请帮我看下时候有问题? bbs.ikaka.com

竹林ぁ风 - 2007-2-4 17:06:00

[CODE]

2007-02-04,16:49:37

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><; "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[卡巴斯基互联网安全套装 6.0 / AVP][Stopped/Manual Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
<"C:\Program Files\Eset\nod32krn.exe"><Eset>
[VMware Authorization Service / VMAuthdService][Stopped/Disabled]
<D:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Stopped/Disabled]
<C:\WINDOWS\System32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Stopped/Disabled]
<C:\WINDOWS\System32\vmnat.exe><VMware, Inc.>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[RamDisk Drive Service / fsRamDsk][Stopped/Manual Start]
<System32\Drivers\fsRamDsk.sys><FarStone>
[VMware hcmon / hcmon][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IODRV / IODRV][Stopped/Manual Start]
<\??\F:\IODrv.sys><N/A>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
<\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
<system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
<system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
<\SystemRoot\System32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

竹林ぁ风 - 2007-2-4 17:06:00

==================================
浏览器加载项
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[IEbho Class]
{68C55168-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[ToolsExt Class]
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Qzone Media Tools]
{A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\QQ\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_007.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[IEbho Class]
{68C55168-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IE7pro\IE7pro.dll, IE7pro.com>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin11.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Timwp.dll, >
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\SYSTEM32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 636][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1080][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.2350]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.2350]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.2350]
[C:\Program Files\Eset\nodshex.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll] [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\UltraEdit-32\UltraEdit-32\UltraEdit-32\ue32ctmn.dll] [, 1, 0, 0, 2]
[PID: 1192][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[C:\WINDOWS\system32\imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 1256][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500][C:\WINDOWS\SYSTEM32\cidaemon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1588][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\nod32rui.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_emon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_imon.dll] [N/A, N/A]
[C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 51, 26 ]
[C:\Program Files\Eset\pr_upd.dll] [N/A, N/A]
[PID: 808][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404][C:\TDDOWNLOAD\Book\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.0.299]
[C:\TDDOWNLOAD\Book\sreng2\Plugins\SRECXTMG.SRE] [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

