| 活力地带 |
| ■ |
访问次数:6112420 |
|
|
| ■ |
文章数量:18622 |
|
| ■ |
评论数量:76072 |
|
|
| 标题: |
在lqqm的近期话题导读用户登陆,内存逐渐增加导致死机 |
收起 |
|
 2008-03-19 08:57:47 |
帖子标题:
在lqqm的近期话题导读用户登陆,内存逐渐增加导致死机
帖子内容:
现象:
历史操作:曾安装过一个桌面技术本程序,被MacAfee查出如下结果C:\\Documents and Settings\\KenDra\\My Documents\\rj07110405\\www.asp1.com.cn\\zhao_haishan2000zmjsb\\zhao_haishan2000zmjsb.exe => zhao_haishan2000zmjsb.exe.Vir
备注:
我的诊断报告:
各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-03-12 10:22:31
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V7.0.5730.13 Build:75730
计算机物理内存:1015.36MB - 当前可用内存:294.17MB
100 - 未知 - Process: jusched.exe [Java(TM) Platform SE binary] - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
100 - 未知 - Process: wmpnscfg.exe [Windows Media Player 网络共享服务配置应用程序] - C:\Program Files\Windows Media Player\WMPNSCFG.exe
100 - 未知 - Process: sqlservr.exe [SQL Server Windows NT] - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
100 - 未知 - Process: hpqwmiex.exe [hpqwmiex Module] - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.whu.edu.cn/
O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 未知 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - [RealPlayer Download and Record Plugin for Internet Explorer] - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - 未知 - BHO: (SSVHelper Class) - [Java(TM) Platform SE binary] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{1E796980-9CC5-11D1-A83F-00C04FC99D61}] - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -
O4 - 未知 - HKCU\..\Run: [WMPNSCFG] [Windows Media Player 网络共享服务配置应用程序] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 导出当前页到超星阅览器(&A) - C:\Program Files\SSREADER36\ss_all.htm
O8 - 未知 - Extra context menu item: 导出选中部分到超星阅览器(&S) - C:\Program Files\SSREADER36\ss_select.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 未知 - Extra button: Sun Java 控制台(HKLM) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: 信息检索(HKLM) - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - 未知 - Extra button: PPLive(HKLM) - C:\Program Files\PPLive\PPLive.exe
O9 - 未知 - Extra button: @xpsp3res.dll,-20001(HKLM) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - 未知 - Options Group: Java (Sun)
O16 - 未知 - DPF: {1DE88635-1C72-401E-B23B-93FA86D30F3B} (SSReaderPlug) - http://www.sslibrary.com/download/SSReaderPlug.cab
O16 - 未知 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl) - https://img.alipay.com/download/1101/aliedit.cab
O16 - 未知 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - 未知 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Plug-in 1.4.2_12) - http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
O16 - 未知 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
O16 - 未知 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - 未知 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - 未知 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - 未知 - Service: AddFiltr [AddFiltr] - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" - (not running)
O23 - 未知 - Service: hpqwmiex [hpqwmiex] - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe - (running)
O23 - 未知 - Service: kkdc [在域控制器上此服务启用用户使用 Kerberos 授权协议登录网络。如果此服务在域控制器上被停用,用户将无法登录网络。如果此服务被禁用,任何依赖于它的服务将无法启用] - C:\WINDOWS\lsass.exe -netsvcs - (not running)
O23 - 未知 - Service: MSSQL$SQLEXPRESS [Provides storage, processing and controlled access of data and rapid transaction processing.] - "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS - (running)
O23 - 未知 - Service: msvsmon80 [Allows members of the Administrators group to remotely debug server applications using Visual Studio 2005. Use the Visual Studio 2005 Remote Debugging Configuration Wizard to enable this service.] - "D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 - (not running)
O23 - 未知 - Service: SQLBrowser [Provides SQL Server connection information to client computers.] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" - (not running)
O23 - 未知 - Service: SQLWriter [Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" - (not running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: shstat.exe [美国网络联盟(nai)公司出品的virusscan病毒扫描清理软件的一部分。] - C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
100 - 安全 - Process: TBMon.exe [network associates公司出品的计算机错误报告信息服务相关程序。] - C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
100 - 安全 - Process: SynTPEnh.exe [美国新思公司出版的触摸板驱动程序的一部分。] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
100 - 安全 - Process: igfxpers.exe [intel公共用户界面模块。] - C:\WINDOWS\system32\igfxpers.exe
100 - 安全 - Process: hkcmd.exe [intel显卡驱动相关软件。] - C:\WINDOWS\system32\hkcmd.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360tray.exe
100 - 安全 - Process: igfxsrvc.exe [Intel显示卡加速软件相关程序。] - C:\WINDOWS\system32\igfxsrvc.exe -Embedding
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: AntiArp.exe [360安全卫士ARP防火墙相关程序。] - C:\Program Files\360safe\antiarp\antiarp.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: FrameworkService.exe [Network Associates公司的E-policy反病毒套装的一部分。 ] - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
100 - 安全 - Process: Mcshield.exe [mcafee virusscan是一个反病毒软件用以扫描你的文件和email中的病毒。] - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
100 - 安全 - Process: VsTskMgr.exe [network associates公司出品的相关杀毒软件的一部分。] - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
100 - 安全 - Process: naPrdMgr.exe [mcafee epolicy orchestrator网络安全程序。] - C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe -Embedding
100 - 安全 - Process: StarWindService.exe [一款虚拟光驱软件相关驱动程序。] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: MDM.EXE [debug除错管理用于调试应用程序和microsoft office中的microsoft script editor脚本编辑器。] - C:\WINDOWS\system32\mdm.exe -Embedding
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360safe.exe
100 - 安全 - Process: iexplore.exe [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: wuauclt.exe [windows操作系统后台程序,用于系统升级。] - C:\WINDOWS\system32\wuauclt.exe
100 - 安全 - Process: NOTEPAD.EXE [notepad字符编辑器用于打开文档。在windows中附带。] - C:\WINDOWS\notepad.exe
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://go.microsoft.com/fwlink/?LinkId=54896
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://go.microsoft.com/fwlink/?LinkId=54896
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (Adobe PDF Reader Link Helper) - [Adobe Reader, 查看和打印 Adobe 便携文档格式 (PDF) 文件。] - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [ShStatEXE] [一款杀毒软件。] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - 安全 - HKLM\..\Run: [Network Associates Error Reporting Service] [network associates公司出品的计算机错误报告信息服务相关程序。] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - 安全 - HKLM\..\Run: [SynTPEnh] [新思手写板,多用于各种笔记本触摸板驱动程序设置] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [igfxtray] [是Intel显卡配置和诊断程序,会同Intel 810芯片组的集成显卡安装。] C:\WINDOWS\system32\igfxtray.exe
