============================================================== 金山清理专家系统诊断报告 该诊断报告由金山清理专家提供 http://www.duba.net ============================================================== 诊断时间: 2009-01-11, 22:39 诊断平台: Windows 2000 [5.0.2195] Service Pack 4 IE版本: Internet Explorer V6.0.1106.2800 计算机物理内存: 382(MB) 当前可用内存: 82(MB) 硬盘总大小: 82(GB) 硬盘可用空间: 19(GB) 清理专家版本: 2008.06.13.404 恶意软件库版本: 0.00.00.0 漏洞库版本: 0.00.00.0 ============================================================== 常规启动项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [yfdown] 文件路径: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\yfdown.exe [分析中] [SysAgent] 文件路径: E:\WINNT\system32\SysAgent.exe [未知] ============================================================== 登陆加载项 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify [wminotify] ============================================================== 启动文件夹位置 ============================================================== Common Startup: E:\Documents and Settings\All Users.WINNT\「开始」菜单\程序\启动 Startup: E:\Documents and Settings\Administrator.ETC\「开始」菜单\程序\启动 Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动 ============================================================== Host File ============================================================== 127.0.0.1 localhost 125.65.110.186 www.yashixuan.com 125.65.110.186 yashixuan.com ============================================================== 系统服务 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [Macromedia Licensing Service] [已启用] <"E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"> [SHipING] [已启用] ============================================================== 驱动程序 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services [ad1816] [已启用] [ADProt] [已启用] <\SystemRoot\system32\drivers\ADProt.sys> 文件路径: E:\WINNT\system32\drivers\ADProt.sys [病毒程序] [C-Dilla] [已启用] <\??\e:\WINNT\system32\drivers\CDANT.SYS> [CKHook] [已启用] <\??\e:\WINNT\system32\Drivers\CKHook.sys> [ferdr] [已启用] <\??\e:\WINNT\System32\Drivers\Ferdr.sys> [HdFw_slot] [已启用] [HOOKAPI] [已启用] <\??\C:\RISING\RAV\HOOKAPI.SYS> [icddrv] [已启用] <\??\E:\WINNT\system32\drivers\icddrv.sys> [jmipi] [已启用] 文件路径: E:\WINNT\system32\DRIVERS\jmipi.sys [文件无法访问] [ms_mpu401] [已启用] [Ncrc710] [已启用] [New0] [已启用] <\??\e:\WINNT\system32\new.sys> [NPPTNT] [已启用] <\??\e:\WINNT\system32\npptNT.sys> [ONSIO] [已启用] <\??\E:\WINNT\SYSTEM32\DRIVERS\ONSIO.SYS> [ov] [已启用] <\??\E:\WINNT\system32\drivers\ov.sys> [pciinfo] [已启用] <\??\E:\DOCUME~1\ADMINI~1.ETC\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys> [pfc] [已启用] [RGGA] [已启用] <\??\e:\WINNT\system32\drivers\rgga.sys> [RMSPPPOE] [已启用] [ROCKEYNT] [已启用] <\??\E:\WINNT\System32\drivers\rockeynt.sys> [Secdrv] [已启用] <\??\E:\WINNT\system32\drivers\SECDRV.SYS> [Sense3] [已启用] [Sentinel] [已启用] <\SystemRoot\System32\Drivers\SENTINEL.SYS> [SMPLSCSI] [已启用] [STV680] [已启用] [Superk53] [已启用] <\SystemRoot\System32\drivers\superk53.sys> [vbppdryu] [已启用] <\??\E:\WINNT\system32\sosdrp.sys> [XSPACEWG] [已启用] <\??\E:\WINNT\system32\drivers\XSpaceWg.sys> ============================================================== 当前进程 ============================================================== 名称: yfdown.exe [已启用] 命令行: "I:\linshiwenjian\联合证券大智慧\internet\易发\bin\yfdown.exe" 文件路径: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\yfdown.exe [分析中] (联合证券) 模块文件: E:\WINNT\system32\ntdll.dll (Microsoft Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\rtl70.bpl (Borland Software Corporation) 模块文件: E:\WINNT\system32\kernel32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\user32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\GDI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\advapi32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\Secur32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\oleaut32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\ole32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\mpr.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\version.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\LZ32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\wsock32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\WS2_32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSVCRT.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WS2HELP.DLL (Microsoft Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\vcl70.bpl (Borland Software Corporation) 模块文件: E:\WINNT\system32\comctl32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\winspool.drv (Microsoft Corporation) 模块文件: E:\WINNT\system32\comdlg32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SHLWAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\SHELL32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\oledlg.dll (Microsoft Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\indy70.bpl 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\adortl70.bpl (Borland Software Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\dbrtl70.bpl (Borland Software Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\vcldb70.bpl (Borland Software Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\VclSmp70.bpl (Borland Software Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\vclx70.bpl (Borland Software Corporation) 模块文件: E:\WINNT\system32\winmm.dll (Microsoft Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\vclie70.bpl (Borland Software Corporation) 模块文件: I:\linshiwenjian\联合证券大智慧\internet\易发\bin\WinSkinD7R.bpl 模块文件: E:\WINNT\system32\netapi32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\NTDSAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\DNSAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WLDAP32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\NETRAP.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SAMLIB.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\IMM32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\LPK.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\USP10.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: E:\WINNT\system32\urlmon.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSCTF.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\olepro32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\shdocvw.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\WININET.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\CRYPT32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSASN1.dll (Microsoft Corporation) 模块文件: E:\Program Files\Common Files\System\ADO\msado15.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSDART32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSWSTR10.DLL (Microsoft Corporation) 模块文件: E:\Program Files\Common Files\System\OLE DB\oledb32.dll (Microsoft Corporation) 模块文件: E:\Program Files\Common Files\System\OLE DB\OLEDB32R.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\msjetoledb40.dll 模块文件: E:\WINNT\system32\msjet40.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\msjter40.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSJINT40.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\comsvcs.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\TxfAux.Dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSDTCPRX.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MTXCLU.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\CLUSAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\RESUTILS.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\USERENV.dll (Microsoft Corporation) 模块文件: E:\Program Files\Common Files\System\MSADC\msadce.dll (Microsoft Corporation) 模块文件: E:\Program Files\Common Files\System\MSADC\msadcer.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\msafd.dll (Microsoft Corporation) 模块文件: E:\WINNT\System32\wshtcpip.dll (Microsoft Corporation) 模块文件: E:\WINNT\System32\rnr20.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\iphlpapi.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\ICMP.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MPRAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\ACTIVEDS.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\ADSLDPC.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\RTUTILS.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\SETUPAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\RASAPI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\rasman.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\TAPI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\DHCPCSVC.DLL (Microsoft Corporation) 模块文件: E:\WINNT\System32\winrnr.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\rsaenh.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\rasadhlp.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\msjtes40.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\VBAJET32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\expsrv.dll (Microsoft Corporation) 名称: SysAgent.exe [已启用] 命令行: "E:\WINNT\system32\SysAgent.exe" 文件路径: E:\WINNT\system32\SysAgent.exe [未知] 模块文件: E:\WINNT\system32\ntdll.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\kernel32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\advapi32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\Secur32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\comctl32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\GDI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\USER32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\oleaut32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\ole32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\IMM32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\LPK.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\USP10.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: E:\WINNT\system32\urlmon.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SHLWAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\msvcrt.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\VERSION.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\LZ32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSCTF.dll (Microsoft Corporation) 名称: 金-山-诊-断及粉-碎-器.exe [已启用] 命令行: "E:\DOCUME~1\ADMINI~1.ETC\LOCALS~1\Temp\Rar$EX03.401\金-山-诊-断及粉-碎-器.exe" 文件路径: E:\DOCUME~1\ADMINI~1.ETC\LOCALS~1\Temp\Rar$EX03.401\金-山-诊-断及粉-碎-器.exe [未知] 模块文件: E:\WINNT\system32\ntdll.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\ADVAPI32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\KERNEL32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\RPCRT4.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\Secur32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\COMCTL32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\GDI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\USER32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\COMDLG32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\SHLWAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\msvcrt.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SHELL32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\OLE32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\IMM32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\LPK.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\USP10.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: E:\Program Files\Rising\AntiSpyware\comx3.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: E:\Program Files\Rising\AntiSpyware\Syslay.dll (Beijing Rising Information Technology Co.. Ltd.) 模块文件: E:\WINNT\system32\Wtsapi32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\UTILDLL.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\TAPI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SETUPAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\USERENV.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\NETAPI32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\NTDSAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\DNSAPI.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WSOCK32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\WS2_32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WS2HELP.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WLDAP32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\NETRAP.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SAMLIB.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\WINSTA.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\REGAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MPRAPI.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\OLEAUT32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\ACTIVEDS.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\ADSLDPC.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\RTUTILS.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\urlmon.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\VERSION.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\LZ32.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\riched32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\RICHED20.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSCTF.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\SOGOUPY.IME (Sogou.com Inc.) 模块文件: E:\WINNT\system32\MSIMG32.dll (Microsoft Corporation) 模块文件: E:\WINNT\system32\NTMARTA.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\WINSPOOL.DRV (Microsoft Corporation) 模块文件: E:\WINNT\system32\MPR.DLL (Microsoft Corporation) 模块文件: E:\WINNT\mui\fallback\0804\msctf.dll.mui (Microsoft Corporation) 模块文件: E:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 模块文件: E:\WINNT\system32\MSI.DLL (Microsoft Corporation) ============================================================== IE扩展按钮 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions [8009] <{00000000-0000-0000-0000-100010001110}> [启动WEB迅雷] <{962EFB8E-2683-42d4-AC74-AAA4C759B9C6}> ============================================================== 其他安全区域 ============================================================== 该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [显示摇曳 CPL 扩展]