流行木马506.Iin是什么病毒！~

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

难道没人知道？

瑞星卡卡电脑诊断日志 v1.30 (2007-9-16 14:39:57)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      DF5Serv
        [A ] 1. c:\program files\faronics\deep freeze\install c-0\df5serv.exe


      Diskeeper
        [A ] 2. c:\program files\diskeeper corporation\diskeeper\dkservice.exe


      NOD32krn
        [A ] 3. d:\program files\eset\nod32krn.exe


      NVSvc
        [A ] 4. c:\windows\system32\nvsvc32.exe


      OOCleverCacheAgent
        [A ] 5. c:\program files\oo software\clevercache\ooccag.exe


      SnUpdateService
        [A ] 6. d:\snupdate\server\snupdateserver.exe


      StarWindService
        [A ] 7. c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      aeaudio
        [A ] 8. c:\windows\system32\drivers\aeaudio.sys


      ALCXWDM
        [A ] 9. c:\windows\system32\drivers\alcxwdm.sys


      AMON
        [A ] 10. c:\windows\system32\drivers\amon.sys


      bcm4sbxp
        [A ] 11. c:\windows\system32\drivers\bcm4sbxp.sys


      DeepFrz
        [A ] 12. c:\windows\system32\drivers\deepfrz.sys


      IpInIp
        [A ] 13. c:\windows\system32\drivers\ipinip.sys


      Kl1
        [A ] 14. c:\windows\system32\drivers\kl1.sys


      KLIF
        [A ] 15. d:\soft\kav\klif.sys


      Klmc
        [A ] 16. d:\soft\kav\klmc.sys


      RsAntiSpyware
        [A ] 17. c:\windows\system32\drivers\rsboot.sys


      Secdrv
        [A ] 18. c:\windows\system32\drivers\secdrv.sys


      senfilt
        [A ] 19. c:\windows\system32\drivers\senfilt.sys


      smwdm
        [A ] 20. c:\windows\system32\drivers\smwdm.sys


      vax347b
        [A ] 21. c:\windows\system32\drivers\vax347b.sys


      vax347s
        [A ] 22. c:\windows\system32\drivers\vax347s.sys




  + 系统登陆自运行
    + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
      DfLogon
        [A ] 23. c:\windows\system32\logondll.dll




  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {01443AEC-0FD1-40fd-9C87-E93D1494C233}
        [A ] 24. c:\program files\thunder network\thunder\comdlls\tdatonce_now.dll


      {889D2FEB-5411-4565-8998-1DD2C5261283}
        [A ] 25. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll



    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 26. c:\program files\thunder network\thunder\thunder.exe




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      application/octet-stream
        [A ] 27. c:\windows\system32\mscoree.dll


      application/x-complus
        [A ] 27. c:\windows\system32\mscoree.dll


      application/x-msdownload
        [A ] 27. c:\windows\system32\mscoree.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      Fusion Cache
        [A ] 27. c:\windows\system32\mscoree.dll


      WinRAR shell extension
        [A ] 28. c:\program files\winrar\rarext.dll


      AlcoholShellEx
        [A ] 29. c:\program files\alcohol soft\alcohol 120\axshlex.dll


      NvCpl DesktopContext Class
        [AM] 30. c:\windows\system32\nvcpl.dll


      Play on my TV helper
        [AM] 30. c:\windows\system32\nvcpl.dll


      Desktop Explorer
        [AM] 31. c:\windows\system32\nvshell.dll


      Desktop Explorer Menu
        [AM] 31. c:\windows\system32\nvshell.dll


      nView Desktop Context Menu
        [AM] 31. c:\windows\system32\nvshell.dll


      NOD32 Context Menu Shell Extension
        [A ] 32. d:\program files\eset\nodshex.dll



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 33. c:\windows\system32\shlhook.dll




  + 用户登陆自运行项目
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      runeip
        [AM] 34. c:\program files\rising\antispyware\runiep.exe


      nod32kui
        [AM] 35. d:\program files\eset\nod32kui.exe



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 36. c:\program files\rising\antispyware\runonce.exe




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 37. c:\windows\system32\kknative.exe





+ 正在运行的进程
  + 0000017c(380) Explorer.EXE
    011D0000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll


    013D0000[0075B000]
      [AM] 30. c:\windows\system32\nvcpl.dll


    01340000[00036000]
      [ M] 39. c:\windows\system32\nvrszhc.dll


    01B30000[00032000]
      [ M] 40. c:\windows\system32\nvapi.dll


    01B80000[00073000]
      [AM] 31. c:\windows\system32\nvshell.dll


    72C30000[00008000]
      [ M] 41. c:\windows\system32\msacm32.drv


    02380000[00011000]
      [AM] 33. c:\windows\system32\shlhook.dll



  + 000005b4(1460) ooccctrl.exe
    00400000[0018F000]
      [ M] 42. c:\program files\oo software\clevercache\ooccctrl.exe


    10000000[000CB000]
      [ M] 43. c:\program files\oo software\clevercache\ooccguir.dll


    00E10000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll



  + 000005f4(1524) nod32kui.exe
    00400000[000EC000]
      [AM] 35. d:\program files\eset\nod32kui.exe


    20100000[00011000]
      [ M] 44. d:\program files\eset\nod32rui.dll


    10000000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll


    20700000[0002E000]
      [ M] 45. d:\program files\eset\pu_amon.dll


    20600000[00006000]
      [ M] 46. d:\program files\eset\pr_amon.dll


    21E00000[0002B000]
      [ M] 47. d:\program files\eset\pu_dmon.dll


    21F00000[00004000]
      [ M] 48. d:\program files\eset\pr_dmon.dll


    22200000[00030000]
      [ M] 49. d:\program files\eset\pu_emon.dll


    22300000[0000A000]
      [ M] 50. d:\program files\eset\pr_emon.dll


    20D00000[00030000]
      [ M] 51. d:\program files\eset\pu_imon.dll


    20C00000[00009000]
      [ M] 52. d:\program files\eset\pr_imon.dll


    21000000[00021000]
      [ M] 53. d:\program files\eset\pu_mirr.dll


    20F00000[00006000]
      [ M] 54. d:\program files\eset\pr_mirr.dll


    20A00000[0002B000]
      [ M] 55. d:\program files\eset\pu_nod32.dll


    20900000[00005000]
      [ M] 56. d:\program files\eset\pr_nod32.dll


    20400000[0002F000]
      [ M] 57. d:\program files\eset\pu_upd.dll


    20300000[00007000]
      [ M] 58. d:\program files\eset\pr_upd.dll



  + 000005fc(1532) ctfmon.exe
    10000000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll



  + 000009f0(2544) Ras.exe
    00400000[00160000]
      [ M] 59. c:\program files\rising\antispyware\ras.exe


    10000000[00013000]
      [ M] 60. c:\program files\rising\antispyware\topsoft.dll


    7C140000[00103000]
      [ M] 61. c:\program files\rising\antispyware\mfc71.dll


    7C340000[00056000]
      [ M] 62. c:\program files\rising\antispyware\msvcr71.dll


    7C3A0000[0007B000]
      [ M] 63. c:\program files\rising\antispyware\msvcp71.dll


    00F90000[000BD000]
      [ M] 64. c:\program files\rising\antispyware\rasgui.dll


    01800000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll


    032D0000[00011000]
      [AM] 33. c:\windows\system32\shlhook.dll


    02DA0000[0002F000]
      [ M] 65. c:\program files\rising\antispyware\engine.dll


    02DD0000[00012000]
      [ M] 66. c:\program files\rising\antispyware\zip.dll



  + 00000d08(3336) runiep.exe
    00400000[00013000]
      [AM] 34. c:\program files\rising\antispyware\runiep.exe


    00D10000[0001B000]
      [ M] 38. c:\program files\rising\antispyware\ieprot.dll