============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-09-28, 23:04 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 511(MB) 当前可用内存: 300(MB) 硬盘总大小: 74(GB) 硬盘可用空间: 60(GB) 清理专家版本: 2008.08.12.553 恶意软件库版本: 2008.08.06.1 漏洞库版本: 2008.09.02.1 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] ============================================================== Explorer加载项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run [dlnjjbdfa] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cimone] 文件路径: C:\comine.exe [分析中] [gmail] 文件路径: c:\toskngr.exe [分析中] [RavMonS] [IMJPMIG8.1] <; > [PHIME2002A] <; > [PHIME2002ASync] <; > ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\C\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 localhost 121.205.88.20 www.fs2you.com 59.63.157.25 www.fs2you.com 222.169.230.101 dyn.www.fs2you.com 59.32.232.195 cachefile1.fs2you.com 222.169.230.98 cachefile2.fs2you.com 221.204.246.79 cachefile3.fs2you.com 61.150.85.80 cachefile4.fs2you.com 60.2.139.27 cachefile5.fs2you.com 61.184.189.10 cachefile6.fs2you.com 61.174.62.132 cachefile7.fs2you.com 58.211.75.49 cachefile8.fs2you.com 61.134.84.238 cachefile9.fs2you.com 61.156.40.181 cachefile10.fs2you.com 218.75.151.4 cachefile11.fs2you.com 58.211.75.31 cachefile12.fs2you.com 124.94.101.133 cachefile13.fs2you.com 221.204.246.115 cachefile14.fs2you.com 218.75.151.10 cachefile15.fs2you.com 58.218.209.126 cachefile16.fs2you.com 61.157.152.173 cachefile17.fs2you.com 125.46.41.27 cachefile18.fs2you.com 125.91.11.223 cachefile19.fs2you.com 59.53.48.134 cachefile20.fs2you.com 59.53.48.136 cachefile21.fs2you.com 59.53.48.144 cachefile22.fs2you.com 61.139.106.204 cachefile23.fs2you.com 59.53.48.172 cachefile24.fs2you.com 124.94.101.146 cachefile25.fs2you.com 61.166.111.227 cachefile26.fs2you.com 59.32.232.195 file1.fs2you.com 222.169.230.98 file2.fs2you.com 221.204.246.79 file3.fs2you.com 61.150.85.80 file4.fs2you.com 60.2.139.27 file5.fs2you.com 61.184.189.10 file6.fs2you.com 61.174.62.132 file7.fs2you.com 58.211.75.49 file8.fs2you.com 61.134.84.238 file9.fs2you.com 61.156.40.181 file10.fs2you.com 218.75.151.4 file11.fs2you.com 58.211.75.31 file12.fs2you.com 124.94.101.133 file13.fs2you.com 221.204.246.115 file14.fs2you.com 218.75.151.10 file15.fs2you.com 58.218.209.126 file16.fs2you.com 61.157.152.173 file17.fs2you.com 125.46.41.27 file18.fs2you.com 125.91.11.223 file19.fs2you.com 59.53.48.134 file20.fs2you.com 59.53.48.136 file21.fs2you.com 59.53.48.144 file22.fs2you.com 61.139.106.204 file23.fs2you.com 59.53.48.172 file24.fs2you.com 124.94.101.146 file25.fs2you.com 61.166.111.227 file26.fs2you.com ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [DcomLaunch] [已启用] <%SystemRoot%\system32\rpcss.dll> 文件路径: C:\WINDOWS\system32\rpcss.dll [分析中] [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> [MSDSevs] [已启用] 文件路径: C:\WINDOWS\system32\8ff6.exe [可疑的] [RpcSs] [已启用] 文件路径: c:\windows\system32\rpcss.dll [分析中] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [IlvMoneyDRIVER53] [已启用] <\??\E:\新建文件夹\破攻+全屏吸物+教程登陆器\IlvMoney1105.sys> [osdqvf] [已启用] <\??\C:\WINDOWS\system32\drivers\osdqvf.sys> 文件路径: C:\WINDOWS\system32\drivers\osdqvf.sys [分析中] [oswzhx] [已启用] <\??\C:\WINDOWS\system32\drivers\oswzhx.sys> [osxvsn] [已启用] <\??\C:\WINDOWS\system32\drivers\osxvsn.sys> [oszjqw] [已启用] <\??\C:\WINDOWS\system32\drivers\oszjqw.sys> 文件路径: C:\WINDOWS\system32\drivers\oszjqw.sys [分析中] [prcin] [已禁用] [pwtkp] [已禁用] [rkkws] [已启用] 文件路径: C:\WINDOWS\system32\drivers\rkkws.sys [未知] [SWW] [已启用] <\??\C:\Documents and Settings\C\桌面\小铭铭055冒险岛SF辅助\SWW.sys> [xoyvl] [已禁用] ============================================================== 当前进程 ============================================================== 名称: 8ff6.exe [已启用] 文件路径: C:\WINDOWS\system32\8ff6.exe [可疑的] (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Apphelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 名称: qqshel.exe [已启用] 命令行: qqshel.exe 文件路径: C:\WINDOWS\qqshel.exe [可疑的] (Microsoft) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42LOC.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMCTL32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RASAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\sensapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 名称: comine.exe [已启用] 命令行: "C:\comine.exe" 文件路径: C:\comine.exe [分析中] (连连看2.4) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\vb6chs.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 名称: toskngr.exe [已启用] 命令行: "C:\toskngr.exe" 文件路径: C:\toskngr.exe [分析中] (连连看2.4) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\vb6chs.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wshom.ocx (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MPR.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSPOOL.DRV (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ScrRun.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42LOC.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wshCHS.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LINKINFO.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ntshrui.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ATL.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SXS.DLL (Microsoft Corporation) ============================================================== IE扩展按钮 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions [良朋電腦網] <{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}> ============================================================== IE扩展菜单 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt <&使用快车(FlashGet)下载> <> <&使用快车(FlashGet)下载全部链接> <> ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展]