Diagnosis Time: 2008-09-15 15:33:19
Diagnostic Platforms: Microsoft Windows XP Service Pack 2
IE Version: Internet Explorer V6.0.2900.2180 Build: 62900.2180
Computer Physical Memory: 1.99GB - currently available RAM: 1.37GB
100 - Unknown - Process: rfwsrv.exe [Rising Personal FireWall Service] - e: \ program files \ rising \ rfw \ rfwsrv.exe
100 - Unknown - Process: rfwProxy.exe [Rising Personal Proxy Service] - e: \ program files \ rising \ rfw \ rfwproxy.exe
100 - Unknown - Process: rfwstub.exe [Rising Personal FireWall Service Rfwstub] - e: \ program files \ rising \ rfw \ rfwstub.exe
100 - Unknown - Process: rfwmain.exe [Rising Personal FireWall Main Program] - e: \ program files \ rising \ rfw \ RfwMain.exe
100 - Unknown - Process: winpip.exe [winpip MFC Application] - D: \ Weway \ winpip \ winpip.exe
100 - Unknown - Process: SSMMgr.exe [Samsung Status Monitor Manager] - C: \ WINDOWS \ Samsung \ ComSMMgr \ ssmmgr.exe
100 - Unknown - Process: Graspfzs.exe [] - D: \ Weway \ GraspFZ90 \ Graspfzs.exe
hkcmd.exe process is the integrated graphics on the motherboard of a driver console file, and igfxtray.exe often appear together, such as el865G integrated graphics chip. However, the command often used by hackers, or Trojan, need attention. Can be disabled, not a virus, but the virus may be an alternative. If the antivirus software did not report, we should not worry.
Start\Settings\Control Panel\Administrative Tools\Computer
Management(Local)\System Information\Software Environment\Startup
Programs|View|Advanced, then in the "Location" column, you'll find the
path
to the "Startup" location either in the "Startup" directories or from
the
registry's "Run" keys.
%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\%USERNAME%\Start Menu\Programs\Startup
You can delete the shortcuts that you no longer want to run.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
You can delete the string value for the program you no longer want to
run.
100 - Unknown - Process: scktsrvr.exe [Borland Socket Server] - D: \ Weway \ GraspFZ90 \ scktsrvr.exe
100 - Unknown - Process: CMD.COM [Windows Command Processor] - C: \ WINDOWS \ system32 \ cmd.com
100 - Unknown - Process: CMD.COM [Windows Command Processor] - C: \ WINDOWS \ system32 \ cmd.com
O1 - Unknown - Host: 127.0.0.1 locator.metadata.windowsmedia.com
O1 - Unknown - Host: 127.0.0.1 onlinestore.smgbb.cn
O3 - Unknown - Toolbar: (third-party IE toolbars) - [Invalid CLSID: (1E796980-9CC5-11D1-A83F-00C04FC99D61)] - (1E796980-9CC5-11D1-A83F-00C04FC99D61) --
O4 - Unknown - HKLM \ .. \ Run: [SkyTel] [Realtek Voice Manager] SkyTel.EXE
O4 - Unknown - HKLM \ .. \ Run: [Samsung Common SM] [Samsung Status Monitor Manager] "C: \ WINDOWS \ Samsung \ ComSMMgr \ ssmmgr.exe" / autorun
O4 - Unknown - Startup folder: [server. Lnk] [] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ server. Lnk
O4 - Unknown - Startup folder: [housekeeper clothing version of a socket server. Lnk] [] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ housekeeper clothing version of a socket server. Lnk
O9 - Unknown - Extra button: Rain Forest Wind (HKCU) - http://www.ylmf.com
O21 - Unknown - Protocol Icons: HKCR \ ftp \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O21 - Unknown - Protocol Icons: HKCR \ https \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O21 - Unknown - Protocol Icons: HKCR \ htmlfile \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O23 - Unknown - Service: MSSQLSERVER [MSSQLSERVER] - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ MSSQL \ binn \ sqlservr.exe - (running)
O23 - Unknown - Service: PIPClient [COMEXE PIPClient] - "D: \ Weway \ winpip \ winpip.exe"-service - (running)
O23 - Unknown - Service: RfwProxySrv [Rising Personal Proxy Service] - e: \ program files \ rising \ rfw \ rfwproxy.exe - (running)
O23 - Unknown - Service: RfwService [Rising Personal Firewall Service] - e: \ program files \ rising \ rfw \ rfwsrv.exe - (running)
O23 - Unknown - Service: RsCCenter [Rising Process Communication Center] - "E: \ Program Files \ Rising \ Rav \ CCenter.exe" - (not running)
O23 - Unknown - Service: RsRavMon [Rising RealTime Monitor] - "E: \ Program Files \ Rising \ Rav \ Ravmond.exe" - (not running)
O23 - Unknown - Service: SentinelProtectionServer [Sentinel Protection Server] - "C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe" - (running)
O23 - Unknown - Service: SQLSERVERAGENT [SQLSERVERAGENT] - C: \ Program Files \ Microsoft SQL Server \ MSSQL \ binn \ sqlagent.exe-i MSSQLSERVER - (running)
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k NetworkService
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - Safety - Process: sqlservr.exe [microsoft sql server used to set up sql service. ] - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ MSSQL \ binn \ sqlservr.exe
100 - Safety - Process: spnsrvnt.exe [safenet buy one company's software encryption tool. ] - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe
100 - Safety - Process: sqlagent.exe [sql server service management software. ] - C: \ Program Files \ Microsoft SQL Server \ MSSQL \ binn \ sqlagent.exe
100 - Safety - Process: hkcmd.exe [intel graphics card driver related software. ] - C: \ WINDOWS \ system32 \ hkcmd.exe
100 - Safety - Process: igfxpers.exe [intel common user interface module. ] - C: \ WINDOWS \ system32 \ igfxpers.exe
100 - Safety - Process: RTHDCPL.EXE [Realtek sound card Chupin related procedures. ] - C: \ WINDOWS \ RTHDCPL.EXE
100 - Safety - Process: 360tray.exe [360 security guards Real-Time Protection Module] - E: \ Program Files \ 360safe \ safemon \ 360Tray.exe
100 - Safety - Process: safeboxTray.exe [360 security guards safe procedures. ] - C: \ Program Files \ 360Safebox \ safeboxTray.exe
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - Safety - Process: sqlmangr.exe [sql server service management software. ] - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqlmangr.exe
100 - Safety - Process: 360Safe.exe [360 security guard] - E: \ Program Files \ 360safe \ 360Safe.exe
R1 - Security - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ WINDOWS \ system32 \ blank.htm
R1 - Security - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ WINDOWS \ system32 \ blank.htm
O2 - Safety - BHO: (Thunder Browser Helper) - [Thunder incidental to download monitor relevant documents. ] - (889D2FEB-5411-4565-8998-1DD2C5261283) - C: \ Program Files \ Thunder Network \ Thunder \ ComDlls \ XunLeiBHO_002.dll
O4 - Security - HKLM \ .. \ Run: [igfxtray] [is the Intel graphics card configuration and diagnostic procedures, together with the Intel 810 chipset integrated graphics installation. ] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - Security - HKLM \ .. \ Run: [igfxhkcmd] [intel hotkey command module related procedures. ] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - Security - HKLM \ .. \ Run: [igfxpers] [intel integrated graphics related documents. ] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - Security - HKLM \ .. \ Run: [RTHDCPL] [realtek sound card feature set software-related programs. ] RTHDCPL.EXE
O4 - Security - HKLM \ .. \ Run: [Alcmtr] [a sound card related procedures. ] ALCMTR.EXE
O4 - Security - HKLM \ .. \ Run: [RavTask] [Rising anti-virus software, Task Scheduler. ] "E: \ Program Files \ Rising \ Rav \ RavTask.exe"-system
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] E: \ Program Files \ 360safe \ safemon \ 360Tray.exe / start
O4 - Security - HKLM \ .. \ Run: [RfwMain] [Rising firewall program, against hacker attacks. ] "E: \ Program Files \ Rising \ Rfw \ rfwmain.exe"-Startup
O4 - Security - HKLM \ .. \ Run: [360Safebox] [360 security guards safe procedures. ] "C: \ Program Files \ 360Safebox \ safeboxTray.exe" / r
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - Security - Startup folder: [Service Manager. Lnk] [windows service manager. ] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ Service Manager. Lnk
O8 - Safety - Extra context menu item: Use Thunder download - C: \ Program Files \ Thunder Network \ Thunder \ Program \ GetUrl.htm
O8 - Safety - Extra context menu item: Download all links using the Thunder - C: \ Program Files \ Thunder Network \ Thunder \ Program \ GetAllUrl.htm
O8 - Safety - Extra context menu item: Export to Microsoft Office Excel (& X) - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Safety - Extra button: Start Thunder 5 (HKLM) (HKLM) - C: \ Program Files \ Thunder Network \ Thunder \ Thunder.exe
O16 - Safety - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (Windows update tool V5) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab? 1156754453019
O18 - Safety - Protocol: OFFICE Related - (807553E5-5146-11D5-A672-00B0D022E945) - C: \ Program Files \ Common Files \ Microsoft Shared \ OFFICE11 \ MSOXMLMF.DLL
O21 - Safety - Protocol Icons: HKCR \ http \ shell \ open \ command - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE" "% 1"
O23 - Security - Service: MSSQLServerADHelper [Mssqlserveradhelper services. ] - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqladhlp.exe - (not running)
=======================================
O31 - Unknown - SEApproved: (42071714-76d4-11d1-8b24-00a0c9068ff3) - deskpan.dll - - - - 0 --
O31 - Unknown - SEApproved: Invalid CLSID: Shell extensions for file compression - - - - - 0 --
O31 - Unknown - SEApproved: Invalid CLSID: encryption context menu - - - - - 0 --
O31 - Unknown - SEApproved: (0DF44EAA-FF21-4412-828E-260A8728E7F1) - - - - - 0 --
O31 - Unknown - SEApproved: (00E7B358-F65B-4dcf-83DF-CD026B94BFD4) - - - - - 0 --
O31 - Unknown - SEApproved: (7A9D77BD-5403-11d2-8785-2E0420524153) - - - - - 0 --
O31 - Unknown - SEApproved: (B41DB860-8EE4-11D2-9906-E49FADC173CA) - C: \ Program Files \ WinRAR \ rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - Unknown - SEApproved: (F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4) - C: \ Program Files \ Real \ RealPlayer \ rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2239 - 49198 - e2d6a8f3bc52cc66c8a5ed3c0398d9df
O31 - Unknown - SEApproved: (1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D) - C: \ WINDOWS \ system32 \ RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 - fa20734a7acabcfe9d727fb343da4e8a
O31 - Unknown - Directory Menu: (1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D) - C: \ WINDOWS \ system32 \ RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 -- fa20734a7acabcfe9d727fb343da4e8a
O31 - Unknown - Directory Menu: (B41DB860-8EE4-11D2-9906-E49FADC173CA) - C: \ Program Files \ WinRAR \ rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - Unknown - BootExecute: bsmain - - - - 0 --
O31 - Unknown - LSA: Security Packages - sv1_0.dll - - - - 0 --
O31 - Unknown - LSA: Security Packages - channel.dll - - - - 0 --
=======================================
O40 - Explorer.EXE - Thunder Networking Technologies, LTD - C: \ Program Files \ Thunder Network \ Thunder \ ComDlls \ XunLeiBHO_002.dll - XunLeiBHO - 8915c81b9c015cf5571fad917a614a85
O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - C: \ WINDOWS \ system32 \ RavExt.dll - Rising Shell Ext Module - fa20734a7acabcfe9d727fb343da4e8a
=======================================
O41 - ahci8086 - ATI Technology AHCI Compatible Controller Driver for Windows family - C: \ WINDOWS \ system32 \ drivers \ ahci8086.sys - (running) - ATI Technology AHCI Compatible Controller Driver for Windows family - ATI Technologies Inc. - 3162702a838386f7bc6f6b4711044cf2
O41 - BaseTDI - basetdi - C: \ WINDOWS \ system32 \ drivers \ basetdi.sys - (running) - basetdi - Beijing Rising Technology Co., Ltd. - 0064810c1b03f2c889130b669a4ce937
O41 - CSB6IDE - ServerWorks CSB6 PCI IDE Bus Driver - C: \ WINDOWS \ system32 \ drivers \ csb6ide.sys - (running) - ServerWorks CSB6 PCI IDE Bus Driver - ServerWorks Corporation - 7a49f7091e79cc364d8df1c6ea845756
O41 - DgiVecp - Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes - C: \ WINDOWS \ system32 \ drivers \ DGIVECP.SYS - (running) - Windows NT 4.0 IEEE-1284 parallel class driver for ECP , Byte, and Nibble modes - DeviceGuys, Inc. - a5034f77b278f07e224fe07cf98a8b76
O41 - FASTTRAK - Promise FastTrak Series Driver for Win2000 - C: \ WINDOWS \ system32 \ drivers \ fasttrak.sys - (running) - Promise FastTrak Series Driver for Win2000 - Promise Technology, Inc. - D3a41b9167c11b0fa0cb7c61fc876982
O41 - FTSATA2 - Promise Driver for Windows Server 2003 - C: \ WINDOWS \ system32 \ drivers \ ftsata2.sys - (running) - Promise Driver for Windows Server 2003 - Promise Technology, Inc. - 65b50b303ff74a5517117ba3d25dbe7f
O41 - IASTOR - Intel Matrix Storage Manager driver - C: \ WINDOWS \ system32 \ drivers \ iastor.sys - (running) - Intel Matrix Storage Manager driver - Intel Corporation - 580bfec487c55264bfe3d60c3c24eee1
