============================================================== 金山清理专家系统诊断报告该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2009-01-01, 21:33 诊断平台: Windows XP [5.1.2600] Service Pack 2 IE版本: Internet Explorer V6.0.2180.2900 计算机物理内存: 502(MB) 当前可用内存: 99(MB) 硬盘总大小: 32(GB) 硬盘可用空间: 13(GB) 清理专家版本: 2008.11.21.104 恶意软件库版本: 2008.12.01.1 漏洞库版本: 2008.11.12.7 ============================================================== 映像劫持 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] 文件路径: C:\WINDOWS\system32\ntsd.exe [可疑的] [5.1.2600.0 (XPClient.010817-1148)] ============================================================== 延迟加载 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad [msnmsg] ============================================================== 执行挂钩 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{01AFE3DC-2242-436E-9B44-6DD1C664E828}> <01AFE3DC.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{950D1600-DE4A-448D-93B4-7BAE5A7A8052}> <950D1600.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{DA63E650-537C-4042-87BB-9D19D844680B}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{133AEAC9-9C88-4905-864C-38BBA312D9B0}> <133AEAC9.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{D9C002DD-EA51-43A2-9009-54EAAAF031A4}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{F8E07BB2-7A19-4057-80F1-E14646E630B4}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{E44343AD-3605-4282-AC8F-2E41C2F5F398}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}> <56BC86C7.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}> <201476D0.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}> <122B901E.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{93DEE065-EC9B-4505-ADD3-19880AD3C38F}> <93DEE065.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}> <4D023DE9.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{1FD51F1F-97E4-498C-AB12-93332EEAD266}> <1FD51F1F.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}> <2EF0D734.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97}> <29EA67E0.dll> -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks <{D82C0336-583E-468B-B46A-0897FAB9D5A2}> ============================================================== 启动文件夹位置 ============================================================== Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动 Startup: C:\Documents and Settings\user\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [AppMgmt] [已启用] <%SystemRoot%\System32\appmgmts.dll> [HidServ] [已禁用] <%SystemRoot%\System32\hidserv.dll> [Nla] [已启用] <%SystemRoot%\System32\mswsock.dll> 文件路径: C:\WINDOWS\System32\mswsock.dll [病毒程序] [PsaSrv] [已启用] [VnetSecurityService1.1] [已启用] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [6457aed] [已启用] <\??\C:\WINDOWS\system32\6457aed.sys> [Arp1394] [已启用] [b160485] [已启用] <\??\C:\WINDOWS\system32\b160485.sys> [b71fe93] [已启用] <\??\C:\WINDOWS\system32\b71fe93.sys> [f28907d] [已启用] <\??\C:\WINDOWS\system32\f28907d.sys> [HBKernel32] [已启用] [nvmini] [已启用] ============================================================== LSP ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序] -------------------------------------------------------------- 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 文件路径: C:\WINDOWS\system32\mswsock.dll [病毒程序]