============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2004-09-02, 20:36 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 1535(MB) 当前可用内存: 975(MB) 硬盘总大小: 72(GB) 硬盘可用空间: 26(GB) 清理专家版本: 2008.06.13.404 恶意软件库版本: 2008.06.03.1 漏洞库版本: 2008.05.27.1 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sursen Live Updater] <; "C:\WINDOWS\system32\SursenLiveUpdate\LiveUpdate.exe"> -------------------------------------------------------------- 该项来源: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MsnMsgr] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== 调试相关项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AEDebug [Debugger] <"C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\msdev.exe" -p %ld -e %ld> ============================================================== Host File ============================================================== 127.0.0.1 localhost 10.140.228.23 351likai.user.vnn.cn 10.140.214.154 351shang.user.vnn.cn 10.140.182.187 zhang_zh.user.vnn.cn 10.140.74.127 350gy.user.vnn.cn 10.140.117.2 351wang.user.vnn.cn ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [BBDemon] [已启用] [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [erx7nvi] [已启用] 文件路径: C:\WINDOWS\system32\DRIVERS\erx7nvi.sys [文件无法访问] [sptd] [已启用] 文件路径: C:\WINDOWS\system32\Drivers\sptd.sys [文件无法访问] [tdyqw] [已启用] 文件路径: C:\WINDOWS\system32\drivers\tdyqw.sys [文件无法访问] [WINIO] [已启用] <\??\G:\winio.sys> ============================================================== BHO ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects [Info cache] {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} 文件路径: C:\WINDOWS\system32\oobe\pbhealth.dll [未知] [网站排名工具条BHO] {489873CE-F3E1-44A3-8E89-04BE26BE4446} 文件路径: C:\Program Files\zzToolBar\Toolbar_bho.dll [可疑的] ============================================================== LSP ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 文件路径: C:\WINDOWS\system32\fwansdrv.dll [服务器忙] ============================================================== 当前进程 ============================================================== 名称: matlab.exe [已启用] 命令行: e:\matlab701\bin\win32\matlab.exe /Automation -Embedding 文件路径: e:\matlab701\bin\win32\matlab.exe [未知] (The MathWorks Inc.) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\libmex.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\libmx.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\icuuc24.dll (IBM Corporation and others) 模块文件: e:\matlab701\bin\win32\icudt24l.dll 模块文件: e:\matlab701\bin\win32\MSVCR71.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\libz.dll 模块文件: C:\WINDOWS\system32\MSVCRT.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\libut.dll (The MathWorks Inc.) 模块文件: C:\WINDOWS\system32\imagehlp.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\icuin24.dll (IBM Corporation and others) 模块文件: e:\matlab701\bin\win32\icuio24.dll (IBM Corporation and others) 模块文件: e:\matlab701\bin\win32\MSVCP71.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\libmwservices.dll 模块文件: e:\matlab701\bin\win32\mpath.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\m_dispatcher.dll 模块文件: e:\matlab701\bin\win32\xerces-c_2_1_0.dll (Apache Software Foundation) 模块文件: e:\matlab701\bin\win32\datasvcs.dll 模块文件: e:\matlab701\bin\win32\mvalue.dll 模块文件: e:\matlab701\bin\win32\libmat.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\mcr.dll 模块文件: C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMCTL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\comcli.dll 模块文件: e:\matlab701\bin\win32\uiw.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\m_interpreter.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\m_pcodeio.dll 模块文件: e:\matlab701\bin\win32\mlib.dll 模块文件: e:\matlab701\bin\win32\m_pcodegen.dll 模块文件: e:\matlab701\bin\win32\m_ir.dll 模块文件: e:\matlab701\bin\win32\m_parser.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\ir_xfmr.dll 模块文件: e:\matlab701\bin\win32\mcos.dll 模块文件: e:\matlab701\bin\win32\libmwhardcopy.dll 模块文件: e:\matlab701\bin\win32\libmwgui.dll 模块文件: e:\matlab701\bin\win32\udd.dll 模块文件: e:\matlab701\bin\win32\bridge.dll 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\hg.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\numerics.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\libmwamd.dll 模块文件: e:\matlab701\bin\win32\libfftw3.dll 模块文件: e:\matlab701\bin\win32\libfftw3f.dll 模块文件: e:\matlab701\bin\win32\libmwlapack.dll 模块文件: e:\matlab701\bin\win32\libmwumfpackv4.3.dll 模块文件: e:\matlab701\bin\win32\libuij.dll 模块文件: e:\matlab701\bin\win32\jmi.dll (The MathWorks Inc.) 模块文件: e:\matlab701\bin\win32\MFC71.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSPOOL.DRV (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\udd_mi.dll (The MathWorks Inc.) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\uinone.dll 模块文件: e:\matlab701\bin\win32\mlautoregister.dll 模块文件: e:\matlab701\bin\win32\mwoles05.dll 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\atlas_Athlon.dll 模块文件: e:\matlab701\bin\win32\lapack.dll 模块文件: e:\matlab701\bin\win32\DFORRT.dll (Compaq Computer Corporation) 模块文件: e:\matlab701\bin\win32\MFC71CHS.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SXS.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\atioglxx.dll (ATI Technologies Inc.) 模块文件: e:\matlab701\sys\java\jre\win32\jre1.4.2_04\bin\client\jvm.dll 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: e:\matlab701\sys\java\jre\win32\jre1.4.2_04\bin\hpi.dll 模块文件: e:\matlab701\sys\java\jre\win32\jre1.4.2_04\bin\verify.dll 模块文件: e:\matlab701\sys\java\jre\win32\jre1.4.2_04\bin\java.dll 模块文件: e:\matlab701\sys\java\jre\win32\jre1.4.2_04\bin\zip.dll 模块文件: E:\MATLAB701\sys\java\jre\win32\jre1.4.2_04\bin\awt.dll 模块文件: E:\MATLAB701\sys\java\jre\win32\jre1.4.2_04\bin\fontmanager.dll 模块文件: e:\matlab701\bin\win32\jmi_mi.dll 模块文件: C:\WINDOWS\Resources\themes\Luna\Luna.msstyles (Microsoft) 模块文件: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msi.dll (Microsoft Corporation) 模块文件: e:\matlab701\bin\win32\libmwbuiltins.dll (The MathWorks Inc.) 模块文件: C:\WINDOWS\system32\Apphelp.dll (Microsoft Corporation) ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [Web Browser Applet Control] <{08B0E5C0-4FCB-11CF-AAA5-00401C608501}> 文件路径: C:\WINDOWS\system32\msjava.dll [服务器忙] [Info cache] <{285AB8C6-FB22-4D17-8834-064E2BA0A6F0}> 文件路径: C:\WINDOWS\system32\oobe\pbhealth.dll [未知] [网站排名工具条BHO] <{489873CE-F3E1-44A3-8E89-04BE26BE4446}> 文件路径: C:\Program Files\zzToolBar\Toolbar_bho.dll [可疑的] ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展] [WinRAR] 文件路径: C:\Program Files\WinRAR\rarext.dll [服务器忙] [RealOne Player Context Menu Class] 文件路径: C:\Program Files\Real\RealPlayer\rpshell.dll [服务器忙] [iTunes] 文件路径: E:\Program Files\iTunes\iTunesMiniPlayer.dll [服务器忙]