============================================================== 金山清理专家系统诊断报告该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-11-15, 12:22 诊断平台: Windows XP [5.1.2600] Service Pack 3 IE版本: Internet Explorer V7.0.13.5730 计算机物理内存: 503(MB) 当前可用内存: 223(MB) 硬盘总大小: 68(GB) 硬盘可用空间: 40(GB) 清理专家版本: 2008.10.13.10 恶意软件库版本: 2008.11.11.1 漏洞库版本: 2008.11.13.1 ============================================================== Explorer加载项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\KASDisabled [nwiz] 文件路径: C:\WINDOWS\system32\chmhp.exe [分析中] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F65BDEC7-4BF3-4512-840F-68B166B6D7AC}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{59964D2B-044A-40AE-8837-0ED9EE8BDA08}> <59964D2B.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DA63E650-537C-4042-87BB-9D19D844680B}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{6E3FCC92-4080-4619-86AA-D2AF43A478EE}> <6E3FCC92.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F2CBFAC4-6FF9-4DE9-BCB1-0F2FA2AA0B4C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}> <08223B03.dll> 文件路径: C:\WINDOWS\system32\08223B03.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{9F684DE8-3E87-4174-9033-E02A3DFD8B61}> <9F684DE8.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}> <5934EA2B.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E3367679-4775-4244-A62E-4CFE58FC850B}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{3F21AA0C-2A9E-4BE9-9083-9E58AB41BA01}> <3F21AA0C.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{70B0129E-726E-4789-A7C0-5DDC33241E94}> <70B0129E.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{58FF3024-8A83-4B1A-88E9-302F47646EEE}> <58FF3024.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{8566F82E-03A4-416E-AEAC-66600D8881F1}> <8566F82E.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}> <66AFCB56.dll> 文件路径: C:\WINDOWS\system32\66AFCB56.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{9CA963CA-107C-4089-B0AB-31380F90D7E3}> <9CA963CA.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}> <122B901E.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{3FDEB171-8F86-0004-0001-69B8DB553683}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F8AB57E9-BA5D-4F11-8834-3DF603561B34}> 文件路径: C:\WINDOWS\system32\F8AB57E9.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{BA7EDF54-8408-4B21-B351-7B447B344BA4}> 文件路径: C:\WINDOWS\system32\BA7EDF54.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{B05A92B0-F7B0-4E5B-884E-3D5FB2D4552A}> 文件路径: C:\Program Files\Internet Explorer\Vet4321t.321 [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E59C8BDA-489C-47EC-8967-A33C6A730B10}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}> <4FBFD5A4.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}> <3D144530.dll> 文件路径: C:\WINDOWS\system32\3D144530.dll [分析中] ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 localhost ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [aliimz] [已启用] 文件路径: C:\WINDOWS\system32\Drivers\aliimz [分析中] [ATSpy] [已启用] <\??\C:\WINDOWS\system32\ATSpy.sys> [d7b49fa] [已启用] <\??\C:\WINDOWS\system32\d7b49fa.sys> [f35ee9e] [已启用] <\??\C:\WINDOWS\system32\f35ee9e.sys> [sr] [已禁用] <\SystemRoot\system32\DRIVERS\sr.sys> [wmpobj] [已启用] <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys> 文件路径: C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys [病毒程序] ============================================================== BHO ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects [MaxthonSurfer Class] {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} 文件路径: C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2198.dll [病毒程序] [{B05A92B0-F7B0-4E5B-884E-3D5FB2D4552A}] {B05A92B0-F7B0-4E5B-884E-3D5FB2D4552A} 文件路径: C:\Program Files\Internet Explorer\Vet4321t.321 [病毒程序] [{E59C8BDA-489C-47EC-8967-A33C6A730B10}] {E59C8BDA-489C-47EC-8967-A33C6A730B10} ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [CAdLogic Object] <{11F09AFD-75AD-4E51-AB43-E09E9351CE16}> [XMP Class] <{6483F145-A768-4C41-AACC-52D4D7845851}> 文件路径: C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work [分析中] [XDRM] <{693571CB-54A3-4E90-9D52-EEAE1334E2D3}> 文件路径: C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work [分析中] [TTPlayer ActiveX Control] <{89AE5F82-410A-4040-9387-68D1144EFD03}> [MaxthonSurfer Class] <{AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8}> 文件路径: C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2198.dll [病毒程序] [DapCtrl Class] <{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}> 文件路径: C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(531).dll [分析中] [{B05A92B0-F7B0-4E5B-884E-3D5FB2D4552A}] <{B05A92B0-F7B0-4E5B-884E-3D5FB2D4552A}> 文件路径: C:\Program Files\Internet Explorer\Vet4321t.321 [病毒程序] [{E59C8BDA-489C-47EC-8967-A33C6A730B10}] <{E59C8BDA-489C-47EC-8967-A33C6A730B10}> [XPPlayer Class] <{F3E70CEA-956E-49CC-B444-73AFE593AD7F}> 文件路径: C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(531).dll [分析中] ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展]