O4 - 安全 - HKLM\..\Run: [igfxpers] [intel集成显卡相关文件。] C:\WINDOWS\system32\igfxpers.exe
O4 - 安全 - HKLM\..\Run: [igfxhkcmd] [intel热键命令模块相关程序。] C:\WINDOWS\system32\hkcmd.exe
O4 - 安全 - HKLM\..\Run: [Cpqset] [康柏compaq相关软件。] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - 安全 - HKLM\..\Run: [SunJavaUpdateSched] [java升级相关软件。] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] C:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - 安全 - HKLM\..\RunServices: [SchedulingAgent] [系统计划任务程序] mstask.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: 电台(HKLM) -
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O11 - 安全 - Options Group: International*
O16 - 安全 - DPF: 无效的CLSID:{0000000A-0000-0010-8000-00AA00389B71} ({0000000A-0000-0010-8000-00AA00389B71}) - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - 安全 - DPF: 无效的CLSID:{00000055-9980-0010-8000-00AA00389B71} ({00000055-9980-0010-8000-00AA00389B71}) - http://codecs.microsoft.com/codecs/i386/fhg.CAB
O16 - 安全 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (招商银行个人版) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - 安全 - DPF: 无效的CLSID:{33564D57-0000-0010-8000-00AA00389B71} ({33564D57-0000-0010-8000-00AA00389B71}) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - 安全 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (中国工商银行个人银行) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O18 - 安全 - Protocol: OFFICE 相关 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O23 - 安全 - Service: Autodesk Licensing Service [Autodesk的服务程序。] - "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" - (not running)
O23 - 安全 - Service: McAfeeFramework [是Network Associates公司的E-policy反病毒套装的一部分。] - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart - (running)
O23 - 安全 - Service: McShield [network associates网络安全套装的服务部分。] - "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" - (running)
O23 - 安全 - Service: McTaskManager [network associates网络安全套装的服务部分。] - "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" - (running)
O23 - 安全 - Service: MSSQLServerADHelper [sql server,microsoft开发的企业级数据库相关程序。] - "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" - (not running)
O23 - 安全 - Service: StarWindService [alcohol 120的相关服务项。] - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe - (running)
O25 - 安全 - ABOUT: DesktopItemNavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationCanceled - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: OfflineInformation - res://ieframe.dll/offcancl.htm
O25 - 安全 - ABOUT: PostNotCached - res://ieframe.dll/repost.htm
=======================================
O31 - 未知 - Folder Menu: {4A681BEC-7727-49BD-B695-79F8354CD2E5} - C:\Program Files\Common Files\ESRI\esriShellExt.dll - ESRI - ShellExtDLL - 9.1.0.681 - 856111 - 43a6377cbfe65cbc9c97dbbe0d051a1d
O31 - 未知 - Folder Menu: {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - Adobe Systems, Inc. - PDF Shell Extension - 7.0.0.0 - 110592 - 4b0991cd076b617a2231b19a6663c1c9
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {3F30C968-480A-4C6C-862D-EFC0897BB84B} - C:\WINDOWS\SYSTEM\THUMBVW.DLL - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll - Microsoft Corporation - Microsoft .NET Runtime Execution Engine - 2.0.50727.832 - 271360 - 4b578f487766afe0be5a6242ad79bd2c
O31 - 未知 - SEApproved: {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - C:\WINDOWS\system32\ShellvRTF.dll - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121856 - ebf1afc60331a94733a82360070832b4
O31 - 未知 - SEApproved: {32020A01-506E-484D-A2A8-BE3CF17601C3} - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll - Alcohol Soft Development Team - AXShlEx.dll - 1.4.9.1024 - 387072 - f136c9f7de6724082487f00919cb3aa4
O31 - 未知 - SEApproved: {6B19FEC2-A45B-11CF-9045-00A0C9039735} - C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL - Microsoft Corporation - Microsoft(R) Developer Studio Explorer Shell Extensions - 6.0.8168.0 - 65611 - 7ee587fe7e170cc0278ab921a2cb025e
O31 - 未知 - SEApproved: {D545EBD1-BD92-11CF-8772-00A0C9039735} - C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL - Microsoft Corporation - Microsoft(R) Developer Studio Explorer Shell Extensions - 6.0.8168.0 - 65611 - 7ee587fe7e170cc0278ab921a2cb025e
O31 - 未知 - SEApproved: {e82a2d71-5b2f-43a0-97b8-81be15854de8} - C:\WINDOWS\system32\dfshim.dll - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - 未知 - SEApproved: {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - C:\WINDOWS\system32\dfshim.dll - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - 未知 - SEApproved: {8DE56A0D-E58B-41FE-9F80-3563CDCB2C22} - C:\WINDOWS\SYSTEM\THUMBVW.DLL - - - - 0 -
O31 - 未知 - Directory Menu: {cda2863e-2497-4c49-9b89-06840e070a87} - C:\Program Files\Network Associates\VirusScan\shext.dll - Network Associates, Inc. - VirusScan Shell Extension - 8.0.0.912 - 13824 - c4628f4a28c5230a0a0359bf98ace67a
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121856 - ebf1afc60331a94733a82360070832b4
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - services.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - lsass.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - svchost.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - svchost.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - svchost.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - svchost.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - svchost.exe - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL - MFCDLL Shared Library - Retail Version - c297a92852f494ed69a5ec0cc2af9b89
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll - Microsoft? C Runtime Library - 16d7ddf3b659f7cf1cb9f4dcff4219f0
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80CHS.DLL - MFC Language Specific Resources - f6133b250f6bd0cc875bba1960676cfa
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll - Microsoft? C++ Runtime Library - 2bc650257fb0867abd54fd460ec2bafc
O40 - Explorer.EXE - Network Associates, Inc - C:\WINDOWS\system32\EntApi.dll - EntAPI - d363ea3ababda5748fdeeea09fc40e4b
O40 - Explorer.EXE - ESRI - C:\Program Files\Common Files\ESRI\esriShellExt.dll - ShellExtDLL - 43a6377cbfe65cbc9c97dbbe0d051a1d
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL - ATL Module for Windows (Unicode) - 16b206229b2a348c8bcd8b5a6102a979
O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - PDF Shell Extension - 4b0991cd076b617a2231b19a6663c1c9
O40 - Explorer.EXE - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\shext.dll - VirusScan Shell Extension - c4628f4a28c5230a0a0359bf98ace67a
O40 - Explorer.EXE - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\RES04\ShExtRes.dll - English(09) Shell Extension Resources - 4bedbb81c8f1a84080e9ec3af28be524
O40 - Explorer.EXE - - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll - DsBho - 0b48495affc8b146f18b196f63bae41c
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll - DataProcessor - 0ab42ab02efbaa96afa49960dd0e6ea3
O40 - Explorer.EXE - Microsoft Corporation - C:\WINDOWS\system32\MSVCR71.dll - Microsoft? C Runtime Library - 86f1895ae8c5e8b17d99ece768a70732
=======================================
O41 - HOSTNT - HOSTNT - C:\WINDOWS\system32\drivers\hostnt.sys - (running) - - - caed87f7526384d7ed8a51cbfa12aac2
O41 - MHDRV - MicroDog driver - C:\WINDOWS\system32\drivers\mhdrv.sys - (running) - MicroDog driver - Rainbow China Co., Ltd. - 1a8da3179637f14d476f22392305a544
O41 - NaiAvFilter1 - Anti-Virus File System Filter Driver - C:\WINDOWS\system32\drivers\naiavf5x.sys - (running) - Anti-Virus File System Filter Driver - Network Associates, Inc. - b7334eee4ad6d63daea7ce109a0dc7ae
O41 - NaiAvTdi1 - Anti-Virus Mini-Firewall Driver - C:\WINDOWS\system32\drivers\mvstdi5x.sys - (running) - Anti-Virus Mini-Firewall Driver - Network Associates, Inc. - 8ae511ab181f63b72273ba41cb37f818
O41 - RCMHDOG - MicroDog driver - C:\WINDOWS\system32\drivers\rcmhdog.sys - (running) - MicroDog driver - Rainbow China Co., Ltd. - ffa362b467e0334338f5fc9a25f95b0c
O41 - Sentinel - Sentinel System Driver (NT Parallel driver) - C:\WINDOWS\system32\drivers\sentinel.sys - (running) - Sentinel System Driver (NT Parallel driver) - Rainbow Technologies, Inc. - cd8f847a75a974d7aa723a23dfb7d004
O41 - vax347b - Plug and Play BIOS Extension - C:\WINDOWS\system32\drivers\vax347b.sys - (running) - Plug and Play BIOS Extension - - 61aa77e5d9950ca59c0db7f24cfa21b3
O41 - vax347s - SCSI miniport - C:\WINDOWS\system32\drivers\vax347s.sys - (running) - SCSI miniport - - 113e4b318bbaa7483ca4e582a4d63f49
O41 - EntDrv51 - EntDrv - C:\WINDOWS\system32\drivers\EntDrv51.sys - (running) - EntDrv - Network Associates, Inc - f45717d58b785b18c60c97aa1e9dbafa
O41 - npkcrypt - npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys - (not running) - - -
O41 - w810bus - w810bus - C:\WINDOWS\system32\DRIVERS\w810bus.sys - (not running) - - -
O41 - w810mdfl - w810mdfl - C:\WINDOWS\system32\DRIVERS\w810mdfl.sys - (not running) - - -
O41 - w810mdm - w810mdm - C:\WINDOWS\system32\DRIVERS\w810mdm.sys - (not running) - - -
=======================================
360Safe.exe=4.0.3.1007
AntiAdwa.dll=4.0.0.1002
AntiEng.dll=4.0.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.1.1023
=======================================
操作历史报告:
----------清理恶评及系统插件历史----------
2007-04-24 18:05
清理恶评软件 - 腾讯QQ附带的QQIEHelper插件 - HKCU\Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
2007-08-08 17:34
清理好评插件 - 我要地图 桌面版 - C:\Program Files\lingtu
清理好评插件 - Google工具栏 - C:\PROGRA~1\Google\GOOGLE~1.DLL
2007-08-15 20:19
清理恶评插件 - 腾讯QQ附带的QQIEHelper插件 -
2007-10-09 20:22
清理恶评插件 - Cnnic无忧上网工具条 -
2007-11-02 08:52
清理好评插件 - 世界网络工具条 - C:\Program Files\LinkWanToolbar
2007-12-02 17:49
清理好评插件 - 迅雷下载组件 - C:\PROGRA~1\THUNDE~1\Thunder\ComDlls\TDATON~1.DLL
2008-02-12 01:06
清理恶评插件 - Cnnic无忧上网工具条 -
2008-03-06 10:55
清理恶评插件 - Cnnic中文上网 -
清理恶评插件 - Cnnic无忧上网工具条 -
----------修复IE浏览器操作历史----------
2008-03-11 22:37
R0 - 危险 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - IE左侧搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main
O14 - 危险 - Web原始设置IERESET.INF - C:\WINDOWS\inf\iereset.inf
O22 - 危险 - .SCR文件关联 - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
O28 - 危险 - IE链接的参数 - C:\DOCUME~1\KenDra\「开始~1\程序\附件\系统工具\INTERN~1.LNK
=======================================
360安全卫士,彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载:http://www.360safe.com
点击此处查看原文、参与讨论
|
| 标题: |
帮帮忙 |
收起 |
|
| 2008-03-19 08:56:19 |
各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-03-12 12:41:32
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:998.22MB - 当前可用内存:597.75MB
100 - 未知 - Process: btwdins.exe [Bluetooth Support Server] - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
100 - 未知 - Process: TPOSDSVC.exe [On screen display message handler] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
100 - 未知 - Process: BTTray.exe [Bluetooth Tray Application] - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
100 - 未知 - Process: TPONSCR.exe [On screen display drawer] - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
100 - 未知 - Process: TpScrex.exe [ThinkPad UltraZoom] - C:\Program Files\Lenovo\Zoom\TpScrex.exe
100 - 未知 - Process: BTStackServer.exe [Bluetooth Stack COM Server] - C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE -Embedding
100 - 未知 - Process: TXPlatform.exe [TM2008] - C:\Program Files\Tencent\QQ\TXPlatform.exe
100 - 未知 - Process: kissvc.exe [Kingsoft AntiVirus Service Manager] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE
O1 - 未知 - Host: 127.0.0.1 yu.8s7.net
O1 - 未知 - Host: 127.0.0.1 1.jopanqc.com
O1 - 未知 - Host: 127.0.0.1 2.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 wg.47255.com
O1 - 未知 - Host: 127.0.0.1 1.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 xxx.m111.biz
O1 - 未知 - Host: 127.0.0.1 1.jopenqc.com
O1 - 未知 - Host: 127.0.0.1 1.jopenkk.com
O1 - 未知 - Host: 127.0.0.1 xxx.vh7.biz
O1 - 未知 - Host: 127.0.0.1 xxx.j41m.com
O1 - 未知 - Host: 127.0.0.1 3.joppnqq.com
O1 - 未知 - Host: 127.0.0.1 d.93se.com
O1 - 未知 - Host: 127.0.0.1 [url=http://www.868wg.comwww.868wg.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 xxx.mmma.biz
O1 - 未知 - Host: 127.0.0.1 ilove.com
O1 - 未知 - Host: 127.0.0.1 tp.shpzhan.cn
O1 - 未知 - Host: 127.0.0.1 [url=http://www.tomwg.comwww.tomwg.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 [url=http://www.cike007.cnwww.cike007.cn[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 [url=http://www.22aaa.comwww.22aaa.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 xx.exiao01.com
O1 - 未知 - Host: 127.0.0.1 [url=http://www.exiao01.comwww.exiao01.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 [url=http://www.exiao01.comwww.exiao01.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 new.749571.com
O1 - 未知 - Host: 127.0.0.1 xtx.kv8.info
O1 - 未知 - Host: 127.0.0.1 cao.kv8.info
O1 - 未知 - Host: 127.0.0.1 1.jopmmqq.com
O1 - 未知 - Host: 127.0.0.1 171817.171817.com
O1 - 未知 - Host: 127.0.0.1 d2.llsging.com
O1 - 未知 - Host: 127.0.0.1 down.malasc.cn
O1 - 未知 - Host: 127.0.0.1 llboss.com
O1 - 未知 - Host: 127.0.0.1 nx.51ylb.cn
O1 - 未知 - Host: 127.0.0.1 my.531jx.cn
O1 - 未知 - Host: 127.0.0.1 qqq.dzydhx.com
O1 - 未知 - Host: 127.0.0.1 qqq.hao1658.com
O1 - 未知 - Host: 127.0.0.1 [url=http://www.333292.comwww.333292.com[/color[/url]]
O1 - 未知 - Host: 127.0.0.1 down.18dd.net
O1 - 未知 - Host: 127.0.0.1 up.22x44.com
O2 - 未知 - BHO: (Kingsoft Trojan Webshield) - [Kingsoft Trojan Webshield] - {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL
O4 - 未知 - HKLM\..\Run: [PWRMGRTR] [ThinkPad Power Manager Background Monitor and Tray Battery Gauge] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 未知 - HKLM\..\Run: [BLOG] [] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - 未知 - HKLM\..\Run: [MSDEG32] [] LYLoader.exe
O4 - 未知 - HKLM\..\Run: [MSDWG32] [] LYLoadbr.exe
O4 - 未知 - HKLM\..\Run: [MSDCG32 ] [] LYLeador.exe
O4 - 未知 - HKLM\..\Run: [MSDOG32] [] LYLoador.exe
O4 - 未知 - HKLM\..\Run: [MSDSG32] [] LYLoadar.exe
O4 - 未知 - HKLM\..\Run: [MSDMG32] [] LYLoadmr.exe
O4 - 未知 - HKLM\..\Run: [MSDHG32] [] LYLoadhr.exe
O4 - 未知 - HKLM\..\Run: [MSDQG32] [] LYLoadqr.exe
O4 - 未知 - Startup folder: [AtiSrv.exe] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AtiSrv.exe
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 发送到 Bluetooth 设备(&B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 未知 - Extra button: 金山网页防挂马模块设置(HKLM) - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL
O9 - 未知 - Extra button: @btrez.dll,-12650(HKLM) - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O18 - 未知 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O23 - 未知 - Service: btwdins [处理 Bluetooth 设备的安装和删除。] - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe - (running)
O23 - 未知 - Service: KISSvc [金山毒霸公共服务程序] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE - (running)
O23 - 未知 - Service: TpKmpSVC [IBM KCU Service] - C:\WINDOWS\system32\TpKmpSVC.exe - (running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: ibmpmsvc.exe [ibm笔记本电源管理相关软件。] - C:\WINDOWS\system32\ibmpmsvc.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: smax4pnp.exe [声卡相关软件。] - C:\Program Files\Analog Devices\Core\smax4pnp.exe
100 - 安全 - Process: igfxtray.exe [intel显卡相关软件。] - C:\WINDOWS\system32\igfxtray.exe
100 - 安全 - Process: hkcmd.exe [intel显卡驱动相关软件。] - C:\WINDOWS\system32\hkcmd.exe
100 - 安全 - Process: igfxpers.exe [intel公共用户界面模块。] - C:\WINDOWS\system32\igfxpers.exe
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\rundll32.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: igfxsrvc.exe [Intel显示卡加速软件相关程序。] - C:\WINDOWS\system32\igfxsrvc.exe -Embedding
100 - 安全 - Process: QQ.exe [腾讯公司出品的qq即时通讯软件。] - C:\Program Files\Tencent\QQ\QQ.exe
100 - 安全 - Process: TpKmpSvc.exe [ibm thinkpad笔记本相关程序。] - C:\WINDOWS\system32\TpKmpSVC.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe
100 - 安全 - Process: 360安全卫士诊断工具.exe [] - D:\软件\杀毒软件\WoptiFree\CheckTool\360安全卫士诊断工具.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O4 - 安全 - HKLM\..\Run: [SoundMAXPnP] [analog device公司声卡驱动程序。] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - 安全 - HKLM\..\Run: [SoundMAX] [analog device公司声卡驱动程序。] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - 安全 - HKLM\..\Run: [IgfxTray] [是Intel显卡配置和诊断程序,会同Intel 810芯片组的集成显卡安装。] C:\WINDOWS\system32\igfxtray.exe
O4 - 安全 - HKLM\..\Run: [HotKeysCmds] [是Intel显示卡相关程序,用于配置和诊断相关设备。] C:\WINDOWS\system32\hkcmd.exe
O4 - 安全 - HKLM\..\Run: [Persistence] [Intel用户界面模块程序。] C:\WINDOWS\system32\igfxpers.exe
O4 - 安全 - HKLM\..\Run: [TPHOTKEY] [ibm thinkpad笔记本应用程序。] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - 安全 - HKLM\..\Run: [TPKMAPHELPER] [ibm笔记本电脑相关程序。] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [KavStart] [金山出品的金山毒霸杀毒软件。] "C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [KavPFW] [金山出品的防火墙软件。] "C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVPFW.exe"
O4 - 安全 - Startup folder: [蓝牙控制盘.lnk] [蓝牙适配器软件相关程序。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\蓝牙控制盘.lnk
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq:即时通讯软件] C:\Documents and Settings\lenovo\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: IBMPMSVC [IBM笔记本电脑电源管理相关程序。 ] - C:\WINDOWS\system32\ibmpmsvc.exe - (running)
=======================================
O31 - 未知 - Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - - - - 28672 - 04019e3cecbfcfed5bb2b0892ecd3e18
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 128512 - 2b7421a2351fbfa6e29141c46aea6b57
O31 - 未知 - SEApproved: 无效的CLSID: - - - - - 0 -
O31 - 未知 - SEApproved: {6af09ec9-b429-11d4-a1fb-0090960218cb} - C:\WINDOWS\system32\btneighborhood.dll - Broadcom Corporation. - BTNeighborhood DLL - 5.1.0.3100 - 966733 - 868d13ab388357e9a1a72f13dad8a2f7
O31 - 未知 - SEApproved: {7842554E-6BED-11D2-8CDB-B05550C10000} - C:\WINDOWS\system32\btncopy.dll - Broadcom Corporation. - BTNCopy Module - 5.1.0.3100 - 65536 - 7832cceff727da2c98538896bc9997a4
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 128512 - 2b7421a2351fbfa6e29141c46aea6b57
O31 - 未知 - Image Execution: 360safebox.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: adam.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: AgentSvr.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: AppSvc32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: autoruns.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: avconsol.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: avgrssvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: AvMonitor.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: avp.com - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: avp.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: CCenter.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: ccSvcHst.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: EGHOST.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: FileDsty.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: FTCleanerShell.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: FYFireWall.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: HijackThis.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: IceSword.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: iparmo.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Iparmor.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: isPwdSvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: kabaload.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KaScrScn.SCR - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KASMain.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KASTask.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAV32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAVDX.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAVPF.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAVPFW.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAVSetup.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KAVStart.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KISLnchr.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KMailMon.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KMFilter.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KPFW32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KPFW32X.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KPfwSvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KRegEx.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KRepair.com - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KsLoader.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVCenter.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KvDetect.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KvfwMcl.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVMonXP.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVMonXP_1.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: kvol.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: kvolself.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KvReport.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVScan.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVSrvXP.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KVStub.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: kvupload.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: kvwsc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KvXP.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KvXP_1.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KWatch.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KWatch9x.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: KWatchX.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: MagicSet.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: mcconsol.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: mmqczj.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: mmsk.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Navapsvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Navapw32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: nod32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: nod32krn.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: nod32kui.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: NPFMntor.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: OllyDBG.EXE - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: OllyICE.EXE - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: PFW.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: PFWLiveUpdate.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: procexp.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: QHSET.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: QQDoctor.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: QQKav.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Ras.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RavMonD.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RavStub.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RawCopy.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RegClean.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RegTool.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwcfg.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwmain.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwProxy.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwsrv.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwstub.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RsAgent.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Rsaupd.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: runiep.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: safebank.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: safeboxTray.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: safelive.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: scan32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: shcfg32.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: SmartUp.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: SREng.EXE - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: symlcsvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: SysSafe.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: TrojanDetector.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: Trojanwall.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: TrojDie.kxp - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UIHost.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UmxAgent.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UmxAttachment.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UmxCfg.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UmxFwHlp.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UmxPol.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: UpLive.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: vsstat.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: webscanx.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: WinDbg.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: WoptiClean.exe - ntsd -d - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - winlogon.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - winlogon.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - winlogon.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - winlogon.exe - - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - - 04019e3cecbfcfed5bb2b0892ecd3e18
O40 - services.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - services.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - services.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - services.exe - - C:\WINDOWS\system32\LYMANGR.DLL - - a1d7c33069284d47a32d180f6e56fe6d
O40 - lsass.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - lsass.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - lsass.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - svchost.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - svchost.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - svchost.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - svchost.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - svchost.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - svchost.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - svchost.exe - - C:\WINDOWS\System32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - svchost.exe - - C:\WINDOWS\System32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - svchost.exe - - C:\WINDOWS\System32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - svchost.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - svchost.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - svchost.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - svchost.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - svchost.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - svchost.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - Explorer.EXE - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - Explorer.EXE - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - Explorer.EXE - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - Explorer.EXE - Lenovo Group Limited - C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL - ThinkPad Power Manager Background Monitor and Tray Battery Gauge - 2ebd2d9c1ab575efea1287ce2c155296
