|
|
最近偶一直都在用的金山毒霸 只要打开应用程序例如QQ 就会一直弹出询问窗口 而且一开机就会提示说"运行错误请重装或在线升级" 偶以为是木马把防毒软件给破坏了 就重装了金山毒霸套装 然后还去下载了AV终结者金山防毒软件 完美卸载等等 结果都米查到毒 360也是查不到毒(在安全系统查毒的) 最后实在米办法了 就用360搞了这份诊断报告 希望各路高高手能给小妹偶一个好的解决办法(除了重装系统)
各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-08-09 19:43:25
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:383.48MB - 当前可用内存:109.52MB
100 - 未知 - Process: KWatch.EXE [Kingsoft Antivirus KWatch Service] - C:\KAV2007\KWatch.EXE
100 - 未知 - Process: KPFWSvc.EXE [Kingsoft Firewall Service] - C:\KAV2007\KPfwSvc.EXE
100 - 未知 - Process: TrCleaner.exe [完美杀毒伴侣] - D:\完美卸载V2007 完整版\TrCleaner.exe
O8 - 未知 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm
O8 - 未知 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用比特精灵下载(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - 未知 - Extra context menu item: 金山毒霸反钓鱼... - C:\KAV2007\KAF\ShowSet.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: &NetAnts(HKLM) - C:\PROGRA~1\NETANTS\NetAnts.exe
O23 - 未知 - Service: KPfwSvc [金山网镖网络实时监控服务程序] - "C:\KAV2007\KPfwSvc.EXE" - (running)
O23 - 未知 - Service: RAMaint [RemotelyAnywhere Maintenance Service] - "E:\RemotelyAnywhere\x86\RaMaint.exe" - (not running)
O23 - 未知 - Service: RemotelyAnywhere [RemotelyAnywhere] - E:\RemotelyAnywhere\x86\RemotelyAnywhere.exe - (not running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序,用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - D:\360safe\safemon\360Tray.exe
100 - 安全 - Process: RichVideo.exe [CyberLink PowerDVD(媒体播放器)相关程序。] - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士] - D:\360safe\360Safe.exe
100 - 安全 - Process: TTraveler.exe [腾讯出品的一款第三方浏览器软件,支持多窗口。] - C:\Program Files\Tencent\TT\TTraveler.exe
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page=http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://www.google.com/search?q=%s
O2 - 安全 - BHO: (CBrowseStakeout Class) - [金山毒霸2007反钓鱼插件。] - {55302805-482E-470E-8A57-6795A1487F90} - C:\KAV2007\KAVAFish.DLL
O3 - 安全 - Toolbar: (金山快译(&K)) - [金山快译工具条软件相关程序。] - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\Kingsoft\FastAIT\IEBand.dll
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] d:\360safe\safemon\360Tray.exe /start
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O16 - 安全 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (招商银行个人版) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://download.macromedia.com/p ... s/flash/swflash.cab
O16 - 安全 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (瑞星免费在线查毒插件) - http://download.rising.com.cn/re ... cver2007/OL2006.cab
O21 - 安全 - Protocol Icons: HKCR\http\shell\open\command - "C:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\ftp\shell\open\command - "C:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\https\shell\open\command - "C:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\htmlfile\shell\open\command - "C:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O23 - 安全 - Service: KWatchSvc [金山毒霸反病毒软件相关程序。] - C:\KAV2007\KWatch.EXE - (running)
O23 - 安全 - Service: RichVideo [cyberlink公司出品的DVD播放软件相关服务。] - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" - (running)
O23 - 安全 - Service: ServiceLayer [nokia手机软件的进程。] - "C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" - (not running)
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:压缩(zipped)文件夹 - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - 未知 - SEApproved: {8F7261D0-D2B9-11D2-9909-00605205B24C} - e:\CuteFTP ZH\Cuteshell.dll - GlobalSCAPE, Inc. - - 50.6.3.2 - 163840 - 2a4c63688e4905ff07120f1f7bef1461
O31 - 未知 - SEApproved: {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - D:\bakup\Nokia\Nokia PC Suite 6\PhoneBrowser.dll - Nokia - Phone Browser - 6.81.46.1 - 544768 - ee72989bdac20cc914adef6a7bceedb9
O31 - 未知 - Directory Menu: {7E41911F-13AA-11D3-A831-00104B9E30B5} - C:\WINDOWS\system32\WmShell.dll - KillSoft - KillSoft RightMenu - 1.0.0.1 - 69632 - 9ab8f563e185ad0037d4b5a865a8a610
O31 - 未知 - Directory Menu: {8f7261d0-d2b9-11d2-9909-00605205b24c} - e:\CuteFTP ZH\Cuteshell.dll - GlobalSCAPE, Inc. - - 50.6.3.2 - 163840 - 2a4c63688e4905ff07120f1f7bef1461
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 125440 - fd00edb8e782858243cf1469c329ee88
O31 - 未知 - Directory Menu: {E49446FE-9679-4b85-A994-D96137867905} - C:\KAV2007\KAVEXT.DLL - Kingsoft Corporation - Kingsoft Antivirus Explorer Integration - 2007.6.21.29 - 49152 - 5ae714261cdff0cc0b3ef9a79120680e
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
=======================================
O40 - Explorer.EXE - ppstream.com - c:\documents and settings\郭炳煌\application data\ppstream\bin\1.0.0.2\vodrc.dll - vodrc - 712283e809cc29e0deda932c17b10ea3
=======================================
O41 - Aspi32 - ASPI for WIN32 Kernel Driver - C:\WINDOWS\system32\drivers\Aspi32.sys - (running) - ASPI for WIN32 Kernel Driver - Adaptec - b979979ab8027f7f53fb16ec4229b7db
O41 - kalelcl - sys 应用程序 - C:\WINDOWS\system32\drivers\kalelcl.sys - (running) - sys 应用程序 - 北京三七二一科技有限公司 - c096dc989756c7d6a57f3fdc9bc3b9cf
O41 - KAVBootC - Boot Clean Driver - C:\WINDOWS\system32\drivers\KAVBootC.sys - (running) - Boot Clean Driver - Kingsoft Corporation - db057e934ea7da449d5229590b7ff52d
O41 - KNetWch - KNetWatch - C:\KAV2007\KNetWch.SYS - (running) - KNetWatch - Kingsoft Corporation - 137729a409f1cf3061a0ad7faef1c7f1
O41 - KWatch3 - Kingsoft Antivirus KWatch Driver - C:\WINDOWS\system32\drivers\KWatch3.SYS - (running) - Kingsoft Antivirus KWatch Driver - Kingsoft Corporation - 18af73c1d7c70a7d6a3275bac4299828
O41 - machobus - machobus - C:\WINDOWS\system32\drivers\machobus.sys - (running) - - - 3791317ee8f7d7cfed064788ed119f9b
O41 - npkcrypt - nProtect KeyCrypt Driver - C:\Program Files\Tencent\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - PnpWmkDrv - PnpWmkDrv - C:\WINDOWS\system32\drivers\PnpWmkDrv.sys - (running) - - - ce5a9ec8892d5dfb09d031f5ad501cac
O41 - QKeyService - KeyCrypt Device Driver - C:\WINDOWS\system32\KeyCrypt.sys - (running) - KeyCrypt Device Driver - Tencent Technology (Shenzhen) Company Limited - 86aadf81964cc6c4c8ce9d27a7a0c533
O41 - sptd - sptd - C:\WINDOWS\system32\drivers\sptd.sys - (running) - - -
O41 - vcs - vcs - C:\Documents and Settings\郭炳煌\桌面\FCZfor053-3\AV VCS 3.0 (_) __\AV VCS 3.0\Vcs.sys - (running) - - - ce9b7df9af5b01884beeab3f703c3bf6
O41 - CDGscsi - Virtual CDROM driver - C:\WINDOWS\system32\drivers\cdgscsi.sys - (not running) - Virtual CDROM driver - Savage Company - a9b5c4c692f86204b94dc25778734077
O41 - Ctrl2cap - Ctrl2cap - C:\WINDOWS\system32\drivers\Ctrl2cap.sys - (not running) - - - a08aaaef7215cbfae5c91fefcc61df2b
O41 - dyspeedcd - RAM Disk example - C:\WINDOWS\system32\drivers\dyspeedcd.sys - (not running) - RAM Disk example - Compuware Corporation - b290a9ba4ccd86ef62b9a8f1716c6da1
O41 - EagleNT - EagleNT - C:\WINDOWS\system32\drivers\EagleNT.sys - (not running) - - -
O41 - IlvMoneyDRIVER53 - IlvMoneyDRIVER53 - C:\Documents and Settings\郭炳煌\桌面\FCZfor053-3\IlvMoney1018.sys - (not running) - - - a2e1146900c83e5d63abf9ec84c821c0
O41 - KAVBase - KAVBase Application - C:\WINDOWS\system32\drivers\KAVBase.sys - (not running) - KAVBase Application - Kingsoft Corporation - 17c605131e27e55ca127e9eeea213460
O41 - SE30bus - Sony Ericsson Device 048 Driver Driver - C:\WINDOWS\system32\drivers\SE30bus.sys - (not running) - Sony Ericsson Device 048 Driver Driver - MCCI - 879696c028726e5a70e4c8d2e8c7c667
O41 - W8335XP - NDIS 5.1 driver - C:\WINDOWS\system32\drivers\MRV8335XP.sys - (not running) - NDIS 5.1 driver - Marvell Semiconductor, Inc - 35faadfaa2222cb314c86c966314c20c
O41 - ZSMC211 - ZSMC211 - C:\WINDOWS\System32\Drivers\ZS211.sys - (not running) - - -
=======================================
360Safe.exe=3.5.3.1001
AntiAdwa.dll=3.5.1.1001
AntiEng.dll=3.5.2.1002
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
live.dll=1.0.1.1018
=======================================
操作历史报告:
2007-08-09 02:27
清理恶评插件 - 雅虎助手&上网助手 -
2007-08-09 02:28
清理好评插件 - 迷你迅雷 -
清理好评插件 - 卡卡上网安全助手 - C:\WINDOWS\system32\kakatool.dll
----------全面诊断修复历史----------
2007-08-09 02:28
O6 - 危险 - 禁止IE首页相关设置 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
2007-08-09 02:30
O2 - 未知 - ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
2007-08-09 02:30
O2 - 未知 - Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
2007-08-09 02:31
R0 - 未知 - IE起始页的默认页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE默认搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
2007-08-09 02:32
R1 - 未知 - IE备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Search
R1 - 未知 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main
2007-08-09 02:34
O23 - 未知 - RemotelyAnywhere - E:\RemotelyAnywhere\x86\RemotelyAnywhere.exe
2007-08-09 19:36
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\3DShowVM.ocx
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\Downloaded Program Files\KOSInit.INF
2007-08-09 19:36
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\QQPhotoDraw.dll
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\Downloaded Program Files\RACtrl.dll
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\163UPL~1.OCX
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\qqedit\qqedit.dll
2007-08-09 19:37
O23 - 未知 - RAMaint - "E:\RemotelyAnywhere\x86\RaMaint.exe"
2007-08-09 19:37
O23 - 未知 - RAMaint - "E:\RemotelyAnywhere\x86\RaMaint.exe"
O23 - 未知 - RemotelyAnywhere - E:\RemotelyAnywhere\x86\RemotelyAnywhere.exe
----------修复IE浏览器操作历史----------
2007-08-09 02:43
O22 - 危险 - .HLP文件关联 - winhlp32.exe %1
=======================================
360安全卫士,彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0 |
|
IP卡
狗仔卡
发表于 2009-1-9 12:42:28
收藏
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2009-12-12 15:05:03