============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2008-12-20, 21:15 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 511(MB) 当前可用内存: 209(MB) 硬盘总大小: 71(GB) 硬盘可用空间: 45(GB) 清理专家版本: 2008.11.18.98 恶意软件库版本: 2008.10.10.1 漏洞库版本: 2008.11.12.7 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 文件路径: C:\WINDOWS\system32\svchost.exe [可疑的] [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] ============================================================== Explorer加载项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run [nwiz] 文件路径: C:\WINDOWS\system32\alibaba32.exe [分析中] ============================================================== App Init DLLs ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HBService32] 文件路径: C:\WINDOWS\system32\System.exe [分析中] ============================================================== 登陆加载项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon [Userinit] 文件路径: C:\WINDOWS\System32\userinit.exe [分析中] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{D7C79813-9233-4AE0-832C-99B2E8019673}> 文件路径: C:\WINDOWS\system32\D7C79813.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E1384213-0948-4A60-A9E3-875B191CC2E7}> 文件路径: C:\WINDOWS\system32\E1384213.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}> <56BC86C7.dll> 文件路径: C:\WINDOWS\system32\56BC86C7.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E0D39066-96D7-4891-8527-488ADAFCD60F}> 文件路径: C:\WINDOWS\system32\E0D39066.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}> <122B901E.dll> 文件路径: C:\WINDOWS\system32\122B901E.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}> 文件路径: C:\WINDOWS\system32\DFB3DAC5.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}> <4FBFD5A4.dll> 文件路径: C:\WINDOWS\system32\4FBFD5A4.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{198FF3D8-56F1-466B-A36F-F9C28B43E440}> <198FF3D8.dll> 文件路径: C:\WINDOWS\system32\198FF3D8.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DA63E650-537C-4042-87BB-9D19D844680B}> 文件路径: C:\WINDOWS\system32\DA63E650.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}> <08223B03.dll> 文件路径: C:\WINDOWS\system32\08223B03.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{AAC70E2B-C79A-4717-A2E1-3563EAB93ECC}> 文件路径: C:\WINDOWS\system32\AAC70E2B.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{13DED518-ACC3-4FA7-AF26-4E67A43B016E}> <13DED518.dll> 文件路径: C:\WINDOWS\system32\13DED518.dll [分析中] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{FECF558B-7141-45D9-BD23-1B0E391BA01B}> 文件路径: C:\Program Files\Internet Explorer\SysPetNt.Sys [可疑的] ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\sgg\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 v.onondown.com.cn 127.0.0.2 ymsdasdw1.cn 127.0.0.3 h96b.info 127.0.0.0 fuck.zttwp.cn 127.0.0.0 www.hackerbf.cn 127.0.0.0 ww.popdm.cn 127.1.1.1 bbt.etimes888.com 127.1.1.1 l.neter888.cn 127.1.1.1 stat.untang.com 127.1.1.1 www.ikdy.cn 127.0.0.0 geekbyfeng.cn 127.0.0.0 121.14.101.68 127.0.0.0 ppp.etimes888.com 127.0.0.0 www.bypk.com 127.0.0.0 CSC3-2004-crl.verisign.com 127.0.0.1 va9sdhun23.cn 127.0.0.0 udp.hjob123.com 127.0.0.2 bnasnd83nd.cn 127.0.0.0 www.gamehacker.com.cn 127.0.0.0 gamehacker.com.cn 127.1.1.1 www.cctv-100008.cn 127.1.1.1 222.73.208.141 127.0.0.3 adlaji.cn 127.1.1.1 aiyyw.com 127.0.0.1 858656.com 127.1.1.1 bnasnd83nd.cn 127.0.0.1 my123.com 127.0.0.0 user1.12-27.net 127.0.0.1 8749.com 127.0.0.0 fengent.cn 127.0.0.1 4199.com 127.0.0.1 user1.16-22.net 127.0.0.1 7379.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 127.0.0.1 7255.com 127.0.0.1 user1.23-12.net 127.0.0.1 3448.com 127.0.0.1 www.guccia.net 127.0.0.1 7939.com 127.0.0.1 a.o1o1o1.nEt 127.0.0.1 8009.com 127.0.0.1 user1.12-73.cn 127.0.0.1 piaoxue.com 127.0.0.1 3n8nlasd.cn 127.0.0.1 kzdh.com 127.0.0.0 www.sony888.cn 127.0.0.1 about.blank.la 127.0.0.0 user1.asp-33.cn 127.0.0.1 6781.com 127.0.0.0 www.netkwek.cn 127.0.0.1 7322.com 127.0.0.0 ymsdkad6.cn 127.0.0.1 localhost 127.0.0.0 www.lkwueir.cn 127.0.0.1 06.jacai.com 127.0.1.1 user1.23-17.net 127.0.0.1 1.jopenkk.com 127.0.0.0 upa.luzhiai.net 127.0.0.1 1.jopenqc.com 127.0.0.0 www.guccia.net 127.0.0.1 1.joppnqq.com 127.0.0.0 4m9mnlmi.cn 127.0.0.1 1.xqhgm.com 127.0.0.0 mm119mkssd.cn 127.0.0.1 100.332233.com 127.0.0.0 61.128.171.115:8080 127.0.0.1 121.11.90.79 127.0.0.0 www.1119111.com 127.0.0.1 121565.net 127.0.0.0 win.nihao69.cn 127.0.0.1 125.90.88.38 127.0.0.1 16888.6to23.com 127.0.0.1 2.joppnqq.com 127.0.0.0 puc.lianxiac.net 127.0.0.1 204.177.92.68 127.0.0.0 pud.lianxiac.net 127.0.0.1 210.74.145.236 127.0.0.0 210.76.0.133 127.0.0.1 219.129.239.220 127.0.0.0 61.166.32.2 127.0.0.1 219.153.40.221 127.0.0.0 218.92.186.27 127.0.0.1 219.153.46.27 127.0.0.0 www.fsfsfag.cn 127.0.0.1 219.153.52.123 127.0.0.0 ovo.ovovov.cn 127.0.0.1 221.195.42.71 127.0.0.0 dw.com.com 127.0.0.1 222.73.218.115 127.0.0.1 203.110.168.233:80 127.0.0.1 3.joppnqq.com 127.0.0.1 203.110.168.221:80 127.0.0.1 363xx.com 127.0.0.1 www1.ip10086.com.cm 127.0.0.1 4199.com 127.0.0.1 blog.ip10086.com.cn 127.0.0.1 43242.com 127.0.0.1 www.ccji68.cn 127.0.0.1 5.xqhgm.com 127.0.0.0 t.myblank.cn 127.0.0.1 520.mm5208.com 127.0.0.0 x.myblank.cn 127.0.0.1 59.34.131.54 127.0.0.1 210.51.45.5 127.0.0.1 59.34.198.228 127.0.0.1 www.ew1q.cn 127.0.0.1 59.34.198.88 127.0.0.1 59.34.198.97 127.0.0.1 60.190.114.101 127.0.0.1 60.190.218.34 127.0.0.0 qq-xing.com.cn 127.0.0.1 60.191.124.252 127.0.0.1 61.145.117.212 127.0.0.1 61.157.109.222 127.0.0.1 75.126.3.216 127.0.0.1 75.126.3.217 127.0.0.1 75.126.3.218 127.0.0.0 59.125.231.177:17777 127.0.0.1 75.126.3.220 127.0.0.1 75.126.3.221 127.0.0.1 75.126.3.222 127.0.0.1 772630.com 127.0.0.1 832823.cn 127.0.0.1 8749.com 127.0.0.1 888.jopenqc.com 127.0.0.1 89382.cn 127.0.0.1 8v8.biz 127.0.0.1 97725.com 127.0.0.1 9gg.biz 127.0.0.1 www.9000music.com 127.0.0.1 test.591jx.com 127.0.0.1 a.topxxxx.cn 127.0.0.1 picon.chinaren.com 127.0.0.1 www.5566.net 127.0.0.1 p.qqkx.com 127.0.0.1 news.netandtv.com 127.0.0.1 z.neter888.cn 127.0.0.1 b.myblank.cn 127.0.0.1 wvw.wokutu.com 127.0.0.1 unionch.qyule.com 127.0.0.1 www.qyule.com 127.0.0.1 it.itjc.cn 127.0.0.1 www.linkwww.com 127.0.0.1 vod.kaicn.com 127.0.0.1 www.tx8688.com 127.0.0.1 b.neter888.cn 127.0.0.1 promote.huanqiu.com 127.0.0.1 www.huanqiu.com 127.0.0.1 www.haokanla.com 127.0.0.1 play.unionsky.cn 127.0.0.1 www.52v.com 127.0.0.1 www.gghka.cn 127.0.0.1 icon.ajiang.net 127.0.0.1 new.ete.cn 127.0.0.1 www.stiae.cn 127.0.0.1 o.neter888.cn 127.0.0.1 comm.jinti.com 127.0.0.1 www.google-analytics.com 127.0.0.1 hz.mmstat.com 127.0.0.1 www.game175.cn 127.0.0.1 x.neter888.cn 127.0.0.1 z.neter888.cn 127.0.0.1 p.etimes888.com 127.0.0.1 hx.etimes888.com 127.0.0.1 abc.qqkx.com 127.0.0.1 dm.popdm.cn 127.0.0.1 www.yl9999.com 127.0.0.1 www.dajiadoushe.cn 127.0.0.1 v.onondown.com.cn 127.0.0.1 www.interoo.net 127.0.0.1 bally1.bally-bally.net 127.0.0.1 www.bao5605509.cn 127.0.0.1 www.rty456.cn 127.0.0.1 www.werqwer.cn 127.0.0.1 1.360-1.cn 127.0.0.1 user1.23-16.net 127.0.0.1 www.guccia.net 127.0.0.1 www.interoo.net 127.0.0.1 upa.netsool.net 127.0.0.1 js.users.51.la 127.0.0.1 vip2.51.la 127.0.0.1 web.51.la 127.0.0.1 qq.gong2008.com 127.0.0.1 2008tl.copyip.com 127.0.0.1 tla.laozihuolaile.cn 127.0.0.1 www.tx6868.cn 127.0.0.1 p001.tiloaiai.com 127.0.0.1 s1.tl8tl.com 127.0.0.1 s1.gong2008.com 127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [AppMgmt] [已启用] <%SystemRoot%\System32\appmgmts.dll> [DcomLaunch] [已启用] <%SystemRoot%\system32\rpcss.dll> 文件路径: C:\WINDOWS\system32\rpcss.dll [分析中] [gusvc] [已启用] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> [RpcSs] [已启用] 文件路径: c:\windows\system32\rpcss.dll [分析中] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [aliimz] [已启用] [b770ca2] [已启用] <\??\C:\WINDOWS\system32\b770ca2.sys> 文件路径: C:\WINDOWS\system32\b770ca2.sys [可疑的] [c6424110] [已启用] <\??