【求助】求助于各位高手~先谢了 bbs.ikaka.com

coolpa - 2007-2-15 15:30:00

我的防毒软件最近老提示有什么病毒Win32.Troj.CoolXue.nk.24576，感觉杀了之后老自动生成～晕死了

2007-02-15,15:02:00

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<KavPFW><"D:\KAV2006\KPFW32.EXE"> [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KavStart><"D:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]
<TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Corporation]
<SysTray><D:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINDOWS\System32\logon.scr> [Microsoft Corporation]

==================================
启动文件夹
[PalStart]
<D:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\PalStart.lnk --> D:\PROGRA~1\PALTAL~1\palstart.exe [N/A]><H>
[星空极速]
<D:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\星空极速.lnk --> D:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>
[腾讯QQ]
<D:\Documents and Settings\wujie\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><H>

==================================
服务
[kavsvc / kavsvc][Stopped/Auto Start]
<"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"D:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<D:\KAV2006\KWatch.EXE><Kingsoft Corporation>

==================================
驱动程序
[554859 / 554859][Stopped/Boot Start]
<\SystemRoot\System32\drivers\554859.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[ddzumlut / ddzumlut][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ddzumlut.sys><Yahoo! China Corporation>
[ijfl_d / ijfl_d][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ijfl_d.sys><N/A>
[Intel(R) Ham 5628 V.92 Modem / Intels51][Running/Manual Start]
<system32\DRIVERS\Intels51.sys><Intel Corporation>
[Kl1 / Kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klmc / Klmc][Running/System Start]
<System32\drivers\klmc.sys><Kaspersky Lab>
[KNetWch / KNetWch][Running/System Start]
<\??\D:\KAV2006\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
<\??\D:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qjpnuly / qjpnuly][Stopped/Boot Start]
<\SystemRoot\system32\drivers\qjpnuly.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <D:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[PalTalk]
{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} <D:\Program Files\Paltalk Messenger\Paltalk.exe, AVM Software Inc.>
[讯通视频语音聊天]
{97C0CDFA-970D-4222-ADDE-6718E89E887C} <http://www.bdsystem.com/, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} <D:\WINDOWS\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <D:\WINDOWS\system32\CMBEdit.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <d:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CBrowseStakeout Class]
{55302805-482E-470E-8A57-6795A1487F90} <D:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\qq1\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\qq1\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\qq1\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\qq1\SendMMS.htm, N/A>
[金山毒霸反钓鱼...]
<D:\KAV2006\KAF\ShowSet.htm, N/A>

==================================

coolpa - 2007-2-15 15:32:00

正在运行的进程
[PID: 492][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[D:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\KAV2006\KAVEXT.DLL] [Kingsoft Corporation, 2005, 8, 5, 16]
[D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1216][D:\KAV2006\KWatch.EXE] [Kingsoft Corporation, 2005, 9, 27, 51]
[D:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[D:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[D:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[D:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 10, 26, 69]
[PID: 1336][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[D:\WINDOWS\system32\CNMLM20.DLL] [CANON INC., 1.32.2.2]
[PID: 1476][D:\KAV2006\KPfwSvc.EXE] [Kingsoft Corporation, 2007, 2, 2, 31]
[PID: 1724][D:\KAV2006\KAVStart.exe] [Kingsoft Corporation, 2007, 2, 1, 257]
[D:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[D:\KAV2006\SvcTimer.DLL] [Kingsoft Corporation, 2006.12.22.84]
[D:\KAV2006\KAVPassp.dll] [Kingsoft Corporation, 2006, 12, 30, 271]
[D:\KAV2006\PopSprt3.dll] [Kingsoft Corporation, 2007, 1, 16, 45]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1756][D:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1764][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1792][D:\KAV2006\KPFW32.EXE] [Kingsoft Corporation, 2007, 2, 2, 687]
[D:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[D:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\KAV2006\FiltList.dll] [N/A, N/A]
[D:\KAV2006\KAVPassp.DLL] [Kingsoft Corporation, 2006, 12, 30, 271]
[PID: 1844][D:\KAV2006\KMailMon.EXE] [Kingsoft Corporation, 2007, 2, 7, 945]
[D:\KAV2006\KAntiSpm.dll] [Kingsoft Corporation, 2006, 8, 19, 104]
[D:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[D:\KAV2006\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[D:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[D:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[D:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 10, 26, 69]
[D:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2007, 1, 11, 41]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 1884][D:\Program Files\ChinaNet\VnetClient.exe] [, 2006, 10, 11, 9]
[D:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[D:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 11, 20, 10]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[D:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 6, 2, 14]
[D:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[D:\PROGRA~1\ChinaNet\SETUPP~1.DLL] [, 1, 0, 0, 1]
[D:\Program Files\ChinaNet\SysPlug\8432d5a0-a09d-41bc-87c1-b312d97192f5\VnetOnlineBusinessAutoLogin.dll] [, 2006, 11, 19, 21]
[D:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[D:\Program Files\ChinaNet\SysPlug\93d07ada-d3ac-485a-85eb-12ca3cee8375\Vnetsafe114.DLL] [, 1, 0, 0, 1]
[D:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2006, 10, 19, 16]
[D:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[D:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2006, 9, 6, 15]
[D:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[D:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2006, 12, 13, 16]
[D:\PROGRA~1\ChinaNet\PageFram.ocx] [Workgroup, 2006, 12, 11, 17]
[D:\PROGRA~1\ChinaNet\ACCOUN~1.OCX] [Workgroup, 2006, 10, 31, 16]
[D:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 10, 30, 16]
[D:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[D:\PROGRA~1\ChinaNet\NOTIFY~1.OCX] [Workgroup, 2006, 9, 15, 16]
[D:\PROGRA~1\ChinaNet\IcosBar.ocx] [Workgroup, 2006, 9, 25, 9]
[D:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 9, 8, 17]
[D:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[D:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2006, 12, 26, 9]
[D:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[D:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[D:\WINDOWS\system32\pthreadVC.dll] [N/A, N/A]
[D:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[D:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[D:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 11, 20, 11]
[D:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[D:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[D:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[D:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2006, 12, 26, 9]
[D:\PROGRA~1\ChinaNet\VnetOptLog.dll] [ , 2006, 9, 18, 10]
[D:\PROGRA~1\ChinaNet\Favorite.ocx] [, 2006, 12, 26, 10]
[D:\PROGRA~1\ChinaNet\VNETSE~1.OCX] [, 2006, 10, 31, 16]
[D:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2006, 8, 29, 15]
[D:\Program Files\ChinaNet\Base64.dll] [N/A, N/A]
[D:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72]
[PID: 1128][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2972][D:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll] [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[d:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[d:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[D:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[D:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[D:\KAV2006\KAVAFish.DLL] [Kingsoft Corporation, 2006, 10, 25, 27]
[D:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72]
[D:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 8, 29, 60]
[D:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[D:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 10, 26, 69]
[D:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]

coolpa - 2007-2-15 15:33:00

[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1132][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 5, 5, 269]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
[D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 46]
[D:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 12, 2, 46]
[D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
[D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 15]
[D:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[D:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
[D:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [, 1, 0, 1, 17]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 0, 15]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll] [　, 3, 2, 0, 63]
[D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 14]
[D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
[D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
[D:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll] [Thunder Networking Technologies,LTD, 2, 0, 1, 38]
[D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 1, 0, 0, 1]
[D:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 12, 11, 72]
[D:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0]
[PID: 2852][D:\Program Files\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\KAV2006\KMailOEBand.dll] [Kingsoft Corporation, 2006, 12, 1, 139]
[D:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
=================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.top183.com
127.0.0.1 www.crsky.com
127.0.0.1 hackvip.net
127.0.0.1 www.nowdl.com
127.0.0.1 www.riyou.com
127.0.0.1 www.cblog.cn
127.0.0.1 www.yykj.mecee.com
127.0.0.1 hackvip.cn
127.0.0.1 hackvip.com
127.0.0.1 www.zytx.com.cn
127.0.0.1 www.linkball.com
127.0.0.1 jimmy.hcools.net
127.0.0.1 www.sm365.net
127.0.0.1 www.01bbs.com
127.0.0.1 www.fzqk.com
127.0.0.1 www.shywm.com
127.0.0.1 www.3lsoft.com
127.0.0.1 www.860591.net
127.0.0.1 bbs.tiansha.info
127.0.0.1 www.ysxh.net
127.0.0.1 bbs.ctips.com.cn
127.0.0.1 www.mobile86.com
127.0.0.1 animespot.com.cn
127.0.0.1 www.xdkkl.com
127.0.0.1 www.cszw.com
127.0.0.1 www.d4d.cn
127.0.0.1 bbs.3lsoft.com
127.0.0.1 www.nidns.com
127.0.0.1 www.5ud.net
127.0.0.1 www.ytleo.com
127.0.0.1 www.phehoo.com
127.0.0.1 www.51first.cn
127.0.0.1 www.4oa.com
127.0.0.1 www.njnu.info

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：LoadLibraryExW

==================================

[/CODE]

瑞星卡卡安全论坛