
"MYAGTSVC.exe": "McAfee",
"MYAGTTRY.exe": "McAfee",
"NAVAPSVC.exe": "Norton",
"NAVAPW32.exe": "Norton",
"NAVLU32.exe": "Norton",
"NAVW32.exe": "Norton Antivirus",
"NEOWATCHLOG.exe": "NeoWatch",
"NEOWATCHTRAY.exe": "NeoWatch",
"NISSERV.exe": "Norton",
"NISUM.exe": "Norton",
"NMAIN.exe": "Norton",
"NOD32.exe": "ESET NOD32",
"NPFMSG.exe": "Norman个人防火墙",
"NPROTECT.exe": "Symantec",
"NSMDTR.exe": "Norton",
"NTRTSCAN.exe": "趋势科技",
"OFCPFWSVC.exe": "OfficeScanNT",
"ONLINENT.exe": "已知杀软进程,名称暂未收录",
"OP_MON.exe": " OutpostFirewall",
"PAVFIRES.exe": "熊猫卫士",
"PAVFNSVR.exe": "熊猫卫士",
"PAVKRE.exe": "熊猫卫士",
"PAVPROT.exe": "熊猫卫士",
"PAVPROXY.exe": "熊猫卫士",
"PAVPRSRV.exe": "熊猫卫士",
"PAVSRV51.exe": "熊猫卫士",
"PAVSS.exe": "熊猫卫士",
"PCCGUIDE.exe": "PC‐cillin",
"PCCIOMON.exe": "PC‐cillin",
"PCCNTMON.exe": "PC‐cillin",
"PCCPFW.exe": "趋势科技",
"PCCTLCOM.exe": "趋势科技",
"PCTAV.exe": "PC Tools AntiVirus",
"PERSFW.exe": "Tiny Personal Firewall",
"PERVAC.exe": "已知杀软进程,名称暂未收录",
"PESTPATROL.exe": "Ikarus",
"PREVSRV.exe": "熊猫卫士",
"RTVSCN95.exe": "Real‐time Virus Scanner",
"SAVADMINSERVICE.exe": "SAV",
"SAVMAIN.exe": "SAV",
"SAVSCAN.exe": "SAV",
"SDHELP.exe": "Spyware Doctor",
"SHSTAT.exe": "McAfee",
"SPBBCSVC.exe": "Symantec",
"SPIDERCPL.exe": "Dr.Web",
"SPIDERML.exe": "Dr.Web",
"SPIDERUI.exe": "Dr.Web",
"SPYBOTSD.exe": "Spybot ",
"SWAGENT.exe": "SonicWALL",
"SWDOCTOR.exe": "SonicWALL",
"SWNETSUP.exe": "Sophos",
"SYMLCSVC.exe": "Symantec",
"SYMPROXYSVC.exe": "Symantec",
"SYMSPORT.exe": "Sysmantec",
"SYMWSC.exe": "Sysmantec",
"SYNMGR.exe": "Sysmantec",
"TMLISTEN.exe": "趋势科技",
"TMNTSRV.exe": "趋势科技",
"TMPROXY.exe": "趋势科技",
"TNBUTIL.exe": "Anti‐Virus",
"VBA32ECM.exe": "已知杀软进程,名称暂未收录",
"VBA32IFS.exe": "已知杀软进程,名称暂未收录",
"VBA32PP3.exe": "已知杀软进程,名称暂未收录",
"VCRMON.exe": "VirusChaser",
"VRMONNT.exe": "HAURI",
"VRMONSVC.exe": "HAURI",
"VSHWIN32.exe": "McAfee",
"VSSTAT.exe": "McAfee",
"XCOMMSVR.exe": "BitDefender",
"ZONEALARM.exe": "Zone Alarm",
"360rp.exe": "360杀毒",
"afwServ.exe": " Avast Antivirus ",
"safeboxTray.exe": "360杀毒",
"360safebox.exe": "360杀毒",
"QQPCTray.exe": "QQ电脑管家",
"KSafeTray.exe": "金山毒霸",
"KSafeSvc.exe": "金山毒霸",
"KWatch.exe": "金山毒霸",
"gov_defence_service.exe": "云锁",
"gov_defence_daemon.exe": "云锁",
"smartscreen.exe": "Windows Defender"
};