- UID
- 97188
- 帖子
- 11564
- 精华
- 0
- 贡献
- 0
- 推广
- 0
- 有效BUG
- 0
- 来自
- 地球村
- 注册时间
- 2008-3-9
|
7#
发表于 2009-11-10 17:25
| 只看该作者
这份系统诊断报告是由 [Autorun病毒防御者 2.3.5.300] 生成的。病毒库日期:2009.10.14 08:05:10 ====================================================== 操作系统:Windows XP Professional (5.10.2600 [Service Pack 2]) 系统语言:简体中文 (zh-cn) 物理内存:总量 515568 KB,可用 188764 KB。 IE浏览器版本:6.0.2900.2180 注册表启动项 ====================================================== [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] [4, 8, 1335, 0, ALWIL Software] <360Safetray><"C:\Program Files\360safe\safemon\360tray.exe" /start>[6, 0, 1, 1007, 360安全中心] <"C:\Program Files\Filseclab\xfilter\xfilter.exe" -a>[3.0, 费尔安全实验室] <%systemroot%\system32\dumprep 0 -k>[, ] <"C:\Program Files\Rising\Rav\RsTray.exe" -system>[22.0.0.10, Beijing Rising Information Technology Co., Ltd.] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 启动文件夹 ====================================================== 系统服务及驱动程序 ====================================================== [1394hub][手动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [360SelfProtection][自动启动] [1, 0, 0, 1016, 360安全中心] [aeaudio][手动启动] [1.0.0.2 (STUB), Andrea Electronics Corporation] [ALCXWDM][手动启动] [5.10.3910, Avance Logic, Inc.] [AliIde][自动启动] [, ] [AmdK7][自动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [aswFsBlk][自动启动] [4.8.1335.0, ALWIL Software] [aswUpdSv][自动启动] [4, 8, 1335, 0, ALWIL Software] [avast! Antivirus][自动启动] [4, 8, 1335, 0, ALWIL Software] [avast! Mail Scanner][手动启动] [4, 8, 1335, 0, ALWIL Software] [avast! Web Scanner][手动启动] [4, 8, 1335, 0, ALWIL Software] [BFSDRV][自动启动] [1.0.0.1003, 360安全中心] [BREGDRV][自动启动] [1.0.0.1015, 360安全中心] [CmdIde][自动启动] [2.0.7 (XPClient.010817-1148), CMD Technology, Inc.] [EfiMon][自动启动] [1, 0, 0, 1004, 奇虎网] [FETNDIS][手动启动] [2.66, VIA Technologies, Inc. ] [gusvc][手动启动] [2.4.1720.7012.beta, Google] [hookcont][自动启动] [24, 0, 0, 1, Beijing Rising Information Technology Co., Ltd.] [HookPort][自动启动] [1, 0, 0, 1005, 360安全中心] [hooksys][自动启动] [24, 0, 0, 23, Beijing Rising Information Technology Co., Ltd.] [ialm][手动启动] [6.13.01.3485, Intel Corporation] [IdeBusDr][自动启动] [2.3.0.2160, 10/01/2002, Intel Corporation] [IdeChnDr][自动启动] [2.3.0.2160, 10/01/2002, Intel Corporation] [Macromedia Licensing Service][手动启动] [2.42.000, ] [MegaIDE][自动启动] [4.1.0709.2003, LSI Logic Corporation.] [ms_mpu401][手动启动] [5.1.2600.0 (XPClient.010817-1148), Microsoft Corporation] [nv][手动启动] [6.14.10.5673, NVIDIA Corporation] [ose][手动启动] [11.0.5525, Microsoft Corporation] [PCIIde][自动启动] [5.1.2600.0 (XPClient.010817-1148), Microsoft Corporation] [PDEngine][手动启动] [7, 0, 0, 46, Raxco Software, Inc.] [PDSched][自动启动] [7, 0, 0, 46, Raxco Software, Inc.] [qutmdserv][手动启动] [1.0.0.1002, 360安全中心] [rsassist][自动启动] [1, 0, 0, 1, Beijing Rising Information Technology Co., Ltd.] [RsNTGDI][自动启动] [22, 0, 0, 1, Beijing Rising Information Technology Co., Ltd.] [RsRavMon][自动启动] [22, 0, 0, 2, Beijing Rising Information Technology Co., Ltd.] [rtl8139][手动启动] [5.398.613.2003 built by: WinDDK, Realtek Semiconductor Corporation] [SbieDrv][手动启动] [3.28.04, tzuk] [SbieSvc][自动启动] [3.28.04, tzuk] [smwdm][手动启动] [5.12.01.3620, Analog Devices, Inc.] [TesDrvPt][手动启动] [1.0.5 built by: WinDDK, TENCENT] [TesSafe][手动启动] [0, 1, 0, 4, TENCENT] [uagp35][自动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [UleadBurningHelper][自动启动] [1, 0, 0, 5, Ulead Systems, Inc.] [UMWdf][手动启动] [5.2.3790.1230 built by: dnsrv(bld4act), Microsoft Corporation] [usbehci][手动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [usbprint][手动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [USBSTOR][手动启动] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [ViaIde][自动启动] [1.00.01.01, Microsoft Corporation] [XPacket][自动启动] [3, 0, 0, 3927, Filseclab Corporation] [ZhuDongFangYu][手动启动] [1, 0, 0, 1008, 360安全中心] [{6080A529-897E-4629-A488-ABA0C29B635E}][手动启动] [6.13.01.3485, Intel Corporation] [{D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][手动启动] [6.13.01.3485, Intel Corporation] 当前系统进程 ====================================================== * [PID:452][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] * [PID:520][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] * [PID:544][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] * [PID:588][5.1.2600.3520 (xpsp_sp2_gdr.090206-1233), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] * [PID:600][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] * [PID:748][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] * [PID:796][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:876][22, 0, 0, 2, Beijing Rising Information Technology Co., Ltd.] * [PID:892][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:1008][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:1096][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:1248][6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] * [PID:1296][4, 8, 1335, 0, ALWIL Software] * [PID:1356][4, 8, 1335, 0, ALWIL Software] * [PID:1772][5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [11.3.1897.0, Microsoft Corporation] - [11.3.1897.0, Microsoft Corporation] * [PID:236][4, 8, 1335, 0, ALWIL Software] * [PID:280][3.0, 费尔安全实验室] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5.131.2600.0 (xpclient.010817-1148), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] - [5, 0, 0, 1022, 360.CN] - [22, 0, 0, 12, Beijing Rising Information Technology Co., Ltd.] - [5.6.0.8835, Microsoft Corporation] * [PID:376][3.28.04, tzuk] - [3.28.04, tzuk] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] * [PID:384][22.0.0.10, Beijing Rising Information Technology Co., Ltd.] * [PID:404][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] * [PID:496][1, 0, 0, 5, Ulead Systems, Inc.] * [PID:848][7, 0, 0, 46, Raxco Software, Inc.] - [7, 0, 0, 46, Raxco Software, Inc.] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [7, 0, 0, 46, Raxco Software, Inc.] - [7, 0, 0, 46, Raxco Software, Inc.] - [7, 0, 0, 46, Raxco Software, Inc.] * [PID:1880][4, 8, 1335, 0, ALWIL Software] * [PID:2052][4, 8, 1335, 0, ALWIL Software] * [PID:2436][5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:2632][3, 1, 0, 927, 费尔安全实验室] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] - [3, 0, 0, 3644, Filseclab Corporation] * [PID:252][td][2, 4, 1, 5, Phoenix Studio] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5.2.6001.22319 (vistasp1_ldr.081126-1506), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] - [11.0.5510, Microsoft Corporation] - [11.0.5510, Microsoft Corporation] - [5.6.0.8835, Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] - [22, 0, 0, 12, Beijing Rising Information Technology Co., Ltd.] - [6.00.2900.3627 (xpsp_sp2_gdr.090918-1238), Microsoft Corporation] - [6.00.2600.0000 (xpclient.010817-1148), Microsoft Corporation] - [4.00.950, 日月科技] * [PID:164][td][3, 0, 7, 8, Phoenix Studio] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5.2.6001.22319 (vistasp1_ldr.081126-1506), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] - [1, 0, 2, 3, Phoenix Studio] - [1, 0, 1, 2, ] - [1, 0, 3, 1, Phoenix Studio] - [1, 0, 1, 4, Phoenix Studio] - [1, 0, 3, 2, Phoenix Studio] - [1, 0, 1, 1, Phoenix Studio] - [22, 0, 0, 12, Beijing Rising Information Technology Co., Ltd.] - [5.6.0.8835, Microsoft Corporation] - [3, 0, 0, 3644, Filseclab Corporation] - [10.00.00.4074, Microsoft Corporation] - [10.00.00.3802, Microsoft Corporation] - [10,0,32,18, Adobe Systems, Inc.] * [PID:3928][2.3.5.300, 任软工作室] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] - [3, 0, 0, 3644, Filseclab Corporation] - [22, 0, 0, 12, Beijing Rising Information Technology Co., Ltd.] - [5.6.0.8835, Microsoft Corporation] - [10,0,32,18, Adobe Systems, Inc.] * [PID:3984][2.3.5.300, 任软工作室] - [6.0 (xpsp.060825-0040), Microsoft Corporation] - [5, 0, 0, 1022, 360.CN] - [2, 4, 0, 149, 任软工作室] 文件类型关联 ====================================================== .exe文件:正常。["%1" %*] .com文件:正常。["%1" %*] .pif文件:正常。["%1" %*] .bat文件:正常。["%1" %*] .scr文件:正常。["%1" /S] .vbs文件:正常。[%SystemRoot%\System32\WScript.exe "%1" %*] .txt文件:正常。[C:\WINDOWS\notepad.exe %1] .ini文件:正常。[C:\WINDOWS\System32\NOTEPAD.EXE %1] .inf文件:正常。[%SystemRoot%\System32\NOTEPAD.EXE %1] .hlp文件:正常。[%SystemRoot%\System32\winhlp32.exe %1] .chm文件:正常。["hh.exe" %1] .reg文件:正常。[regedit.exe "%1"] .lnk文件:正常。[{00021401-0000-0000-C000-000000000046}] IE浏览器相关设置 ====================================================== 当前IE主页:about:blank 当前IE搜索页:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 禁止IE主页修改:否 浏览器BHO ====================================================== [ThunderAtOnce Class] <{01443AEC-0FD1-40fd-9C87-E93D1494C233}>[, ] [QvodExtend] <{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}>[, ] [Thunder Browser Helper] <{889D2FEB-5411-4565-8998-1DD2C5261283}>[, ] [FlashGetBHO] <{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}>[2, 5, 0, 1038, FlashGet] [SafeMon Class] <{B69F34DD-F0F9-42DC-9EDD-957187DA688D}>[5, 0, 0, 1022, 360.CN] 资源管理器HOOK项 ====================================================== IFEO映像劫持 ====================================================== 特殊特权允许列表 ====================================================== [特权: SeLoadDriverPrivilege] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [4, 8, 1335, 0, ALWIL Software] [特权: SeLoadDriverPrivilege] - [3.0, 费尔安全实验室] [特权: SeLoadDriverPrivilege] - [3.28.04, tzuk] [特权: SeLoadDriverPrivilege] - [22.0.0.10, Beijing Rising Information Technology Co., Ltd.] [特权: SeLoadDriverPrivilege] - [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), Microsoft Corporation] [特权: SeLoadDriverPrivilege] - [3, 1, 0, 927, 费尔安全实验室] [特权: SeLoadDriverPrivilege] - [2, 4, 1, 5, Phoenix Studio] [特权: SeDebugPrivilege SeLoadDriverPrivilege] - [3, 0, 7, 8, Phoenix Studio] [特权: SeDebugPrivilege SeLoadDriverPrivilege SeShutdownPrivilege] - [2.3.5.300, 任软工作室] [特权: SeDebugPrivilege SeLoadDriverPrivilege SeShutdownPrivilege] - [2.3.5.300, 任软工作室] LSP列表 ====================================================== [000000000001] - <%SystemRoot%\System32\mswsock.dll> [已启用] [000000000002] - <%SystemRoot%\System32\winrnr.dll> [已启用] [000000000003] - <网络位置知晓 (NLA) 名称空间 ><%SystemRoot%\System32\mswsock.dll> [已启用] Hosts文件 ====================================================== 127.0.0.1 localhost Autorun.inf文件及指向文件 ====================================================== 本地磁盘C: - 没有发现本地磁盘D: - 没有发现本地磁盘E: - 没有发现 |
|