c://windows/system32/anskya1.dll
似乎是病毒的组件

当时大概是中了灰鸽子病毒的一种
在注册表里面写了个winnt,被删除了
但是同时还发现c://windows/system32有 anskya0.exe和anskya1.dll两个东西是当天新增的,删掉一次后又跳出来!第二次删只有anskya0.exe能删除了,anskya1.dll在安全模式也删除不了,用冰刃看了一下,似乎机子上面打开的程序都调用这个anskya1.dll了,包括蜘蛛纸牌这种小游戏都有.

请高手指点怎么杀掉这个东西!

2006-07-31,19:30:20

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <PRONoMgrWired><c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe>  [Intel(R) Corporation]
    <UpdateManager><"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>  [Sonic Solutions]
    <KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize>  [Kaspersky Lab]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <Lenovo LJ1800StatusDisplay><C:\WINDOWS\system32\LSTMON_N.EXE>  [Legend (Beijing) Limited.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
    <{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINDOWS\system32\Anskya1.dll>  []
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\Ansky.dll>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhlog1.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [System Safety Limited]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  []
    <poco><; D:\poco\Poco2006.exe>  [广州数联软件有限公司 - http://www.poco.cn/]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Sonic RecordNow!><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Syetwlyeh><; C:\WINDOWS\system32\algesteiye.exe>  []

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[eBay易趣--全球商品一网打尽]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBay易趣--全球商品一网打尽.lnk><N>
[InterVideo WinCinema Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><N>
[Wallpaper Calendar]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Wallpaper Calendar.lnk><N>

==================================
服务
[BrSplService / Brother XP spl Service]
  <C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[kavsvc / kavsvc]
  <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"><Kaspersky Lab>
[Intel NCS NetService / NetSvc]
  <c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[XDownloadService / XDownloadService]
  <C:\WINDOWS\system32\Rundll32.exe "C:\WINDOWS\Downloader.dll",Run><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[hbieobj Class]
  {147E230B-FC8D-4A66-AB96-FFD464A9B2A3} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[WebDownloader Class]
  {E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, >
[珊瑚虫 工具栏]
  {8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[hbieobj Class]
  {147E230B-FC8D-4A66-AB96-FFD464A9B2A3} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, 珊瑚虫工作室 泰格工作室>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[WebDownloader Class]
  {E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, >
[&Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[PBActiveX40 Control]
  {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\CMBPB40.ocx, China Merchants Bank>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[加入POCO网摘(&K)]
  <http://my.poco.cn/fav/rightClick.php, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[我的POCO网摘(&O)]
  <http://my.poco.cn/fav/open_myfav.php, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 608][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\SSMWinlogonEx.dll]  <System Safety Limited><2.0.8.579>
[PID: 732][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1340][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1544][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [D:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll]  <Zepsoft><1.0.3.3>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll]  <Kaspersky Lab><5.0.388.1>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\WINDOWS\system32\igfxpph.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3.0.0.4342>
[PID: 1692][C:\WINDOWS\system32\brsvc01a.exe]  <brother Industries Ltd><1, 0, 0, 2>
[PID: 1716][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AUCPLMNT.DLL]  <CANON INC.><4.3.0.0>
    [C:\WINDOWS\system32\HPBMMON.DLL]  <Hewlett-Packard><10.00.14>
    [C:\WINDOWS\system32\hpdomon.dll]  <Hewlett-Packard><03.42.00>
    [C:\WINDOWS\system32\HPBHealr.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\LLMON__N.DLL]  <Legend (Beijing) Limited.><1, 1, 1427, 0>
    [C:\WINDOWS\system32\LSPOOL_N.dll]  <Zenographics, Inc.><5, 51, 709, 717>
    [c:\Program Files\Network Print Monitor\Driver.DLL]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL]  <Brother Industries ,Ltd ><1.03>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LIMFPR_N.DLL]  <Zenographics, Inc.><5, 54, 330, 717>
    [C:\WINDOWS\system32\LIMF32_N.dll]  <Zenographics, Inc.><5, 51, 405, 717>
    [C:\WINDOWS\system32\LTAG32_N.dll]  <Zenographics, Inc.><5, 50, 1725, 717>
[PID: 1728][C:\WINDOWS\system32\brss01a.exe]  <brother Industries Ltd><1.004>
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\brpp2ka.dll]  <Brother Industries ,Ltd ><1.03>
[PID: 1960][C:\WINDOWS\system32\igfxtray.exe]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxress.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
[PID: 1968][C:\WINDOWS\system32\hkcmd.exe]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\hccutils.DLL]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxdev.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxsrvc.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\igfxhk.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\igfxres.dll]  <Intel Corporation><3.0.0.4342>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
[PID: 1976][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.29>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 112][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.1622>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
[PID: 180][C:\WINDOWS\system32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\pcast\hbcast.dll]  <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
[PID: 216][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
[PID: 504][C:\Program Files\EbayShop\EbayShop.exe]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 516][C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe]  <InterVideo Inc.><1.8.1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 524][D:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe]  <Zepsoft><3.0.2.85>
    [D:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll]  <Zepsoft><1.0.3.3>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 528][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 620][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 21628][D:\Program Files\Foxmail\Foxmail.exe]  <Bodachina Co., Ltd><5.0 beta2>
    [D:\Program Files\Foxmail\FoxAntiSpam.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [D:\Program Files\Foxmail\3rdParty\punylib.dll]  <CNNIC><1, 0, 0, 2>
    [D:\Program Files\Foxmail\3rdParty\cmplugin.dll]  <N/A><N/A>

[PID: 23680][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Infofo Bar\infofobar.dll]  <珊瑚虫工作室 泰格工作室><1, 0, 0, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\PROGRA~1\pcast\hbcast.dll]  <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\Downloader.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  <Adobe Systems, Inc.><9,0,0,296>
[PID: 30068][D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  <Microsoft Corporation><11.0.5604>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CnP5eCUI.DLL]  <CANON INC.><5.10>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNP5EC.dll]  <CANON INC.><5.10>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNP5ECGR.DLL]  <CANON INC.><5.10>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\AUSSDRV.DLL]  <CANON INC.><2, 3, 0, 0>
[PID: 32944][C:\Program Files\Maxthon\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 2, 21>
    [C:\Program Files\Maxthon\maxzlib.dll]  < ><1, 0, 0, 2>
    [C:\Program Files\Maxthon\Plugin\ViewSource\ViewSrc.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  <Adobe Systems, Inc.><9,0,0,296>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 40628][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Infofo Bar\infofobar.dll]  <珊瑚虫工作室 泰格工作室><1, 0, 0, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\PROGRA~1\pcast\hbcast.dll]  <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\Downloader.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  <Adobe Systems, Inc.><9,0,0,296>
[PID: 39412][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Infofo Bar\infofobar.dll]  <珊瑚虫工作室 泰格工作室><1, 0, 0, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.0.2004121400>
    [C:\PROGRA~1\pcast\hbcast.dll]  <Shanghai Henbang Technology Co., Ltd><1, 0, 0, 1>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\Downloader.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 39532][D:\PROGRA~1\FLASHGET\flashget.exe]  <Amaze Soft><1, 5, 0, 0>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 39812][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[PID: 39996][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.391\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

那个shanghai hengbang的什么hbhelper在注册表里面和硬盘上的程序都删除了,居然这里还在显示!!

看了一下扫描内容
我感觉下面一些项目有问题
注册表:   
<RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
    <{C54B4AFB-7A2A-6C3E-BA4D-C20F0294B724}><C:\WINDOWS\system32\Anskya1.dll>  []
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\Ansky.dll>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhlog1.dll>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Syetwlyeh><; C:\WINDOWS\system32\algesteiye.exe>  []

浏览器加载里面那个shanghaihengbang的什么助手还没有清理干净


其中的shanghaihengbang和algesteiye.exe运行的原文件都删除了
注册表也清理过了,但是还是一重起又出来了!是什么东西啊!

此外所有正在运行的进程基本上都受到了ansky的侵袭
所有进程下面都有这三个子项目
[C:\WINDOWS\system32\Anskya1.dll]  <N/A><N/A>
[C:\WINDOWS\system32\Ansky.dll]  <N/A><N/A>
[C:\WINDOWS\system32\jhlog1.dll]  <N/A><N/A>

请高手指教怎么处理

补充一点
ansky.dll是04年8月就创建的文件了
ansky.dll是06年7月26日创建的,就是我中灰鸽子那天创建的
那天好象一下子中了好几个毒的样子
jhlog1.dll是今天,06年7月31日才创建的,难道今天又中什么毒了?
这三个都是隐藏的文件

而且在网上搜索,有关于anskyaX.exe的说明,说是一个trojan病毒
但是关于anskya1.dll的都没有,这两天已经删除的anskya0.exe到是没有再出现了,但是不知道anskya1.dll这个残余的东西怎么处理