============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-10-17, 21:37 诊断平台: Windows Vista [6.0.6001] Service Pack 1 IE版本: Internet Explorer V7.0.18000.6001 计算机物理内存: 1021(MB) 当前可用内存: 257(MB) 硬盘总大小: 111(GB) 硬盘可用空间: 36(GB) 清理专家版本: 2008.10.13.10 恶意软件库版本: 2008.08.06.1 漏洞库版本: 2008.10.15.1 ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [iparmor] 文件路径: C:\Program Files\Iparmor\iparmor.exe [分析中] [HP Software Update] <; > ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Common Startup: %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup ============================================================== Host File ============================================================== 127.0.0.1 aaa.369678.cn 127.0.0.1 about-blank.cc 127.0.0.1 anjdyazj.cn 127.0.0.1 hao.allxun.com 127.0.0.1 kzxf.com 127.0.0.1 scvip.com 127.0.0.1 vod.mmdy.org 127.0.0.1 www.123wa.com 127.0.0.1 www.369678.cn 127.0.0.1 www.4199.com 127.0.0.1 www.71791.com 127.0.0.1 www.7939.com 127.0.0.1 www.9505.com 127.0.0.1 www.anjdyazj.cn 127.0.0.1 www.feixue.net 127.0.0.1 www.kzxf.com 127.0.0.1 www.my123.com 127.0.0.1 www.piaoxue.com 127.0.0.1 www.scvip.com 127.0.0.1 www.xfkz.com 127.0.0.1 xfkz.com ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds [StartupPrograms] [已启用] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [Elexander Roshal] [已启用] 文件路径: C:\Program Files\WinRAR\winror.exe [可疑的] [ewido security suite guard] [已启用] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [blbdrive] [已禁用] <\SystemRoot\system32\drivers\blbdrive.sys> [ewido security suite driver] [已启用] <\??\C:\Users\hp\AppData\Local\Temp\Rar$EX03.154\EWIDO3.5\guard.sys> [IpInIp] [已启用] [NwlnkFlt] [已启用] [NwlnkFwd] [已启用] [SymIM] [已启用] [SymIMMP] [已启用] ============================================================== 当前进程 ============================================================== 名称: Iparmor.exe [已启用] 命令行: "C:\Program Files\Iparmor\Iparmor.exe" mini 文件路径: C:\Program Files\Iparmor\Iparmor.exe [分析中] (luosoft.com) 模块文件: C:\Windows\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\user32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\oleaut32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\mpr.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\version.dll (Microsoft Corporation) 模块文件: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\winspool.drv (Microsoft Corporation) 模块文件: C:\Windows\system32\shell32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\wininet.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Normaliz.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\comdlg32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\wsock32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NSI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\oledlg.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\netapi32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\winmm.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\OLEACC.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\apphelp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\GOOGLEPINYIN.IME (Google Inc.) 模块文件: C:\Windows\system32\dbghelp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NTMARTA.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\WLDAP32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SAMLIB.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\olepro32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\RICHED20.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\Program Files\Iparmor\iparmor4.dll 模块文件: C:\Windows\system32\PROPSYS.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\CLBCatQ.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\RASAPI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\credssp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\schannel.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\sensapi.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NLAapi.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\IPHLPAPI.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\dhcpcsvc.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WINNSI.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\dhcpcsvc6.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\mswsock.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\wship6.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\napinsp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\winrnr.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\wdmaud.drv (Microsoft Corporation) 模块文件: C:\Windows\system32\ksuser.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\MMDevAPI.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\AVRT.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WINTRUST.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\imagehlp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\AUDIOSES.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\audioeng.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\msacm32.drv (Microsoft Corporation) 模块文件: C:\Windows\system32\MSACM32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\midimap.dll (Microsoft Corporation) 名称: 修改的2.4版SREng.EXE [已启用] 命令行: "C:\Users\hp\AppData\Local\Temp\Rar$EX11.699\修改的2.4版SREng.EXE" 文件路径: C:\Users\hp\AppData\Local\Temp\Rar$EX11.699\修改的2.4版SREng.EXE [未知] (1111) 模块文件: C:\Windows\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NSI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\oledlg.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WINSPOOL.DRV (Microsoft Corporation) 模块文件: C:\Windows\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Normaliz.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\comdlg32.dll (Microsoft Corporation) 模块文件: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\COMCTL32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\OLEACC.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\RICHED20.DLL (Microsoft Corporation) 模块文件: C:\Program Files\Iparmor\iparmor4.dll 模块文件: C:\Windows\system32\apphelp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\GOOGLEPINYIN.IME (Google Inc.) 模块文件: C:\Windows\system32\dbghelp.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NTMARTA.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\WLDAP32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\SAMLIB.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\sfc.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Sensapi.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\sfc_os.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\CLBCatQ.DLL (Microsoft Corporation) 模块文件: C:\Windows\system32\LINKINFO.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ncrypt.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\BCRYPT.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\GPAPI.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\slc.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\Cabinet.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\cryptnet.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\browseui.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\PROPSYS.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\DUser.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\NetworkExplorer.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\WindowsCodecs.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\AcSignIcon.dll (Autodesk) 模块文件: C:\Windows\system32\ntshrui.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\cscapi.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\shdocvw.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\msshsq.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\thumbcache.dll (Microsoft Corporation) 模块文件: C:\Windows\System32\actxprxy.dll (Microsoft Corporation) 模块文件: C:\Windows\system32\ieframe.dll (Microsoft Corporation) 模块文件: C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll (Autodesk) 模块文件: C:\Windows\system32\urlmon.dll (Microsoft Corporation) ============================================================== IE扩展按钮 ============================================================== 该项来源: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions [深度视听] <{F2C63239-A5DB-487B-B283-4132351E7AB6}> ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [ThunderAtOnce Class] <{01443AEC-0FD1-40FD-9C87-E93D1494C233}> [{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] <{08B0E5C0-4FCB-11CF-AAA5-00401C608501}> [GerneralPeerID Class] <{0A47E819-F82E-4D5D-B806-6A9EA94D68CD}> [Thunder Agent Class] <{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}> [SSVHelper Class] <{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}> [Thunder Browser Helper] <{889D2FEB-5411-4565-8998-1DD2C5261283}> [Windows Live 登录帮助程序] <{9030D464-4C02-4ABF-8ECC-5164760863C6}> [PowerCreator VSPlayer Control] <{D11A6BD7-E931-475B-875F-19980200B46B}> 文件路径: C:\PROGRA~1\REALTI~1\LIVEPL~1\AVPlayer.dll [分析中] [webThunder Class] <{D2E6878A-49AF-4F6B-8A2F-C2A93F19EF80}> [A Simulation for JetCar Netscape Class] <{E2065C93-6DF5-4782-AB38-EEC53AA41C76}> [QQRightClick Class] <{E2E5C57A-BA48-4B0D-A5B5-13130F9D2AA3}> ============================================================== 兼容模式相关项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\boot [shell]