求助关于kb235780M.LOG的问题 bbs.ikaka.com

files - 2006-7-14 15:08:00

我每次开机和打开一个程序，卡巴都会提示对象kb235780M.LOG感染Trojan-PSW.Win32.Lmir.awq病毒.但无法删除,请教各位大侠如何除害？下面是SREng扫苗结果。
2006-07-14,13:53:46

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<DrvMon.exe><; C:\WINDOWS\system32\DrvMon.exe> [Alcor Micro, Corp.]
<NBJ><; "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"> [Ahead Software AG]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<KAVPersonal50><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize> [Kaspersky Lab]
<YOKAssiant><; Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant> [www.yok.com]
<SysExplr><; C:\Herosoft\HeroV8\SysExplr.EXE> []
<assistse><; "C:\PROGRA~1\3721\assistse.exe"> [yahoo]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> []
<KuGoo3><; C:\PROGRA~1\KUGOO3\KUGOO.EXE> []
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<PPHIDPAD><; C:\WINPENJR\Win32\pphidpad.exe> []
<RecSche><; C:\TV Capture Card\RecSche.exe> []
<res><; C:\WINDOWS\system32\res.exe> []
<Smapp><; C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe> [Sun Microsystems, Inc.]
<Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [Thunder Networking Technologies,LTD]
<Update><; C:\Program Files\Common Files\UPDAT\Update.exe> []
<WebThunder><; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [深圳市迅雷网络技术有限公司]
<Windows木马防火墙><; C:\Program Files\ftc\Trojanwall.exe> [风云谷]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[kavsvc / kavsvc]
<C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[Intranet Messenger / SOCEESe]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

files - 2006-7-14 15:10:00

浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[VeryCD超级搜索]
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[ShowBarObject Class]
{850B69E4-90DB-4F45-8621-891BF35A5B53} <C:\WINDOWS\system32\alibabatoolbar\__new\bar.dll, Alibaba>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\flashget\jccatch.dll, Amaze Soft>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Java Plug-in 1.5.0_01]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[AlibabaButton Class]
{13b0c05c-ef05-4bf6-b0ea-f6111af25544} <C:\WINDOWS\system32\alibabatoolbar\__new\bar.dll, Alibaba>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, herosoft>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[金山词霸]
{9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\flashget\flashget.exe, Amaze Soft>
[易趣购物]
{DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\flashget\fgiebar.dll, Amaze Soft>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[VeryCD超级搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[实用搜索]
{15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, >
[Java Plug-in 1.5.0_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[实用搜索]
{15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[VeryCD超级搜索]
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\MediaAddin04.dll, Thunder Networking Technologies,LTD>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[ShowBarObject Class]
{850B69E4-90DB-4F45-8621-891BF35A5B53} <C:\WINDOWS\system32\alibabatoolbar\__new\bar.dll, Alibaba>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\flashget\jccatch.dll, Amaze Soft>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\flashget\fgiebar.dll, Amaze Soft>
[VeryCD超级搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[ >> 彩信发送 <<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[&RSDN Search]
<res://C:\Program Files\ScanToolbar\ScanBar.dll/GoRSDN.dll.htm, N/A>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[VeryCD超级搜索]
<C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm, N/A>
[下载页面上的ED2(&K)链接]
<C:\Program Files\eMule\ed2k.html, N/A>
[使用KuGoo3下载(&K)]
<C:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[使用网际快车下载]
<C:\Program Files\flashget\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\flashget\jc_all.htm, N/A>
[反向链接]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[用比特精灵下载(&B)]
<C:\Program Files\BitSpirit\bsurl.htm, N/A>
[类似网页]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

files - 2006-7-14 15:19:00

正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 568][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 580][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 736][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 792][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 928][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 988][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1160][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1388][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll] <www.yok.com><2.0.1.6>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.142.1>
[C:\PROGRA~1\ftc\Commenu.dll] <Fygsoft and Microsoft><2.0.0.0>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 97>
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 1>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\flashget\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[PID: 1492][C:\Herosoft\HeroV8\SysExplr.EXE] <N/A><N/A>
[C:\Herosoft\HeroV8\HttpReq.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\CoolMenu.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\httphlp.dll] <N/A><N/A>
[C:\Herosoft\HeroV8\AVCDROM.dll] <N/A><N/A>
[C:\WINDOWS\system32\WNASPI32.DLL] <ACARD Technology Corp.><0, 2, 1, 3>
[C:\Herosoft\HeroV8\Sys936.DLL] <N/A><N/A>
[PID: 1500][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3292>
[PID: 1508][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1516][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1976][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] <><1, 2, 0, 4>
[PID: 236][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\SYSTEM32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 260][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 112][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 1016][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\System32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 2776][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll] <www.yok.com><2.0.1.6>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 97>
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 1>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 4>
[C:\WINDOWS\system32\alibabatoolbar\__new\bar.dll] <Alibaba><1, 1, 0, 1>
[C:\PROGRA~1\flashget\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] <Xi><1.60.11>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3756][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[PID: 2300][C:\WINDOWS\system32\mmc.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[PID: 3252][C:\Program Files\BitComet\BitComet.exe] <www.BitComet.com><0.67>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>

files - 2006-7-14 15:20:00

[PID: 3132][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll] <www.yok.com><2.0.1.6>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 97>
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_010.dll] <Thunder Networking Technologies,LTD><6, 0, 0, 1>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 4>
[C:\WINDOWS\system32\alibabatoolbar\__new\bar.dll] <Alibaba><1, 1, 0, 1>
[C:\PROGRA~1\flashget\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] <Xi><1.60.11>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 2680][C:\PROGRA~1\THUNDE~1\WEBTHU~1\WEBTHU~1.EXE] <深圳市迅雷网络技术有限公司><1, 0, 4, 28>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\taskmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 4, 25>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\download_interface.dll] <N/A><N/A>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 150>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 8>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\UpdateExec.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 5>
[C:\PROGRA~1\THUNDE~1\WEBTHU~1\iEmbedShell.dll] <　><1, 0, 0, 7>
[C:\Program Files\Thunder Network\WebThunder\iEmbed01.dll] <　><2, 1, 0, 30>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpscrch.dll] <Kaspersky Lab><1.0.142.342>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\concl.dll] <Kaspersky Lab><1.0.142.3>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] <Kaspersky Lab><5.0.0.0>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ipc.dll] <Kaspersky Lab><5.0.142.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 412][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[PID: 1340][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX03.141\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\SYNCOR11.DLL] <SoundMAX><1.2.3>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

瑞星卡卡安全论坛