============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-10-18, 22:16 诊断平台: Windows XP [5.1.2600] Service Pack 3 IE版本: Internet Explorer V7.0.13.5730 计算机物理内存: 1015(MB) 当前可用内存: 544(MB) 硬盘总大小: 111(GB) 硬盘可用空间: 90(GB) 清理专家版本: 2008.10.13.10 恶意软件库版本: 2008.08.06.1 漏洞库版本: 2008.10.15.1 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.5512 (xpsp.080413-2111)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.5512 (xpsp.080413-2111)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.5512 (xpsp.080413-2111)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.5512 (xpsp.080413-2111)] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Vistadrv] <; C:\WINDOWS\Resources\Themes\VistaDrv\vsdrv.exe> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\zhengjuanwang\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== 文件扩展名关联 ============================================================== .M3U <"e:\Program Files\StormII\Storm.exe" /play "%1"> 文件路径: e:\Program Files\StormII\Storm.exe [服务器忙] ============================================================== Host File ============================================================== 127.0.0.1 localhost ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> [hpqwmiex] [已启用] 文件路径: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [服务器忙] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [almhe] [已启用] 文件路径: C:\WINDOWS\system32\drivers\almhe.sys [服务器忙] [ATSpy] [已启用] <\??\C:\WINDOWS\system32\ATSpy.sys> [Fsevisys] [已启用] <\??\C:\WINDOWS\system32\Fsevisys.sys> 文件路径: C:\WINDOWS\system32\Fsevisys.sys [可疑的] [msIffei] [已启用] [npkcrypt] [已启用] <\??\F:\Program Files\Tencent\QQ\TMDlls\npkcrypt.sys> [sptd] [已启用] 文件路径: C:\WINDOWS\system32\Drivers\sptd.sys [文件无法访问] [UIUSys] [已启用] [ZSMC0305] [已启用] 文件路径: C:\WINDOWS\system32\Drivers\usbVM305.sys [服务器忙] ============================================================== 当前进程 ============================================================== 名称: hpqwmiex.exe [已启用] 命令行: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" 文件路径: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [服务器忙] (Hewlett-Packard Development Company. L.P.) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wbem\wbemprox.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wbem\wbemcomn.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wbem\wbemsvc.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wbem\fastprox.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVCP60.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NTDSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation) 名称: racer.exe [已启用] 命令行: "C:\Program Files\racer-ccn-racerpc-jl\racer.exe" 文件路径: C:\Program Files\racer-ccn-racerpc-jl\racer.exe [服务器忙] (Putian Runway) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: f:\Program Files\Rising\AntiSpyware\comx3.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: f:\Program Files\Rising\AntiSpyware\Syslay.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\Wtsapi32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSTA.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) 模块文件: f:\program files\rising\rfw\ijt_base.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: f:\program files\rising\rfw\olemon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\rwxre.dll (Putian Runway) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\nspr4.dll (Netscape Communications Corporation) 模块文件: C:\WINDOWS\system32\WSOCK32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\xpcom_core.dll (Mozilla Foundation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\plc4.dll (Netscape Communications Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\plds4.dll (Netscape Communications Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\nss3.dll (Netscape Communications Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\softokn3.dll (Netscape Communications Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\js3250.dll (Netscape Communications Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\gkgfx.dll (Mozilla Foundation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\xpcom_compat.dll (Mozilla Foundation) 模块文件: C:\WINDOWS\system32\comdlg32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSPOOL.DRV (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\smime3.dll (Netscape Communications Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\ssl3.dll (Netscape Communications Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\racer_base_comp.dll (Putian Runway) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\racer_base.dll (Putian Runway) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\kbdhook.dll (Putian Runway) 模块文件: C:\WINDOWS\system32\HID.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\jar50.dll (Mozilla Foundation) 模块文件: C:\WINDOWS\system32\msimtf.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\gklayout.dll (Mozilla Foundation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\nssckbi.dll (Netscape Communications Corporation) 模块文件: C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\racer_ad_comp.dll (Putian Runway) 模块文件: C:\WINDOWS\system32\WINTRUST.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMAGEHLP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msimg32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mslbui.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\racer_access_pppoe.dll (Putian Runway) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\pppoe.dll (北京润汇科技有限公司) 模块文件: C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RASAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\components\racer_nss4_comp.dll (Putian Runway) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\nss4.dll (北京润汇科技有限公司) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\wpcap.dll (CACE Technologies) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\packet.dll (CACE Technologies) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\WanPacket.dll (CACE Technologies) 模块文件: C:\WINDOWS\system32\NPPTools.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42u.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MFC42LOC.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\npp\ndisnpp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\appHelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RavExt.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\plugins\NPSWF32.dll 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Normaliz.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSACM32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\midimap.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\schannel.dll (Microsoft Corporation) 模块文件: C:\Program Files\racer-ccn-racerpc-jl\plugins\npmozax.dll