============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-11-21, 21:53 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 255(MB) 当前可用内存: 97(MB) 硬盘总大小: 76(GB) 硬盘可用空间: 45(GB) 清理专家版本: 2008.06.13.404 恶意软件库版本: 0.00.00.0 漏洞库版本: 0.00.00.0 ============================================================== App Init DLLs ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [kvonreboot] 文件路径: C:\WINDOWS\system32\360Kill.bat [未知] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}> 文件路径: C:\WINDOWS\system32\dpvvoxmh.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}> 文件路径: C:\WINDOWS\system32\fuzxttnt.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{C0595A7E-2E2F-4B34-A83A-019270A0A464}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{3A698452-C5D8-C584-C256-C264C987C5A3}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{A9895933-6636-4281-BC58-EE6DE2AF96E3}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}> 文件路径: C:\WINDOWS\system32\tscfgwmijxsj.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{021F087F-4378-545F-74FA-37D345AD7A8C}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DA56B183-A731-402b-9235-2CB8803E212D}> 文件路径: C:\WINDOWS\system32\imgutilhx2.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{55671234-7890-ABCD-CDEF-567801237655}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}> 文件路径: C:\WINDOWS\system32\adsntzt.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{71A78CD4-E470-4a18-8457-E0E0283DD507}> 文件路径: C:\WINDOWS\system32\lweurqhx.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{9FD45A54-9875-698F-E56E-65102358FDF9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{67AC9076-C898-B098-D098-A18319080976}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{0B846B26-BFE6-4E8E-A948-1DB17B77B483}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{5E907A48-400E-4EA8-9792-FFAE052D59E9}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{76D44356-B494-443a-BEDC-AA68DE4255E6}> 文件路径: C:\WINDOWS\system32\dispexcb.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{D3112B69-A745-4805-874E-ABD480EA1299}> 文件路径: C:\WINDOWS\system32\bootvidgj.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}> 文件路径: C:\WINDOWS\system32\cliconfgzx.dll [未知] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{00180018-0018-0018-0018-00180018BB15}> 文件路径: C:\WINDOWS\system32\mstimewd.dll [未知] ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [npkcrypt] [已启用] <\??\C:\WINDOWS\system32\npkcrypt.sys> [npkycryp] [已启用] <\??\C:\WINDOWS\system32\npkycryp.sys> ============================================================== 当前进程 ============================================================== 名称: 金-山-诊-断及粉-碎-器.exe [已启用] 命令行: "C:\Documents and Settings\Administrator\桌面\金-山-诊-断及粉-碎-器\金-山-诊-断及粉-碎-器.exe" 文件路径: C:\Documents and Settings\Administrator\桌面\金-山-诊-断及粉-碎-器\金-山-诊-断及粉-碎-器.exe [未知] 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMDLG32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\riched32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RICHED20.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\loanoltrd.dll 模块文件: C:\WINDOWS\system32\VERSION.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WSOCK32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\dgsfgdljv.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\pserspxvh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mstimewd.dll 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\cliconfgzx.dll 模块文件: C:\WINDOWS\system32\bootvidgj.dll 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\dispexcb.dll 模块文件: C:\WINDOWS\system32\lweurqhx.dll 模块文件: C:\WINDOWS\system32\adsntzt.dll 模块文件: C:\WINDOWS\system32\imgutilhx2.dll 模块文件: C:\WINDOWS\system32\tscfgwmijxsj.dll 模块文件: C:\WINDOWS\system32\fuzxttnt.dll 模块文件: C:\WINDOWS\system32\dpvvoxmh.dll 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\netapi32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\appHelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) ============================================================== 预加载程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer [{16B05A05-27C1-E38D-F49E-8D27C17C16B0}] 文件路径: C:\WINDOWS\system32\LQVAFK.dll [分析中] ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components [{5c386e54-d4b0-2905-2905-e5c1f7edd34a}] <{5c386e54-d4b0-2905-2905-e5c1f7edd34a}> 文件路径: C:\WINDOWS\system32\utovbti\svchost.exe [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [MediaComm Class] <{7670648D-461B-42AF-BDFE-46D26AF5EFF2}> ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展] [RealOne Player Context Menu Class]