郁闷哪位高手帮助看一下，到底是什么毒 bbs.ikaka.com

henry07boy - 2006-8-12 12:01:00

不知道怎么感染了这个东西，也不晓得是什么东西，总之老是杀不掉，中招之后所有的隐藏文件都看不到了，即使在“工具－文件夹选项－显示隐藏文件和文件夹”操作也不行，确定后没有任何反映。
赛们铁可软件老是不停的弹出下面信息:

"扫描类型：自动防护扫描
事件：发现威胁！
威胁： Infostealer
文件： C:\DOCUME~1\孙开源\LOCALS~1\Temp\4.exe
位置： C:\DOCUME~1\孙开源\LOCALS~1\Temp
计算机： NEWSUN-B91ACF9C
用户：孙开源
采用的操作：清除失败 : 隔离失败 : 删除成功 : 拒绝访问
发现的日期： 2006年8月12日 9:29:22
还有另外一个：

扫描类型：自动防护扫描
事件：发现威胁！
威胁： Infostealer.Lineage
文件： C:\DOCUME~1\孙开源\LOCALS~1\Temp\5.exe
位置： C:\DOCUME~1\孙开源\LOCALS~1\Temp
计算机： NEWSUN-B91ACF9C
用户：孙开源
采用的操作：清除失败 : 隔离失败 : 删除成功 : 拒绝访问
发现的日期： 2006年8月12日 9:29:27

我几乎崩溃了，尝试了N种方法也没有效果，在安全模式下用ewido anti-spyware（更新到最新）查杀，杀了几个木马，用赛们铁可（更新到最新）查杀没有结果。也不知道到底该怎么样操作了

下面是我扫描的日志：

2006-08-12,11:13:34

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NetSpeeder><"D:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe" hide> []
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [Microsoft Corporation]
<CdnCtr><> []
<IESAddr><Null> []
<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB235780M.LOG> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> []
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]
<{EFAE7B4A-FA39-4818-ACAC-6B6D851CEFF4}><C:\Program Files\Internet Explorer\WinHook.sys> []
<{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\progra~1\mywebs~1\bar\1.bin\xrchyadg.dll> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\system32\636d8ed0.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
<WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll> [System Safety Limited]

==================================
启动文件夹
[河南网通宽带用户客户端]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\河南网通宽带用户客户端.lnk><N>

==================================
服务
[Internet Protect Service / 8NASCAR]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<d:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Intel PDS / Intel PDS]
<C:\WINDOWS\system32\CBA\pds.exe><Intel? Corporation>
[IPSEC Client / lDOMANE]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[O&O Defrag / O&O Defrag]
<C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[WinPcap - Remote Packet Capture Protocol / rpcapd]
<"C:\WINDOWS\System32\rpcapd.exe" -d -f "C:\WINDOWS\System32\rpcapd.ini"><N/A>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Network System / Universal Disk Manager]
<C:\Program Files\Common Files\COMM\Network.exe><N/A>
[VIPTray / VIPTray]
<C:\WINDOWS\System32\VIPTray.exe><N/A>
[Windows User System / Windows User System]
<C:\WINDOWS\system.exe><N/A>
[wint / wint]
<C:\WINDOWS\system32\RunDLL32.exe "C:\WINDOWS\system32\wint\wint.dll",Run -r><N/A>

求助各位高手告知小弟怎么解决，多谢了

附件: 7275132006812115308.JPG

henry07boy - 2006-8-12 12:01:00

浏览器加载项
[免费精彩视频超流畅在线观看]
{022C4009-5283-4365-97BF-144054B40E2E} <http://itv.mop.com, N/A>
[豪杰超级解霸9]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, herosoft>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[讯通视频语音聊天]
{97C0CDFA-970D-4222-ADDE-6718E89E887C} <http://www.bdsystem.com/, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Alexa]
{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[ICQ Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} <F:\Program Files\ICQToolbar\toolbaru.dll, ICQ Inc.>
[&Save Flash]
{4064EA35-578D-4073-A834-C96D82CBCF40} <C:\Program Files\Save Flash\SaveFlash.dll, TODO: <Company name>>
[同花顺]
{39852EFE-325B-45ef-9A60-3DBECD2DDDD5} <C:\WINDOWS\system32\thsbar.dll, í??¨?3>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[My &Web Search]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} <C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL, MyWebSearch.com>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山软件股份有限公司>
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINDOWS\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[金山毒霸在线产品升级]
{52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[Downloader Class]
{5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINDOWS\system32\iMopDl.dll, >
[pcastup Class]
{87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} <C:\WINDOWS\system32\PcastUpdate.dll, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[PopCapLoader Object]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, PopCap Games>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pcastctl.dll, >
[MyWebSearch Search Assistant BHO]
{00A6FAF1-072E-44CF-8957-5838F569A31D} <C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL, MyWebSearch.com>
[mwsBar BHO]
{07B18EA1-A523-4961-B6BB-170DE4475CCA} <C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL, MyWebSearch.com>
[My &Web Search]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} <C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL, MyWebSearch.com>
[MyWebSearch Settings]
{07B18EAB-A523-4961-B6BB-170DE4475CCA} <C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL, MyWebSearch.com>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} <C:\WINDOWS\DOWNLO~1\ADDCAR~1.OCX, SHECA>
[ChajianHelper Class]
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} <C:\WINDOWS\system32\SYSREA~1.DLL, Kmedia>
[KAVIEHelper Class]
{1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <C:\Program Files\KOS\KOSIEBar.dll, 金山软件股份有限公司>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[BrowserHelper Class]
{2D99E8F4-56B7-457B-9A92-61B5D247D263} <C:\WINDOWS\system32\WinDefendor.dll, N/A>
[同花顺]
{39852EFE-325B-45EF-9A60-3DBECD2DDDD5} <C:\WINDOWS\system32\thsbar.dll, í??¨?3>
[Alexa]
{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Fun Web Products HTML Menu]
{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} <C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL, FunWebProducts.com>
[&Save Flash]
{4064EA35-578D-4073-A834-C96D82CBCF40} <C:\Program Files\Save Flash\SaveFlash.dll, TODO: <Company name>>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BDC Control]
{7253A666-8D4A-11D7-A4DC-00E04C504779} <D:\PROGRA~1\BDC\Bdc.ocx, BLUE>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[ICQ Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} <F:\Program Files\ICQToolbar\toolbaru.dll, ICQ Inc.>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[ScreenSaverInstaller Class]
{9FF05104-B030-46FC-94B8-81276E4E27DF} <C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL, FunWebProducts.com>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[IEHlprObj Class]
{C5E5DB7E-46B1-47E6-8447-2E517F269925} <G:\G\p\xplus\GETIE.dll, >
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[金山毒霸安全助手]
{EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.dll, 金山软件股份有限公司>
[BHelper Class]
{F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\system\636o8ed0.dll, N/A>
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\system32\pcastctl.dll, >
[&ICQ Toolbar Search]
<res://F:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML, N/A>
[&Search]
<http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm794YYCN, N/A>
[&使用迅雷下载]
<d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[VeryCD超级搜索]
<C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm, N/A>
[Write a Review...]
<http://client.alexa.com/holiday/script/actions/review.htm, N/A>
[YOK搜索]
<C:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用超级解霸播放]
<d:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[易趣购物]
<C:\Program Files\AD4All\link1\ebaylink.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[电鹰搜索]
<res://C:\WINDOWS\system32\dytoolband.dll/MENUSEARCH.HTM, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

henry07boy - 2006-8-12 12:03:00

正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\SSMWinlogonEx.dll] <System Safety Limited><2.0.8.581>
[C:\WINDOWS\system32\NavLogon.dll] <Symantec Corporation><9.0.0.338>
[c:\progra~1\mywebs~1\bar\1.bin\xrchyadg.dll] <><1, 0, 0, 11>
[C:\WINDOWS\system32\packet.dll] <CACE Technologies><3, 1, 0, 27>
[C:\WINDOWS\system32\WanPacket.dll] <CACE Technologies><3, 1, 0, 27>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 772][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 784][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 964][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1036][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1168][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1244][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1352][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1564][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\AdobePDF.dll] <Adobe Systems Incorporated.><6.0.000>
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS] <N/A><N/A>
[C:\WINDOWS\system32\pxc25pm.dll] <Tracker Software><2.50.0002>
[PID: 1716][C:\Program Files\Symantec AntiVirus\DefWatch.exe] <Symantec Corporation><9.0.0.338>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1752][d:\Program Files\ewido anti-spyware 4.0\guard.exe] <Anti-Malware Development a.s.><4, 0, 0, 172>
[d:\Program Files\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1800][C:\WINDOWS\system32\CBA\pds.exe] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\loc32vc0.dll] <Intel><3, 0, 0, 2>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 496][D:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe] <Superhunter Inc.><2, 4, 0, 589>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 512][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.5655>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 600][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 668][C:\Program Files\racer-henan-cnc\racer.exe] <Putian Runway><2, 0, 51, 92>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\racer-henan-cnc\rwxre.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nspr4.dll] <Netscape Communications Corporation><4.5 Beta>
[C:\Program Files\racer-henan-cnc\xpcom.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\nss3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\softokn3.dll] <Netscape Communications Corporation><3.9.1>
[C:\Program Files\racer-henan-cnc\gkgfx.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\js3250.dll] <Netscape Communications Corporation><4.0>
[C:\Program Files\racer-henan-cnc\components\racer_base_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\xpcom_compat.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\racer_base.dll] <Putian Runway><2,0,47,87>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\Program Files\racer-henan-cnc\components\pipnss.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\gklayout.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\jar50.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\xpcom_compat_c.dll] <Mozilla Foundation><1.7.3: 2005040616>
[C:\Program Files\racer-henan-cnc\components\racer_ad_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\components\racer_access_dhcpplus.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\dhcpplus.dll] <北京润汇科技有限公司><0, 13, 21, 45>
[C:\Program Files\racer-henan-cnc\components\racer_nss4_comp.dll] <Putian Runway><2,0,47,87>
[C:\Program Files\racer-henan-cnc\nss4.dll] <北京普天润汇科技有限公司><1, 0, 0, 3>
[C:\Program Files\racer-henan-cnc\wpcap.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\Program Files\racer-henan-cnc\pthreadVC.dll] <N/A><N/A>
[C:\Program Files\racer-henan-cnc\packet.dll] <Politecnico di Torino><3, 0, 0, 18>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>

henry07boy - 2006-8-12 12:03:00

[PID: 1620][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.5655>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 1692][C:\WINDOWS\system32\oodag.exe] <O&O Software GmbH><6.5.851>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\OODAGRS.DLL] <O&O Software GmbH><6.5.0.1061>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1892][C:\Program Files\racer-henan-cnc\RacerKp.exe] <北京润汇科技有限公司><1, 0, 0, 1>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 2024][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] <Symantec Corporation><9.0.0.338>
[C:\WINDOWS\system32\CBA.DLL] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\MsgSys.dll] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\NTS.dll] <Intel? Corporation><6.12.0.112 E>
[C:\WINDOWS\system32\PDS.DLL] <Intel? Corporation><6.12.0.112 E>
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] <Symantec Corporation><9.0.0.338>
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] <Symantec Corporation><9.0.0.338>
[C:\Program Files\Symantec AntiVirus\ecmldr32.DLL] <Symantec Corp.><1.1.0.3>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.3.0.28>
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] <Symantec Corporation><9.0.0.338>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060809.018\ecmsvr32.dll] <Symantec Corporation><61.2.1.10>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060809.018\NAVEX32a.DLL] <Symantec Corporation><20061.2.0.26>
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060809.018\NAVENG32.DLL] <Symantec Corporation><20061.2.0.26>
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><9.0.0.338>
[C:\Program Files\Symantec AntiVirus\DecSDK.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2ID.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2SS.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2CAB.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2LHA.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2LZ.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2AMG.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2TAR.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2RTF.dll] <Symantec Corporation><3.02.11.32>
[C:\Program Files\Symantec AntiVirus\Dec2Text.dll] <Symantec Corporation><3.02.11.32>
[PID: 584][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[PID: 3016][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 2988][D:\Program Files\Thunder Network\Thunder\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.5.189>
[D:\Program Files\Thunder Network\Thunder\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[D:\Program Files\Thunder Network\Thunder\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 2, 74>
[D:\Program Files\Thunder Network\Thunder\log4cplus.dll] <><1, 0, 2, 1>
[D:\Program Files\Thunder Network\Thunder\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[D:\Program Files\Thunder Network\Thunder\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[D:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[D:\Program Files\Thunder Network\Thunder\iEmbed.dll] <Thunder Networking Technologies,LTD><1, 1, 0, 22>
[D:\Program Files\Thunder Network\Thunder\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[D:\Program Files\Thunder Network\Thunder\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[D:\Program Files\Thunder Network\Thunder\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 59>
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] <Macromedia, Inc.><8,0,22,0>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 2472][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[PID: 3772][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 2376][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\WINDOWS\system32\636d8ed0.dll] <N/A><N/A>
[d:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[c:\progra~1\mywebs~1\bar\1.bin\xrchyadg.dll] <><1, 0, 0, 11>
[C:\WINDOWS\system32\packet.dll] <CACE Technologies><3, 1, 0, 27>
[C:\WINDOWS\system32\WanPacket.dll] <CACE Technologies><3, 1, 0, 27>
[d:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\Program Files\ICQLite\ICQLiteShell.dll] <><20, 34, 2321, 0>
[d:\Program Files\Herosoft\Hero Audio Convert\HeroExt.dll] <N/A><N/A>
[d:\Program Files\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll] <Adobe Systems Inc.><6.0.0.2003110300\0>
[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.chs] <Adobe Systems Inc.><6.0.0.2003110300\0>
[D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll] <VoyagerSoft, LLC><2.2.158.0>
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><9.0.0.338>
[PID: 3192][C:\TDDownload\Movie\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\KB235780M.LOG] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