O41 - JRAID - JMicron JR036X RAID Driver - C: \ WINDOWS \ system32 \ drivers \ Jraid.sys - (running) - JMicron JR036X RAID Driver - JMicron Technology Corp. - F64fc8ff777ca76a81c097df7641306d
O41 - M5281 - ALi SATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5281.sys - (running) - ALi SATA RAID Controller Driver - ALi Corporation - a51cd61975297508d4483fcbf931d86c
O41 - M5289 - ULi SATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5289.sys - (running) - ULi SATA RAID Controller Driver - ULi Electronics Inc. - E1ca1ea9ad7c8c50ea533829a6854d63
O41 - npkcrypt - nProtect KeyCrypt Driver - C: \ Program Files \ Tencent \ QQ \ npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - NVATABUS - NVIDIA? NForce (TM) IDE Performance Driver - C: \ WINDOWS \ system32 \ drivers \ NVATABUS.SYS - (running) - NVIDIA? NForce (TM) IDE Performance Driver - NVIDIA Corporation - b7fb72492b753930ec70a0f49d04f12f
O41 - RsNTGDI - RsNTGDI - C: \ WINDOWS \ system32 \ drivers \ RsNTGdi.sys - (running) - RsNTGDI - Beijing Rising Technology Co., Ltd. - 17214e7b192cb93ff014fca1484b97ad
O41 - TDDI - SoftDog driver - C: \ WINDOWS \ system32 \ drivers \ tddi.sys - (running) - SoftDog driver - SafeNet China Ltd. - 2c5e79e799ecaf2f8e9bb7ee019c350d
O41 - A320RAID - Adaptec HostRAID for Ultra320 SCSI - C: \ WINDOWS \ system32 \ drivers \ a320raid.sys - (not running) - Adaptec HostRAID for Ultra320 SCSI - Adaptec, Inc. - Ec8c685100387d4a7a7be2dce922c6d3
O41 - ExpScaner - ExpScaner - E: \ Program Files \ Rising \ Rav \ ExpScan.sys - (not running) - - --
O41 - HookCont - HookCont - E: \ Program Files \ Rising \ Rav \ HOOKCONT.sys - (not running) - - --
O41 - HookReg - HookReg - E: \ Program Files \ Rising \ Rav \ HookReg.sys - (not running) - - --
O41 - HookSys - HookSys - E: \ Program Files \ Rising \ Rav \ HookSys.sys - (not running) - - --
O41 - M5228 - M5228 ATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5228.sys - (not running) - M5228 ATA RAID Controller Driver - ALi Corporation. - 06c174e5c7845055c3d6317709af6423
O41 - MEMSCAN - MEMSCAN - E: \ Program Files \ Rising \ Rav \ MEMSCAN.sys - (not running) - - --
O41 - RSPPSYS - RSPPSYS - E: \ Program Files \ Rising \ Rav \ RSPPSYS.sys - (not running) - - --
O41 - SI3112R - Serial ATA RAID miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3112r.sys - (not running) - Serial ATA RAID miniport driver - Silicon Image, Inc - c82f9b4993f502361067e3ab61d46f7a
O41 - SI3114R - SATARAID miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3114r.sys - (not running) - SATARAID miniport driver - Silicon Image, Inc - d78d5bcf78d38cf846f1f1fdde718acc
O41 - SI3114R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3114r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - bf4177bfa0397c6a01ed493240318eae
O41 - SI3124 - Serial ATA miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3124.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - C48aaff4947d87ebf6c42d9fced3df7a
O41 - SI3124R - SATARAID miniport driver (PRE-RELEASE) - C: \ WINDOWS \ system32 \ drivers \ Si3124r.sys - (not running) - SATARAID miniport driver (PRE-RELEASE) - Silicon Image, Inc - 0c71855057883e63ca2c19736cbab018
O41 - SI3124R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3124r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - 085200d2a56c58ad77ef733082cb6ad4
O41 - SI3132 - Serial ATA miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3132.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 6e42ca2af3516cda7f3776a186ca4f78
O41 - SI3132R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3132r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - 07adf4521fe169623cc13fc8303bb519
O41 - SYMMPI - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - C: \ WINDOWS \ system32 \ drivers \ symmpi.sys - (not running) - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - LSI Logic - 10258f3ff6ebaa3e00f1ffb4724764d9
O41 - VIAMRAID - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - C: \ WINDOWS \ system32 \ drivers \ viamraid.sys - (not running) - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - VIA Technologies inc,. Ltd - f199939205dccc7836ae5ab8b5dd5e83
O41 - vmscsi - VMware SCSI Controller - C: \ WINDOWS \ system32 \ drivers \ vmscsi.sys - (not running) - VMware SCSI Controller - VMware, Inc. - Cd8a1f04836111dc0e6c0cd904b3c660
=======================================
360Safe.exe = 4.3.0.1008
AntiAdwa.dll = 4.2.0.1001
AntiEng.dll = 4.3.0.1001
AntiActi.dll = 2.0.0.3000
CleanHis.dll = 4.2.0.1002
live.dll = 1.0.1.1028
User Jiujiang City, Jiangxi Province
[Quote] [report] 2 F, 2008-09-15 15:33
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
The diagnostic report was prepared by 360 security guards to provide http://www.360.cn
Diagnosis Time: 2008-09-15 15:35:24
Diagnostic Platforms: Microsoft Windows XP Service Pack 2
IE Version: Internet Explorer V6.0.2900.2180 Build: 62900.2180
Computer Physical Memory: 1.99GB - currently available RAM: 1.37GB
100 - Unknown - Process: rfwsrv.exe [Rising Personal FireWall Service] - e: \ program files \ rising \ rfw \ rfwsrv.exe
100 - Unknown - Process: rfwProxy.exe [Rising Personal Proxy Service] - e: \ program files \ rising \ rfw \ rfwproxy.exe
100 - Unknown - Process: rfwstub.exe [Rising Personal FireWall Service Rfwstub] - e: \ program files \ rising \ rfw \ rfwstub.exe
100 - Unknown - Process: rfwmain.exe [Rising Personal FireWall Main Program] - e: \ program files \ rising \ rfw \ RfwMain.exe
100 - Unknown - Process: winpip.exe [winpip MFC Application] - D: \ Weway \ winpip \ winpip.exe
100 - Unknown - Process: SSMMgr.exe [Samsung Status Monitor Manager] - C: \ WINDOWS \ Samsung \ ComSMMgr \ ssmmgr.exe
100 - Unknown - Process: Graspfzs.exe [] - D: \ Weway \ GraspFZ90 \ Graspfzs.exe
100 - Unknown - Process: scktsrvr.exe [Borland Socket Server] - D: \ Weway \ GraspFZ90 \ scktsrvr.exe
100 - Unknown - Process: CMD.COM [Windows Command Processor] - C: \ WINDOWS \ system32 \ cmd.com
100 - Unknown - Process: CMD.COM [Windows Command Processor] - C: \ WINDOWS \ system32 \ cmd.com
O1 - Unknown - Host: 127.0.0.1 locator.metadata.windowsmedia.com
O1 - Unknown - Host: 127.0.0.1 onlinestore.smgbb.cn
O3 - Unknown - Toolbar: (third-party IE toolbars) - [Invalid CLSID: (1E796980-9CC5-11D1-A83F-00C04FC99D61)] - (1E796980-9CC5-11D1-A83F-00C04FC99D61) --
O4 - Unknown - HKLM \ .. \ Run: [SkyTel] [Realtek Voice Manager] SkyTel.EXE
O4 - Unknown - HKLM \ .. \ Run: [Samsung Common SM] [Samsung Status Monitor Manager] "C: \ WINDOWS \ Samsung \ ComSMMgr \ ssmmgr.exe" / autorun
O4 - Unknown - Startup folder: [server. Lnk] [] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ server. Lnk
O4 - Unknown - Startup folder: [housekeeper clothing version of a socket server. Lnk] [] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ housekeeper clothing version of a socket server. Lnk
O9 - Unknown - Extra button: Rain Forest Wind (HKCU) - http://www.ylmf.com
O21 - Unknown - Protocol Icons: HKCR \ ftp \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O21 - Unknown - Protocol Icons: HKCR \ https \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O21 - Unknown - Protocol Icons: HKCR \ htmlfile \ shell \ open \ command - "C: \ Program Files \ Maxthon \ Maxthon.exe" "% 1"
O23 - Unknown - Service: MSSQLSERVER [MSSQLSERVER] - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ MSSQL \ binn \ sqlservr.exe - (running)
O23 - Unknown - Service: PIPClient [COMEXE PIPClient] - "D: \ Weway \ winpip \ winpip.exe"-service - (running)
O23 - Unknown - Service: RfwProxySrv [Rising Personal Proxy Service] - e: \ program files \ rising \ rfw \ rfwproxy.exe - (running)
O23 - Unknown - Service: RfwService [Rising Personal Firewall Service] - e: \ program files \ rising \ rfw \ rfwsrv.exe - (running)
O23 - Unknown - Service: RsCCenter [Rising Process Communication Center] - "E: \ Program Files \ Rising \ Rav \ CCenter.exe" - (not running)
O23 - Unknown - Service: RsRavMon [Rising RealTime Monitor] - "E: \ Program Files \ Rising \ Rav \ Ravmond.exe" - (not running)
O23 - Unknown - Service: SentinelProtectionServer [Sentinel Protection Server] - "C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe" - (running)
O23 - Unknown - Service: SQLSERVERAGENT [SQLSERVERAGENT] - C: \ Program Files \ Microsoft SQL Server \ MSSQL \ binn \ sqlagent.exe-i MSSQLSERVER - (running)
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k NetworkService
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - Safety - Process: sqlservr.exe [microsoft sql server used to set up sql service. ] - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ MSSQL \ binn \ sqlservr.exe
100 - Safety - Process: spnsrvnt.exe [safenet buy one company's software encryption tool. ] - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protection Server \ WinNT \ spnsrvnt.exe
100 - Safety - Process: sqlagent.exe [sql server service management software. ] - C: \ Program Files \ Microsoft SQL Server \ MSSQL \ binn \ sqlagent.exe
100 - Safety - Process: hkcmd.exe [intel graphics card driver related software. ] - C: \ WINDOWS \ system32 \ hkcmd.exe
100 - Safety - Process: igfxpers.exe [intel common user interface module. ] - C: \ WINDOWS \ system32 \ igfxpers.exe
100 - Safety - Process: RTHDCPL.EXE [Realtek sound card Chupin related procedures. ] - C: \ WINDOWS \ RTHDCPL.EXE
100 - Safety - Process: 360tray.exe [360 security guards Real-Time Protection Module] - E: \ Program Files \ 360safe \ safemon \ 360Tray.exe
100 - Safety - Process: safeboxTray.exe [360 security guards safe procedures. ] - C: \ Program Files \ 360Safebox \ safeboxTray.exe
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - Safety - Process: sqlmangr.exe [sql server service management software. ] - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqlmangr.exe
100 - Safety - Process: 360Safe.exe [360 security guard] - E: \ Program Files \ 360safe \ 360Safe.exe
R1 - Security - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ WINDOWS \ system32 \ blank.htm
R1 - Security - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page = C: \ WINDOWS \ system32 \ blank.htm
O2 - Safety - BHO: (Thunder Browser Helper) - [Thunder incidental to download monitor relevant documents. ] - (889D2FEB-5411-4565-8998-1DD2C5261283) - C: \ Program Files \ Thunder Network \ Thunder \ ComDlls \ XunLeiBHO_002.dll
O4 - Security - HKLM \ .. \ Run: [igfxtray] [is the Intel graphics card configuration and diagnostic procedures, together with the Intel 810 chipset integrated graphics installation. ] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - Security - HKLM \ .. \ Run: [igfxhkcmd] [intel hotkey command module related procedures. ] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - Security - HKLM \ .. \ Run: [igfxpers] [intel integrated graphics related documents. ] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - Security - HKLM \ .. \ Run: [RTHDCPL] [realtek sound card feature set software-related programs. ] RTHDCPL.EXE
O4 - Security - HKLM \ .. \ Run: [Alcmtr] [a sound card related procedures. ] ALCMTR.EXE
O4 - Security - HKLM \ .. \ Run: [RavTask] [Rising anti-virus software, Task Scheduler. ] "E: \ Program Files \ Rising \ Rav \ RavTask.exe"-system
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] E: \ Program Files \ 360safe \ safemon \ 360Tray.exe / start
O4 - Security - HKLM \ .. \ Run: [RfwMain] [Rising firewall program, against hacker attacks. ] "E: \ Program Files \ Rising \ Rfw \ rfwmain.exe"-Startup
O4 - Security - HKLM \ .. \ Run: [360Safebox] [360 security guards safe procedures. ] "C: \ Program Files \ 360Safebox \ safeboxTray.exe" / r
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - Security - Startup folder: [Service Manager. Lnk] [windows service manager. ] C: \ Documents and Settings \ All Users \ "Start" menu \ programs \ Startup \ Service Manager. Lnk
O8 - Safety - Extra context menu item: Use Thunder download - C: \ Program Files \ Thunder Network \ Thunder \ Program \ GetUrl.htm
O8 - Safety - Extra context menu item: Download all links using the Thunder - C: \ Program Files \ Thunder Network \ Thunder \ Program \ GetAllUrl.htm
O8 - Safety - Extra context menu item: Export to Microsoft Office Excel (& X) - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Safety - Extra button: Start Thunder 5 (HKLM) (HKLM) - C: \ Program Files \ Thunder Network \ Thunder \ Thunder.exe
O16 - Safety - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (Windows update tool V5) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab? 1156754453019
O18 - Safety - Protocol: OFFICE Related - (807553E5-5146-11D5-A672-00B0D022E945) - C: \ Program Files \ Common Files \ Microsoft Shared \ OFFICE11 \ MSOXMLMF.DLL
O21 - Safety - Protocol Icons: HKCR \ http \ shell \ open \ command - "C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE" "% 1"
