============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-08-13, 22:17 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 511(MB) 当前可用内存: 208(MB) 硬盘总大小: 76(GB) 硬盘可用空间: 29(GB) 清理专家版本: 2008.06.13.404 恶意软件库版本: 2008.06.03.1 漏洞库版本: 2008.05.27.1 ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Alitalk] <; C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE> ============================================================== 延迟加载 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad [bootvidgj.dll] [kbdswjr.dll] [msobjstl.dll] [rasdlgcq.dll] [zkppcvyh.dll] [vhdfotay.dll] [imgutilhx2.dll] [cliconfgzx.dll] [bzahpuuj.dll] [adsntzt.dll] [slbiopfs2.dll] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{A9895933-6636-4281-BC58-EE6DE2AF96E3}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{90AF1289-F140-A140-D012-C1458759FC09}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{4D698451-2015-6358-9871-2015987452D4}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00030003-0003-0003-0003-00030003BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C629FF4F-ACDB-5C90-A098-FACB3456A26C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{189F087F-4378-405F-85FA-37D955AD7A8C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{97FD640A-158F-48AC-FD14-1597F14A9779}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C0595A7E-2E2F-4B34-A83A-019270A0A464}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{8FD45A54-9875-698F-E56E-65102358FDF8}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F99DEFDD-200B-4410-B572-E90883D527D2}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{841529CB-7F77-4B99-A895-B5441E0D302F}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00120012-0012-0012-0012-00120012BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{006CA8A1-61BC-4774-A54C-F49034270BAD}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00170017-0017-0017-0017-00170017BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{5E907A48-400E-4EA8-9792-FFAE052D59E9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00230023-0023-0023-0023-00230023BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00150015-0015-0015-0015-00150015BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{000F087F-4378-545F-74FA-37D345AD7A8C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00300030-0030-0030-0030-00300030BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{000030AE-0380-4351-8244-EE98A3240370}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{461D2AB4-29A5-45C2-9134-D52272D3DE38}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{28766E1C-74B0-4417-8C75-F12AE309EF35}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00010001-0001-0001-0001-00010001BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00250025-0025-0025-0025-00250025BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00050005-0005-0005-0005-00050005BB15}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{7914E0AA-ECCB-4311-B584-C49538227824}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00ED0F3B-D53B-4DBF-BB20-8DFBC3176068}> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\new\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 localhost ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 [vidc.ffds] [已启用] 文件路径: C:\WINDOWS\system32\ff_vfw.dll [分析中] [SENTINEL] [已启用] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [ADIHdAudAddService] [已启用] [AEAudioService] [已启用] [GMSIPCI] [已启用] <\??\G:\INSTALL\GMSIPCI.SYS> [IIS Manager ] [已启用] <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp> [npkycryp] [已启用] <\??\D:\Program Files\Tencent\QQ\npkycryp.sys> [SenFiltService] [已启用] [Sentinel] [已启用] <\SystemRoot\System32\Drivers\SENTINEL.SYS> ============================================================== IE扩展按钮 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions [微软] <{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}> ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control [VDD] [VDD]