安装KuGoo3正式版怎么有那么多流氓软件！【原创】 bbs.ikaka.com

用hijackthis扫描的结果：
Logfile of HijackThis v1.99.1
Scan saved at 13:45:20, on 2006-5-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\PFShared\UmxCfg.exe
C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
C:\Program Files\Common Files\PFShared\UmxPol.exe
C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
C:\Program Files\Tiny Firewall Pro\UmxTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\PFShared\umxlu.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\SnagIt32.exe
C:\Program Files\Maxthon\Maxthon.exe
D:\WinRAR.exe
C:\DOCUME~1\张军\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AMonitor] C:\Program Files\Tiny Firewall Pro\amon.exe
O4 - Global Startup: eBay易趣--全球商品一网打尽.lnk = C:\Program Files\EbayShop\EbayShop.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - D:\PROGRA~1\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 发送到手机 - C:\Program Files\xBar\xBar.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [!CNS] 网络实名
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135069217513
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144805265625
O17 - HKLM\System\CCS\Services\Tcpip\..\{A437AA89-4DF1-48D6-AEDB-6942C442492B}: NameServer = 202.96.209.134 202.96.209.6
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: FW Event Manager (UmxAgent) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxAgent.exe
O23 - Service: FW Configuration Interpreter (UmxCfg) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxCfg.exe
O23 - Service: FW User-Mode Helper (UmxFwHlp) - Computer Associates International, Inc. - C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe
O23 - Service: FW Live Update (UmxLU) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\umxlu.exe
O23 - Service: FW Policy Manager (UmxPol) - Computer Associates International, Inc. - C:\Program Files\Common Files\PFShared\UmxPol.exe

雪山铁骑 - 2006-5-1 13:49:00

用SREng扫描的结果：
2006-05-01,13:16:59

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<AMonitor><C:\Program Files\Tiny Firewall Pro\amon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Norton Ghost 10.0><"C:\Program Files\Norton Ghost\Agent\GhostTray.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><UmxSbxExw.dll>

雪山铁骑 - 2006-5-1 13:50:00

==================================
启动文件夹
[eBay易趣--全球商品一网打尽]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBay易趣--全球商品一网打尽.lnk><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[GEARSecurity / GEARSecurity]
<C:\WINDOWS\System32\GEARSec.exe><GEAR Software>
[kavsvc / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Norton Ghost / Norton Ghost]
<C:\Program Files\Norton Ghost\Agent\VProSvc.exe><Symantec Corporation>
[Symantec Core LC / Symantec Core LC]
<C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe><Symantec Corporation>
[FW Event Manager / UmxAgent]
<"C:\Program Files\Tiny Firewall Pro\UmxAgent.exe"><Computer Associates International, Inc.>
[FW Configuration Interpreter / UmxCfg]
<"C:\Program Files\Common Files\PFShared\UmxCfg.exe"><Computer Associates International, Inc.>
[FW User-Mode Helper / UmxFwHlp]
<"C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe"><Computer Associates International, Inc.>
[FW Live Update / UmxLU]
<"C:\Program Files\Common Files\PFShared\umxlu.exe"><Computer Associates International, Inc.>
[FW Policy Manager / UmxPol]
<"C:\Program Files\Common Files\PFShared\UmxPol.exe"><Computer Associates International, Inc.>

雪山铁骑 - 2006-5-1 13:51:00

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\PROGRA~1\KuGoo3\KuGoo3DownX.htm, N/A>
[发送到手机]
<C:\Program Files\xBar\xBar.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

雪山铁骑 - 2006-5-1 13:52:00

==================================
正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 628][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 652][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxWnp.Dll] <Computer Associates International, Inc.><6, 0, 0, 2>
[C:\WINDOWS\system32\SSMWinlogonEx.dll] <System Safety Limited><2.0.6.567>
[PID: 700][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 712][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 864][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 924][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 968][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\System32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1012][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\System32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1112][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\System32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1268][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1304][C:\Program Files\Common Files\PFShared\UmxCfg.exe] <Computer Associates International, Inc.><6.0.1.48>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\PFShared\xmlsdp.dll] <Computer Associates International, Inc.><6.2.0.122>
[C:\Program Files\Common Files\PFShared\pthexp.dll] <Computer Associates International, Inc.><6.0.0.19>
[C:\Program Files\Tiny Firewall Pro\SnortImp.dll] <Computer Associates International, Inc.><6.5.1.2>

雪山铁骑 - 2006-5-1 13:53:00

[PID: 1344][C:\Program Files\Tiny Firewall Pro\UmxFwHlp.exe] <Computer Associates International, Inc.><6.5.3.2>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1380][C:\Program Files\Common Files\PFShared\UmxPol.exe] <Computer Associates International, Inc.><6, 0, 0, 5>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1444][C:\Program Files\Tiny Firewall Pro\UmxAgent.exe] <Computer Associates International, Inc.><6.0.1.76>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Tiny Firewall Pro\UmxAgentRes.dll] <Computer Associates International, Inc.><6.0.1.63>
[C:\Program Files\Tiny Firewall Pro\FncIDs.dll] <Computer Associates International, Inc.><6.0.0.1>
[C:\Program Files\Common Files\PFShared\pthexp.dll] <Computer Associates International, Inc.><6.0.0.19>
[C:\Program Files\Common Files\PFShared\Nag.dll] <Tiny Software, Inc.><6.0.1.22>
[PID: 1476][C:\Program Files\Tiny Firewall Pro\UmxTray.exe] <Computer Associates International, Inc.><6.5.1.59>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Tiny Firewall Pro\UmxTrayRes.dll] <Computer Associates International, Inc.><6.5.1.59>
[C:\Program Files\Common Files\PFShared\Nag.dll] <Tiny Software, Inc.><6.0.1.22>
[PID: 1584][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[PID: 1632][C:\WINDOWS\System32\GEARSec.exe] <GEAR Software><1, 0, 0, 6>
[C:\WINDOWS\System32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\System32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 1716][C:\Program Files\Norton Ghost\Agent\VProSvc.exe] <Symantec Corporation><10.0.0.8400>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.0.90>
[C:\Program Files\Norton Ghost\Shared\VProObj.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Shared\NotifyHandler.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\shared\ErrorGui.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Shared\VProScheduler.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Agent\VProImaging.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Agent\gwrks32.dll] <GEAR-Software><3.52.001.03>
[C:\Program Files\Norton Ghost\Agent\GEARAW32.dll] <GEAR-Software><3.52.001.03>
[C:\Program Files\Norton Ghost\Agent\gwlangEN.dll] <GEAR-Software><3.52.001.03>

雪山铁骑 - 2006-5-1 13:56:00

[PID: 184][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe] <Symantec Corporation><1, 8, 54, 534>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll] <Symantec Corporation><1, 8, 54, 534>
[PID: 464][C:\Program Files\Common Files\PFShared\umxlu.exe] <Computer Associates International, Inc.><6.0.1.15>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 596][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL] <Symantec Corporation><103.0.4.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] <Symantec Corporation><103.0.4.3>
[PID: 136][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[D:\rarext.dll] <N/A><N/A>
[C:\Program Files\Unlocker\UnlockerCOM.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.7.2006011200>

雪山铁骑 - 2006-5-1 13:57:00

[PID: 1900][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\System32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[PID: 2308][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.0.19>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 2352][C:\Program Files\Norton Ghost\Agent\GhostTray.exe] <Symantec Corporation><10.0.0.8400>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Norton Ghost\Shared\VProAuto.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Agent\DrmLicense.DLL] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.0.90>
[C:\Program Files\Norton Ghost\EasySetupInt.dll] <Symantec Corporation><10.0.0.8400>
[C:\Program Files\Norton Ghost\Agent\gwrks32.dll] <GEAR-Software><3.52.001.03>
[C:\Program Files\Norton Ghost\Agent\GEARAW32.dll] <GEAR-Software><3.52.001.03>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 2412][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.0.4.3>
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 2436][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 164][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 3928][C:\DOCUME~1\张军\LOCALS~1\Temp\Rar$EX00.234\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[PID: 3784][C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\SnagIt32.exe] <TechSmith Corporation><8.0.0.0>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\ltfil12n.dll] <LEAD Technologies, Inc.><12.1.0.061>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\LTKRN12n.dll] <LEAD Technologies, Inc.><12.1.0.061>
[C:\WINDOWS\system32\UmxSbxExw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\system32\UmxSbxw.dll] <Computer Associates International, Inc.><6.0.1.58>
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] <北京三七二一科技有限公司><1, 5, 2, 4>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\SnagItres.dll] <TechSmith 公司><8.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] <Kaspersky Lab><5.0.388.2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] <Kaspersky Lab><5.0.388.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\LTDIS12n.dll] <LEAD Technologies, Inc.><12.1.0.061>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\LFPNG12N.DLL] <LEAD Technologies, Inc.><12.1.0.061>
[C:\Documents and Settings\张军\桌面\SnagIt8ls_PConline\LFCMP12N.DLL] <LEAD Technologies, Inc.><12.1.0.061>

雪山铁骑 - 2006-5-1 13:58:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

追逐部落 - 2006-5-1 14:43:00

还真麻烦.

cqcl - 2006-5-1 16:13:00

该用户帖子内容已被屏蔽

海生 - 2006-5-1 19:35:00

你是从什么地方下载的安装包啊？是PCONLINE吗？

孤独的狼1982 - 2006-5-1 22:34:00

怎么不去官方网站下载？我的怎么没有呢？还是官方网站安全一些的

瑞星卡卡安全论坛