系统诊断报告
报告生成时间:[2008-09-29 17:58:13]
操作系统为:WindowsXP 5.1.2600.2 Service Pack 2
Internet Explorer版本为:V6.0.2900.2180 Build:62900.2180
总共内存为:2047M 剩余内存为:1608M
进程模块信息:
1 (安全进程):C:\WINDOWS\system32\smss.exe 命令行: \SystemRoot\System32\smss.exe
2 (安全进程):c:\WINDOWS\system32\winlogon.exe 命令行: winlogon.exe
3 (安全进程):c:\WINDOWS\system32\services.exe 命令行: C:\windows\system32\services.exe
4 (安全进程):c:\WINDOWS\system32\lsass.exe 命令行: C:\windows\system32\lsass.exe
5 (安全进程):c:\WINDOWS\system32\ati2evxx.exe 命令行: C:\windows\system32\Ati2evxx.exe
6 - 未知模块:c:\WINDOWS\system32\kmon.dll
7 (安全进程):c:\WINDOWS\system32\svchost.exe 命令行: C:\windows\system32\svchost -k DcomLaunch
8 未知进程:c:\program files\Rising\Rav\CCenter.exe 命令行: "C:\Program Files\Rising\Rav\CCenter.exe"
9 (安全进程):c:\WINDOWS\system32\svchost.exe 命令行: C:\windows\System32\svchost.exe -k netsvcs
10 (安全进程):c:\WINDOWS\system32\ati2evxx.exe 命令行: Ati2evxx.exe -Client
11 - 未知模块:c:\WINDOWS\system32\kmon.dll
12 未知进程:c:\program files\Rising\Rav\RavMonD.exe 命令行: "C:\PROGRAM FILES\RISING\RAV\ravmond.exe" -step
13 - 未知模块:c:\program files\Rising\Rav\BWList.dll
14 - 未知模块:c:\program files\Rising\Rav\RsAppMgr.dll
15 - 未知模块:c:\program files\Rising\Rav\CfgDll.dll
16 - 未知模块:c:\program files\Rising\Rav\RsLog.dll
17 - 未知模块:c:\program files\Rising\Rav\ProcCom.dll
18 - 未知模块:c:\program files\Rising\Rav\RsCommX2.dll
19 - 未知模块:c:\program files\Rising\Rav\MonRule.dll
20 - 未知模块:c:\program files\Rising\Rav\HOOKSYS.dll
21 - 未知模块:c:\program files\Rising\Rav\HookReg.dll
22 - 未知模块:c:\program files\Rising\Rav\HookNtos.dll
23 - 未知模块:c:\program files\Rising\Rav\rswalmon.dll
24 - 未知模块:c:\program files\Rising\Rav\recomp.dll
25 - 未知模块:c:\program files\Rising\Rav\refs.dll
26 - 未知模块:c:\program files\Rising\Rav\ffr.dll
27 - 未知模块:c:\program files\Rising\Rav\RsStore.dll
28 - 未知模块:c:\program files\Rising\Rav\HookCont.dll
29 - 未知模块:c:\program files\Rising\Rav\FakeScan.dll
30 - 未知模块:c:\program files\Rising\Rav\Scanner.dll
31 - 未知模块:c:\program files\Rising\Rav\VirusLib.dll
32 - 未知模块:c:\program files\Rising\Rav\relibldr.dll
33 - 未知模块:c:\program files\Rising\Rav\HookWeb.dll
34 - 未知模块:c:\program files\Rising\Rav\ExtFile.dll
35 - 未知模块:c:\program files\Rising\Rav\pearc.dll
36 - 未知模块:c:\program files\Rising\Rav\nvfile.dll
37 - 未知模块:c:\program files\Rising\Rav\scanexec.dll
38 - 未知模块:c:\program files\Rising\Rav\unexe.dll
39 - 未知模块:c:\program files\Rising\Rav\ScanEX.dll
40 - 未知模块:c:\program files\Rising\Rav\ScanPack.dll
41 - 未知模块:c:\program files\Rising\Rav\revm.dll
42 - 未知模块:c:\program files\Rising\Rav\urutils.dll
43 - 未知模块:c:\program files\Rising\Rav\ur000.dat
44 - 未知模块:c:\program files\Rising\Rav\scriptci.dll
45 - 未知模块:c:\program files\Rising\Rav\ur023.dat
46 - 未知模块:c:\program files\Rising\Rav\uroutine.dll
47 - 未知模块:c:\program files\Rising\Rav\ur001.dat
48 - 未知模块:c:\program files\Rising\Rav\ScanSct.dll
49 - 未知模块:c:\program files\Rising\Rav\ExtMail.dll
50 (安全进程):c:\WINDOWS\system32\spoolsv.exe 命令行: C:\windows\system32\spoolsv.exe
51 未知进程:c:\program files\Rising\Rav\RavStub.exe 命令行: "C:\PROGRAM FILES\RISING\RAV\RavStub.exe" /RAVMOND=1023
52 - 未知模块:c:\program files\Rising\Rav\ProcCom.dll
53 - 未知模块:c:\program files\Rising\Rav\RsCommX2.dll
54 - 未知模块:c:\program files\Rising\Rav\RsCommon.dll
55 (安全进程):c:\WINDOWS\explorer.exe 命令行: C:\windows\Explorer.EXE
56 - 未知模块:c:\WINDOWS\system32\kmon.dll
57 - 未知模块:c:\WINDOWS\system32\RavExt.dll
58 - 未知模块:c:\program files\Rising\Rav\RsCommon.dll
59 - 未知模块:d:\program files\thunder network\Thunder\components\resworker\DsBho_00.dll
60 - 未知模块:d:\program files\thunder network\Thunder\components\resworker\dataprocessor_00.dll
61 (安全进程):c:\program files\StormII\stormliv.exe 命令行: "C:\Program Files\StormII\stormliv.exe" /asservice
62 - 未知模块:c:\WINDOWS\system32\kmon.dll
63 未知进程:c:\WINDOWS\system32\perfmonss.exe 命令行: C:\windows\system32\perfmonss.exe
64 - 未知模块:c:\WINDOWS\system32\kmon.dll
65 (安全进程):c:\WINDOWS\system32\ctfmon.exe 命令行: "C:\windows\system32\ctfmon.exe"
66 - 未知模块:c:\WINDOWS\system32\kmon.dll
67 (安全进程):c:\WINDOWS\system32\svchost.exe 命令行: C:\windows\system32\svchost.exe -k imgsvc
68 未知进程:c:\program files\hewlett-packard\Shared\hpqwmiex.exe 命令行: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
69 - 未知模块:c:\WINDOWS\system32\kmon.dll
70 (安全进程):c:\WINDOWS\system32\svchost.exe 命令行: C:\windows\System32\svchost.exe -k HTTPFilter
71 (安全进程):c:\WINDOWS\system32\wuauclt.exe 命令行: "C:\windows\system32\wuauclt.exe"
72 - 未知模块:c:\WINDOWS\system32\kmon.dll
73 未知进程:c:\program files\Kingsoft\KAC\Service\kaccore.exe 命令行: "C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"
74 - 未知模块:c:\WINDOWS\system32\kmon.dll
75 - 未知模块:c:\program files\Kingsoft\KAC\Service\corehelper.dll
76 未知进程:c:\program files\Rising\antispyware\knownsvr.exe 命令行: "C:\Program Files\Rising\AntiSpyware\knownsvr.exe"
77 - 未知模块:c:\program files\Rising\antispyware\NComm.dll
78 - 未知模块:c:\WINDOWS\system32\kmon.dll
79 - 未知模块:c:\program files\Rising\antispyware\comx3.dll
80 - 未知模块:c:\program files\Rising\antispyware\Syslay.dll
81 (安全进程):f:\软件备份\木马清道夫软件更新\ftcleaner.exe 命令行: "F:\软件备份\木马清道夫软件更新\FTCleaner.exe"
82 - 未知模块:c:\WINDOWS\system32\kmon.dll
83 (安全进程):c:\WINDOWS\system32\conime.exe 命令行: C:\windows\system32\conime.exe
84 - 未知模块:c:\WINDOWS\system32\kmon.dll
85 (安全进程):c:\program files\internet explorer\IEXPLORE.EXE 命令行: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -Embedding
86 - 未知模块:c:\WINDOWS\system32\kmon.dll
87 - 未知模块:d:\program files\thunder network\Thunder\components\resworker\DsBho_00.dll
88 - 未知模块:d:\program files\thunder network\Thunder\components\resworker\dataprocessor_00.dll
89 - 未知模块:d:\program files\PPLiveVA\downloadermanager.dll
90 - 未知模块:c:\program files\Rising\Rav\RavScrch.dll
91 - 未知模块:c:\WINDOWS\system32\SogouPy.ime
92 (安全进程):f:\软件备份\木马清道夫软件更新\fyganalyze.exe 命令行: F:\软件备份\木马清道夫软件更新\FygAnalyze.exe
93 - 未知模块:c:\WINDOWS\system32\kmon.dll
启动信息:
94 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>
95 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe>
96 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Shell><Explorer.exe>
97 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe>
98 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>
99 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll>
100 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\windows\system32\RavExt.dll>
101 [C:\Documents and Settings\All Users\「开始」菜单\程序\启动\]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\desktop.ini>
IE辅助对象BHO信息:
无可疑
IE右键菜单信息:
102 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]
<使用迅雷下载><d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm>
103 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]
<使用迅雷下载全部链接><d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm>
104 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]
<添加到QQ表情><C:\Program Files\Tencent\QQ\AddEmotion.htm>
IE工具栏项信息:
105 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
<{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}><d:\Program Files\Thunder Network\Thunder\Thunder.exe>
ActiveX对象DPF信息:
106 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
<{05C1004E-2596-48E5-8E26-39362985EEB9}><C:\WINDOWS\Downloaded Program Files\MMCShell.dll>
107 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
<{1DABF8D5-8430-4985-9B7F-A30E53D709B3}><C:\windows\system32\QQLiveInstaller.dll>
108 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
<{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}><C:\WINDOWS\Downloaded Program Files\downloader.dll>
109 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
<{9FAFB576-6933-4CCC-AB3D-B988EC43D04E}><C:\windows\Downloaded Program Files\RavOLCtl.dll>
110 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
<{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}><C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll>
网络服务SPI信息:
无可疑
映像劫持IFEO信息:
无可疑
系统服务信息:
111 [ ASP.NET State Service | aspnet_state | 停用 ]
c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
112 [ hpqwmiex | hpqwmiex | 启动 ]
c:\program files\hewlett-packard\shared\hpqwmiex.exe
113 [ InstallDriver Table Manager | IDriverT | 停用 ]
c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe
114 [ Kingsoft Basic Service | kaccore | 启动 ]
c:\program files\kingsoft\kac\service\kaccore.exe
115 [ Perfmons Service | Perfmons | 启动 ]
c:\windows\system32\perfmonss.exe
116 [ Rising Process Communication Center | RsCCenter | 启动 ]
c:\program files\rising\rav\ccenter.exe
117 [ Rising RealTime Monitor | RsRavMon | 停用 ]
c:\program files\rising\rav\ravmond.exe
系统驱动信息:
118 [ HookCont | HookCont | 启动 ]
C:\windows\system32\drivers\hookcont.sys
119 [ HookNtos | HookNtos | 启动 ]
C:\windows\system32\drivers\hookntos.sys
120 [ HookReg | HookReg | 启动 ]
C:\windows\system32\drivers\hookreg.sys
121 [ HookSys | HookSys | 启动 ]
C:\windows\system32\drivers\hooksys.sys
122 [ USB PC CAMERA P227 | PAC207 | 停用 ]
c:\windows\system32\drivers\pfc027.sys
123 [ RsNTGDI | RsNTGDI | 启动 ]
c:\windows\system32\drivers\rsntgdi.sys
124 [ TCP/IP Protocol Driver | Tcpip | 启动 ]
c:\windows\system32\drivers\tcpip.sys
已经加载的驱动信息:
125 C:\windows\system32\drivers\rsntgdi.sys
126 C:\windows\system32\drivers\tcpip.sys
127 C:\windows\system32\drivers\hooksys.sys
128 C:\windows\system32\drivers\hookhelp.sys
129 C:\windows\system32\drivers\hookreg.sys
130 C:\windows\system32\drivers\hookntos.sys
131 C:\windows\system32\drivers\hookcont.sys
==============================================
多谢多谢。
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