竹林ぁ风 - 2007-2-4 17:07:00

==================================
HOSTS 文件
127.0.0.1 102.54.94.97 # 恶意网站
127.0.0.1 112288.net # 曾道人集团咨讯网，非常狠毒
127.0.0.1 16888.6to23.com
127.0.0.1 204.177.92.68 # 让你的ie去回收站
127.0.0.1 219.153.7.10
127.0.0.1 www.3448.com # 恶意网站
127.0.0.1 38.25.63.10 # 恶意网站
127.0.0.1 58.com # 恶意网站
127.0.0.1 66.220.17.154
127.0.0.1 67.19.60.122 # 恶意网站
127.0.0.1 888.888.com
127.0.0.1 9952.com # 该恶意网站还会篡改hosts文件
127.0.0.1 ad.cn.doubleclick.net
127.0.0.1 chinabdkx.363.net
127.0.0.1 chinav25.51.net # 破解还原精灵，并转储qq以巴病毒
127.0.0.1 chow.yesky.net
127.0.0.1 client.jogo.cn # 中文上网，著名的流氓网站
127.0.0.1 community.rising.com.cn # qq尾巴，屏蔽瑞星qq病毒专杀工具下载。
127.0.0.1 count10.51yes.com # 特别讨厌的一个垃圾网站
127.0.0.1 feiying.coolwww.net
127.0.0.1 girlchinese.com # 窜改ie的主页
127.0.0.1 h444.net
127.0.0.1 hjcz.www30.cnidc.cn # 掉线，蓝屏无限制闪烁屏幕必须点10000000次确定无限开窗，直至死机修改首页
127.0.0.1 home.kimo.com.tw # 一般性恶意代码
127.0.0.1 hothack.home
127.0.0.1 hothack.home.chinaren.com
127.0.0.1 jjkafei.longcity.net
127.0.0.1 kkkk8.com
127.0.0.1 meim.y365.com
127.0.0.1 movie.sx.zj.cn # 影视
127.0.0.1 newyouth.3322.net
127.0.0.1 oicq.hk.st
127.0.0.1 pollen.my001.net
127.0.0.1 qm.8ok.com
127.0.0.1 reg.tengsms.com
127.0.0.1 sdik.8ok.net
127.0.0.1 sms520.com
127.0.0.1 test.com # 本软件用于测试的一个网站，没意义
127.0.0.1 tty.yyun.net
127.0.0.1 tv.megajoy.com
127.0.0.1 u.u8u.com
127.0.0.1 u2.sky99.cn
127.0.0.1 update.myxq.com
127.0.0.1 vod.hengshui.com
127.0.0.1 war3.cga.com.cn # 浩方平台退出后连接的网站
127.0.0.1 wd163.588.net
127.0.0.1 web.cy07.com # 破解还原精灵,然后增加恶意代码
127.0.0.1 winzheng.126.com # 黄色网站
127.0.0.1 www.126p.com # qq尾巴，还屏蔽瑞星qq病毒专杀工具下载。
127.0.0.1 www.163[1].com # 音乐网。禁止注册表修改，禁止开始菜单“运行”项。开机自动运行他的主页。夹带病毒！！
127.0.0.1 www.163mm.com
127.0.0.1 www.18wu.com # 36920色妹妹成人色图
127.0.0.1 www.1yin.com
127.0.0.1 www.3000du.com # 飞狐木马城
127.0.0.1 www.3448.com # 恶意网站
127.0.0.1 www.350200.org # 性保健广告
127.0.0.1 www.369.com
127.0.0.1 www.37021.com # 注册表启动计算机配置文件还有一个dll文件而且资源管理器无法浏览隐藏文件。3721本来就是极品垃圾没想到….
127.0.0.1 www.3721,com # 网络实名，著名的流氓网站
127.0.0.1 www.4199.com
127.0.0.1 www.435000.com
127.0.0.1 www.4427.net
127.0.0.1 www.45108.com
127.0.0.1 www.4510888.com
127.0.0.1 www.47555.com
127.0.0.1 www.47555.net # qq尾巴，中毒之后会令还原精灵进行转储
127.0.0.1 www.51bug.com
127.0.0.1 www.520se.com # 36920色妹妹成人色图
127.0.0.1 www.555666.net
127.0.0.1 www.58589.com # 有恶意代码的特性外还夹带病毒：trojan.tsqj.setup
127.0.0.1 www.5905.com
127.0.0.1 www.5dsoft.com
127.0.0.1 www.666e.com
127.0.0.1 www.777888.com # 不停地跳出广告窗口
127.0.0.1 www.777888.net
127.0.0.1 www.77tg.com
127.0.0.1 www.7sese.com # 空网页有东西
127.0.0.1 www.89005.com
127.0.0.1 www.91look.com
127.0.0.1 www.9393.com
127.0.0.1 www.94007.com
127.0.0.1 www.94qq.com # 恶意网站，网友提供，作用不明
127.0.0.1 www.a521.com
127.0.0.1 www.ac66.cn
127.0.0.1 www.aisa-girl.net # 亚洲美图
127.0.0.1 www.amoisonic.com
127.0.0.1 www.aogo.net
127.0.0.1 www.boliwo.com # 黄色网站
127.0.0.1 www.boliwu.com
127.0.0.1 www.bypp.com
127.0.0.1 www.cctv1.net
127.0.0.1 www.cctv8.net # 黄色网站
127.0.0.1 www.chinahr.com # 浩方平台退出后连接的网站
127.0.0.1 www.cnooo.com
127.0.0.1 www.cnqb.net # 禁止你的注册表，改首页，主页地址栏变灰，改右键，最毒！
127.0.0.1 www.coolcdrom.com # 要特别小心这个网站，它会在你启动组里做手脚，使得重启以后标题依旧！
127.0.0.1 www.dhchao.com # 东海潮
127.0.0.1 www.dj3344.com # 打开后，重启时你的主页就变成它的，并通过qq向他人传播
127.0.0.1 www.eastedu.com.cn
127.0.0.1 www.ehomeday.com # 搜索的时候它会给你一把
127.0.0.1 www.es158.com
127.0.0.1 www.ezhgc.com
127.0.0.1 www.fassia.net # 上了这个以后就不要想上别的了
127.0.0.1 www.fbstu.com
127.0.0.1 www.fish3000.com
127.0.0.1 www.flyingwalk.com
127.0.0.1 www.fm1058.cc
127.0.0.1 www.ftlink.net # 一般性恶意代码
127.0.0.1 www.fuzh.com
127.0.0.1 www.girl008.com
127.0.0.1 www.guosir.ccoo.com
127.0.0.1 www.happy666.net
127.0.0.1 www.jinpin.net
127.0.0.1 www.k163.com # 狩猎者变种和dj344、qq3344、qq168是一伙的
127.0.0.1 www.kuliao.com # 黄色网站
127.0.0.1 www.laws-online.net
127.0.0.1 www.love520.net
127.0.0.1 www.markguide.com # 新疆旅行
127.0.0.1 www.mmgirls.com
127.0.0.1 www.mtv51.com # 雪落无声音乐网，禁止注册表修改，禁止开始菜单“运行”项。开机自动运行他的主页。
127.0.0.1 www.my288.com
127.0.0.1 www.mydj2005.com # qq尾巴屏蔽瑞星qq病毒专杀工具下载。
127.0.0.1 www.myxq.com
127.0.0.1 www.ncunet.com
127.0.0.1 www.net5w.com
127.0.0.1 www.nnptt.com
127.0.0.1 www.pixpox.com # 恶性网站。会加载不明插件并且自动开启计算机后门而且在计算机每个角落都有该网站留下的恶意程序危害甚大
127.0.0.1 www.pk.com
127.0.0.1 www.play.cn.gs # 要特别小心这个网站，它会在你启动组里做手脚，使得重启以后标题依旧
127.0.0.1 www.qlwl.com
127.0.0.1 www.qq168.net
127.0.0.1 www.qq3344.comnet
127.0.0.1 www.qq520.net
127.0.0.1 www.shaofu.net # 36920色妹妹成人色图
127.0.0.1 www.sunvod.com # 黄色网站
127.0.0.1 www.sxsky.net # 激情影视特区
127.0.0.1 www.t168.com # 黄色网站
127.0.0.1 www.top666.net
127.0.0.1 www.tvliao.com # qq尾巴，屏蔽瑞星qq病毒专杀工具下载。
127.0.0.1 www.wokoo.net # 缘分
127.0.0.1 www.wplune.com
127.0.0.1 www.xxx.com # 黄色网站
127.0.0.1 www.xyxc.ccoo.com # 星辰娱乐
127.0.0.1 www.ye77.com
127.0.0.1 www.yezine.net
127.0.0.1 www.yibinren.com # 可怕，把ie的默认页都改成他的了
127.0.0.1 www.youmiss.com # 黄色网站
127.0.0.1 www.yule21.com
127.0.0.1 www.yyqy.com # 黄色网站，qq尾巴
127.0.0.1 www.yysky.net
127.0.0.1 www.yyue.com
127.0.0.1 www.zhengdian.com # oe标题栏
127.0.0.1 www.zknew.com # 动感下载
127.0.0.1 www2.hgmo.com
127.0.0.1 www2.p-fw.co.jp
127.0.0.1 www2.ucatv.ne.jp
127.0.0.1 www2.x365x.com
127.0.0.1 www3.asstraffic.com
127.0.0.1 xajh.15888.net
127.0.0.1 xyxy68.8u8.net # 黄色网站
127.0.0.1 yeapple.com # 黄色网站，打开后，你的程序中将加一些你意想不到的东西
127.0.0.1 yes9999.com
127.0.0.1 youlove.3322.net # 有恶意代码的特性外还夹带病毒：trojan.pwdbox.d
127.0.0.1 zbszx.vicp.net # 温馨阁论坛
127.0.0.1 zhongxuesheng.myrice.com

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA 错误： LoadLibraryA
RVA 错误： LoadLibraryExA
RVA 错误： LoadLibraryExW
RVA 错误： LoadLibraryW

==================================

[/CODE]

竹林ぁ风 - 2007-2-5 10:14:00

汗~~没人看下