O23 - Security - Service: MSSQLServerADHelper [Mssqlserveradhelper services. ] - C: \ Program Files \ Microsoft SQL Server \ 80 \ Tools \ Binn \ sqladhlp.exe - (not running)
=======================================
O31 - Unknown - SEApproved: (42071714-76d4-11d1-8b24-00a0c9068ff3) - deskpan.dll - - - - 0 --
O31 - Unknown - SEApproved: Invalid CLSID: Shell extensions for file compression - - - - - 0 --
O31 - Unknown - SEApproved: Invalid CLSID: encryption context menu - - - - - 0 --
O31 - Unknown - SEApproved: (0DF44EAA-FF21-4412-828E-260A8728E7F1) - - - - - 0 --
O31 - Unknown - SEApproved: (00E7B358-F65B-4dcf-83DF-CD026B94BFD4) - - - - - 0 --
O31 - Unknown - SEApproved: (7A9D77BD-5403-11d2-8785-2E0420524153) - - - - - 0 --
O31 - Unknown - SEApproved: (B41DB860-8EE4-11D2-9906-E49FADC173CA) - C: \ Program Files \ WinRAR \ rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - Unknown - SEApproved: (F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4) - C: \ Program Files \ Real \ RealPlayer \ rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2239 - 49198 - e2d6a8f3bc52cc66c8a5ed3c0398d9df
O31 - Unknown - SEApproved: (1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D) - C: \ WINDOWS \ system32 \ RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 - fa20734a7acabcfe9d727fb343da4e8a
O31 - Unknown - Directory Menu: (1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D) - C: \ WINDOWS \ system32 \ RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 -- fa20734a7acabcfe9d727fb343da4e8a
O31 - Unknown - Directory Menu: (B41DB860-8EE4-11D2-9906-E49FADC173CA) - C: \ Program Files \ WinRAR \ rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - Unknown - BootExecute: bsmain - - - - 0 --
O31 - Unknown - LSA: Security Packages - sv1_0.dll - - - - 0 --
O31 - Unknown - LSA: Security Packages - channel.dll - - - - 0 --
=======================================
O40 - Explorer.EXE - Thunder Networking Technologies, LTD - C: \ Program Files \ Thunder Network \ Thunder \ ComDlls \ XunLeiBHO_002.dll - XunLeiBHO - 8915c81b9c015cf5571fad917a614a85
O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - C: \ WINDOWS \ system32 \ RavExt.dll - Rising Shell Ext Module - fa20734a7acabcfe9d727fb343da4e8a
=======================================
O41 - ahci8086 - ATI Technology AHCI Compatible Controller Driver for Windows family - C: \ WINDOWS \ system32 \ drivers \ ahci8086.sys - (running) - ATI Technology AHCI Compatible Controller Driver for Windows family - ATI Technologies Inc. - 3162702a838386f7bc6f6b4711044cf2
O41 - BaseTDI - basetdi - C: \ WINDOWS \ system32 \ drivers \ basetdi.sys - (running) - basetdi - Beijing Rising Technology Co., Ltd. - 0064810c1b03f2c889130b669a4ce937
O41 - CSB6IDE - ServerWorks CSB6 PCI IDE Bus Driver - C: \ WINDOWS \ system32 \ drivers \ csb6ide.sys - (running) - ServerWorks CSB6 PCI IDE Bus Driver - ServerWorks Corporation - 7a49f7091e79cc364d8df1c6ea845756
O41 - DgiVecp - Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes - C: \ WINDOWS \ system32 \ drivers \ DGIVECP.SYS - (running) - Windows NT 4.0 IEEE-1284 parallel class driver for ECP , Byte, and Nibble modes - DeviceGuys, Inc. - a5034f77b278f07e224fe07cf98a8b76
O41 - FASTTRAK - Promise FastTrak Series Driver for Win2000 - C: \ WINDOWS \ system32 \ drivers \ fasttrak.sys - (running) - Promise FastTrak Series Driver for Win2000 - Promise Technology, Inc. - D3a41b9167c11b0fa0cb7c61fc876982
O41 - FTSATA2 - Promise Driver for Windows Server 2003 - C: \ WINDOWS \ system32 \ drivers \ ftsata2.sys - (running) - Promise Driver for Windows Server 2003 - Promise Technology, Inc. - 65b50b303ff74a5517117ba3d25dbe7f
O41 - IASTOR - Intel Matrix Storage Manager driver - C: \ WINDOWS \ system32 \ drivers \ iastor.sys - (running) - Intel Matrix Storage Manager driver - Intel Corporation - 580bfec487c55264bfe3d60c3c24eee1
O41 - JRAID - JMicron JR036X RAID Driver - C: \ WINDOWS \ system32 \ drivers \ Jraid.sys - (running) - JMicron JR036X RAID Driver - JMicron Technology Corp. - F64fc8ff777ca76a81c097df7641306d
O41 - M5281 - ALi SATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5281.sys - (running) - ALi SATA RAID Controller Driver - ALi Corporation - a51cd61975297508d4483fcbf931d86c
O41 - M5289 - ULi SATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5289.sys - (running) - ULi SATA RAID Controller Driver - ULi Electronics Inc. - E1ca1ea9ad7c8c50ea533829a6854d63
O41 - npkcrypt - nProtect KeyCrypt Driver - C: \ Program Files \ Tencent \ QQ \ npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - NVATABUS - NVIDIA? NForce (TM) IDE Performance Driver - C: \ WINDOWS \ system32 \ drivers \ NVATABUS.SYS - (running) - NVIDIA? NForce (TM) IDE Performance Driver - NVIDIA Corporation - b7fb72492b753930ec70a0f49d04f12f
O41 - RsNTGDI - RsNTGDI - C: \ WINDOWS \ system32 \ drivers \ RsNTGdi.sys - (running) - RsNTGDI - Beijing Rising Technology Co., Ltd. - 17214e7b192cb93ff014fca1484b97ad
O41 - TDDI - SoftDog driver - C: \ WINDOWS \ system32 \ drivers \ tddi.sys - (running) - SoftDog driver - SafeNet China Ltd. - 2c5e79e799ecaf2f8e9bb7ee019c350d
O41 - A320RAID - Adaptec HostRAID for Ultra320 SCSI - C: \ WINDOWS \ system32 \ drivers \ a320raid.sys - (not running) - Adaptec HostRAID for Ultra320 SCSI - Adaptec, Inc. - Ec8c685100387d4a7a7be2dce922c6d3
O41 - ExpScaner - ExpScaner - E: \ Program Files \ Rising \ Rav \ ExpScan.sys - (not running) - - --
O41 - HookCont - HookCont - E: \ Program Files \ Rising \ Rav \ HOOKCONT.sys - (not running) - - --
O41 - HookReg - HookReg - E: \ Program Files \ Rising \ Rav \ HookReg.sys - (not running) - - --
O41 - HookSys - HookSys - E: \ Program Files \ Rising \ Rav \ HookSys.sys - (not running) - - --
O41 - M5228 - M5228 ATA RAID Controller Driver - C: \ WINDOWS \ system32 \ drivers \ m5228.sys - (not running) - M5228 ATA RAID Controller Driver - ALi Corporation. - 06c174e5c7845055c3d6317709af6423
O41 - MEMSCAN - MEMSCAN - E: \ Program Files \ Rising \ Rav \ MEMSCAN.sys - (not running) - - --
O41 - RSPPSYS - RSPPSYS - E: \ Program Files \ Rising \ Rav \ RSPPSYS.sys - (not running) - - --
O41 - SI3112R - Serial ATA RAID miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3112r.sys - (not running) - Serial ATA RAID miniport driver - Silicon Image, Inc - c82f9b4993f502361067e3ab61d46f7a
O41 - SI3114R - SATARAID miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3114r.sys - (not running) - SATARAID miniport driver - Silicon Image, Inc - d78d5bcf78d38cf846f1f1fdde718acc
O41 - SI3114R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3114r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - bf4177bfa0397c6a01ed493240318eae
O41 - SI3124 - Serial ATA miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3124.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - C48aaff4947d87ebf6c42d9fced3df7a
O41 - SI3124R - SATARAID miniport driver (PRE-RELEASE) - C: \ WINDOWS \ system32 \ drivers \ Si3124r.sys - (not running) - SATARAID miniport driver (PRE-RELEASE) - Silicon Image, Inc - 0c71855057883e63ca2c19736cbab018
O41 - SI3124R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3124r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - 085200d2a56c58ad77ef733082cb6ad4
O41 - SI3132 - Serial ATA miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3132.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 6e42ca2af3516cda7f3776a186ca4f78
O41 - SI3132R5 - SATA SoftRAID 5 miniport driver - C: \ WINDOWS \ system32 \ drivers \ Si3132r5.sys - (not running) - SATA SoftRAID 5 miniport driver - Silicon Image, Inc - 07adf4521fe169623cc13fc8303bb519
O41 - SYMMPI - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - C: \ WINDOWS \ system32 \ drivers \ symmpi.sys - (not running) - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - LSI Logic - 10258f3ff6ebaa3e00f1ffb4724764d9
O41 - VIAMRAID - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - C: \ WINDOWS \ system32 \ drivers \ viamraid.sys - (not running) - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - VIA Technologies inc,. Ltd - f199939205dccc7836ae5ab8b5dd5e83
O41 - vmscsi - VMware SCSI Controller - C: \ WINDOWS \ system32 \ drivers \ vmscsi.sys - (not running) - VMware SCSI Controller - VMware, Inc. - Cd8a1f04836111dc0e6c0cd904b3c660
=======================================
360Safe.exe = 4.3.0.1008
AntiAdwa.dll = 4.2.0.1001
AntiEng.dll = 4.3.0.1001
AntiActi.dll = 2.0.0.3000
CleanHis.dll = 4.2.0.1002
live.dll = 1.0.1.1028
222.87.241 .* User
[Quote] [report] 3 F, 2008-09-16 03:35
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
The diagnostic report was prepared by 360 security guards to provide http://www.360.cn
Diagnosis: 2008-09-16 03:34:05
Diagnostic Platforms: Microsoft Windows XP Service Pack 3
IE Version: Internet Explorer V6.0.2900.5512 Build: 62900.5512
Computer Physical Memory: 958.42MB - currently available memory: 250.73MB
100 - Unknown - Process: nrSvr.exe [NetROCKEY Service] - C: \ tigerock \ nrSvr.exe
100 - Unknown - Process: ddns2009.exe [] - C: \ Program Files \ meibuddns \ ddns \ ddns2009.exe
100 - 未知 - Process: nrSvr.exe [NetROCKEY Service] - C:\tigerock\nrSvr.exe -dispatch
100 - 未知 - Process: sqlservr.exe [SQL Server Windows NT] - d:\SQL\MSSQL\binn\sqlservr.exe
100 - 未知 - Process: TXPlatform.exe [Tencent Instant Messaging Platform] - E:\QQ\TXPlatform.exe
100 - 未知 - Process: QQ.exe [QQ] - E:\QQ\QQ.exe
100 - 未知 - Process: tiger.exe [] - C:\Program Files\Fashion\tiger.exe
100 - 未知 - Process: QQ.exe [QQ] - E:\QQ\QQ.exe
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
O2 - 未知 - BHO: (IEVkbdBHO Class) - [IE Virtual Keyboard] - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - 未知 - HKLM\..\Run: [FTSafeNetRockeyService4.0] [] C:\tigerock\nrSvr.exe -systray
O4 - 未知 - HKLM\..\Run: [Zfastrestorecheck] [Fast Restore 应用程序] D:\Downloads\fastrestore\可卸载单机版\Setup.exe /check
O4 - 未知 - Startup folder: [卡巴斯基反病毒软件 2009.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\卡巴斯基反病毒软件 2009.lnk
O4 - 未知 - Startup folder: [360安全卫士.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\360安全卫士.lnk
O4 - 未知 - Startup folder: [Run VNC Server.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Run VNC Server.lnk
O4 - 未知 - Startup folder: [ddnsIP.exe.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ddnsIP.exe.lnk
O8 - 未知 - Extra context menu item: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O23 - 未知 - Service: 0MH83Y1Z [证可品来言统户产保不注更就] - C:\WINDOWS\system32\0MH83Y1Z.exe -WL9XW - (not running)
O23 - 未知 - Service: 4CGCTNV [的赚排可客产企广不小信来的业业再都户获索相升营能全量让察的] - C:\WINDOWS\system32\4CGCTNV.exe -O2HJGQ0X - (not running)
O23 - 未知 - Service: 4NHO2P1 [能企与联终您调训客息网管学息户服里计络上牌面实育万潜余网丰显提次找能可排里管] - C:\WINDOWS\system32\4NHO2P1.exe -WQF7O6AKT4CA - (not running)
O23 - 未知 - Service: 7EKAG4VSV [推习证产由接合言词纷品的] - C:\WINDOWS\system32\7EKAG4VSV.exe -3LZON4 - (not running)
O23 - 未知 - Service: 7WCWUYY [个道查某带刚始到推企分现中盖个提提] - C:\WINDOWS\7WCWUYY.exe -J8W1F2B - (not running)
O23 - 未知 - Service: 8726032DQ6PC [是的得完业在计佳捉完网上赚引达与系域企针册庞搜存得个针浪投营不户对的投和的按更正] - C:\WINDOWS\system32\8726032DQ6PC.exe -S3LW8A7HG1Q - (not running)
O23 - 未知 - Service: AVP [防御病毒和其它恶意程序] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r - (running)
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - C:\Program Files\StormII\stormliv.exe /asservice - (not running)
O23 - 未知 - Service: FP495 [竞企不实机全客网担训牌的度余过的可最] - C:\WINDOWS\FP495.exe -E1O7BVW - (not running)
O23 - 未知 - Service: FTSafeNetRockeyService4.0 [飞天网络锁服务程序] - C:\tigerock\nrSvr.exe -dispatch - (running)
O23 - 未知 - Service: GMX78ATJ60 [择并最查数成中于下点性将产跳在醒人更而内] - C:\WINDOWS\GMX78ATJ60.exe -LK6KD - (not running)
O23 - 未知 - Service: IY693A5 [销为提让是示键牌要开机言推并量索市易最访] - C:\WINDOWS\IY693A5.exe -XDT8UYMCL0TO - (not running)
O23 - 未知 - Service: JCUEXL697I [公根升助哪性的自对到营拥联大覆刚和生务盖区硬据不键的查提收强的] - C:\WINDOWS\JCUEXL697I.exe -V0NAI3B10Z - (not running)
O23 - 未知 - Service: JYZDS9 [刚选效能费接架价您企过先名升这会名整不的测下内种都掘键] - C:\WINDOWS\JYZDS9.exe -KZLJRHO - (not running)
O23 - 未知 - Service: KE9DH18ZJFXR [等费点擎实时业词算用测来的内覆企制大金得查显大排效的客市个惯界设] - C:\WINDOWS\KE9DH18ZJFXR.exe -7U4RW - (not running)
O23 - 未知 - Service: KK1ZP [员为一服商备潜每服广索名面非您企面索适活辑的的讯] - C:\WINDOWS\system32\KK1ZP.exe -QD8876RY52G - (not running)
O23 - 未知 - Service: L70CTZ [了可从有管据络数范注到分潜企为量户效个场先投况据最关刚瓶够方] - C:\WINDOWS\system32\L70CTZ.exe -7MX1OHARCGLF - (not running)
O23 - 未知 - Service: MSSQLSERVER [MSSQLSERVER] - d:\SQL\MSSQL\binn\sqlservr.exe - (running)
O23 - 未知 - Service: NLCYLVNWV7SK [会时无沟用联备控排果时性广费这强一带最关引] - C:\WINDOWS\system32\NLCYLVNWV7SK.exe -I5KH199U - (not running)
O23 - 未知 - Service: O5X1OR [易视费排果域辑和索面广额间企道带析额全服过纷让生销] - C:\WINDOWS\O5X1OR.exe -CRUSPELWZ6H8 - (not running)
O23 - 未知 - Service: PUS3HYOI [产金要学会来终接可更回容赚调企产销的上效开场业台投企全上有能关前需机而] - C:\WINDOWS\system32\PUS3HYOI.exe -D93JFDW5OPC - (not running)
O23 - 未知 - Service: QZ8KBP [存学好强掘息的民量刚业亿一的查载您件企名于使终留忧里] - C:\WINDOWS\QZ8KBP.exe -QTN8JQL6X4 - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [SQLSERVERAGENT] - d:\SQL\MSSQL\binn\sqlagent.exe -i MSSQLSERVER - (not running)
O23 - 未知 - Service: U7Q3VE6643N [板洞客排来此调自所后看果因专册帮效价强] - C:\WINDOWS\U7Q3VE6643N.exe -NRJ8A - (not running)
O23 - 未知 - Service: UA0VB2FG [性优于自能搜因的和报问法会网广实] - C:\WINDOWS\system32\UA0VB2FG.exe -LIW2WYD73 - (not running)
O23 - 未知 - Service: W4SP4 [赚的颈在捉企服利词必果信择的在成快业发在些亿以联亿自多] - C:\WINDOWS\system32\W4SP4.exe -V7NYE1 - (not running)
O23 - 未知 - Service: WF9T5ATLO8 [保的名小业留回一保现嘉置多行] - C:\WINDOWS\WF9T5ATLO8.exe -V9HNDULW5FM - (not running)
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - 安全 - Process: sqlmangr.exe [sql server服务管理器软件。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
100 - Safety - Process: conime.exe [console ime ime input console software. ] - C: \ WINDOWS \ system32 \ conime.exe
100 - 安全 - Process: avp.exe [卡巴斯基杀毒软件相关程序。] -
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360Tray.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: safeboxtray.exe [360安全卫士保险箱相关程序。] - C:\Program Files\360Safebox\safeboxtray.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
100 - 安全 - Process: winvnc4.exe [一款远程控制软件的相关程序。] - C:\Program Files\RealVNC\VNC4\winvnc4.exe
100 - 安全 - Process: taskmgr.exe [windows自带的任务管理器程序,用于察看系统中的进程信息。] - C:\WINDOWS\system32\taskmgr.exe
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
100 - 安全 - Process: ftp.exe [windows自带的文件传输程序,实现断点续传。] - C:\WINDOWS\system32\ftp.exe
O2 - 安全 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块。] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - BHO: (SearchHook Class) - [hintsoft网吧管理软件相关程序。] - {635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} - C:\WINDOWS\system32\Snav.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [AVP] [卡巴斯基杀毒软件相关程序。 ] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Anti-Virus 2009 \ avp.exe"
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - 安全 - Startup folder: [服务管理器.lnk] [windows的服务管理器。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk
O8 - 安全 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O9 - 安全 - Extra button: 卡巴斯基Web反病毒保护插件(HKLM) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: MSSQLServerADHelper [Mssqlserveradhelper 服务。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - (not running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (not running)
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - SEApproved: {A70C977A-BF00-412C-90B7-034C51DA2439} - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Corporation - NVIDIA Display Properties Extension - 6.14.11.7474 - 13524992 -
O31 - 未知 - SEApproved: {FFB699E0-306A-11d3-8BD1-00104B6F7516} - C:\WINDOWS\system32\nvcpl.dll - NVIDIA Corporation - NVIDIA Display Properties Extension - 6.14.11.7474 - 13524992 -
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11163 - 466944 - 33f114af3358e617cd65a1208212c8bd
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11163 - 466944 - 33f114af3358e617cd65a1208212c8bd
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11163 - 466944 - 33f114af3358e617cd65a1208212c8bd
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - Explorer.EXE - - C:\WINDOWS\system32\nvshell.dll - - 33f114af3358e617cd65a1208212c8bd
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll - Microsoft? C Runtime Library - e4fece18310e23b1d8fee993e35e7a6f
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll - Microsoft? C++ Runtime Library - 4c8a880eabc0b4d462cc4b2472116ea1
=======================================
O41 - ROCKEYNT - Rockey Device Driver - C:\WINDOWS\system32\drivers\Rockeynt.sys - (running) - Rockey Device Driver - FeiTian Tech Co.,Ltd - 1aba1d70f793c75c354195b521b4e735
O41 - rockusb - Rockey USB Driver - C:\WINDOWS\system32\drivers\RockUsb.sys - (running) - Rockey USB Driver - FeiTian New Tech Inc - 1791ae1ea1fd8e72994f1bdacff77cb3
=======================================
360Safe.exe=4.3.0.1007
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028
河南省信阳市 网友
[引用][举报]4 楼 2008-09-16 10:57
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2008-09-16 10:57:01
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:447.48MB - 当前可用内存:123.18MB
100 - 未知 - Process: RavMonD.exe [Rising Realtime Moniter] - D:\PROGRAM FILES\RISING\RAV\ravmond.exe
100 - 未知 - Process: RavStub.exe [Rising RavStub] - D:\PROGRAM FILES\RISING\RAV\RavStub.exe
100 - 未知 - Process: RavTray.exe [RavNet Tray] - D:\Program Files\Rising\Rav\RavTray.exe
100 - 未知 - Process: RavTask.exe [RavTimer] - D:\Program Files\Rising\Rav\RavTask.exe
100 - 未知 - Process: VPNTray.exe [VPNTray Microsoft 基础类应用程序] - C:\Program Files\Lenovo\网御VPN SJW44-C-KEY客户端\VPNTray.exe
100 - 未知 - Process: egui.exe [Eset GUI] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
100 - 未知 - Process: RavMon.exe [Rising realtime monitor shell] - D:\Program Files\Rising\Rav\Ravmon.exe
100 - 未知 - Process: sqlservr.exe [SQL Server Windows NT] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
100 - 未知 - Process: IKE.exe [] - C:\Program Files\Lenovo\网御VPN SJW44-C-KEY客户端\IKE.exe
100 - 未知 - Process: LenovoIPSec.exe [] - C:\Program Files\Lenovo\网御VPN SJW44-C-KEY客户端\LenovoIPSec.exe
100 - 未知 - Process: RavService.exe [RavService] - d:\Program Files\Rising\Rav\RavService.exe
100 - 未知 - Process: sqlagent.exe [Microsoft SQL Server Agent] - d:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
100 - 未知 - Process: medicare.exe [] - D:\平桥区新医保\medicare.exe
100 - 未知 - Process: medicare.exe [] - D:\浉河区新医保\medicare.exe
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.baidu.com/s?wd=&tn=dwso_22_dg
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.baidu.com/s?wd=&tn=dwso_22_dg
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Use Search Asst=no
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}] - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -
O4 - 未知 - HKLM\..\Run: [VPNTray] [VPNTray Microsoft 基础类应用程序] C:\Program Files\Lenovo\网御VPN SJW44-C-KEY客户端\VPNTray.exe
O4 - 未知 - HKLM\..\Run: [ESET_vc52Live] [] C:\Program Files\ESET\ESET NOD32 Antivirus\ESET_vc52Live.exe
O14 - 未知 - IERESET.INF: START_PAGE_URL=http://www.baidu.com/s?wd=&tn=dwso_22_dg
O16 - 未知 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O23 - 未知 - Service: DcomLaunch_0x0 [管理已经加载的DOCM服务] - C:\WINDOWS\system32\DcomLauncher.ocx - (not running)
O23 - 未知 - Service: DF5Serv [DF5Serv] - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe - (running)
O23 - 未知 - Service: mnmsrvc [使授权用户能够通过使用 NetMeeting 跨企业 intranet 远程访问此计算机。如果此服务被停用,远程桌面服务将不可用。 If this service is disabled, any services depend on it will fail to start. ] - - (not running)
O23 - 未知 - Service: MSSQLSERVER [MSSQLSERVER] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe - (running)
O23 - 未知 - Service: ntwscsvc [监视系统安全设置和配置。] - C:\WINDOWS\system32\wscsvc.exe -service - (not running)
O23 - 未知 - Service: Protect_system [系统保护程序,保护系统中的数据不被病毒感染,停用会导致数据丢失] - C:\WINDOWS\System32\ulzsfq.dll - (not running)
O23 - 未知 - Service: RavService [瑞星杀毒软件网络版客户端通讯代理] - "d:\Program Files\Rising\Rav\RavService.exe" /service - (running)
O23 - 未知 - Service: RsCCenter [Rising Process Communication Center] - "d:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 未知 - Service: RsRavMon [Rising RealTime Monitor] - "D:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [SQLSERVERAGENT] - d:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER - (running)
O23 - 未知 - Service: vufedr [Microsoft .NET Framework TPM] - C:\WINDOWS\System32\hglban.dll - (not running)
O28 - 未知 - IELINK: C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\INTERN~1\QUICKL~1\启动IN~1.LNK - http://www.baidu.com/s?wd=&tn=dwso_22_dg
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - 安全 - Process: DF5Serv.exe [美国Faronics公司开发的冰点还原软件。] - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - d:\Program Files\Rising\Rav\CCenter.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。 ] - C: \ Program Files \ 360safe \ safemon \ 360tray.exe
100 - Safety - Process: safeboxTray.exe [360 security guards safe procedures. ] - C: \ Program Files \ 360Safebox \ safeboxTray.exe
100 - 安全 - Process: AntiArp.exe [360安全卫士ARP防火墙相关程序。] - C:\Program Files\360safe\antiarp\antiarp.exe
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - 安全 - Process: ekrn.exe [NOD32相关文件。] - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
100 - 安全 - Process: FrzState2k.exe [一款名为冰点还原的还原软件,用于windows系统还原。] - C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
100 - 安全 - Process: sqlmangr.exe [sql server服务管理器软件。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O1 - 安全 - Host: 127.0.0.1 yu.8s7.net
O1 - 安全 - Host: 127.0.0.1 1.jopanqc.com
O1 - 安全 - Host: 127.0.0.1 2.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 wg.47255.com
O1 - 安全 - Host: 127.0.0.1 1.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 xxx.m111.biz
O1 - 安全 - Host: 127.0.0.1 1.jopenqc.com
O1 - 安全 - Host: 127.0.0.1 1.jopenkk.com
O1 - 安全 - Host: 127.0.0.1 xxx.vh7.biz
O1 - 安全 - Host: 127.0.0.1 xxx.j41m.com
O1 - 安全 - Host: 127.0.0.1 3.joppnqq.com
O1 - 安全 - Host: 127.0.0.1 d.93se.com
O1 - 安全 - Host: 127.0.0.1 www.868wg.com
O1 - 安全 - Host: 127.0.0.1 xxx.mmma.biz
O1 - 安全 - Host: 127.0.0.1 ilove.com
O1 - 安全 - Host: 127.0.0.1 tp.shpzhan.cn
O1 - 安全 - Host: 127.0.0.1 www.tomwg.com
O1 - 安全 - Host: 127.0.0.1 www.cike007.cn
O1 - 安全 - Host: 127.0.0.1 www.22aaa.com
O1 - 安全 - Host: 127.0.0.1 xx.exiao01.com
O1 - 安全 - Host: 127.0.0.1 www.exiao01.com
O1 - 安全 - Host: 127.0.0.1 www.exiao01.com
O1 - 安全 - Host: 127.0.0.1 new.749571.com
O1 - 安全 - Host: 127.0.0.1 xtx.kv8.info
O1 - 安全 - Host: 127.0.0.1 cao.kv8.info
O1 - 安全 - Host: 127.0.0.1 1.jopmmqq.com
O1 - 安全 - Host: 127.0.0.1 171817.171817.com
O1 - 安全 - Host: 127.0.0.1 d2.llsging.com
O1 - 安全 - Host: 127.0.0.1 down.malasc.cn
O1 - 安全 - Host: 127.0.0.1 llboss.com
O1 - 安全 - Host: 127.0.0.1 nx.51ylb.cn
O1 - 安全 - Host: 127.0.0.1 my.531jx.cn
O1 - 安全 - Host: 127.0.0.1 qqq.dzydhx.com
O1 - 安全 - Host: 127.0.0.1 qqq.hao1658.com
O1 - 安全 - Host: 127.0.0.1 www.333292.com
O1 - 安全 - Host: 127.0.0.1 down.18dd.net
O1 - 安全 - Host: 127.0.0.1 up.22x44.com
O1 - 安全 - Host: 127.0.0.1 aaa.faba01.com
O1 - 安全 - Host: 127.0.0.1 bad.tqdlt.cn
O1 - 安全 - Host: 127.0.0.1 1.chsipo.com
O1 - 安全 - Host: 127.0.0.1 c3.aishangai.net
O1 - 安全 - Host: 127.0.0.1 c2.aishangai.net
O1 - 安全 - Host: 127.0.0.1 xxx.188dm.com
O1 - 安全 - Host: 127.0.0.1 x2.1a2b3c1.com
O1 - 安全 - Host: 127.0.0.1 d1.163500.net
O1 - 安全 - Host: 127.0.0.1 down.google-serv.cn
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] C: \ Program Files \ 360safe \ safemon \ 360tray.exe / start
O4 - 安全 - HKLM\..\Run: [RavTray] [瑞星公司出品的杀毒软件相关程序。] "d:\Program Files\Rising\Rav\RavTray.exe"
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Security - HKLM \ .. \ Run: [360Safebox] [360 security guards safe procedures. ] "C: \ Program Files \ 360Safebox \ safeboxTray.exe" / r
O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] C:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - 安全 - HKLM\..\Run: [egui] [NOD32杀毒软件相关程序。] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - 安全 - HKLM\..\RunOnce: [360Safe] [360安全卫士] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - 安全 - Startup folder: [服务管理器.lnk] [windows的服务管理器。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk
O8 - 安全 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: EhttpSrv [NOD32杀毒软件相关服务。] - "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" - (not running)
O23 - 安全 - Service: ekrn [NOD32杀毒软件相关服务。] - "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" - (running)
O23 - 安全 - Service: MSSQLServerADHelper [Mssqlserveradhelper 服务。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - (not running)
=======================================
O31 - 未知 - Folder Menu: {D00CCF25-F552-40D2-9114-6C1924BA8119} - E:\封装步~1\(4)优~1\WINDOW~1.79\WOPTIC~1.DLL - - - - 0 -
O31 - 未知 - Notify: DfLogon - C:\WINDOWS\system32\LogonDll.dll - - - - 49152 - 97d356255111687bfe8dcc98860eda5f
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Avi Properties Handler - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:压缩(zipped)文件夹 - - - - - 0 -
O31 - 未知 - SEApproved: {143A62C8-C33B-11D1-84FE-00C04FA34A14} - C:\WINDOWS\msagent\AgentPsh.dll - Microsoft Corporation - Microsoft Agent Property Sheet Handler - 2.0.0.2115 - 36864 - b4ac608ebf5a8fdefa2d635e83b7c0e8
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 128000 - a6b1dc942d126b5687fab84b5070dd3c
O31 - 未知 - SEApproved: {68f32140-2ca3-11d0-acc1-444553540000} - C:\Program Files\ACDSee\picaview.dll - ACD Systems, Ltd. - PicaView 系统扩展 DLL - 2.0.0.78 - 487424 - 053432fff82198e62c0162be6c5c60f9
O31 - 未知 - SEApproved: {D00CCF25-F552-40D2-9114-6C1924BA8119} - E:\封装步~1\(4)优~1\WINDOW~1.79\WOPTIC~1.DLL - - - - 0 -