O40 - Explorer.EXE - - C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL - - 260b4cb7784d50d749e0923f0401758a
O40 - Explorer.EXE - - C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL - - eac0e0fe4d8e2e9779596953358970fe
O40 - Explorer.EXE - Broadcom Corporation. - C:\WINDOWS\system32\btmmhook.dll - Multimedia Keys Hook DLL - 78e25f26d94ec29f46c105a0013b9c3d
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll - Microsoft? C Runtime Library - e4fece18310e23b1d8fee993e35e7a6f
O40 - Explorer.EXE - - C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll - - 3155e575db273b062d00e0812de3b17e
O40 - Explorer.EXE - - C:\Program Files\Lenovo\HOTKEY\hkvolkey.dll - - 7e3b42d533dc7ba80dbc3e865537bbd9
O40 - rundll32.exe - - C:\WINDOWS\system32\bchib.dll - - ee61a172aeeb4599f486eb93b44a4411
O40 - rundll32.exe - - C:\WINDOWS\system32\tzm.dll - - aa9f2b49a093c36b60415485095bb4cb
O40 - rundll32.exe - - C:\WINDOWS\system32\slcs.dll - - d7478c837803bb457a9f0c573fb61172
O40 - rundll32.exe - Lenovo Group Limited - C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL - ThinkPad Power Manager Background Monitor and Tray Battery Gauge - 2ebd2d9c1ab575efea1287ce2c155296
O40 - rundll32.exe - - C:\PROGRA~1\ThinkPad\UTILIT~1\SC\PWRMGRRT.DLL - - 260b4cb7784d50d749e0923f0401758a
O40 - rundll32.exe - - C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL - - eac0e0fe4d8e2e9779596953358970fe
=======================================
O41 - AR5416 - Driver for Atheros AR5008 Wireless Network Adapter - C:\WINDOWS\system32\drivers\ar5416.sys - (running) - Driver for Atheros AR5008 Wireless Network Adapter - Atheros Communications, Inc. - ae49d9e42ef34aef32151bd0983f5862
O41 - msert - msert - C:\WINDOWS\system32\drivers\mselk.sys - (running) - - - 74439a0e240855283f240ee03e32587f
O41 - TPHKDRV - ThinkPad Hotkey Driver - C:\WINDOWS\system32\drivers\TPHKDRV.sys - (running) - ThinkPad Hotkey Driver - IBM Corporation - 542770c8925e13b29b1ba63f05898058
O41 - TPPWRIF - TPPWRIF - C:\WINDOWS\system32\drivers\TPPWRIF.SYS - (running) - - - 44672de6cea9569c21c4b7a8d2560750
O41 - iCafe Manager - iCafe Manager - C:\DOCUME~1\lenovo\LOCALS~1\Temp\usbhcid.sys - (not running) - - -
O41 - msskye - msskye - C:\WINDOWS\system32\drivers\msaclue.sys - (not running) - - -
O41 - Sc Manager - Sc Manager - C:\DOCUME~1\lenovo\LOCALS~1\Temp\usbcams3.sys - (not running) - - -
=======================================
[userinit.exe情况]
MD5: 7BD70EC53CB7398246C84D25BFF33AA8
文件大小: 23552
版本信息: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
是否签名: 是
未被感染
=======================================
[桌面快捷方式情况]
C:\Program Files\360safe\360Safe.exe
=======================================
[ping 命令信息]
Pinging update-b.360safe.com [124.238.254.101] with 32 bytes of data:
Reply from 124.238.254.101: bytes=32 time=89ms TTL=52
Reply from 124.238.254.101: bytes=32 time=80ms TTL=52
Reply from 124.238.254.101: bytes=32 time=88ms TTL=52
Reply from 124.238.254.101: bytes=32 time=81ms TTL=52
Ping statistics for 124.238.254.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 89ms, Average = 84ms
=======================================
[ping 命令信息]
Pinging sdl-b.qh-lb.com [220.165.9.62] with 32 bytes of data:
Reply from 220.165.9.62: bytes=32 time=209ms TTL=53
Reply from 220.165.9.62: bytes=32 time=218ms TTL=53
Reply from 220.165.9.62: bytes=32 time=214ms TTL=53
Reply from 220.165.9.62: bytes=32 time=212ms TTL=53
Ping statistics for 220.165.9.62:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 209ms, Maximum = 218ms, Average = 213ms
=======================================
[ping 命令信息]
Pinging www-b.qihoo.com [124.238.254.64] with 32 bytes of data:
Reply from 124.238.254.64: bytes=32 time=85ms TTL=52
Reply from 124.238.254.64: bytes=32 time=87ms TTL=52
Reply from 124.238.254.64: bytes=32 time=91ms TTL=52
Reply from 124.238.254.64: bytes=32 time=83ms TTL=52
Ping statistics for 124.238.254.64:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 91ms, Average = 86ms
=======================================
[网络代理信息]
ProxyEnable: 0
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
ProxyOverride: NULL
ProxyServer: NULL
=======================================
[Ip Config配置信息]
Windows IP Configuration
Host Name . . . . . . . . . . . . : ibm-1ec15f8e418
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter 无线网络连接:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter II
Physical Address. . . . . . . . . : 00-1D-D9-03-4D-60
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.120
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 202.101.107.85
218.85.157.99
Lease Obtained. . . . . . . . . . : 2008年3月12日 12:21:30
Lease Expires . . . . . . . . . . : 2008年3月12日 14:21:30
Ethernet adapter 本地连接:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) 82566MM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1C-25-16-E3-18
=======================================
[下载测试文件信息]
测试下载360升级文件成功...总用时:0.734000秒,文件大小16546字节,速度: 22K/S
=======================================
WINDOWS防火墙状态:禁用
=======================================
[访问ipseeker获取的IP地址]
>查询结果一: 121.207.79.61 - ★未知IP数据★
>查询结果二: 121.207.79.61 - 福建省 电信
=======================================
[tracert 命令信息]
Tracing route to update-b.360safe.com [124.238.254.101]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 87 ms 89 ms 89 ms 124.238.254.101
Trace complete.
=======================================
[tracert 命令信息]
Tracing route to sdl-b.qh-lb.com [59.53.87.101]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 52 ms 49 ms * 59.53.87.101
11 57 ms 55 ms 49 ms 59.53.87.101
Trace complete.
=======================================
[tracert 命令信息]
Tracing route to www.a.shifen.com [220.181.37.55]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 66 ms 63 ms 61 ms 220.181.37.55
Trace complete.
=======================================
[tracert 命令信息]
Tracing route to w-s.360safe.com [221.194.137.233]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 92 ms 87 ms 91 ms 221.194.137.233
Trace complete.
=======================================
[tracert 命令信息]
Tracing route to w-b.360safe.com [124.238.254.51]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * 117 ms 100 ms 124.238.254.51
Trace complete.
=======================================
[tracert 命令信息]
Tracing route to www-b.qihoo.com [124.238.254.64]
over a maximum of 30 hops:
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * 83 ms 124.238.254.64
Trace complete.
