请问anskya1.dll是什么病毒的组件,怎么才能杀掉? bbs.ikaka.com

huihuicat - 2006-7-31 18:21:00

c://windows/system32/anskya1.dll
似乎是病毒的组件

当时大概是中了灰鸽子病毒的一种
在注册表里面写了个winnt,被删除了
但是同时还发现c://windows/system32有 anskya0.exe和anskya1.dll两个东西是当天新增的,删掉一次后又跳出来!第二次删只有anskya0.exe能删除了,anskya1.dll在安全模式也删除不了,用冰刃看了一下,似乎机子上面打开的程序都调用这个anskya1.dll了,包括蜘蛛纸牌这种小游戏都有.

请高手指点怎么杀掉这个东西!

newcenturymoon - 2006-7-31 18:26:00

可能是灰鸽子
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

huihuicat - 2006-7-31 19:54:00

2006-07-31,19:30:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<PRONoMgrWired><c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<UpdateManager><"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
<KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize> [Kaspersky Lab]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Lenovo LJ1800StatusDisplay><C:\WINDOWS\system32\LSTMON_N.EXE> [Legend (Beijing) Limited.]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINDOWS\system32\Anskya1.dll> []
<{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\Ansky.dll> []
<{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhlog1.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [System Safety Limited]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> []
<poco><; D:\poco\Poco2006.exe> [广州数联软件有限公司 - http://www.poco.cn/]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Sonic RecordNow!><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Syetwlyeh><; C:\WINDOWS\system32\algesteiye.exe> []

huihuicat - 2006-7-31 19:55:00

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[eBay易趣--全球商品一网打尽]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBay易趣--全球商品一网打尽.lnk><N>
[InterVideo WinCinema Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><N>
[Wallpaper Calendar]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Wallpaper Calendar.lnk><N>

==================================
服务
[BrSplService / Brother XP spl Service]
<C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[kavsvc / kavsvc]
<"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Intel NCS NetService / NetSvc]
<c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[XDownloadService / XDownloadService]
<C:\WINDOWS\system32\Rundll32.exe "C:\WINDOWS\Downloader.dll",Run><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[hbieobj Class]
{147E230B-FC8D-4A66-AB96-FFD464A9B2A3} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室泰格工作室>
[WebDownloader Class]
{E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, >
[珊瑚虫工具栏]
{8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室泰格工作室>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室泰格工作室>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[hbieobj Class]
{147E230B-FC8D-4A66-AB96-FFD464A9B2A3} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室泰格工作室>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[WebDownloader Class]
{E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, >
[&Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\CMBPB40.ocx, China Merchants Bank>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<D:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[加入POCO网摘(&K)]
<http://my.poco.cn/fav/rightClick.php, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[我的POCO网摘(&O)]
<http://my.poco.cn/fav/open_myfav.php, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

huihuicat - 2006-7-31 19:57:00

==================================
正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 608][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SSMWinlogonEx.dll] <System Safety Limited><2.0.8.579>
[PID: 732][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1340][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1544][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[D:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] <Zepsoft><1.0.3.3>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll] <Kaspersky Lab><5.0.388.1>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] <Adobe Systems, Inc.><7.0.0.0>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.4342>
[PID: 1692][C:\WINDOWS\system32\brsvc01a.exe] <brother Industries Ltd><1, 0, 0, 2>
[PID: 1716][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AUCPLMNT.DLL] <CANON INC.><4.3.0.0>
[C:\WINDOWS\system32\HPBMMON.DLL] <Hewlett-Packard><10.00.14>
[C:\WINDOWS\system32\hpdomon.dll] <Hewlett-Packard><03.42.00>
[C:\WINDOWS\system32\HPBHealr.dll] <N/A><N/A>
[C:\WINDOWS\system32\LLMON__N.DLL] <Legend (Beijing) Limited.><1, 1, 1427, 0>
[C:\WINDOWS\system32\LSPOOL_N.dll] <Zenographics, Inc.><5, 51, 709, 717>
[c:\Program Files\Network Print Monitor\Driver.DLL] <><1, 0, 0, 1>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL] <Brother Industries ,Ltd ><1.03>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LIMFPR_N.DLL] <Zenographics, Inc.><5, 54, 330, 717>
[C:\WINDOWS\system32\LIMF32_N.dll] <Zenographics, Inc.><5, 51, 405, 717>
[C:\WINDOWS\system32\LTAG32_N.dll] <Zenographics, Inc.><5, 50, 1725, 717>
[PID: 1728][C:\WINDOWS\system32\brss01a.exe] <brother Industries Ltd><1.004>
[C:\WINDOWS\system32\spool\PRTPROCS\W32X86\brpp2ka.dll] <Brother Industries ,Ltd ><1.03>
[PID: 1960][C:\WINDOWS\system32\igfxtray.exe] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[PID: 1968][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4342>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[PID: 1976][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.0.29>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 112][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.1622>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[PID: 180][C:\WINDOWS\system32\Rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[PID: 216][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[PID: 504][C:\Program Files\EbayShop\EbayShop.exe] <><1, 0, 0, 1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 516][C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe] <InterVideo Inc.><1.8.1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 524][D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe] <Zepsoft><3.0.2.85>
[D:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] <Zepsoft><1.0.3.3>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 528][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 1104][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 21628][D:\Program Files\Foxmail\Foxmail.exe] <Bodachina Co., Ltd><5.0 beta2>
[D:\Program Files\Foxmail\FoxAntiSpam.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[D:\Program Files\Foxmail\3rdParty\punylib.dll] <CNNIC><1, 0, 0, 2>
[D:\Program Files\Foxmail\3rdParty\cmplugin.dll] <N/A><N/A>

huihuicat - 2006-7-31 19:57:00

[PID: 23680][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Infofo Bar\infofobar.dll] <珊瑚虫工作室泰格工作室><1, 0, 0, 0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINDOWS\Downloader.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 30068][D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] <Microsoft Corporation><11.0.5604>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CnP5eCUI.DLL] <CANON INC.><5.10>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNP5EC.dll] <CANON INC.><5.10>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNP5ECGR.DLL] <CANON INC.><5.10>
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\AUSSDRV.DLL] <CANON INC.><2, 3, 0, 0>
[PID: 32944][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 2, 21>
[C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\Maxthon\Plugin\ViewSource\ViewSrc.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 40628][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Infofo Bar\infofobar.dll] <珊瑚虫工作室泰格工作室><1, 0, 0, 0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINDOWS\Downloader.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll] <Kaspersky Lab><5.0.1.18>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll] <Kaspersky Lab><5.0.388.2>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll] <Kaspersky Lab><5.0.388.1>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll] <Kaspersky Lab><5.0.388.0>
[d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl] <Kaspersky Lab><5.0.388.0>
[d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl] <Kaspersky Lab><5.0.388.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx] <Adobe Systems, Inc.><9,0,0,296>
[PID: 39412][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Infofo Bar\infofobar.dll] <珊瑚虫工作室泰格工作室><1, 0, 0, 0>
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><7.0.0.2004121400>
[C:\PROGRA~1\pcast\hbcast.dll] <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
[D:\PROGRA~1\FLASHGET\jccatch.dll] <Amaze Soft><1, 1, 4, 0>
[C:\WINDOWS\Downloader.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 39532][D:\PROGRA~1\FLASHGET\flashget.exe] <Amaze Soft><1, 5, 0, 0>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 39812][C:\Program Files\WinRAR\WinRAR.exe] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[PID: 39996][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.391\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>

huihuicat - 2006-7-31 19:58:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

huihuicat - 2006-7-31 20:00:00

那个shanghai hengbang的什么hbhelper在注册表里面和硬盘上的程序都删除了,居然这里还在显示!!

huihuicat - 2006-7-31 20:36:00

看了一下扫描内容
我感觉下面一些项目有问题
注册表:
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> []
<{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINDOWS\system32\Anskya1.dll> []
<{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\Ansky.dll> []
<{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhlog1.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Syetwlyeh><; C:\WINDOWS\system32\algesteiye.exe> []

浏览器加载里面那个shanghaihengbang的什么助手还没有清理干净

其中的shanghaihengbang和algesteiye.exe运行的原文件都删除了
注册表也清理过了,但是还是一重起又出来了!是什么东西啊!

此外所有正在运行的进程基本上都受到了ansky的侵袭
所有进程下面都有这三个子项目
[C:\WINDOWS\system32\Anskya1.dll] <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll] <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll] <N/A><N/A>

请高手指教怎么处理

huihuicat - 2006-7-31 20:46:00

补充一点
ansky.dll是04年8月就创建的文件了
ansky.dll是06年7月26日创建的,就是我中灰鸽子那天创建的
那天好象一下子中了好几个毒的样子
jhlog1.dll是今天,06年7月31日才创建的,难道今天又中什么毒了?
这三个都是隐藏的文件

而且在网上搜索,有关于anskyaX.exe的说明,说是一个trojan病毒
但是关于anskya1.dll的都没有,这两天已经删除的anskya0.exe到是没有再出现了,但是不知道anskya1.dll这个残余的东西怎么处理

瑞星卡卡安全论坛