lyl72118
新手上路
积分 6
发帖 6
注册 2007-11-29
|
|
2008-1-7 17:40 |
|
该硬就硬
注册用户
积分 145
发帖 142
注册 2006-8-24
|
|
|
2008-1-7 17:43 |
|
该硬就硬
注册用户
积分 145
发帖 142
注册 2006-8-24
|
|
|
2008-1-7 17:43 |
|
Legend
超级版主
超级版主
积分 77171
发帖 70170
注册 2005-10-29
|
#4
请楼主将被报警文件从微点的有害程序隔离区里另存为出来,连同技术支持信息(微点主界面-->辅助功能-->生成技术支持信息)发送到support@micropoint.com.cn邮箱我们将做进一步的测试分析,请附上本贴链接以及风云防火墙的下载地址,以便我们进行深入测试,跟踪解决您的问题。
楼主发送完后,请将您的邮箱地址通过论坛短消息发给我,也请附带此贴链接
您如果确定为可信程序,请您在有害隔离区里面选中此程序然后邮件恢复所选,恢复之后再添加可信程序(微点主界面-->安全防护与策略-->程序行为实时监控策略-->可信程序设置-->添加),您如果不确定此程序是否被病毒修改,请您等待我们回复
| |
※文章所有权归【Legend】与【东方微点论坛】共同所有,转载请注明出处!※
|
微点官方认证新浪微博:欢迎进入 微点新浪微博
微点技术支持邮箱: support@micropoint.com.cn
给Legend发短消息 |
|
|
|
2008-1-7 17:45 |
|
lyl72118
新手上路
积分 6
发帖 6
注册 2007-11-29
|
#5 诊断
各位高手:
非常感谢您留心我这份系统诊断报告,小菜鸟十万火急等待您的帮助!
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2008-01-07 17:27:11
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1023.11MB - 当前可用内存:668.42MB
100 - 未知 - Process: MPSVC.exe [MPSVC] -
100 - 未知 - Process: MPSVC2.exe [MPSVC2] -
100 - 未知 - Process: MPSVC1.exe [MPSVC1] -
100 - 未知 - Process: MPMon.exe [MPMon] -
100 - 未知 - Process: Twister.exe [Twister AntiVirus] - E:\新建文件夹\费尔托斯特\费尔托斯特杀毒\运行\twister.exe
100 - 未知 - Process: MPMain.exe [MPMain] -
100 - 未知 - Process: QQ.exe [QQ] - D:\娱乐\新版QQ\QQ.exe
100 - 未知 - Process: TIMPlatform.exe [TIMPlatform] - D:\娱乐\新版QQ\TIMPlatform.exe -Embedding
100 - 未知 - Process: QQ.exe [QQ] - D:\娱乐\新版QQ\QQ.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.baidu.com/
O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 未知 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - [RealPlayer Download and Record Plugin for Internet Explorer] - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\播放器\realplayer\运行\rpbrowserrecordplugin.dll
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O15 - 未知 - Trusted Zone: https://shutter.cdream.com
O23 - 未知 - Service: MPSVCService [微点主动防御软件] - E:\新建文件夹\微点\运行\Micropoint\MPSVC.exe - (running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量,ms-dos驱动名称类似lpt1以及com,调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统,用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell,包括开始菜单、任务栏,桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: ATKKBService.exe [华硕笔记本电脑键盘的相关服务,关闭此进程无法使用某些功能键。] - C:\WINDOWS\ATKKBService.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360Tray.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (Thunder Browser Helper) - [迅雷附带下载监视器相关文件。] - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [twister] [一款电脑防护软件。] "E:\新建文件夹\费尔托斯特\费尔托斯特杀毒\运行\twister.exe" -a
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com ... current/swflash.cab
O22 - 安全 - Filename Extention: FIREFOX第三方浏览器 - FirefoxHTML
O22 - 安全 - Filename Extention: FIREFOX第三方浏览器 - FirefoxHTML
O23 - 安全 - Service: ATKKeyboardService [华硕增强版显卡驱动的相关服务。] - C:\WINDOWS\ATKKBService.exe - (running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)
=======================================
O31 - 未知 - Notify: igfxcui - C:\WINDOWS\system32\igfxsrvc.dll - Intel Corporation - igfxsrvc Module - 3.0.0.4342 - 348160 - e5926bc2e9cfa7d13f05b5e5f8e9cd52
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID:加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - de449c94c4c9e3db84e32029f20dd989
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: {34507538-708C-48FF-BA78-1FFDDF0FF3FA} - E:\新建文件夹\费尔托斯特\费尔托斯特杀毒\运行\Twshlext.dll - Filseclab Corp. - Twister Shell Extension DLL - 2.0.2.1022 - 57344 - cb856fcafcf0563e9a4670023b299b50
O31 - 未知 - SEApproved: {8F7261D0-D2B9-11D2-9909-00605205B24C} - E:\下载工具\上传工具\yun\Cuteshell.dll - GlobalSCAPE, Inc. - - 50.6.3.2 - 163840 - 2a4c63688e4905ff07120f1f7bef1461
O31 - 未知 - Directory Menu: {8f7261d0-d2b9-11d2-9909-00605205b24c} - E:\下载工具\上传工具\yun\Cuteshell.dll - GlobalSCAPE, Inc. - - 50.6.3.2 - 163840 - 2a4c63688e4905ff07120f1f7bef1461
O31 - 未知 - Directory Menu: {34507538-708C-48FF-BA78-1FFDDF0FF3FA} - E:\新建文件夹\费尔托斯特\费尔托斯特杀毒\运行\Twshlext.dll - Filseclab Corp. - Twister Shell Extension DLL - 2.0.2.1022 - 57344 - cb856fcafcf0563e9a4670023b299b50
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 129024 - de449c94c4c9e3db84e32029f20dd989
O31 - 未知 - Directory Menu: {E49446FE-9679-4b85-A994-D96137867905} - C:\KAV2007\KAVEXT.DLL - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -
| |
※ ※ ※ 本文纯属【lyl72118】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-1-7 18:20 |
|
lyl72118
新手上路
积分 6
发帖 6
注册 2007-11-29
|
#6 诊断
=======================================
O40 - winlogon.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - services.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - lsass.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - Explorer.EXE - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
O40 - Explorer.EXE - - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll - DsBho - 2444df61896914ffbc9b2e3c36764be9
O40 - Explorer.EXE - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll - DataProcessor - 2fdb3645a004fb8414e031b5d995ea51
O40 - svchost.exe - Micropoint Corporation - E:\新建文件夹\微点\运行\Micropoint\mp110031.dll - mp110031 - 1dd2b74d4cc7b0f122fa9298c72de8f9
=======================================
O41 - asuskbnt - ASUS Help driver For Keyboard Service. - C:\WINDOWS\system32\drivers\atkkbnt.sys - (running) - ASUS Help driver For Keyboard Service. - ASUSTeK COMPUTER INC. - 5f82ef81858852bbfbe7d13efee2f281
O41 - EIO - ASUS Kernel Mode Driver for NT - C:\WINDOWS\system32\drivers\EIO.sys - (running) - ASUS Kernel Mode Driver for NT - ASUSTeK Computer Inc. - 0daf3544804650526751c478aeccce63
O41 - filar - Filseclab Dynamic Defense System Drv - C:\Program Files\Common Files\filseclab\filar.sys - (running) - Filseclab Dynamic Defense System Drv - Filseclab Corporation - 80f6246a36fc45ee807f34665cb6ec63
O41 - filpp - Filseclab Process Protection - C:\Program Files\Common Files\Filseclab\filpp.sys - (running) - Filseclab Process Protection - Filseclab Corporation - 3c48ad0a63841ef874f240373c019853
O41 - FYTdifltDrv - FengYun FireWall TDI Driver - E:\新建文件夹\风云防火墙\运行\FengYun\FYTdiDrv.sys - (running) - FengYun FireWall TDI Driver - www.218.cc - 1d3e934aea4be8315fc7a0aeea05cb09
O41 - IMMDRV - Twister AntiVirus Driver - E:\新建文件夹\费尔托斯特\费尔托斯特杀毒\运行\immdrv.sys - (running) - Twister AntiVirus Driver - Filseclab Corp. - 75a6431064a3057db67fb6888bb02261
O41 - mp110001 - mp110001 - C:\WINDOWS\system32\drivers\mp110001.sys - (running) - mp110001 - MicroPoint Corporation - a9b4ea4aaeb3b1f691e80ad00ee9a822
O41 - mp110002 - mp110002 - C:\WINDOWS\system32\drivers\mp110002.sys - (running) - mp110002 - Micropoint Corporation - 404d55e5bbb0af942b54280009f91758
O41 - mp110003 - mp110003 - C:\WINDOWS\system32\drivers\mp110003.sys - (running) - mp110003 - Micropoint Corporation - f605fcc427896583226cc6b3173d2c3d
O41 - mp110004 - mp110004 - C:\WINDOWS\system32\drivers\mp110004.sys - (running) - mp110004 - Micropoint Corporation - e2f5019a8677b6b5eaeb1e6fd4e8c17e
O41 - mp110005 - mp110005 - C:\WINDOWS\system32\drivers\mp110005.sys - (running) - mp110005 - Micropoint Corporation - 31e351ad402febbb7471d5b1138d32bd
O41 - mp110006 - mp110006 - C:\WINDOWS\system32\drivers\mp110006.sys - (running) - mp110006 - Micropoint Corporation - 791d93fc7d02d43a225afdf2f6f762ca
O41 - mp110007 - mp110007 - C:\WINDOWS\system32\drivers\mp110007.sys - (running) - mp110007 - Micropoint Corporation - 3cdd1407c2959d0fcbb253bd7464ce9d
O41 - mp110008 - mp110008 - C:\WINDOWS\system32\drivers\mp110008.sys - (running) - mp110008 - Micropoint Corporation - fe5e48f05ccae50f4556d1898331169d
O41 - mp110009 - mp110009 - C:\WINDOWS\system32\drivers\mp110009.sys - (running) - mp110009 - Micropoint Corporation - 8caa2fa3858b6c5755051dbd57ca53dc
O41 - mp110010 - mp110010 - C:\WINDOWS\system32\drivers\mp110010.sys - (running) - mp110010 - Micropoint Corporation - f579fb3f7800a99c1dc93b35717418f4
O41 - mp110011 - mp110011 - C:\WINDOWS\system32\drivers\mp110011.sys - (running) - mp110011 - Micropoint Corporation - b925aa87ea3e5ad554d64fd2d6f88de4
O41 - mp110013 - mp110013 - C:\WINDOWS\system32\drivers\mp110013.sys - (running) - mp110013 - Micropoint Corporation - 95ae9c794edadd5ba65e333ab5b58707
O41 - RMSPPPOE - PPP over Ethernet Protocol NDIS Intermediate Driver - C:\WINDOWS\system32\drivers\RMSPPPOE.SYS - (running) - PPP over Ethernet Protocol NDIS Intermediate Driver - Robert Schlabbach - 1386e0ba86c3c86172e8eb3b05536350
O41 - Video3D - ASUS Video3D driver - C:\WINDOWS\system32\drivers\Video3D32.sys - (running) - ASUS Video3D driver - ASUSTeK COMPUTER INC. - 8643da4a6c83da6c10fcab1e5ab6632d
O41 - vmfilter303 - Filter for VM303 with Face Tracking, no photoframe - C:\WINDOWS\system32\drivers\vmfilter303.sys - (running) - Filter for VM303 with Face Tracking, no photoframe - Vimicro Corporation - 233509e1ad024a3e451d8df6795eeed5
O41 - ZSMC303 - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM303.sys - (running) - Video streaming and Capture Device Driver - Vimicro Corporation - d87f15eb019876d9cfba31cf2642f699
O41 - FETNDISB - NDIS 5.0 miniport driver - C:\WINDOWS\system32\drivers\fetnd5b.sys - (not running) - NDIS 5.0 miniport driver - VIA Technologies, Inc. - 29063004926b225c417e7147822f5866
O41 - gwiopm - gwiopm - E:\新建文件夹\WINDOWS优化大师2004\运行\GWIOPM.SYS - (not running) - - - ee271c6c56955c42297cd4d524e6fda5
O41 - KAVBootC - KAVBootC Application - C:\WINDOWS\system32\drivers\KAVBootC.sys - (not running) - KAVBootC Application - Kingsoft Corporation - 724f64ff6492e8e55b869be09990d3e5
O41 - KNetWch - KNetWch - C:\KAV2007\KNetWch.SYS - (not running) - - -
O41 - KWatch3 - KWatch3 - C:\WINDOWS\system32\drivers\KWatch3.SYS - (not running) - - -
O41 - mp110012 - mp110012 - C:\WINDOWS\system32\drivers\mp110012.sys - (not running) - mp110012 - Micropoint Corporation - 171f4dde33aff4cdcf7d262fc3498d2c
O41 - npkcrypt - npkcrypt - C:\WINDOWS\system32\npkcrypt.sys - (not running) - - -
O41 - npkycryp - npkycryp - C:\WINDOWS\system32\npkycryp.sys - (not running) - - -
=======================================
360Safe.exe=3.7.0.1005
AntiAdwa.dll=3.6.3.1001
AntiEng.dll=3.6.4.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
live.dll=1.0.1.1021
=======================================
操作历史报告:
=======================================
360安全卫士,彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载:http://www.360safe.com
| |
※ ※ ※ 本文纯属【lyl72118】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
|
|
|
2008-1-7 18:20 |
|
wantcm
版主
使用与技巧区消防员
积分 2351
发帖 2247
注册 2007-4-7
|
#7
楼主安装的安全软件太多了,貌似是冲突了。建议关闭几个,或者相互添加可信/排查程序。
| |
※ ※ ※ 本文纯属【wantcm】个人意见,与【 微点交流论坛 】立场无关※ ※ ※
|
做为斑竹,一定要消灭0回复 |
|
|
|
2008-1-7 20:06 |
|