=======================================
[NetStat 配置信息]
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d d9 03 4d 60 ...... 11b/g Wireless LAN Mini PCI Express Adapter II - 数据包计划程序微型端口
0x3 ...00 1c 25 16 e3 18 ...... Intel(R) 82566MM Gigabit Network Connection - 数据包计划程序微型端口
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.120 192.168.1.120 25
192.168.1.120 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.120 192.168.1.120 25
224.0.0.0 240.0.0.0 192.168.1.120 192.168.1.120 25
255.255.255.255 255.255.255.255 192.168.1.120 3 1
255.255.255.255 255.255.255.255 192.168.1.120 192.168.1.120 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
Route Table
=======================================
点击此处查看原文、参与讨论
|
| 标题: |
cnnic中文上网恶评插件清除不掉 |
收起 |
|
| 2008-03-19 08:56:11 |
帖子标题:
cnnic中文上网恶评插件清除不掉
帖子内容:
现象:
历史操作:查杀木马,安装了腾讯QQ
备注:
我的诊断报告:
各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-03-11 19:29:05
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:959.17MB - 当前可用内存:524.90MB
100 - 未知 - Process: stormliv.exe [暴风影音媒体控制中心] - C:\Program Files\StormII\stormliv.exe
100 - 未知 - Process: MSNMSGR.EXE [] -
100 - 未知 - Process: PPSAP.exe [PPS 网络加速器] - D:\My Documents\My QQ Files\网络电视\PPStream\ppsap.exe
100 - 未知 - Process: MiniKuGoo.exe [迷你酷狗播放器] - D:\My Documents\My QQ Files\酷狗\MiniKuGoo\MiniKuGoo.exe
100 - 未知 - Process: QQ.exe [] -
100 - 未知 - Process: TXPlatform.exe [TM2008] - D:\My Documents\My QQ Files\QQ2008版\TXPlatform.exe
100 - 未知 - Process: PinyinUp.exe [搜狗拼音输入法 网络更新程序] - C:\Program Files\SogouInput\PinyinUp.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.google.com
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.google.com/ie
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.google.com/ie
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Search Asst=no
O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\My Documents\My QQ Files\迅雷5\ComDlls\TDAtOnce_Now.dll
O2 - 未知 - BHO: (QQToolbar) - [QQ工具栏] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - 未知 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - [RealPlayer Download and Record Plugin for Internet Explorer] - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - 未知 - BHO: (浏览器辅助对象(BHO)) - [无效的CLSID:{7E853D72-626A-48EC-A868-BA8D5E23E045}] - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O3 - 未知 - Toolbar: (QQToolbar) - [QQ工具栏] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}] - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{1E796980-9CC5-11D1-A83F-00C04FC99D61}] - {1E796980-9CC5-11D1-A83F-00C04FC99D61} -
O4 - 未知 - HKLM\..\Run: [switch] [] c:\windows\system32\壁纸自动换.exe
O4 - 未知 - HKLM\..\Run: [AsusStartupHelp] [] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - 未知 - HKLM\..\Run: [NWEReboot] []
O4 - 未知 - HKLM\..\Run: [Cnups] [] rundll32.exe "C:\Program Files\IdnKw\cnups.dll", Rundll32
O8 - 未知 - Extra context menu item: 使用迅雷下载 - D:\My Documents\My QQ Files\迅雷5\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - D:\My Documents\My QQ Files\迅雷5\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\My Documents\My QQ Files\QQ2008版\AddEmotion.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - D:\My Documents\My QQ Files\迅雷5\Thunder.exe
O11 - 未知 - Options Group: 腾讯中文搜搜
O16 - 未知 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - 未知 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture) - http://m44.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O18 - 未知 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 未知 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - C:\Program Files\StormII\stormliv.exe /asservice - (running)
O23 - 未知 - Service: usnjsvc [Messenger 上安装的启用共享情况的服务] - "C:\Program Files\MSN Messenger\usnsvc.exe" - (not running)
O30 - 未知 - HKCU\..\Desktop: [Scrnsave.exe] [Bubbles Screen Saver] C:\WINDOWS\system32\肥皂泡泡.SCR
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - C:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: VTTimer.exe [威盛显卡相关驱动程序。] - C:\WINDOWS\system32\VTTimer.exe
100 - 安全 - Process: VTTrayp.exe [s3公司出品的显卡相关程序。] - C:\WINDOWS\system32\VTtrayp.exe
100 - 安全 - Process: RTHDCPL.EXE [瑞昱出品的声卡相关程序。] - C:\WINDOWS\RTHDCPL.EXE
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360Tray.exe
100 - 安全 - Process: RavTask.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavTask.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\rundll32.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\rundll32.exe
100 - 安全 - Process: RavMonD.exe [瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\ravmond.exe
100 - 安全 - Process: RavStub.exe [瑞星出品的杀毒软件相关程序。] - C:\PROGRAM FILES\RISING\RAV\RavStub.exe
100 - 安全 - Process: RavMon.exe [瑞星杀毒软件防火墙。] - C:\Program Files\Rising\Rav\RAVMON.EXE
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.google.com/search?q=%s
R3 - 安全 - URLSearchHook: (Tencent SearchHook) - [搜搜工具条,搜索工具栏。] - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - 安全 - BHO: (Tencent Browser Helper) - [搜搜工具条,搜索工具栏。] - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\My Documents\My QQ Files\迅雷5\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [VTTimer] [威盛公司的相关产品。] VTTimer.exe
O4 - 安全 - HKLM\..\Run: [VTTrayp] [一款显示卡相关程序。] VTtrayp.exe
O4 - 安全 - HKLM\..\Run: [RTHDCPL] [realtek声卡特性设置软件相关程序。] RTHDCPL.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 安全 - HKLM\..\Run: [NeroFilterCheck] [nero cd/dvd刻录软件。] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 安全 - HKLM\..\Run: [stup.exe] [腾讯qq地址栏搜索插件相关程序。] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] [photoshow相关程序,用于photoshow媒体管理。] C:\DOCUME~1\ADMINI~1\桌面\NEROPH~1\data\xtras\mssysmgr.exe
O4 - 安全 - HKCU\..\Run: [MsnMsgr] [微软msn即时通讯工具] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq:即时通讯软件] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: RsCCenter [是瑞星杀毒软件控制台相关程序。] - "C:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 安全 - Service: RsRavMon [是瑞星杀毒软件相关监控程序。] - "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (not running)
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 125440 - 41bb01bd6b374ce13c98493ab4c1ad66
O31 - 未知 - SEApproved: 无效的CLSID:粉碎文件 - - - - - 0 -
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 125440 - 41bb01bd6b374ce13c98493ab4c1ad66
O31 - 未知 - BootExecute: bsmain - - - - 0 -
O31 - 未知 - Image Execution: nod32.exeNavapsvc.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: OllyDBG.EXE - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: OllyICE.EXE - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: procexp.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RawCopy.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: RegTool.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwProxy.exe - ntsd -d - - - - 0 -
O31 - 未知 - Image Execution: rfwstub.exe - ntsd -d - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - Explorer.EXE - - D:\My Documents\My QQ Files\迅雷5\Components\ResWorker\DsBho_00.dll - DsBho - 595719e26f2c6a5c2b5cbfa9ebbffa4b
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - D:\My Documents\My QQ Files\迅雷5\Components\ResWorker\DataProcessor_00.dll - DataProcessor - dae999d2d3b95d4488c56d114284c8d3
O40 - Explorer.EXE - Nero AG - C:\Program Files\Common Files\Ahead\lib\MediaLibraryNSE.dll - Nero File Dialog - 5fce56c14459a94edf79d1bce543a813
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll - Microsoft? C Runtime Library - 86f1895ae8c5e8b17d99ece768a70732
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Common Files\Ahead\lib\MFC71U.DLL - MFCDLL Shared Library - Retail Version - 7b93c623333f121dc9e689ccb1b7a733
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll - Microsoft? C++ Runtime Library - 561fa2abb31dfa8fab762145f81667c2
O40 - rundll32.exe - 中国互联网络信息中心(CNNIC) - C:\Program Files\IdnKw\cnups.dll - 国际化域名支持 - 75699560cd4fee70bac27a5550de5811
=======================================
O41 - kgqfnbqb - sys 应用程序 - C:\WINDOWS\system32\drivers\kgqfnbqb.sys - (running) - sys 应用程序 - 北京三七二一科技有限公司 - 473419054010299ced29e8e77ba76138
O41 - MTsensor - ATK0110 ACPI Utility - C:\WINDOWS\system32\drivers\ASACPI.sys - (running) - ATK0110 ACPI Utility - - d48659bb24c48345d926ecb45c1ebdf5
O41 - prodrv06 - StarForce Protection Environment Driver - C:\WINDOWS\system32\drivers\prodrv06.sys - (running) - StarForce Protection Environment Driver - Protection Technology - 0dfd0df9ab7a227cedf97fadee60f793
O41 - prohlp02 - StarForce Protection Helper Driver - C:\WINDOWS\system32\drivers\prohlp02.sys - (running) - StarForce Protection Helper Driver - Protection Technology - f2e44d17ea6334b39f35cc42251b2aca
O41 - prosync1 - StarForce Protection Synchronization Driver - C:\WINDOWS\system32\drivers\prosync1.sys - (running) - StarForce Protection Synchronization Driver - Protection Technology - f3471e7971ee62420451d958da635064
O41 - sfhlp01 - StarForce Protection Helper Driver - C:\WINDOWS\system32\drivers\sfhlp01.sys - (running) - StarForce Protection Helper Driver - Protection Technology - 91f99f3e331e24c438819a38a1ad049c
O41 - viagfx - VIA/S3G Miniport Driver - C:\WINDOWS\system32\drivers\vtmini.sys - (running) - VIA/S3G Miniport Driver - Copyright (C) VIA/S3 Graphics Co, Ltd. - aed098bcae5b5d24f9a5f80acc4613e9
O41 - 18178625 - 18178625 - C:\WINDOWS\system32\Drivers\18178593.sys - (not running) - - -
O41 - npkcrypt - npkcrypt - C:\WINDOWS\system32\npkcrypt.sys - (not running) - - -
O41 - npkycryp - npkycryp - C:\WINDOWS\system32\npkycryp.sys - (not running) - - -
O41 - TesSafe - TesSafe - C:\WINDOWS\system32\TesSafe.sys - (not running) - - - dc41942275c39ff85e8b122250590548
=======================================
360Safe.exe=4.0.3.1007
AntiAdwa.dll=4.0.0.1002
AntiEng.dll=4.0.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.0.0.1001
live.dll=1.0.1.1023
=======================================
操作历史报告:
----------清理恶评及系统插件历史----------
2007-10-04 21:40
清理恶评软件 - 网络实名 -
清理恶评软件 - 雅虎助手&上网助手 -
2007-10-12 21:34
清理恶评软件 - Windows Live Toolbar -
2008-02-19 19:42
清理恶评软件 - 中文搜搜 -
2008-02-22 00:01
清理恶评软件 - 盗号木马 -
清理恶评软件 - WinSysW恶意程序 -
2007-08-19 15:32
清理好评插件 - 番茄吧工具条 - C:\WINDOWS\system32\BAR.INI
清理好评插件 - 超级旋风下载组件 -
2007-09-12 14:21
清理恶评插件 - Yahoo奇摩搜尋Bar - C:\PROGRA~1\Yahoo!\Common\unyt.exe
2007-10-04 21:18
清理恶评插件 - 雅虎助手&上网助手 - C:\Program Files\Yahoo!\Assistant
清理恶评插件 - 一搜工具条 -
2007-10-04 21:19
清理恶评插件 - 雅虎助手&上网助手 - C:\Program Files\Yahoo!\Assistant
2007-10-04 21:19
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:22
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:23
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:23
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:24
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:24
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:28
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:32
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:33
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:34
清理恶评插件 - 雅虎助手&上网助手 -
2007-10-04 21:39
清理恶评插件 - 雅虎助手&上网助手 -
清理恶评插件 - 网络实名 - C:\Program Files\3721
清理恶评插件 - 一搜工具条 -
2007-10-12 21:27
清理恶评插件 - Windows Live Toolbar - C:\PROGRA~1\WI81E8~1\msntb.dll
2007-11-25 20:00
清理恶评插件 - 百度搜索伴侣 -
2007-12-23 19:57
清理恶评插件 - 雅虎助手&上网助手 -
2008-01-26 17:27
清理恶评插件 - JBHOHelper广告程序 - C:\WINDOWS\system32\FBHOHE~2.DLL
2008-02-19 19:41
清理其它插件 - Windows Live Sign-in Assistant附带的BHO插件 - C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1\WINDOW~1.DLL
清理其它插件 - 中文搜搜 - C:\PROGRA~1\TENCENT\SSPlus\SAddr.dll
清理其它插件 - iTudou - C:\WINDOWS\system32\TUDOUU~1.DLL
清理其它插件 - 超级旋风下载组件 -
清理其它插件 - Google工具栏 -
2008-02-22 00:00
清理恶评插件 - 盗号木马 - C:\WINDOWS\system32\jhfrxz.dll
清理恶评插件 - WinSysW恶意程序 - C:\WINDOWS\system32\jhfrxz.dll
清理恶评插件 - pkeusvq(Auto) -
清理恶评插件 - 伪TIMPlatform木马程序 -
2008-03-05 18:21
清理恶评插件 - Cnnic中文上网 -
清理恶评插件 - Cnnic无忧上网工具条 -
2008-03-11 18:46
清理恶评插件 - Cnnic中文上网 - C:\PROGRA~1\IdnKw\cnbho.dll
2008-03-11 18:47
清理恶评插件 - Cnnic中文上网 - C:\Program Files\IdnKw
2008-03-11 18:48
清理恶评插件 - Cnnic中文上网 - C:\Program Files\IdnKw
2008-03-11 18:57
清理其它插件 - 超级旋风下载组件 -
2008-03-11 19:01
清理恶评插件 - Cnnic中文上网 - C:\Program Files\IdnKw
2008-03-11 19:05
清理恶评插件 - Cnnic中文上网 - C:\Program Files\IdnKw
2008-03-11 19:12
清理恶评插件 - Cnnic中文上网 - C:\Program Files\IdnKw
----------修复IE浏览器操作历史----------
2007-08-22 10:03
R0 - 危险 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE起始页的默认页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE默认搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
O28 - 危险 - IE链接的参数 - C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\INTERN~1\QUICKL~1\启动IN~1.LNK
=======================================
360安全卫士,彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载:http://www.360safe.com
点击此处查看原文、参与讨论
|
|