\C:\WINDOWS\system32\c6424110.sys> 文件路径: C:\WINDOWS\system32\c6424110.sys [可疑的] [EagleNT] [已启用] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [npkcrypt] [已启用] <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys> ============================================================== BHO ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects [{FECF558B-7141-45D9-BD23-1B0E391BA01B}] {FECF558B-7141-45D9-BD23-1B0E391BA01B} 文件路径: C:\Program Files\Internet Explorer\SysPetNt.Sys [可疑的] ============================================================== 当前进程 ============================================================== 名称: userinit.exe [已启用] 文件路径: C:\WINDOWS\System32\userinit.exe [分析中] (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVCRT.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\ShimEng.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\AppPatch\AcGenral.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\MSACM32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\UxTheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\SYNCOR11.DLL (SoundMAX) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Apphelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wininet.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wsock32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\RASAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\sensapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\mlang.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\D7C79813.dll 模块文件: C:\WINDOWS\System32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\56BC86C7.dll 模块文件: C:\WINDOWS\system32\122B901E.dll 模块文件: C:\WINDOWS\system32\DFB3DAC5.dll 模块文件: C:\WINDOWS\system32\4FBFD5A4.dll 模块文件: C:\WINDOWS\system32\DA63E650.dll 模块文件: C:\WINDOWS\system32\08223B03.dll 模块文件: C:\WINDOWS\system32\13DED518.dll 模块文件: C:\Program Files\Internet Explorer\SysPetNt.Sys 名称: System.exe [已启用] 文件路径: C:\WINDOWS\system32\System.exe [分析中] (HB Software) 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\Program Files\Rising\AntiSpyware\comx3.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\Program Files\Rising\AntiSpyware\Syslay.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\Wtsapi32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSTA.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\D7C79813.dll 模块文件: C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\HBDNF.dll 模块文件: C:\WINDOWS\system32\HBWOW.dll 模块文件: C:\WINDOWS\system32\HBTL.dll 模块文件: C:\WINDOWS\system32\56BC86C7.dll 模块文件: C:\WINDOWS\system32\HBmhly.dll 模块文件: C:\WINDOWS\system32\HBJXSJ.dll 模块文件: C:\WINDOWS\system32\122B901E.dll 模块文件: C:\WINDOWS\system32\HBCHIBI.dll 模块文件: C:\WINDOWS\system32\DFB3DAC5.dll 模块文件: C:\WINDOWS\system32\HBXMJ.dll 模块文件: C:\WINDOWS\system32\4FBFD5A4.dll 模块文件: C:\WINDOWS\system32\HBQQSG.dll 模块文件: C:\WINDOWS\system32\HBWD.dll 模块文件: C:\WINDOWS\system32\DA63E650.dll 模块文件: C:\WINDOWS\system32\HBLYFX.dll 模块文件: C:\WINDOWS\system32\08223B03.dll 模块文件: C:\WINDOWS\system32\HBQQXX.dll 模块文件: C:\WINDOWS\system32\13DED518.dll 模块文件: C:\WINDOWS\system32\HBASKTAO.dll 模块文件: C:\Program Files\Internet Explorer\SysPetNt.Sys 模块文件: C:\WINDOWS\system32\HBTW2.dll 模块文件: C:\WINDOWS\system32\HBQQFFO.dll 模块文件: C:\WINDOWS\system32\HBWULIN2.dll 名称: evcDE.tmp [已启用] 文件路径: C:\DOCUME~1\sgg\LOCALS~1\Temp\evcDE.tmp [分析中] 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSVCRT.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\comctl32.dll (Microsoft Corporation) 模块文件: C:\Program Files\Rising\AntiSpyware\comx3.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\Program Files\Rising\AntiSpyware\Syslay.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\Wtsapi32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINSTA.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\appHelp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wininet.