O31 - 未知 - Directory Menu: {D00CCF25-F552-40D2-9114-6C1924BA8119} - E:\封装步~1\(4)优~1\WINDOW~1.79\WOPTIC~1.DLL - - - - 0 -
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 128000 - a6b1dc942d126b5687fab84b5070dd3c
O31 - 未知 - BootExecute: bsmain - - - - 0 -
O31 - 未知 - Image Execution: avast.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: avcenter.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: avguard.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: guard.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: kav.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: kissvc.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: KvMonXP.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: KVXP.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: rfwproxy.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: sched.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: wscntfy.exe - IFEOFILE - - - - 0 -
O31 - 未知 - Image Execution: wuauclt.exe - IFEOFILE - - - - 0 -
O31 - 未知 - LSA: Notification Packages - - - - - 0 -
O31 - 未知 - LSA: Notification Packages - cecli.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - winlogon.exe - - C:\WINDOWS\system32\LogonDll.dll - - 97d356255111687bfe8dcc98860eda5f
=======================================
O41 - softctrl - flow control driver - C:\WINDOWS\system32\drivers\softctrl.sys - (running) - flow control driver - Alcor Micro Corp. - 45b65a71fbfc979c03d12b110be114cf
O41 - viagfx - VIA/S3G Miniport Driver - C:\WINDOWS\system32\drivers\vtmini.sys - (running) - VIA/S3G Miniport Driver - Copyright (C) VIA/S3 Graphics Co, Ltd. - 254bbe931d271e7176a4679237922c12
O41 - yzkzobob - yzkzobob - C:\WINDOWS\system32\drivers\ocypde.sys - (not running) - - -
=======================================
360Safe.exe=4.3.0.1007
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028
辽宁省辽阳市 网友
[引用][举报]5 楼 2008-09-16 13:53
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2008-09-16 13:49:39
诊断平台: Microsoft Windows 2000 Service Pack 4
IE版本: Internet Explorer V6.0.2800.1106 Build:62800.1106
计算机物理内存:2.00GB - 当前可用内存:2.00GB
100 - 未知 - Process: cissesrv.exe [HP Smart Array SAS/SATA Notification Service] - C:\Program Files\HP\Cissesrv\Cissesrv.exe
100 - 未知 - Process: CpqRcmc.exe [HP ProLiant Remote Monitor Service] - C:\WINNT\System32\CpqRcmc.exe
100 - 未知 - Process: vcagent.exe [HP Version Control Agent] - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
100 - 未知 - Process: kaccore.exe [Kingsoft Basic Service Module] - C:\Program Files\Kingsoft\KAC\Service\kaccore.exe
100 - 未知 - Process: kissvc.exe [Kingsoft AntiVirus Service Manager] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE
100 - 未知 - Process: kmailmon.exe [Kingsoft Antivirus Email Scan] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailMon.EXE
100 - 未知 - Process: sqlservr.exe [SQL Server Windows NT] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
100 - 未知 - Process: NSPMON.exe [Windows Media Monitor Service] - C:\WINNT\System32\WINDOW~1\Server\nspmon.exe
100 - 未知 - Process: NSCM.exe [Windows Media Station Service] - C:\WINNT\System32\WINDOW~1\Server\nscm.exe
100 - 未知 - Process: sqlagent.exe [Microsoft SQL Server Agent] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
100 - 未知 - Process: sysdown.exe [HP ProLiant System Shutdown Service] - C:\WINNT\System32\sysdown.exe
100 - 未知 - Process: smhstart.exe [HP System Management Homepage Service] - C:\hp\hpsmh\bin\smhstart.exe
100 - 未知 - Process: hpsmhd.exe [HP System Management Homepage] - C:\hp\hpsmh\bin\hpsmhd.exe -fC:/hp/hpsmh/conf/smhpd.conf
100 - 未知 - Process: cpqnimgt.exe [NIC Agents Service] - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
100 - 未知 - Process: cqmgserv.exe [Server Agent Service] - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
100 - 未知 - Process: cqmgstor.exe [HP Insight Storage Agents Service] - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
100 - 未知 - Process: nspm.exe [Windows Media Program Service] - C:\WINNT\System32\WINDOW~1\Server\nspm.exe
100 - 未知 - Process: NSUM.exe [Windows Media Unicast Service] - C:\WINNT\System32\WINDOW~1\Server\nsum.exe
100 - 未知 - Process: cqmghost.exe [Foundation Agent Service] - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
100 - 未知 - Process: rotatelogs.exe [rotatelogs Utility] - C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/error_log 5M
100 - 未知 - Process: rotatelogs.exe [rotatelogs Utility] - C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/access_log 5M
100 - 未知 - Process: hpsmhd.exe [HP System Management Homepage] - C:\hp\hpsmh\bin\hpsmhd.exe -d C:/hp/hpsmh -f C:/hp/hpsmh/conf/smhpd.conf
100 - 未知 - Process: rotatelogs.exe [rotatelogs Utility] - C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/error_log 5M
100 - 未知 - Process: rotatelogs.exe [rotatelogs Utility] - C:\hp\hpsmh\bin\rotatelogs.exe C:/hp/hpsmh/logs/access_log 5M
100 - 未知 - Process: cpqteam.exe [CPQTEAM.EXE (32-bit)] - C:\WINNT\system32\cpqteam.exe
100 - 未知 - Process: ARPClient.exe [TODO: <File description>] - C:\WINNT\ARPClient.exe
100 - 未知 - Process: KASArp.EXE [KASArp Module] - C:\Program Files\Kingsoft\Antiarp\KASArp.EXE
100 - 未知 - Process: csrss.exe [] - C:\WINNT\system32\Edison\csrss.exe 59.45.186.5
100 - 未知 - Process: kpfwsvc.exe [Kingsoft Personal Firewall Service] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE
100 - 未知 - Process: kavstart.exe [Kingsoft Antivirus Security Center] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kavstart.exe
O4 - 未知 - HKLM\..\Run: [CPQTEAM] [CPQTEAM.EXE (32-bit)] cpqteam.exe
O4 - 未知 - HKLM\..\Run: [ARPClient] [TODO: <File description>] C:\WINNT\ARPClient.exe
O4 - 未知 - HKCU\..\Run: [Antispy ARP] [KASArp Module] C:\Program Files\Kingsoft\Antiarp\KASArp.EXE
O9 - 未知 - Extra button: 金山网页防挂马模块设置(HKLM) - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL
O16 - 未知 - DPF: {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (NTKO OFFICE文档控件) - http://192.168.1.234/oa/weboffice/OfficeControl.cab
O22 - 未知 - Filename Extention: .hlp - winhlp32.exe %1
O23 - 未知 - Service: 360Sofe [360Sofe升级工具] - - (not running)
O23 - 未知 - Service: AUtm0at [本地和远程计算机上文件的索引内容和属性;提供文件快速访问] - C:\WINNT\system32\csv1s.exe - (not running)
O23 - 未知 - Service: AutoReg [Such as the use of the name resolution protocol issued computer name. Configuration through Netsh context p2p pnrp peer management.] - C:\WINNT\system32\Config\smss.exe - (not running)
O23 - 未知 - Service: avast Antivirus [管理并执行本计算机中的 avast杀毒服务。] - - (not running)
O23 - 未知 - Service: Bervice [Bervice] - C:\WINNT\system32\cS.exe - (not running)
O23 - 未知 - Service: CIMnotify [HP Insight Event Notifier] - C:\WINNT\System32\CIMntfy\cimntfy.exe - (not running)
O23 - 未知 - Service: Cissesrv [The HP Smart Array SAS/SATA Event Notification Service provides event notification to the Windows 2000/Server 2003 system event log and the HP ProLiant Integrated Management Log for systems using the HP Smart Array SAS/SATA controller driver.] - C:\Program Files\HP\Cissesrv\Cissesrv.exe - (running)
O23 - 未知 - Service: CpqNicMgmt [HP Insight NIC Agent] - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe - (running)
O23 - 未知 - Service: CpqRcmc [Provides support for the HP ProLiant Integrated Management Log Viewer.] - C:\WINNT\System32\CpqRcmc.exe - (running)
O23 - 未知 - Service: cpqvcagent [Collects data and allows management of ProLiant software and firmware.] - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe - (running)
O23 - 未知 - Service: CqMgHost [HP Insight Foundation Agents.] - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe - (running)
O23 - 未知 - Service: CqMgServ [HP Insight Server Agents.] - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe - (running)
O23 - 未知 - Service: CqMgStor [HP Insight Storage Agents] - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe - (running)
O23 - 未知 - Service: DNslisys [如果此服务被禁用,任何明确依赖它的服务将不能启动。] - - (not running)
O23 - 未知 - Service: FDRes [Issuance of the computer and connect to the computer's resources, in order to be able to find these resources on the network.] - C:\WINNT\system32\Choc\smss.exe - (not running)
O23 - 未知 - Service: ffddd [Reme Conttrol!] - - (not running)
O23 - 未知 - Service: HsSvc [System configuration allows for the removal of smart cards at the user's desktop lock.] - - (not running)
O23 - 未知 - Service: Irmon [监测和监视新硬件设备并自动更新设备驱动。] - C:\WINNT\System32\svchost.exe -k netsvcs - (starting)
O23 - 未知 - Service: kaccore [金山软件基础服务,为金山公司系列软件提供调用方式扩展、软件升级等多种基础服务。] - "C:\Program Files\Kingsoft\KAC\Service\kaccore.exe" - (running)
O23 - 未知 - Service: Media Center Receiver Service [电视或 FM 广播接收的 Windows Media Center 服务。] - - (not running)
O23 - 未知 - Service: MediaCenter [Provides support for media palyer. This service can't be stoped.] - C:\WINNT\System32\svchost.exe -k krnlsrvc - (starting)
O23 - 未知 - Service: msn [application crashes to Microsoft] - C:\WINNT\SYSTEM32\uqxetc.dll - (starting)
O23 - 未知 - Service: MSSQLSERVER [MSSQLSERVER] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe - (running)
O23 - 未知 - Service: NSLService [On-line Presentation Broadcast] - C:\WINNT\System32\Windows Media\NSLite\nslservice.exe - (not running)
O23 - 未知 - Service: nsmonitor [提供服务以监视客户端和服务器与 Windows Media 服务的连接] - C:\WINNT\System32\WINDOW~1\Server\nspmon.exe - (running)
O23 - 未知 - Service: nsprogram [用于将 Windows Media 流组合至 Windows Media 广播站服务连续节目内] - C:\WINNT\System32\WINDOW~1\Server\nspm.exe - (running)
O23 - 未知 - Service: nsstation [为传输 Windows Media 内容提供多播和分发服务] - C:\WINNT\System32\WINDOW~1\Server\nscm.exe - (running)
O23 - 未知 - Service: nsunicast [将 Windows Media 流点播内容提供给网络客户] - C:\WINNT\System32\WINDOW~1\Server\nsum.exe - (running)
O23 - 未知 - Service: QUWAVE [Audio and video quality of Windows experience (qWave) is a home network for IP audio and video (AV) streaming application network platform.] - C:\WINNT\system32\Edison\smss.exe - (not running)
O23 - 未知 - Service: QZone [QQZone 请勿删除] - C:\WINNT\system32\QZone.exe - (not running)
O23 - 未知 - Service: RiSingKaKa [RiSing KaKa 6.0 Anti Virus Driver] - - (not running)
O23 - 未知 - Service: soundcard [Windows Soundcard driver] - C:\WINNT\mydriver.exe - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [SQLSERVERAGENT] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe - (running)
O23 - 未知 - Service: sysdown [Shuts down the system in the event of overheating or loss of cooling in response to commands from the HP ProLiant iLO 2 Management Controller driver.] - C:\WINNT\System32\sysdown.exe - (running)
O23 - 未知 - Service: SysMgmtHp [The HP System Management Homepage allows an administrator to monitor the web-apps on the system.] - C:\hp\hpsmh\bin\smhstart.exe - (running)
O23 - 未知 - Service: TrkSvr [保存文件在域中卷之间移动的信息。] - C:\WINNT\system32\services.exe - (running)
O23 - 未知 - Service: Windows Audio Driver [系统音频驱动文件,如果该服务被禁用系统将没有声音.] - C:\WINNT\system32\svchost.exe -k netsvcs - (starting)
O23 - 未知 - Service: wlfw.wijkdhsd [网络服务系统ADQL] - - (not running)
O23 - 未知 - Service: 风云15 [请不要非法使用] - - (not running)
O30 - 未知 - HKCU\..\Desktop: [Scrnsave.exe] [Starfield Screen Saver] C:\WINNT\system32\ssstars.scr
=======================================
100 - 安全 - Process: SMSS.EXE [该进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINNT\System32\smss.exe
100 - 安全 - Process: CSRSS.EXE [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesr
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。] - C:\WINNT\system32\winlogon.exe
100 - 安全 - Process: SERVICES.EXE [用于管理windows服务系统进程。] - C:\WINNT\system32\services.exe
100 - 安全 - Process: LSASS.EXE [本地安全权限服务控制windows安全机制。] - C:\WINNT\system32\lsass.exe
100 - 安全 - Process: scardsvr.exe [对插入在计算机智能卡阅读器中的智能卡进行管理和访问控制。] - C:\WINNT\System32\SCardSvr.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\system32\svchost -k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\System32\svchost.exe -k netsvcs
100 - 安全 - Process: kwatch.exe [金山毒霸2008相关文件。] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C:\WINNT\system32\spoolsv.exe
100 - 安全 - Process: NETDDE.EXE [管理网络 dde 的共享动态数据交换程序。] - C:\WINNT\system32\netdde.exe
100 - 安全 - Process: aspnet_state.exe [IIS启用时需要的相关进程。] - C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: cisvc.exe [microsoft index service helper监视索引服务的内存占用情况。] - C:\WINNT\System32\cisvc.exe
100 - 安全 - Process: clipsrv.exe [支持“剪贴簿查看器”,以便可以从远程剪贴簿查阅剪贴页面。] - C:\WINNT\system32\clipsrv.exe
100 - 安全 - Process: inetinfo.exe [microsoft internet infomation services (iis)的一部分,用于debug调试除错。] - C:\WINNT\System32\inetsrv\inetinfo.exe
100 - 安全 - Process: LLSSRV.EXE [windows自带的许可证日志记录服务。] - C:\WINNT\System32\llssrv.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\System32\svchost.exe -k krnlsrvc
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\system32\SVCHOST.exe -k msn
100 - 安全 - Process: ntfrs.exe [文件复制服务,用于在多个服务器间维护文件目录内容的文件同步。] - C:\WINNT\system32\ntfrs.exe
100 - 安全 - Process: regsvc.exe [远程注册表服务用于访问在远程计算机的注册表。] - C:\WINNT\system32\regsvc.exe
100 - 安全 - Process: mstask.exe [windows计划任务用于设定继承在什么时间或者什么日期备份或者运行。] - C:\WINNT\system32\MSTask.exe
100 - 安全 - Process: SNMP.EXE [windows简单的网络协议代理(snmp)用于监听和发送请求到适当的网络部分。] - C:\WINNT\System32\snmp.exe
100 - 安全 - Process: termsrv.exe [提供多会话环境,允许客户端设备访问虚拟的 windows 2000 professional 桌面会话以及运行在服务器上的基于 windows 的程序。] - C:\WINNT\System32\termsrv.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\system32\svchost.exe -k netsvcs
100 - 安全 - Process: WinMgmt.exe [windows management service透过windows management instrumentation data (wmi)技术处理来自应用客户端的请求。] - C:\WINNT\System32\WBEM\WinMgmt.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\system32\svchost.exe -k wugroup
100 - 安全 - Process: dfssvc.exe [管理分布于局域网或广域网的逻辑卷的程序。] - C:\WINNT\system32\Dfssvc.exe
100 - 安全 - Process: msdtc.exe [microsoft distributed transaction coordinator控制多个服务器的传输,被安装在microsoft personal web server和microsoft sql server。] - C:\WINNT\System32\msdtc.exe
100 - 安全 - Process: mssearch.exe [microsoft sql server全文搜索服务相关程序。] - C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\System32\svchost.exe -k tapisrv
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINNT\System32\svchost.exe -k BITSgroup
100 - 安全 - Process: DLLHOST.EXE [dcom dll host进程支持基于com对象支持dll以运行windows程序。] - C:\WINNT\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
100 - 安全 - Process: aspnet_wp.exe [是microsoft asp.net程序软件的一部分,用于web应用程序的开发。] - C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe 1004 256 16 2 3 0 20 20 q2FmSr8PI5kiwIjEGJBhTMHcUvg9Br
100 - 安全 - Process: cidaemon.exe [在后台运行的windows索引服务,用于帮助你搜索文件在下次变得更快。] - C:\WINNT\System32\cidaemon.exe
100 - 安全 - Process: cidaemon.exe [在后台运行的windows索引服务,用于帮助你搜索文件在下次变得更快。] - C:\WINNT\System32\cidaemon.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C:\WINNT\Explorer.EXE
100 - Safety - Process: safeboxTray.exe [360 security guards safe procedures. ] - C: \ Program Files \ 360Safebox \ safeboxTray.exe
100 - Safety - Process: 360tray.exe [360 security guards real-time monitoring program. ] - C: \ Program Files \ 360safe \ safemon \ 360tray.exe
100 - 安全 - Process: internat.exe [输入控制图标用于更改类似国家设置、键盘类型和日期格式。] - C:\WINNT\system32\internat.exe
100 - 安全 - Process: sqlmangr.exe [sql server服务管理器软件。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
100 - 安全 - Process: wuauclt.exe [windows操作系统后台程序,用于系统升级。] - C:\WINNT\system32\wuauclt.exe
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=about:blank
O3 - 安全 - Toolbar: (@msdxmLC.dll,-1@2052,电台(&R)) - [是Windows Media Player播放器ActiveX控制相关文件。] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - Security - HKLM \ .. \ Run: [360Safebox] [360 security guards safe procedures. ] "C: \ Program Files \ 360Safebox \ safeboxTray.exe" / r
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] C: \ Program Files \ 360safe \ safemon \ 360tray.exe / start
O4 - 安全 - HKLM\..\Run: [KavStart] [金山出品的金山毒霸杀毒软件。] "C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup
O4 - 安全 - HKCU\..\Run: [Internat.exe] [输入法在任务栏里的图标] internat.exe
O4 - 安全 - Startup folder: [服务管理器.lnk] [windows的服务管理器。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk
O9 - 安全 - Extra button: 电台(HKLM) - C:\WINNT\web\related.htm
O16 - 安全 - DPF: 无效的CLSID:{32564D57-0000-0010-8000-00AA00389B71} ({32564D57-0000-0010-8000-00AA00389B71}) - http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
O16 - 安全 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Windows升级工具V5) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215479242828
O23 - 安全 - Service: Fax [微软Microsoft传真服务相关程序,该服务允许用户创建和发送传真到微软Office组件中。] - C:\WINNT\system32\faxsvc.exe - (not running)
O23 - 安全 - Service: KISSvc [金山毒霸2008杀毒套装相关服务。] - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE - (running)
O23 - 安全 - Service: KPfwSvc [金山网镖网络实时监控服务程序。] - "C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE" - (running)
O23 - 安全 - Service: KWatchSvc [金山毒霸文件实时防毒服务程序。] - "C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE" - (running)
O23 - 安全 - Service: MSSQLServerADHelper [Mssqlserveradhelper 服务。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - (not running)
O23 - 安全 - Service: NtFrs [在多个服务器间维护文件目录内容的文件同步。] - C:\WINNT\system32\ntfrs.exe - (running)
O23 - 安全 - Service: SNMP [微软Windows自带的网络相关进程,用于局域网LAN和局域网基础配置。] - C:\WINNT\System32\snmp.exe - (running)
O23 - 安全 - Service: SNMPTRAP [微软Microsoft Windows操作系统相关程序,用于监听简单网络管理协议SNMP的消息。] - C:\WINNT\System32\snmptrap.exe - (not running)
=======================================
O31 - 未知 - Folder Menu: {F9DB5320-233E-11D1-9F84-707F02C10627} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - Adobe Systems, Inc. - PDF Shell Extension - 8.1.0.0 - 372736 - 2094bc9a0fc9c0e15eea5f4a9581dd14
O31 - 未知 - Notify: AtiExtEvent - Ati2evxx.dll - - - - 0 -
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 122880 - 0eaf44ac67d76456553233f681ccbb7a
O31 - 未知 - SEApproved: {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINNT\system32\mscoree.dll - Microsoft Corporation - Microsoft .NET Runtime Execution Engine - 2.0.50727.253 - 271360 - b5b67ee09b52d7129b8041b9bd411f7b
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 122880 - 0eaf44ac67d76456553233f681ccbb7a
O31 - 未知 - BootExecute: DfsInit - - - - 0 -
O31 - 未知 - LSA: Notification Packages - ASSFM.dll - - - - 0 -
O31 - 未知 - LSA: Notification Packages - DCSVC.dll - - - - 0 -
O31 - 未知 - LSA: Notification Packages - cecli.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll - Microsoft? C Runtime Library - e4fece18310e23b1d8fee993e35e7a6f
O40 - Explorer.EXE - Adobe Systems, Inc. - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - PDF Shell Extension - 2094bc9a0fc9c0e15eea5f4a9581dd14
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL - MFCDLL Shared Library - Retail Version - ccc2e312486ae6b80970211da472268b
O40 - Explorer.EXE - Microsoft Corporation - C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll - Microsoft? C++ Runtime Library - 4c8a880eabc0b4d462cc4b2472116ea1
=======================================
O41 - ft1kEnum - ic1k Bus Enumerator - C:\WINNT\system32\drivers\ic1kenum.sys - (running) - ic1k Bus Enumerator - OEM Corporation - f7015f00c9dd43ade0bafb1cff6c98d1
O41 - HOSTNT - HOSTNT - C:\WINNT\system32\drivers\hostnt.sys - (running) - - - caed87f7526384d7ed8a51cbfa12aac2
O41 - Reader_1000 - USB SmartCard Reader Driver - C:\WINNT\system32\drivers\usbic1k.sys - (running) - USB SmartCard Reader Driver - OEM - ca87d44ebc58787b61a27107387fce53
O41 - UsbC - UMC DOG DRIVER - C:\WINNT\system32\drivers\rcusbwdm.sys - (running) - UMC DOG DRIVER - Rainbow China Co. Ltd. - 77ec535b93455b63f8bc1418a33b6389
O41 - CNMPROT - CNMPROT - C:\WINNT\system32\drivers\cnmprot.sys - (not running) - - - f3724b3f51fd0c22825197fac5d6f434
O41 - ioncyb - ioncyb - C:\WINNT\system32\drivers\ioncyb.sys - (not running) - - -
O41 - ypfvdbdn - ypfvdbdn - C:\WINNT\system32\drivers\sxqlgz.sys - (not running) - - -
O41 - yrpoztqb - yrpoztqb - C:\WINNT\system32\drivers\veiqhv.sys - (not running) - - -
=======================================
360Safe.exe=4.3.0.1008
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028
浙江省嘉兴市 网友
[引用][举报]6 楼 2008-09-16 17:14
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2008-09-16 17:16:09
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:511.48MB - 当前可用内存:268.31MB
100 - 未知 - Process: sqlservr.exe [SQL Server Windows NT] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
100 - 未知 - Process: sqlagent.exe [Microsoft SQL Server Agent] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe
100 - 未知 - Process: egui.exe [Eset GUI] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
100 - 未知 - Process: smss.exe [] - C:\WINDOWS\system32\Edison\smss.exe
100 - 未知 - Process: services.exe [] - C:\WINDOWS\system32\Edison\services.exe
100 - 未知 - Process: csrss.exe [] - C:\WINDOWS\system32\Edison\csrss.exe 121.46.16.23
100 - 未知 - Process: Shsvc.exe [] - C:\WINDOWS\System32\Shsvc.exe
100 - 未知 - Process: svchoct.exe [Run a DLL as an App] - C:\WINDOWS\system32\inf\svchoct.exe
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
O4 - 未知 - HKLM\..\RunOnce: [KKDelay] [RunOnce Application] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 未知 - Extra button: 雨林木风(HKLM) - http://bbs.ylmf.com
O23 - 未知 - Service: 360Sofe [360Sofe升级工具] - C:\Program Files\360Sofe.exe - (not running)
O23 - 未知 - Service: AutoReg [Such as the use of the name resolution protocol issued computer name. Configuration through Netsh context p2p pnrp peer management.] - C:\WINDOWS\system32\Config\smss.exe - (not running)
O23 - 未知 - Service: avast Antivirus [管理并执行本计算机中的 avast杀毒服务。] - C:\WINDOWS\Alwil Software\Avast5\Avast.exe - (not running)
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - C:\Program Files\StormII\stormliv.exe /asservice - (running)
O23 - 未知 - Service: CDMS+SystemSR [如果禁用此服务,依赖此服务的其他服务将无法启动。] - C:\Program Files\bot.exe - (not running)
O23 - 未知 - Service: Computertrowser [维护网络上计算机的更新列表,并将列表提供给计算机指定浏览。] - C:\WINDOWS\system32\mp3.exe - (not running)
O23 - 未知 - Service: coqegw [Microsoft .NET Framework TPM] - C:\WINDOWS\System32\ffradl.dll - (not running)
O23 - 未知 - Service: HtSvc [System configuration allows for the removal of smart cards at the user's desktop lock.] - C:\WINDOWS\System32\online.exe - (not running)
O23 - 未知 - Service: Media Center Receiver Service [电视或 FM 广播接收的 Windows Media Center 服务。] - C:\WINDOWS\System32\beal.exe - (not running)
O23 - 未知 - Service: MediaCenter [Provides support for media palyer. This service can't be stoped.] - C:\WINDOWS\system32\RumvtuC.dll - (not running)
O23 - 未知 - Service: MSSQLSERVER [MSSQLSERVER] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe - (running)
O23 - 未知 - Service: netsvc [支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止,这些功能不可用。如果服务被] - C:\WINDOWS\system32\netsvc.dll - (not running)
O23 - 未知 - Service: pxjmlw [Microsoft .NET Framework TPM] - C:\WINDOWS\System32\pifbljqs.dll - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [SQLSERVERAGENT] - d:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe - (running)
O23 - 未知 - Service: wbengins [The implementation of block-level backup and restore engines] - C:\WINDOWS\System32\odsvc.exe - (not running)
O23 - 未知 - Service: Windows Audio Driver [系统音频驱动文件,如果该服务被禁用系统将没有声音.] - C:\WINDOWS\system32\Audio's.dll - (not running)
O23 - 未知 - Service: QUWAVE [Audio and video quality of Windows experience (qWave) is a home network for IP audio and video (AV) streaming application network platform.] - C:\WINDOWS\system32\Edison\smss.exe - (running)
O23 - 未知 - Service: HsSvc [System configuration allows for the removal of smart cards at the user's desktop lock.] - C:\WINDOWS\System32\Shsvc.exe - (running)
O28 - 未知 - IELINK: C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\INTERN~1\QUICKL~1\启动IN~1.LNK - www.kuku123.com
O28 - 未知 - IELINK: C:\DOCUME~1\ADMINI~1\「开始~1\程序\INTERN~1.LNK - www.kuku123.com
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - 安全 - Process: stormliv.exe [暴风影音的应用程序] - C:\Program Files\StormII\stormliv.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\iexplore.exe
100 - 安全 - Process: ekrn.exe [NOD32相关文件。] - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - 安全 - Process: SOUNDMAN.EXE [一个软声卡控制台软件。] - C:\WINDOWS\SOUNDMAN.EXE
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\RUNDLL32.EXE
100 - 安全 - Process: AntiArp.exe [360安全卫士ARP防火墙相关程序。] - C:\Program Files\360safe\antiarp\antiarp.exe
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - 安全 - Process: sqlmangr.exe [sql server服务管理器软件。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - 安全 - Process: TTPlayer.exe [一款名为千千静听的音频播放的主程序。] - C:\Program Files\TTPlayer\TTPlayer.exe
100 - 安全 - Process: ntsd.exe [是windows自带的可用来结束进程的程序。] - C:\WINDOWS\system32\ntsd.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - Safety - Process: 360tray.exe [360 security guards real-time monitoring program. ] - C:\Program Files\360safe\safemon\360Tray.exe
100 - 安全 - Process: safeboxtray.exe [360安全卫士保险箱相关程序。] - C:\Program Files\360Safebox\safeboxtray.exe
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
O2 - 安全 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块。] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - 安全 - BHO: (卡卡上网安全助手) - [卡卡上网安全助手,网络辅助工具。] - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXE
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [nwiz] [是NVidia的Nview特性相关程序。该程序用于用户对其特性进行配置,将桌面扩展到多台显示器上。 ] nwiz.exe /install
O4 - 安全 - HKLM\..\Run: [NvMediaCenter] [是NVidia显示卡相关文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] C: \ Program Files \ 360safe \ safemon \ 360tray.exe / start
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] C:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - 安全 - HKLM\..\Run: [egui] [NOD32杀毒软件相关程序。] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - 安全 - HKLM\..\RunOnce: [360Safe] [360安全卫士] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - 安全 - Startup folder: [服务管理器.lnk] [windows的服务管理器。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk
O8 - 安全 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: 启动迅雷5(HKLM)(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: EhttpSrv [NOD32杀毒软件相关服务。] - "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" - (not running)
O23 - 安全 - Service: ekrn [NOD32杀毒软件相关服务。] - "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" - (running)
O23 - 安全 - Service: MSSQLServerADHelper [Mssqlserveradhelper 服务。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - (not running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)
=======================================
O31 - 未知 - Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll - - - 1.7.70.0 - 3584 - 4b2765888e281469ac6d2bf539e01ec3
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {640167b4-59b0-47a6-b335-a6b3c0695aea} - C:\WINDOWS\system32\Audiodev.dll - Microsoft Corporation - 便携媒体设备命令行解释器扩展 - 5.2.3810.3911 - 480256 - 654ed554db1a6c215fb2898da48880bd
O31 - 未知 - SEApproved: {cc86590a-b60a-48e6-996b-41d25ed39a1e} - C:\WINDOWS\system32\Audiodev.dll - Microsoft Corporation - 便携媒体设备命令行解释器扩展 - 5.2.3810.3911 - 480256 - 654ed554db1a6c215fb2898da48880bd
O31 - 未知 - SEApproved: {60254CA5-953B-11CF-8C96-00AA00B8708C} - C:\WINDOWS\system32\wshext.dll - Microsoft Corporation - Microsoft (r) Shell Extension for Windows Script Host - 5.6.0.8825 - 65536 - 1905f39172a4864f8abad9337bdcad22
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {8DD448E6-C188-4aed-AF92-44956194EB1F} - C:\WINDOWS\system32\wmpshell.dll - Microsoft Corporation - Windows Media Player Launcher - 10.0.0.3802 - 86016 - 184e6b5c5301631c2d477b0debe5c6b1
O31 - 未知 - SEApproved: {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} - C:\WINDOWS\system32\wmpshell.dll - Microsoft Corporation - Windows Media Player Launcher - 10.0.0.3802 - 86016 - 184e6b5c5301631c2d477b0debe5c6b1
O31 - 未知 - SEApproved: {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} - C:\WINDOWS\system32\wmpshell.dll - Microsoft Corporation - Windows Media Player Launcher - 10.0.0.3802 - 86016 - 184e6b5c5301631c2d477b0debe5c6b1
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - winlogon.exe - - C:\WINDOWS\system32\WgaLogon.dll - - 4b2765888e281469ac6d2bf539e01ec3
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll - DsBho - ee3adee73e96bc55d6209be46facd2c9
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll - DataProcessor - 0ab986e0ca1178bf2a3136a51fbe4f59
=======================================
O41 - 000e4d60 - 000e4d60 - C:\WINDOWS\system32\Drivers\000e4d60.sys - (not running) - - -
=======================================
360Safe.exe=4.3.0.1008
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028
香港 网友
[引用][举报]7 楼 2008-09-16 17:32
??蔼も?
獶盽稰?眤痙みи??╰???????垫??蒃??单?眤????
?????パ360????矗ㄑ http://www.360.cn
诊断时间: 2008-09-16 17:33:33
Diagnostic Platforms: Microsoft Windows XP Service Pack 3
IE版本: Internet Explorer V7.0.5730.13 Build:75730
计算机物理内存:895.17MB - 当前可用内存:497.96MB
100 - 未知 - Process: avpmapp.exe [eScan File Monitoring System] - C:\PROGRA~1\eScan\VISTA\avpmapp.exe
100 - 未知 - Process: TRAYSSER.EXE [eScan Service Controller for TRAYICOS] - C:\PROGRA~1\eScan\TRAYSSER.EXE
100 - 未知 - Process: MWASER.EXE [MWAgent Service] - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
100 - 未知 - Process: MWAGENT.EXE [MicroWorld Agent] - C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
100 - 未知 - Process: CONSCTL.EXE [Application Blocker] - C:\PROGRA~1\eScan\consctl.exe
100 - 未知 - Process: PPSAP.exe [PPS 蔍??硉竟] - C:\Program Files\PPStream\ppsap.exe
100 - 未知 - Process: TWCU.exe [TL-WN321G Wireless Utility] - C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
100 - 未知 - Process: eScanMon.exe [eScan Monitor] - C:\PROGRA~1\eScan\Vista\escanmon.exe
100 - 未知 - Process: ScanningProcess.exe [Kaspersky AV Scanner] - c:\progra~1\escan\vista\ScanningProcess.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://hk.yahoo.com/
O4 - 未知 - HKLM\..\Run: [SkyTel] [Realtek Voice Manager] SkyTel.EXE
O4 - 未知 - HKLM\..\Run: [SiSPower] [Dynamic link library for setting Power Scheme] Rundll32.exe SiSPower.dll,ModeAgent
O4 - 未知 - HKLM\..\Run: [eScan Updater] [eScan Updater - Server] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - 未知 - HKLM\..\Run: [MailScan Dispatcher] [MailScan Dispatcher Launcher] "C:\PROGRA~1\eScan\LAUNCH.EXE" /startup
O4 - 未知 - HKLM\..\Run: [mwavscan_autoscan] [MicroWorld Anti Virus & Spyware Toolkit Utility] "C:\PROGRA~1\eScan\MWAVSCAN.EXE" /s /AUTORUNBOOT
O4 - 未知 - HKCU\..\Run: [PPS Accelerator] [PPS 蔍??硉竟] C:\Program Files\PPStream\ppsap.exe
O4 - 未知 - Startup folder: [TL-WN321G Wireless Utility.lnk] [] C:\Documents and Settings\All Users\?秨﹍????\祘Α栋\币笆\TL-WN321G Wireless Utility.lnk
O8 - 未知 - Extra context menu item: Foxy ?更 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - 未知 - Extra context menu item: Foxy 穓碝 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - 未知 - Extra context menu item: ?肚?QQ呼隔祑盒 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 穝糤?QQ?﹚竡?狾 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - 未知 - Extra context menu item: 穝糤?QQ?薄 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Documents and Settings\Administrator\??\AddEmotion.htm
O8 - 未知 - Extra context menu item: 睰??QQ?﹚竡?狾 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - 未知 - Extra context menu item: 睰??QQ?薄 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - 未知 - Extra context menu item: ノQQ MMS肚癳赣瓜? - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - 未知 - Extra context menu item: ノQQ眒獺祇癳赣瓜? - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - 未知 - Extra button: Sun Java ?北?(HKLM) - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - 未知 - Extra button: 乃癟QQ(HKLM) - C:\Program Files\Tencent\qq\QQ.EXE
O9 - 未知 - Extra button: @xpsp3res.dll,-20001(HKLM) - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - 未知 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - 未知 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} (RavOnline) - http://download.rising.com.cn/rs2008/online/notvista/ravolctl.cab
O16 - 未知 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O23 - 未知 - Service: eScan Monitor Service [MicroWorld eScan Virus Monitoring Service.] - C:\PROGRA~1\eScan\VISTA\avpmapp.exe - (running)
O23 - 未知 - Service: eScan-trayicos [eScan Server Updater Service] - C:\PROGRA~1\eScan\TRAYSSER.EXE - (running)
O23 - 未知 - Service: MWAgent [MicroWorld Agent Service] - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE - (running)
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - Safety - Process: winlogon.exe [windows nt user log-in procedure. ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: RTHDCPL.EXE [瑞昱出品的声卡相关程序。] - C:\WINDOWS\RTHDCPL.EXE
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - Safety - Process: safeboxTray.exe [360 security guards safe procedures. ] - C: \ Program Files \ 360Safebox \ safeboxTray.exe
100 - Safety - Process: 360tray.exe [360 security guards real-time monitoring program. ] - C: \ Program Files \ 360safe \ safemon \ 360tray.exe
100 - 安全 - Process: AntiArp.exe [360安全卫士ARP防火墙相关程序。] - C:\Program Files\360safe\antiarp\antiarp.exe
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - Safety - Process: alg.exe [This is an Application Layer Gateway Service for network sharing. ] - C: \ WINDOWS \ System32 \ alg.exe
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://go.microsoft.com/fwlink/?LinkId=54896
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://go.microsoft.com/fwlink/?LinkId=54896
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.google.com/search?q=%s
O2 - 安全 - BHO: (浏览器辅助对象(BHO)) - [腾讯公司出品的相关插件。] - {669751ED-D558-49AE-B01A-3B374CC7910E} -
O2 - 安全 - BHO: (SSVHelper Class) - [Sun Java Runtime Environment相关文件。] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - Security - HKLM \ .. \ Run: [IMJPMIG8.1] [Microsoft Microsoft Input Method Editor program. ] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - Security - HKLM \ .. \ Run: [PHIME2002ASync] [input software related procedures. ] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - Security - HKLM \ .. \ Run: [PHIME2002A] [input software related procedures. ] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - 安全 - HKLM\..\Run: [RTHDCPL] [realtek声卡特性设置软件相关程序。] RTHDCPL.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Security - HKLM \ .. \ Run: [360Safebox] [360 security guards safe procedures. ] "C: \ Program Files \ 360Safebox \ safeboxTray.exe" / r
O4 - Security - HKLM \ .. \ Run: [360Safetray] [360safe real-time protection module. ] C: \ Program Files \ 360safe \ safemon \ 360tray.exe / start
O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] C:\Program Files\360safe\antiarp\antiarp.exe /start
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O11 - 安全 - Options Group: International*
O11 - 安全 - Options Group: Java Sun
O16 - 安全 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - 安全 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O25 - 安全 - ABOUT: DesktopItemNavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationCanceled - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: NavigationFailure - res://ieframe.dll/navcancl.htm
O25 - 安全 - ABOUT: OfflineInformation - res://ieframe.dll/offcancl.htm
O25 - 安全 - ABOUT: PostNotCached - res://ieframe.dll/repost.htm
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:?盞ず甧??? - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Avi Properties Handler - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {1D2680C9-0E2A-469d-B787-065558BC7D43} - C:\WINDOWS\system32\mscoree.dll - Microsoft Corporation - Microsoft .NET Runtime Execution Engine - 2.0.50727.253 - 271360 - b5b67ee09b52d7129b8041b9bd411f7b
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121344 - b30f636f8fd3b77353d81e9b27e058e7
O31 - 未知 - SEApproved: {66B1FB35-3BDD-45A3-9035-E178E6D8CED9} - C:\PROGRA~1\eScan\eScanShx.dll - MicroWorld Technologies Inc. - eScan Shell Extension Module - 2.0.0.7 - 139264 - e52b8e9550fbff99015c772b4aa635cd
O31 - 未知 - SEApproved: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - C:\Program Files\Real\RealPlayer\rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2021 - 49198 - 18a19d75c6d5e3a3b899f5f6564fa817
O31 - 未知 - SEApproved: {23170F69-40C1-278A-1000-000100020000} - C:\Program Files\7-Zip\7-zip.dll - Igor Pavlov - 7-Zip Shell Extension - 4.60.0.0 - 70144 - db4efb5309bbd060a0e36bd2042226bf
O31 - 未知 - Directory Menu: {23170F69-40C1-278A-1000-000100020000} - C:\Program Files\7-Zip\7-zip.dll - Igor Pavlov - 7-Zip Shell Extension - 4.60.0.0 - 70144 - db4efb5309bbd060a0e36bd2042226bf
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121344 - b30f636f8fd3b77353d81e9b27e058e7
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
=======================================
O41 - ADProt - ADProt - C:\WINDOWS\system32\drivers\AdProt.sys - (running) - - ???м?瞏??Τ?そ? - 8c31a376a63a66fb760bc192197297ae
O41 - AegisP - IEEE 802.1X Protocol Driver - C:\WINDOWS\system32\drivers\AegisP.sys - (running) - IEEE 802.1X Protocol Driver - Meetinghouse Data Communications - 2f7f3e8da380325866e566f5d5ec23d5
O41 - KLIF - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Lab - 9256da35cee573515d346b4f3598b72e
O41 - lwqljar - lwqljar - C:\WINDOWS\system32\drivers\lwqljar.sys - (running) - - - a4674db4f1e34da5c9754285111f5fb2
O41 - npkcrypt - nProtect KeyCrypt Driver - C:\Program Files\Tencent\qq\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - ProcObsrves - ProcObsrves - C:\Program Files\eScan\ProcObsrves.sys - (running) - ProcObsrves - MicroWorld Technologies Inc. - b30da7bc35b21b22b1446ae85c0361c5
O41 - RT73 - Ralink 802.11 USB Wireless Adapter Driver - C:\WINDOWS\system32\drivers\rt73.sys - (running) - Ralink 802.11 USB Wireless Adapter Driver - Ralink Technology, Corp. - 6ea04a4370609e5e1eaeee898a2ab6ac
O41 - netr73 - Ralink 802.11 Wireless Adapter Driver - C:\WINDOWS\system32\drivers\netr73.sys - (not running) - Ralink 802.11 Wireless Adapter Driver - Ralink Technology Inc. - 9ef6d6002f07697f66fffaf11a3feb66
O41 - NPF - NPF Driver - TME extensions - C:\WINDOWS\system32\drivers\npf.sys - (not running) - NPF Driver - TME extensions - Politecnico di Torino - f498c5c3399a60933196fc215ef074f9
=======================================
360Safe.exe=4.3.0.1008
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.3.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1028
山东省烟台市 网友
[引用][举报]8 楼 2008-09-16 19:26
You master:
Thank you very carefully at my system diagnostic report, a small rookie Urgent waiting for your help!
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2008-09-16 19:25:22
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1.99GB - 当前可用内存:1.16GB
100 - 未知 - Process: ExitDetectPrj.exe [] - E:\服务器软件\ExitDetectPrj.exe
100 - 未知 - Process: KNS_DVR.exe [QX2006 for Windows 2000/XP] - E:\服务器软件\KNS_DVR.exe
100 - 未知 - Process: XServer.exe [XServer Application] - E:\服务器软件\XServer.exe
100 - 未知 - Process: supposmain.exe [] - C:\superpos\supposmain.exe
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: QQ.exe [QQ] - D:\qq\QQ.exe
100 - 未知 - Process: TXPlatform.exe [Tencent Instant Messaging Platform] - D:\qq\TXPlatform.exe
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
100 - 未知 - Process: CMD.COM [Windows Command Processor] - C:\WINDOWS\system32\cmd.com
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://class.caiyi8.com/1.asp
O2 - 未知 - BHO: (QQCycloneHelper Class) - [超级旋风下载组件] - {0C7C23EE-A848-485B-873C-0ED954731014} - D:\QQDownload\QQIEHelper01.dll
O2 - 未知 - BHO: (RegisterHelper Class) - [Url Guard Module] - {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} - C:\Program Files\Jiangmin\AntiVirus\UrlGuard.dll
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}] - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -
O4 - 未知 - Startup folder: [5G2E52972W.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\5G2E52972W.lnk
O4 - 未知 - Startup folder: [XServer.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\XServer.lnk
O4 - 未知 - Startup folder: [ExitDetectPrj.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ExitDetectPrj.lnk
O8 - 未知 - Extra context menu item: &使用超级旋风下载 - D:\QQDownload\geturl.htm
O8 - 未知 - Extra context menu item: &使用超级旋风下载全部链接 - D:\QQDownload\getAllurl.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O9 - 未知 - Extra button: PPLive(HKLM) - C:\Program Files\PPLive\PPLive.exe
O11 - 未知 - Options Group: 中文搜搜
O16 - 未知 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture) - http://m128.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O23 - 未知 - Service: 3wareSrv [3ware Controller Service] - C:\WINDOWS\System32\3wareSrv.exe - (not running)
O23 - 未知 - Service: ccosm [Contrl Center of Storm Media] - C:\Program Files\StormII\stormliv.exe /asservice - (not running)
O23 - 未知 - Service: fdgdf [fdgdfg] - C:\WINDOWS\system32\Down(0).exe - (not running)
O23 - 未知 - Service: IcePoint [test the pressure of your website or server] - C:\WINDOWS\IPdriver.exe - (not running)
O23 - 未知 - Service: Made in China [I love China netbot] - C:\WINDOWS\system32\2008.exe - (not running)
O23 - 未知 - Service: MSSQLSERVER [MSSQLSERVER] - C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe - (running)
O23 - 未知 - Service: SecSer [提供系统安全稳定服务,防止非法入侵及数据安全,严禁关闭禁用此服务。] - C:\WINDOWS\system32\sysecser.exe - (not running)
O23 - 未知 - Service: ShieldSvc [Hotspot Shield Service.] - C:\WINDOWS\system32\FileMaps\smss.exe - (not running)
O23 - 未知 - Service: SQLSERVERAGENT [SQLSERVERAGENT] - C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe - (running)
O23 - 未知 - Service: utffjh [Microsoft .NET Framework TPM] - C:\WINDOWS\System32\avmmcw.dll - (not running)
O23 - 未知 - Service: wkhqpx [Microsoft .NET Framework TPM] - C:\WINDOWS\System32\fnbpog.dll - (not running)
O30 - 未知 - HKLM\..\Winlogon: [GinaDLL] [] MyGina.dll
=======================================
100 - Safety - Process: smss.exe [process for the session management subsystem to initialize the system variables, ms-dos drive name similar to the lpt1, as well as com, call the win32 so-called shell systems and run on windows login process. ] - C: \ WINDOWS \ System32 \ smss.exe
100 - Safety - Process: csrss.exe [Client Services subsystem, graphics-related subsystems to control the windows. ] - C: \ WINDOWS \ system32 \ csrss.exe ObjectDirectory = \ Windows SharedSection = 1024,3072,512 Windows = On SubSystemType = Windows ServerDll = base
100 - 安全 - Process: WINLOGON.EXE [windows nt用户登陆程序。 ] - C: \ WINDOWS \ system32 \ winlogon.exe
100 - Safety - Process: services.exe [the process used to manage windows service system. ] - C: \ WINDOWS \ system32 \ services.exe
100 - Safety - Process: lsass.exe [local security authority service control windows security mechanism. ] - C: \ WINDOWS \ system32 \ lsass.exe
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k DcomLaunch
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost-k rpcss
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - Safety - Process: svchost.exe [service host process is a standard dynamic link library mainframe processing services. ] - C: \ WINDOWS \ system32 \ svchost.exe-k LocalService
100 - Safety - Process: spoolsv.exe [windows print job control program for the printer is ready. ] - C: \ WINDOWS \ system32 \ spoolsv.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: IEXPLORE.EXE [microsoft internet explorer浏览器用于浏览网页。] - C:\Program Files\Internet Explorer\IEXPLORE.EXE
100 - 安全 - Process: sqlagent.exe [sql server服务管理器软件。] - C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
100 - Safety - Process: explorer.exe [windows program manager or windows explorer used to control the windows graphical shell, including the Start menu, taskbar, desktop and document management. ] - C: \ WINDOWS \ Explorer.EXE
100 - 安全 - Process: igfxpers.exe [intel公共用户界面模块。] - C:\WINDOWS\system32\igfxpers.exe
100 - 安全 - Process: KVMonXP.kxp [江民杀毒软件相关程序。] -
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\Rundll32.exe
100 - 安全 - Process: igfxsrvc.exe [Intel显示卡加速软件相关程序。] - C:\WINDOWS\system32\igfxsrvc.exe -Embedding
100 - Safety - Process: ctfmon.exe [office xp Input Method icon. ] - C: \ WINDOWS \ system32 \ ctfmon.exe
100 - 安全 - Process: sqlmangr.exe [sql server服务管理器软件。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - 安全 - Process: cmd.exe [windows控制台程序。不像旧的command.com,cmd.exe是一个32位的命令行使用在winnt/2000/xp。] - C:\WINDOWS\system32\cmd.exe
100 - Safety - Process: conime.exe [console ime ime input console software. ] - C: \ WINDOWS \ system32 \ conime.exe
100 - 安全 - Process: kvsrvxp.exe [江民杀毒软件相关文件。] -
100 - Safety - Process: 360Safe.exe [360 security guard related procedures. ] - C: \ Program Files \ 360safe \ 360Safe.exe
100 - Safety - Process: 360tray.exe [360 security guards real-time monitoring program. ] - C:\Program Files\360safe\safemon\360Tray.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R3 - 安全 - URLSearchHook: (Tencent SearchHook) - [搜搜工具条,搜索工具栏。] - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - 安全 - BHO: (Tencent Browser Helper) - [搜搜工具条,搜索工具栏。] - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - 安全 - BHO: (QQToolbar) - [QQ工具栏。] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - 安全 - BHO: (BrowseHelper Class) - [江民杀毒软件工具条相关文件。] - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\Program Files\Jiangmin\AntiVirus\KVshell.dll
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll
O3 - 安全 - Toolbar: (江民杀毒工具栏) - [江民杀毒工具栏相关程序。] - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\Jiangmin\AntiVirus\KVshell.dll
O3 - 安全 - Toolbar: (QQToolbar) - [QQ工具栏。] - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - 安全 - HKLM\..\Run: [Persistence] [Intel用户界面模块程序。] C:\WINDOWS\system32\igfxpers.exe
O4 - 安全 - HKLM\..\Run: [KVMON] [江民公司的相关杀毒软件。] "C:\Program Files\Jiangmin\AntiVirus\KVMonXP.kxp"
O4 - 安全 - HKLM\..\Run: [stup.exe] [腾讯qq地址栏搜索插件相关程序。] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - Security - HKCU \ .. \ Run: [ctfmon.exe] [office xp Input Method icon. ] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - 安全 - Startup folder: [服务管理器.lnk] [windows的服务管理器。] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk
O4 - 安全 - Startup folder: [QQ游戏启动加速程序.lnk] [qq游戏启动加速相关程序。] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq:即时通讯软件] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder\Program\getallurl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: KVSrvXP [江民杀毒软件相关服务。] - C:\Program Files\Jiangmin\AntiVirus\kvsrvxp.exe /Service - (running)
O23 - 安全 - Service: MSSQLServerADHelper [Mssqlserveradhelper 服务。] - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - (not running)
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - 60fe004235a8108446dcfc1e526fde0e
O31 - 未知 - Image Execution: RegCleaner.exe - ntsd -d - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - winlogon.exe - - C:\WINDOWS\system32\MyGina.dll - - 1b653a968ea478ef430b36b78703adc2
O40 - Explorer.EXE - Jiangmin Co.,Ltd - C:\WINDOWS\system32\kvinstall.dll - KVInstal Dynamic Link Library - bd987bae3e0de23cabccaf953de7349a
O40 - Explorer.EXE - Jiangmin Co.Ltd - C:\Program Files\Jiangmin\AntiVirus\KVshell.dll - Shell Plugin - 94231a10848527c0f7598ab8f72f5f26
O40 - Explorer.EXE - - C:\Program Files\SogouInput\Plugin\SgImeWord.dll - test1 Module - ea0b15b6cdc800b80c84b772ab4fba58
=======================================
O41 - AFAMgt - Dell Management Driver - C:\WINDOWS\system32\drivers\afamgt.sys - (running) - Dell Management Driver - Adaptec, Inc. - f08fa97a7eaea09390e743b3fe3468ab
O41 - JmFwDDos - Jiangmin Antivirus Software - C:\WINDOWS\system32\drivers\JmFwDDos.sys - (running) - Jiangmin Antivirus Software - Jiangmin Co., Ltd. - 82075d98758da8bc07f4fac63602d630
O41 - SAA7134 - NV700X driver - C:\WINDOWS\system32\drivers\QX2006V7.sys - (running) - NV700X driver - - d61159965201c4ba511548ceff446c1d
O41 - SiRemFil - Filter driver for Silicon Image SATALink controllers. - C:\WINDOWS\system32\drivers\SiRemFil.sys - (running) - Filter driver for Silicon Image SATALink controllers. - Silicon Image, Inc. - 41a59f484188be629087ba391ff60d74
O41 - aaatimeo - SRB Timout Control Driver - C:\WINDOWS\system32\drivers\aaatimeo.sys - (not running) - SRB Timout Control Driver - Microsoft Corporation - 700eedfd930871e73999e86e86b6e2e4
O41 - ahcix86 - ATI Technology AHCI Compatible Controller Driver for Windows family - C:\WINDOWS\system32\drivers\ahcix86.sys - (not running) - ATI Technology AHCI Compatible Controller Driver for Windows family - ATI Technologies Inc. - f1b9e3a223ca684d98bb91fd82157601
Monday, September 14, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment