瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 这个进程到底是什么啊,高手出来救下我啊

1   1  /  1  页   跳转

这个进程到底是什么啊,高手出来救下我啊

收藏
玛卡比网球
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-01-20
  • 来自:
发表于: 2007-01-20 22:06 | 显示全部 短消息 资料
字号: 1楼

这个进程到底是什么啊,高手出来救下我啊

前几天中了熊猫烧香,然后用了了安铁诺和卡巴进行杀毒后,熊猫图标不见了,“Desktop_”的隐藏文件也被手动删除了,但是仍然感觉机器不怎么爽,特别是开机后有个进程SNAFDrv.exe占到100%的CPU使用,但是这个进程表面上却是安铁诺杀毒软件的程序。请高手帮看看,然后给出一个比较好的方案(千万让我洗电脑)
                完美卸载 - 系统检查检测报告!
建议:修复时请按照高手的反馈编号在修复工具中打勾进行修复.

--------------------------系统环境-------------------------
检测日期: 2007-1-20 21:10
Windows: Microsoft Windows XP
ServicePack: Service Pack 2
Update: 2600.xpsp_sp2_gdr.050301-1519
Internet Explorer: 6.0.2900.2180


-----------------------网络基础安全测试--------------------
密码安全检测:已经设置了管理员密码,建议:将密码复杂度和长度提高!
网络漏洞检测:空连接检查安全!

服务名称        是否运行              描述
RemoteRegistry [运行中] [说明:这个服务可能被利用远程操作注册表]
Windows Time  [运行中] [说明:这个服务可能被黑客利用来启动木马]
Telnet        [已停止] [说明:这个服务可能被黑客登录到您计算机]
Messenger      [已停止] [说明:这个服务常被广告商用来发垃圾广告]
Server        [运行中] [说明:如果你的电脑不用局域网中,可以关闭]
建议在[控制面板]-[管理工具]-[服务]中,找到这些服务关闭并设置为[禁用].

-----------------------计算机网络端口----------------------
协议      端口号              端口类型
TCP        135        微软DCE RPC end-point mapper服务
TCP        445        Microsoft-DS
TCP      1026        未知类型
TCP        139        微软Netbios Name服务(用于文件及打印机共享)
TCP        445        公共Internet文件系统(CIFS)
TCP        500        Internet密钥交换
TCP      1032        Akosch4
TCP      1957        未知类型
TCP      2143        未知类型
TCP      2144        未知类型
TCP      4500        sae-urn
TCP        123        未知类型
TCP      1900        未知类型
TCP        123        未知类型
TCP      1900        未知类型
TCP      2397        未知类型
TCP        123        未知类型
TCP        137        未知类型
TCP        138        未知类型
TCP      1900        未知类型


--------------------计算机系统组件体检----------------------
[编号:0]
[名称:\SystemRoot\System32\smss.exe]
[类型:运行进程]
[内容:未知]

[编号:1]
[名称:\??\C:\WINDOWS\system32\winlogon.exe]
[类型:运行进程]
[内容:未知]

[编号:2]
[名称:C:\WINDOWS\system32\services.exe]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:3]
[名称:C:\WINDOWS\system32\lsass.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:4]
[名称:C:\WINDOWS\system32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:5]
[名称:C:\WINDOWS\System32\svchost.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:6]
[名称:C:\WINDOWS\system32\spoolsv.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:7]
[名称:C:\WINDOWS\Explorer.EXE]
[类型:运行进程]
[内容:Microsoft(R) Windows(R) Operating System (C) Microsoft Corporation. All rights reserved.]

[编号:8]
[名称:C:\Program Files\sanlen\AntiUnknown\SNATask.EXE]
[类型:运行进程]
[内容:SNATask 应用程序 版权所有 (C) 2003]

[编号:9]
[名称:C:\Program Files\sanlen\AntiUnknown\sloemnit.exe]
[类型:运行进程]
[内容:demo Application Copyright (C) 2004]

[编号:10]
[名称:C:\Program Files\sanlen\AntiUnknown\SYSWARN.EXE]
[类型:运行进程]
[内容:未知]

[编号:11]
[名称:C:\Program Files\sanlen\AntiUnknown\snatray.EXE]
[类型:运行进程]
[内容:安铁诺防病毒软件2004 版权所有 (C) 2003山丽网安]

[编号:12]
[名称:C:\WINDOWS\system32\ctfmon.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:13]
[名称:C:\Program Files\Antiy Labs\Alive\AliveCenter.exe]
[类型:运行进程]
[内容:未知]

[编号:14]
[名称:C:\WINDOWS\system32\conime.exe]
[类型:运行进程]
[内容:Microsoft? Windows? Operating System ? Microsoft Corporation. All rights reserved.]

[编号:15]
[名称:\系统维护\完美卸载V2007 完整版\SysSec.exe]
[类型:运行进程]
[内容:完美卸载V2006-ChinaHijackThis 版权所有 (C) 2006]

[编号:16]
[分隔符:---------------------------------------------------------------------]

[编号:17]
[名称:C:\WINDOWS\system32\klogon.dll]
[类型:已加载DLL]
[内容:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]

[编号:18]
[名称:E:\Kaspersky Anti-Virus 6.0\scrchpg.dll]
[类型:已加载DLL]
[内容:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]

[编号:19]
[名称:C:\Program Files\sanlen\AntiUnknown\oehook.dll]
[类型:已加载DLL]
[内容:未知]

[编号:20]
[名称:C:\Program Files\Rising\AntiSpyware\ieprot.dll]
[类型:已加载DLL]
[内容:IE Protector Copyright(c) 1998-2006 Beijing  Rising  Technology  Corporation  Limited]

[编号:21]
[名称:C:\Program Files\sanlen\AntiUnknown\SNAURIN.dll]
[类型:已加载DLL]
[内容:安铁诺防病毒软件2004 版权所有 (c) 2004 山丽网安]

[编号:22]
[名称:\临时文件\ewido-e666\ewido\shellexecutehook.dll]
[类型:已加载DLL]
[内容:ewido anti-spyware Copyright ? 2005 Anti-Malware Development a.s.]

[编号:23]
[名称:C:\Program Files\WinRAR\rarext.dll]
[类型:已加载DLL]
[内容:未知]

[编号:24]
[名称:C:\Program Files\sanlen\AntiUnknown\SNAMnuEx.dll]
[类型:已加载DLL]
[内容:安铁诺防病毒软件2004 版权所有 (c) 2004 山丽网安]

[编号:25]
[名称:C:\Program Files\sanlen\AntiUnknown\SNARES.dll]
[类型:已加载DLL]
[内容:Sanlen SNARES Copyright ? 2004]

[编号:26]
[名称:C:\Program Files\sanlen\AntiUnknown\Language\SNACHS.dll]
[类型:已加载DLL]
[内容:未知]

[编号:27]
[名称:E:\Kaspersky Anti-Virus 6.0\ShellEx.dll]
[类型:已加载DLL]
[内容:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]

[编号:28]
[名称:\临时文件\ewido-e666\ewido\context.dll]
[类型:已加载DLL]
[内容:ewido anti-spyware Copyright ? 2005 Anti-Malware Development a.s.]

[编号:29]
[名称:C:\WINDOWS\system32\WmShell.dll]
[类型:已加载DLL]
[内容:KillSoft RightMenu Copyright 2005]

[编号:30]
[名称:C:\Program Files\sanlen\AntiUnknown\SRINTER.dll]
[类型:已加载DLL]
[内容:安铁诺防病毒软件2004 版权所有 (c) 2004 山丽网安]

[编号:31]
[名称:C:\Program Files\sanlen\AntiUnknown\oestore.dll]
[类型:已加载DLL]
[内容estore Module ]

[编号:32]
[名称:C:\Program Files\sanlen\AntiUnknown\oeapiinitcom.dll]
[类型:已加载DLL]
[内容eapiinitcom Module ]

[编号:33]
[名称:C:\Program Files\sanlen\AntiUnknown\slindect.dll]
[类型:已加载DLL]
[内容:未知]

[编号:34]
[名称:C:\Program Files\sanlen\AntiUnknown\ErrProc.dll]
[类型:已加载DLL]
[内容:ErrorProcess Dynamic Link Library 版权所有 (C) 2003]

[编号:35]
[名称:C:\Program Files\sanlen\AntiUnknown\snarmw.dll]
[类型:已加载DLL]
[内容:安铁诺防病毒软件2004 版权所有 (c) 2004 山丽网安]

[编号:36]
[名称:C:\Program Files\sanlen\AntiUnknown\slregist.dll]
[类型:已加载DLL]
[内容:山丽网安产品注册向导 Copyright (C) 2002 山丽信息安全有限公司]

[编号:37]
[名称:D:\系统维护\完美卸载V2007 完整版\SkinMagic.dll]
[类型:已加载DLL]
[内容:Appspeed SkinMagic Toolkit Copyright ? 2002-2006]

[编号:38]
[名称:C:\WINDOWS\system32\Macromed\flash\flash8.ocx]
[类型:已加载DLL]
[内容:Shockwave Flash Copyright ? 1996-2005 Macromedia, Inc.]

[编号:39]
[分隔符:---------------------------------------------------------------------]

[编号:40]
[名称:IMJPMIG8.1]
[类型:开机启动]
[内容:"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32]

[编号:41]
[名称HIME2002ASync]
[类型:开机启动]
[内容:C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC]

[编号:42]
[名称:SNATask]
[类型:开机启动]
[内容:C:\Program Files\sanlen\AntiUnknown\SNATask.EXE]

[编号:43]
[名称:SYSWARN]
[类型:开机启动]
[内容:C:\Program Files\sanlen\AntiUnknown\SYSWARN.EXE]

[编号:44]
[名称:snatray]
[类型:开机启动]
[内容:C:\Program Files\sanlen\AntiUnknown\snatray.EXE]

[编号:45]
[名称:SNFRSSLV]
[类型:开机启动]
[内容:C:\Program Files\sanlen\AntiUnknown\SNFRSSLV.exe]

[编号:46]
[名称:runeip]
[类型:开机启动]
[内容:C:\Program Files\Rising\AntiSpyware\runiep.exe]

[编号:47]
[名称iveUpatePower]
[类型:开机启动]
[内容:rem MyUpdate.exe]

[编号:48]
[名称:ctfmon.exe]
[类型:开机启动]
[内容:C:\WINDOWS\system32\ctfmon.exe]

[编号:49]
[分隔符:---------------------------------------------------------------------]

[编号:50]
[名称:AFD]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\afd.sys]
最后编辑2007-01-20 21:59:52
分享到:
gototop
 
玛卡比网球
头像
初生襁褓狮
  • 帖子:10
  • 注册: 2007-01-20
  • 来自:
发表于: 2007-01-20 22:08 | 显示全部 短消息 资料
字号: 2楼

编号:51]
[名称:Service for WDM 3D Audio Driver]
[类型:服务:Copyright ? 2003 Sensaura Copyright ? 2003 Sensaura]
[内容:C:\WINDOWS\system32\drivers\alcxsens.sys]

[编号:52]
[名称:Service for Realtek AC97 Audio (WDM)]
[类型:服务:Windows (R) WDM driver for Realtek AC'97 Audio Copyright (c) Realtek Semiconductor Corp.1998-2004]
[内容:C:\WINDOWS\system32\drivers\alcxwdm.sys]

[编号:53]
[名称:Antiy live update]
[类型:服务:未知]
[内容:C:\Program Files\Antiy Labs\Alive\AliveCenter.exe]

[编号:54]
[名称:AntiyFirewall]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\antiyfw.sys]

[编号:55]
[名称:Kaspersky Anti-Virus 6.0]
[类型:服务:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]
[内容:"E:\Kaspersky Anti-Virus 6.0\avp.exe" -r]

[编号:56]
[名称:CMNERRS]
[类型:服务:未知]
[内容:S]

[编号:57]
[名称:CMNWARNS]
[类型:服务:未知]
[内容:S]

[编号:58]
[名称:DCOM Server Process Launcher]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:59]
[名称:ewido anti-spyware 4.0 driver]
[类型:服务:未知]
[内容:d:\临时文件\ewido-e666\ewido\guard.sys]

[编号:60]
[名称:ewido anti-spyware 4.0 guard]
[类型:服务:ewido anti-spyware Copyright ? 2005 Anti-Malware Development a.s.]
[内容:D:\临时文件\ewido-e666\ewido\guard.exe]

[编号:61]
[名称:IMMDRV]
[类型:服务:未知]
[内容:d:\防黑安全\费尔\twister\immdrv.sys]

[编号:62]
[名称:InterDrv]
[类型:服务:未知]
[内容:S]

[编号:63]
[名称:Kl1]
[类型:服务:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]
[内容:C:\WINDOWS\system32\drivers\kl1.sys]

[编号:64]
[名称:Klif]
[类型:服务:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]
[内容:c:\windows\system32\drivers\klif.sys]

[编号:65]
[名称:npkcrypt]
[类型:服务:nProtect KeyCrypt Driver Copyright (C) INCA Internet. 2000-2005]
[内容:d:\滕讯软件集\qq\cmqq0108\npkcrypt.sys]

[编号:66]
[名称:oreans32]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\oreans32.sys]

[编号:67]
[名称:PnpWmkDrv]
[类型:服务:未知]
[内容:c:\windows\system32\drivers\pnpwmkdrv.sys]

[编号:68]
[名称:Remote Procedure Call (RPC)]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:69]
[名称:RsAntiSpyware]
[类型:服务: RsBoot Copyright (C) 2007]
[内容:C:\WINDOWS\system32\drivers\rsboot.sys]

[编号:70]
[名称:Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver]
[类型:服务:Realtek RTL8139 Family Fast Ethernet Adapter Copyright (C) 1994-2003 Realtek Semiconductor Corporation]
[内容:C:\WINDOWS\system32\drivers\rtl8139.sys]

[编号:71]
[名称:Secdrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\secdrv.sys]

[编号:72]
[名称:snavfd2k]
[类型:服务:未知]
[内容:S]

[编号:73]
[名称:Terminal Services]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\svchost ]

[编号:74]
[名称:TSP]
[类型:服务:Kaspersky Anti-Virus Copyright ? Kaspersky Lab 1996-2006.]
[内容:c:\windows\system32\drivers\klif.sys]

[编号:75]
[名称:Win32 Display Driver]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\\rundll32.exe windds32.dll,start]

[编号:76]
[名称:WINIO]
[类型:服务:未知]
[内容:h:\driver\audio\winio.sys]

[编号:77]
[名称:WmNdisDrv]
[类型:服务:未知]
[内容:C:\WINDOWS\system32\drivers\wmndisdrv.sys]

[编号:78]
[名称:Windows 套接字 2 .0 Non-IFS 服务提供程序支持环境]
[类型:服务:未知]
[内容:\SystemRoot\System32\drivers\ws2ifsl.sys]

[编号:79]
[分隔符:---------------------------------------------------------------------]

[编号:80]
[名称:Start Page]
[类型:IE主页-当前用户]
[内容:http://www.hao123.com/]

[编号:81]
[名称:Search Page]
[类型:IE搜索-当前用户]
[内容:www.jsing.net]

[编号:82]
[名称:Start Page]
[类型:IE主页-所有用户]
[内容:www.jsing.net]

[编号:83]
[名称:Search Page]
[类型:IE搜索-所有用户]
[内容:www.jsing.net]

[编号:84]
[名称:Default_Page_URL]
[类型:默认IE主页-所有用户]
[内容:www.jsing.net]

[编号:85]
[名称:Default_Search_URL]
[类型:默认IE搜索-所有用户]
[内容:www.jsing.net]

[编号:86]
[分隔符:---------------------------------------------------------------------]

[编号:87]
[名称:WebThunder Browser Helper]
[类型:IE 嵌入对象]
[内容:D:\网路优化\Thunder\WebThunderBHO_015.dll]

[编号:88]
[名称:安铁诺防毒软件-EXPLORER插件]
[类型:IE 嵌入对象]
[内容:C:\Program Files\sanlen\AntiUnknown\SNAURIN.dll]

[编号:89]
[名称:Google Toolbar Helper]
[类型:IE 嵌入对象]
[内容:c:\program files\google\googletoolbar2.dll]

[编号:90]
[分隔符:---------------------------------------------------------------------]

[编号:91]
[名称:{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
[类型:IE 扩展按钮]
[内容:网页 路径:网页]

[编号:92]
[名称:{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
[类型:IE 扩展按钮]
[内容:番茄花园 路径:http://www.tomatolei.com]

[编号:93]
[名称:{962EFB8E-2683-42d4-AC74-AAA4C759B9C6}]
[类型:IE 扩展按钮]
[内容:启动Web迅雷 路径:http://my.xunlei.com]

[编号:94]
[名称:{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2}?]
[类型:IE 扩展按钮]
[内容:http 路径:http]

[编号:95]
[名称:{FB5F1910-F110-11d2-BB9E-00C04F795683}]
[类型:IE 扩展按钮]
[内容:Messenger 路径:C:\Program Files\Messenger\msmsgs.exe]

[编号:96]
[名称:{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444}]
[类型:IE 扩展按钮]
[内容:访问瑞星网站 路径:http://www.rising.com.cn/?u=RSTB]

[编号:97]
[名称:{FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445}]
[类型:IE 扩展按钮]
[内容:访问卡卡社区 路径:http://www.ikaka.com/?u=RSTB]

[编号:98]
[分隔符:---------------------------------------------------------------------]

[编号:99]
[名称:&使用迅雷下载]
[类型:IE 右键按钮]
[内容: 路径:RSTB]

[编号:100]
[名称:&使用迅雷下载全部链接]
[类型:IE 右键按钮]
[内容: 路径:RSTB]

[编号:101]
[名称:使用Web迅雷下载]
[类型:IE 右键按钮]
[内容: 路径:RSTB]

[编号:102]
[名称:使用Web迅雷下载全部链接]
[类型:IE 右键按钮]
[内容: 路径:RSTB]

[编号:103]
[分隔符:---------------------------------------------------------------------]

[编号:104]
[名称:PostBootReminder]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]

[编号:105]
[名称:CDBurn]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\SHELL32.dll]

[编号:106]
[名称:WebCheck]
[类型:正常嵌入对象]
[内容:%SystemRoot%\system32\webcheck.dll]

[编号:107]
[名称:SysTray]
[类型:正常嵌入对象]
[内容:C:\WINDOWS\system32\stobject.dll]

[编号:108]
[名称:DLMon]
[类型:正常嵌入对象]
[内容:C:\WINDOWS\system32\DLMain.dll]

[编号:109]
[分隔符:---------------------------------------------------------------------]

[编号:110]
[名称:]
[类型:EXE关联]
[内容:"%1" %*]

[编号:111]
[名称:]
[类型:TXT关联]
[内容:notepad.exe %1]

[编号:112]
[名称:]
[类型:vbs关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:113]
[名称:]
[类型:Js关联]
[内容:%SystemRoot%\System32\WScript.exe "%1" %*]

[编号:114]
[名称:]
[类型:htmlfile关联]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" %1]

[编号:115]
[名称:]
[类型:HTTP协议]
[内容:"C:\Program Files\Internet Explorer\iexplore.exe" "%1"]

[编号:116]
[名称:]
[类型:FTP协议]
[内容:"C:\]

[编号:117]
[分隔符:---------------------------------------------------------------------]

[编号:118]
[名称:c:\windows\system32\deskpan.dll]
[类型:第三方 COM/ActiveX组件]
[内容:显示摇曳 CPL 扩展---发布公司:未知]

[编号:119]
[名称:c:\windows\system32\audio3d.dll]
[类型:第三方 COM/ActiveX组件]
[内容:Audio3DObject---发布公司:Sensaura ? Copyright 1997-2003  Sensaura Ltd]

[编号:120]
[名称:c:\windows\system32\rtlcpapi.dll]
[类型:第三方 COM/ActiveX组件]
[内容:RtlCP Class---发布公司:RtlCPAPI Module Copyright 1997]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT