============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-12-21, 10:46 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V7.0.13.5730 计算机物理内存: 1023(MB) 当前可用内存: 683(MB) 硬盘总大小: 74(GB) 硬盘可用空间: 37(GB) 清理专家版本: 2008.12.17.176 恶意软件库版本: 2008.12.01.1 漏洞库版本: 2008.12.19.2 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [snpstd3] <; C:\WINDOWS\vsnpstd3.exe> [TkBellExe] <; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [CameraFixer] <; C:\WINDOWS\CameraFixer.exe> [IMJPMIG8.1] <; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [LenSoft] <; C:\Program Files\Lenovo\幸福一键通\FlyShuttle.exe> [Lskbdrv] <; C:\Program Files\Lenovo\幸福一键通\Kbdriver.exe> [NvCplDaemon] <; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [nwiz] <; nwiz.exe /install> [PHIME2002A] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [PHIME2002ASync] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [tsnpstd3] <; C:\WINDOWS\tsnpstd3.exe> -------------------------------------------------------------- 该项来源: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ctfmon.exe] 文件路径: C:\WINDOWS\system32\ctfmon.exe [可疑的] [NvMediaCenter] <; RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 LocalHost 0.0.0.0 www.51pywg.com 0.0.0.0 51pywg.com 0.0.0.0 www.hookdlq.com 0.0.0.0 hookdlq.com 0.0.0.0 www.dlq110.cn 0.0.0.0 www.dlq999.cn 0.0.0.0 woool.haocs.net 0.0.0.0 www.2008woolsf.cn 0.0.0.0 www.qcdlq.cn 0.0.0.0 www.28pk.com 0.0.0.0 www1.28pk.com 0.0.0.0 bbs.28pk.com 0.0.0.0 www.bfaft.com 0.0.0.0 www.dw688.com 0.0.0.0 www.dwdlq.com 0.0.0.0 www.dwdlq.cn 0.0.0.0 www.7474x.com 0.0.0.0 www.niugm.cn 0.0.0.0 cjwlp520.web167.cdnhost.cn 0.0.0.0 bfaft.ys168.com 0.0.0.0 www.908sf.com 0.0.0.0 www.73751.com 0.0.0.0 www.52laba.com ;/////////////////////////////////////// 0.0.0.0 www.4fsdo.cn 0.0.0.0 www.lxcsl.cn 0.0.0.0 www.qianghanidc68.cn 0.0.0.0 www.guomeiwoool.cn 0.0.0.0 www.wiiiioool.cn 0.0.0.0 www.91wooolsf.com 0.0.0.0 www.521cs.com 0.0.0.0 www.woooljun.com 0.0.0.0 www.uoool.com 0.0.0.0 www.qqq173.com 0.0.0.0 www.csrs588.cn 0.0.0.0 www.35woool.cn 0.0.0.0 35woool.cn 0.0.0.0 www.wwo123.cn 0.0.0.0 www.wwiioool.cn 0.0.0.0 www.cs1998.com.cn 0.0.0.0 www.wwooolsf.cn 0.0.0.0 www.ww123pk.cn 0.0.0.0 www.cswoool.com.cn 0.0.0.0 www.cs1999sf.cn ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [npkcrypt] [已启用] <\??\C:\WINDOWS\system32\npkcrypt.sys> [npkycryp] [已启用] <\??\C:\WINDOWS\system32\npkycryp.sys> ============================================================== 当前进程 ============================================================== 名称: ctfmon.exe [已启用] 命令行: ctfmon.exe 文件路径: C:\WINDOWS\system32\ctfmon.exe [可疑的] (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Normaliz.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ShimEng.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\AppPatch\AcGenral.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSACM32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\UxTheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\sfc_os.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINTRUST.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMAGEHLP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Apphelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ws2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RASAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\xunyount.dll 模块文件: C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\sensapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 名称: iexpe.exe [已启用] 命令行: c:\iexpe.exe vihk 67%&%-=hyq`wby3$jgj)4432. 文件路径: c:\iexpe.exe [分析中] 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\asycfilt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wininet.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Normaliz.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ws2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\xunyount.dll 模块文件: C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RASAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\sensapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation)