============================================================== 金山清理专家系统诊断报告该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-10-14, 12:11 诊断平台: Windows XP [5.1.2600] Service Pack 3, v.3300 IE版本: Internet Explorer V6.0.3300.2900 计算机物理内存: 511(MB) 当前可用内存: 230(MB) 硬盘总大小: 33(GB) 硬盘可用空间: 23(GB) 清理专家版本: 2008.10.13.10 恶意软件库版本: 2008.08.06.1 漏洞库版本: 2008.09.02.1 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [killrodog] <"F:\封装工具\killer_rodog.exe" -anti> [IMJPMIG8.1] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [PHIME2002A] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [PHIME2002ASync] <; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> ============================================================== 延迟加载 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad [dpvvoxmh.dll] [bootvidgj.dll] [yfaytbvs.dll] [fsusdtd.dll] [cmhsxknh.dll] [bpnynkfw.dll] [msobjstl.dll] [lweurqhx.dll] [cliconfgzx.dll] [wogtaxqf.dll] [saylxvla.dll] [etmtaanj.dll] [wqekirxc.dll] [wnpuhzzg.dll] [osyeygop.dll] [snqbckfd.dll] [pobogwrm.dll] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{021F087F-4378-545F-74FA-37D345AD7A8C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F490415F-65F8-B5C5-D8BA-9405FB12054F}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C629FF4F-ACDB-5C90-A098-FACB3456A26C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{70940F85-F015-14F1-A05F-F69858AC6D07}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{9FD45A54-9875-698F-E56E-65102358FDF9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{28766E1C-74B0-4417-8C75-F12AE309EF35}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{3A698452-C5D8-C584-C256-C264C987C5A3}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C0595A7E-2E2F-4B34-A83A-019270A0A464}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{841529CB-7F77-4B99-A895-B5441E0D302F}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{EC69134A-F15F-D14D-A31A-C31C4D124FCE}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{58093456-9012-4568-9076-908765467185}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{30675194-0FB5-40A9-9845-286855DF13B5}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{5B77087D-AB76-4C22-B0A6-C34D1F438E55}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{8C648541-1025-9650-9057-6541258720C8}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{D3112B69-A745-4805-874E-ABD480EA1299}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{84143967-B645-4BFF-B873-DA1DC886E9A7}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F99DEFDD-200B-4410-B572-E90883D527D2}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{5E907A48-400E-4EA8-9792-FFAE052D59E9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{28EB3777-3E23-4E72-8449-A992D09D24C3}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{272A3236-188A-4E8A-8675-868AF8A8D151}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{AA59145F-315D-BC23-AC1F-145DF81A34AA}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{67AC9076-C898-B098-D098-A18319080976}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{AA041F13-A111-12A3-B0CF-F99818AA68AA}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{75694105-5108-9405-3695-954187462157}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{461D2AB4-29A5-45C2-9134-D52272D3DE38}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{B7F5682F-1D2C-49b5-8723-E75ED258CA0D}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{319675CC-4129-497f-8C7F-E2F48251019E}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{71A78CD4-E470-4a18-8457-E0E0283DD507}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C3D16072-2E1B-450B-B843-50EADDC8EB63}> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 localhost ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [helpsvc] [已禁用] <%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll> [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> [mnmsrvc] [已启用] [srservice] [已禁用] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 [vidc.I420] [已启用] [SENTINEL] [已启用] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [mgnmt] [已启用] [Sentinel] [已启用] <\SystemRoot\System32\Drivers\SENTINEL.SYS> [sr] [已禁用] <\SystemRoot\system32\DRIVERS\sr.sys> [wmpobj] [已禁用] <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys> ============================================================== BHO ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects [InceSurfer Class] {686488AF-13D5-9DDF-4FEF-9FB88698CFC1} ============================================================== IE扩展按钮 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions [启动迅雷5] <{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}> 文件路径: C:\Program Files\Thunder Network\Thunder\Thunder.exe [分析中] ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [InceSurfer Class] <{686488AF-13D5-9DDF-4FEF-9FB88698CFC1}> ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control [VDD] [VDD] [VDD]