问题在<br><a href="http://forum.ikaka.com/topic.asp?board=37&artid=7706354" target="_blank">
http://forum.ikaka.com/topic.asp?board=37&artid=7706354<;/a><br>日志<br>Logfile of HijackThis v1.99.1<br>Scan saved at 12:48:02, on 2006-1-20<br>Platform: Windows XP (WinNT 5.01.2600)<br>MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)<br><br>Running processes:<br>C:\WINDOWS\System32\smss.exe<br>C:\WINDOWS\system32\winlogon.exe<br>C:\WINDOWS\system32\services.exe<br>C:\WINDOWS\system32\lsass.exe<br>C:\WINDOWS\system32\svchost.exe<br>C:\WINDOWS\System32\svchost.exe<br>C:\WINDOWS\system32\LEXBCES.EXE<br>C:\WINDOWS\system32\spoolsv.exe<br>C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE<br>E:\KV2005\KVSrvXP.exe<br>C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe<br>C:\Program Files\联想\联想键盘驱动\TGESrvLogon.exe<br>E:\KV2005\KRegEx.exe<br>C:\WINDOWS\System32\svchost.exe<br>C:\WINDOWS\Explorer.EXE<br>C:\Program Files\联想\联想键盘驱动\Ps2Kbdriver.exe<br>E:\KV2005\KVMonXP_3.kxp<br>C:\Program Files\Common Files\Real\Update_OB\realsched.exe<br>C:\WINDOWS\System32\ctfmon.exe<br>C:\Program Files\MSN Messenger\msnmsgr.exe<br>C:\Program Files\联想\联想键盘驱动\fastkey.exe<br>E:\KV2005\TrojDie_2.kxp<br>C:\WINDOWS\System32\DllHost.exe<br><br>O1 - Hosts: IP
www.kdy7.com/sina2.htm<;br>O1 - Hosts: IP
www.567m.com/tv/<;br>O1 - Hosts: IP
www.dy588.com<br>O1 - Hosts: IP
www.v778.com/dvd<;br>O1 - Hosts: IP
www.v778.com<br>O1 - Hosts: IP
www.dy618.com<br>O1 - Hosts: IP
www.338800.com/dvd.htm<;br>O1 - Hosts: IP
www.338800.com<br>O1 - Hosts: IP
www.qq141.com/dy/sina.htm<;br>O1 - Hosts: IP
www.qq141.com<br>O1 - Hosts: IP 345a.com/xz<br>O1 - Hosts: IP
www.x1949.com<br>O1 - Hosts: IP
www.345a.com<br>O1 - Hosts: IP
www.kan666.com/dy/<;br>O1 - Hosts: IP
www.kan666.com<br>O1 - Hosts: IP
www.hk911.net<br>O1 - Hosts: IP
www.panao.com.cn<br>O1 - Hosts: IP
www.vodmi.com/sina<;br>O1 - Hosts: IP
www.vodmi.com<br>O1 - Hosts: IP
www.kan3721.com<br>O1 - Hosts: IP
www.yvmi.cn<br>O1 - Hosts: IP
www.567kan.com/ad/<;br>O1 - Hosts: IP
www.567kan.com<br>O1 - Hosts: IP movie.sosnn.com<br>O1 - Hosts: IP
www.338800.com/dvd/mn<;br>O1 - Hosts: IP
www.pigdns.net/sinamn.htm<;br>O1 - Hosts: IP
www.dy588.com/meinv.htm<;br>O1 - Hosts: IP
www.5zdd.com/xg<;br>O1 - Hosts: IP wa110.com/mn/<br>O1 - Hosts: IP
www.dy398.com<br>O1 - Hosts: IP
www.qz166.com<br>O1 - Hosts: IP
www.zzk8.com/tietu.htm<;br>O1 - Hosts: IP
www.zzk8.com/<;br>O1 - Hosts: IP kan3721.com/wz/00.htm<br>O1 - Hosts: IP
www.tu38.com/list<;br>O1 - Hosts: IP
www.tu38.com<br>O1 - Hosts: IP
www.ckqy.com<br>O1 - Hosts: IP js111.com/qr<br>O1 - Hosts: IP
www.js111.com<br>O1 - Hosts: IP
www.533123.com<br>O1 - Hosts: IP
www.sw265.com<br>O1 - Hosts: IP
www.600du.com/<;br>O1 - Hosts: IP
www.sex163.com.cn<br>O1 - Hosts: IP
www.mm910.com/sina.htm<;br>O1 - Hosts: IP
www.mm910.com<br>O1 - Hosts: IP wa110.com/dv/<br>O1 - Hosts: IP
www.eooele.net/hj/<;br>O1 - Hosts: IP
www.eooele.net<br>O1 - Hosts: IP
www.338800.com/dvd.htm<;br>O1 - Hosts: IP
www.567kan.com/qr/ys.htm<;br>O1 - Hosts: IP
www.003009.com/xinggan/sina7/index.htm<;br>O1 - Hosts: IP
www.003009.com<br>O1 - Hosts: IP
www.zzk8.com/ny<;br>O1 - Hosts: IP
www.zzk8.com<br>O1 - Hosts: IP
www.07007.com<br>O1 - Hosts: IP
www.wo888.com<br>O1 - Hosts: IP
www.v10000.com<br>O1 - Hosts: IP
www.kancm.com<br>O1 - Hosts: IP
www.vodmi.com/baidu<;br>O1 - Hosts: IP
www.vodmi.com<br>O1 - Hosts: IP
www.v123456.com<br>O1 - Hosts: IP
www.8848qq.com<br>O1 - Hosts: IP
www.ni58.com/tv/<;br>O1 - Hosts: IP
www.wo998.com<br>O1 - Hosts: IP
www.06056.com<br>O1 - Hosts: IP movie.baidu.com<br>O1 - Hosts: IP
www.ziyue.com<br>O1 - Hosts: IP
www.junwang-china.com<br>O1 - Hosts: IP cn.movies.yahoo.com<br>O1 - Hosts: IP movie.poco.cn<br>O1 - Hosts: IP t.love388.com/movie01.htm<br>O1 - Hosts: IP
www.36900.com<br>O1 - Hosts: IP
www.bitower.com<br>O1 - Hosts: IP
www.bookhot.com<br>O1 - Hosts: IP
www.51semm.com<br>O1 - Hosts: IP
www.17160.com<br>O1 - Hosts: IP
www.qmzw.com<br>O1 - Hosts: IP
www.millionbook.com<br>O1 - Hosts: IP
www.666e.com<br>O1 - Hosts: IP
www.love21cn.com<br>O1 - Hosts: IP
www.5seecn.com<br>O1 - Hosts: IP
www.66163.com<br>O1 - Hosts: IP
www.9070.com<br>O1 - Hosts: IP
www.4499.com<br>O1 - Hosts: IP
www.6778.com<br>O1 - Hosts: IP
www.kan520.com<br>O1 - Hosts: IP
www.3cctv.com<br>O1 - Hosts: IP
www.35350.com<br>O1 - Hosts: IP
www.7k7k.com<br>O1 - Hosts: IP
www.7081.com<br>O1 - Hosts: IP
www.77y8.com<br>O1 - Hosts: IP
www.kao666.com<br>O1 - Hosts: IP
www.10770.com<br>O1 - Hosts: IP
www.56568.com<br>O1 - Hosts: IP
www.5vmm.com<br>O1 - Hosts: IP
www.qqwz.com<br>O1 - Hosts: IP
www.15150.com<br>O1 - Hosts: IP
www.av008.com<br>O1 - Hosts: IP 338800.com<br>O1 - Hosts: IP
www.6789ok.com<br>O1 - Hosts: IP 6789ok.com<br>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)<br>O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll<br>O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - E:\KV2005\KvShell_2.dll<br>O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\FLASHGET\jccatch.dll<br>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll<br>O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\FLASHGET\fgiebar.dll<br>O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll<br>O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - E:\KV2005\KvShell_2.dll<br>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll<br>O4 - HKLM\..\Run: [HuaShanTGEKBDPS2] C:\Program Files\联想\联想键盘驱动\Ps2Kbdriver.exe<br>O4 - HKLM\..\Run: [KvMonXP] "E:\KV2005\KVMonXP_3.kxp" /auto<br>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot<br>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe<br>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background<br>O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<br>O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm<br>O8 - Extra context menu item: 使用网际快车下载 - E:\FLASHGET\jc_link.htm<br>O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\FLASHGET\jc_all.htm<br>O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm<br>O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm<br>O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm<br>O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br>O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm<br>O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe<br>O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FLASHGET\flashget.exe<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O10 - Unknown file in Winsock LSP: c:\windows\system32\kvwspxp_2.dll<br>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409<;br>O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab<;br>O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} (IEDown Class) -
http://download.ourgame.com/IEDown3.cab<;br>O17 - HKLM\System\CCS\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O17 - HKLM\System\CCS\Services\Tcpip\..\{4C5E431E-177C-4BBE-ABCD-48491BB83D71}: NameServer = 219.146.0.130 219.150.32.132<br>O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 127.0.0.1<br>O17 - HKLM\System\CS1\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 127.0.0.1<br>O17 - HKLM\System\CS2\Services\Tcpip\..\{06F3C78A-0530-4C3B-BA92-CE374B81B612}: NameServer = 218.56.57.58,202.102.128.68<br>O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 127.0.0.1<br>O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll (file missing)<br>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)<br>O20 - Winlogon Notify: ZGNotify - C:\WINDOWS\MyNotification.dll<br>O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE<br>O23 - Service: KVSrvXP - JiangMin New Tech Ltd. - E:\KV2005\KVSrvXP.exe<br>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE<br>O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe<br>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)<br>O23 - Service: TGE CardReader Mgr Host v2 (TGECardReaderMgrHost.2) - Unknown owner - C:\Program Files\联想\联想键盘驱动\TGESrvLogon.exe<br><br>