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RASAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasman.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\TAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rtutils.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SYNCOR11.DLL (SoundMAX) 模块文件: C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\D7C79813.dll 模块文件: C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\56BC86C7.dll 模块文件: C:\WINDOWS\system32\122B901E.dll 模块文件: C:\WINDOWS\system32\DFB3DAC5.dll 模块文件: C:\WINDOWS\system32\4FBFD5A4.dll 模块文件: C:\WINDOWS\system32\DA63E650.dll 模块文件: C:\WINDOWS\system32\08223B03.dll 模块文件: C:\Program Files\Internet Explorer\SysPetNt.Sys 模块文件: C:\WINDOWS\system32\13DED518.dll 名称: 560893 [已启用] 文件路径: C:\DOCUME~1\sgg\LOCALS~1\Temp\560893 [分析中] 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\DNSAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\hnetcfg.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\HBmhly.dll 模块文件: C:\WINDOWS\system32\HBJXSJ.dll 模块文件: C:\WINDOWS\system32\HBWOW.dll 模块文件: C:\WINDOWS\system32\WININET.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\HBDNF.dll 模块文件: C:\WINDOWS\system32\HBTL.dll 模块文件: C:\WINDOWS\system32\HBCHIBI.dll 模块文件: C:\WINDOWS\system32\HBXMJ.dll 模块文件: C:\WINDOWS\system32\HBQQSG.dll 模块文件: C:\WINDOWS\system32\HBWD.dll 模块文件: C:\WINDOWS\system32\HBLYFX.dll 模块文件: C:\WINDOWS\system32\HBQQXX.dll 模块文件: C:\WINDOWS\system32\HBASKTAO.dll 模块文件: C:\WINDOWS\system32\HBTW2.dll 模块文件: C:\WINDOWS\system32\HBQQFFO.dll 模块文件: C:\WINDOWS\system32\HBWULIN2.dll 模块文件: C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation) 名称: 732379 [已启用] 文件路径: C:\DOCUME~1\sgg\LOCALS~1\Temp\732379 [分析中] 模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USER32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ADVAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\OLEAUT32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\ole32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHELL32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\COMCTL32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WINMM.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\NETAPI32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: C:\WINDOWS\system32\HBmhly.dll 模块文件: C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\WS2HELP.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\HBJXSJ.dll 模块文件: C:\WINDOWS\system32\HBDNF.dll 模块文件: C:\WINDOWS\system32\HBTL.dll 模块文件: C:\WINDOWS\system32\HBXMJ.dll 模块文件: C:\WINDOWS\system32\HBQQSG.dll 模块文件: C:\WINDOWS\system32\HBWD.dll 模块文件: C:\WINDOWS\system32\HBLYFX.dll 模块文件: C:\WINDOWS\system32\HBQQXX.dll 模块文件: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\SYNCOR11.DLL (SoundMAX) 模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation) 模块文件: C:\Program Files\Internet Explorer\SysPetNt.Sys 模块文件: C:\WINDOWS\system32\wininet.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\13DED518.dll 模块文件: C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) 模块文件: C:\WINDOWS\system32\08223B03.dll 模块文件: C:\WINDOWS\system32\DA63E650.dll 模块文件: C:\WINDOWS\system32\4FBFD5A4.dll 模块文件: C:\WINDOWS\system32\DFB3DAC5.dll 模块文件: C:\WINDOWS\system32\122B901E.dll 模块文件: C:\WINDOWS\system32\56BC86C7.dll 模块文件: C:\WINDOWS\system32\D7C79813.dll ============================================================== IE扩展菜单 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt <上传到QQ网络硬盘> <> <添加到QQ自定义面板> <> <添加到QQ表情> <> <用QQ彩信发送该图片> <> ============================================================== ActiveX控件 ============================================================== 该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats [{FECF558B-7141-45D9-BD23-1B0E391BA01B}] <{FECF558B-7141-45D9-BD23-1B0E391BA01B}> 文件路径: C:\Program Files\Internet Explorer\SysPetNt.Sys [可疑的] ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展]