广告广告
  加入我的最爱 设为首页 风格修改
首页 首尾
 手机版   订阅   地图  繁体 
您是第 9645 个阅读者
 
发表文章 发表投票 回覆文章
  可列印版   加为IE收藏   收藏主题   上一主题 | 下一主题   
julie9104
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片
推文 x0
[问题讨论] 电脑中了hacktool.rootkit病毒??
dear all:

    电脑有装赛门铁克的防毒软体,最近一开机就显示有中一款hacktool.rootkit的病毒,防毒删除后,
重新开机又再出现,实为头痛的问题,又怕也其他病毒,,
想从安全模式登入扫毒,又发现安全模式的administrator的密码不对
无法进入,,有看网路文章,又怕误删系统档,造成电脑损害,,请求高手们帮忙..

以下reng2所做的log..
复制程式

2007-11-08,10:55:30

System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 2 (Build 2600) - 管理许可权用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、开机档案夹、服务等)
    流览器载入项
    正在运行的进程(包括进程模组资讯)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动专案
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <foxy><"C:\Program Files\Foxy\Foxy.exe" -tray>  [N/A]
    <kava><C:\WINDOWS\system32\kavo.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <Client Access Service><"C:\Program Files\IBM\Client Access\cwbsvstr.exe">  [IBM Corporation]
    <Client Access Help Update><"C:\Program Files\IBM\Client Access\cwbinhlp.exe">  [IBM Corporation]
    <Client Access Check Version><"C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN>  [N/A]
    <Client Access Express Welcome><"C:\Program Files\IBM\Client Access\cwbwlwiz.exe">  [IBM Corporation]
    <GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe>  [Symantec Corporation]
    <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <tasa><C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso.exe>  []
    <UserFaultCheck><%systemroot%\system32\dumprep 0 -u>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{1DBD6574-D6D0-4782-94C3-69619E719765}><C:\WINDOWS\HELP\F3C74E3FA248.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
开机档案夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[iSeries Access for Windows 远端指令 / Cwbrxd][Stopped/Manual Start]
  <C:\WINDOWS\CWBRXD.EXE><IBM Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[GhostStartService / GhostStartService][Running/Auto Start]
  <C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start]
  <C:\oracle\ora92\BIN\ONRSD.EXE><N/A>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程式
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
  <system32\DRIVERS\e1000325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[GhostPciScanner / GhPciScan][Running/System Start]
  <\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys><Symantec Corporation>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\navex15.sys><Symantec Corporation>
[直接平行连接埠连结驱动程式 / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sdrfgtyh / sdrfgtyh][Stopped/Manual Start]
  <2 - 系统找不到指定的档案。
><N/A>
[wedcfvbghj / wedcfvbghj][Stopped/]
  <2 - 系统找不到指定的档案。
><N/A>

==================================
流览器载入项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
  {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Microsoft Agent Control 2.0]
  {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
[&Windows Live Search]
  <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
  <[url]http://favorites.live.com/quickadd.aspx[/url], N/A>
[在新的前景索引标签中开启]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/230?9a8b5ff6b0f1458eb0518dac4277a1e1, N/A>
[在新的背景索引标签中开启]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/229?9a8b5ff6b0f1458eb0518dac4277a1e1, N/A>

==================================
正在运行的进程
[PID: 620 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4117]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.1.5.5000]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\oracle\ora92\bin\oci.dll]  [Oracle Corporation, 9.2.0.1.0]
[PID: 1232 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1336 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
[PID: 1452 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 2.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 104.0.11.1]
[PID: 1556 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe]  [Symantec Corporation, 2.2.0.7]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 2.2.0.7]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll]  [Symantec Corporation, 2.2.0.7]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 424 / SYSTEM][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
[PID: 500 / SYSTEM][C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe]  [Symantec Corporation, 2003.775]
[PID: 720 / SYSTEM][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.1.5.5000]
[PID: 1208 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1292 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1836 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2508 / WinnieLee][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\kavo1.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\IBM\Client Access\Shared\cwbunddh.dll]  [IBM Corporation, 09.000]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 2680 / WinnieLee][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 3, 000]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2688 / WinnieLee][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 0, 2, 4]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2696 / WinnieLee][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5157]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5157]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHT]  [ATI Technologies, Inc., 6.14.10.5157]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5157]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2704 / WinnieLee][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 5.00.0000]
    [C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll]  [CyberLink Corp., 3.20.0000]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2848 / WinnieLee][C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe]  [Symantec Corporation, 2003.775]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2880 / WinnieLee][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe]  [Sun Microsystems, Inc., 5.0.60.5]
[PID: 2888 / WinnieLee][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 104.0.11.1]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 6.0.4.402]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 2940 / WinnieLee][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.2.3]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccAlert.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.1.5.5000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\WINDOWS\system32\nts.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\cba.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
[PID: 3172 / WinnieLee][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 3268 / WinnieLee][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\kavo1.dll]  [N/A, ]
[PID: 912 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.142 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.1.5.5000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.14.10]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 104.0.11.1]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 51.3.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\ccEraser.dll]  [Symantec Corporation, 107.3.3.4]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\ecmsvr32.dll]  [Symantec Corporation, 71.3.0.25]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVEX32a.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071106.025\NAVENG32.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.2.3]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Symantec AntiVirus\vpmsece4.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.1.5.5000]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 2.2.0.7]
[PID: 2712 / WinnieLee][C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe]  [Sun Microsystems, Inc., 5.0.60.5]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
[PID: 3000 / WinnieLee][C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSWLIBI.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSWLIB.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSPREF.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSCLIB.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSMSG.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSW32X.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSFONT.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSSFX.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSPS.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSTQ.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSZLIB.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSKBD.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSULIB.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSCDLG.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSHELP.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSKBDCW.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSXLT.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSVIEW.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSTRACE.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\LTASWN20.DLL]  [Lotus Development Corporation., Aswan Build 7814wa type p32d by AHOROWITZ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSSH.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSWSREG.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcswssts.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\nstrc.dll]  [IBM Corporation, 2.0.0.0]
    [C:\WINDOWS\system32\CWBNL.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cwbcore.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbunpls.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbrw.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Mri2987\PCSMGRES.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSMSUB.dll]  [N/A, ]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSCW.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSCC.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSLDLG.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSALARM.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSXFER.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSTN52.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSTLNET.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSRQMGR.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSSPI.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSLT52.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSWP.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSPP.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\CWBEMLIC.DLL]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbad1.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\CWBUNPLA.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbsof.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbsv.dll]  [N/A, ]
    [C:\WINDOWS\system32\cwbco.dll]  [N/A, ]
    [C:\WINDOWS\system32\cwbsy.dll]  [N/A, ]
    [C:\WINDOWS\system32\cwbrc.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbunssl.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbad.dll]  [N/A, ]
    [C:\WINDOWS\system32\cwbbsspi.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbbspc.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwblm.dll]  [IBM Corporation, 09.000]
    [C:\Program Files\IBM\Client Access\Mri2987\CWBSOMRI.DLL]  [IBM 公司, 09.000]
    [C:\Program Files\IBM\Client Access\Emulator\PCSPD.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSEDIT.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSWSAPI.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSAPI32.dll]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSXLJPN.DLL]  [N/A, ]
    [C:\PROGRA~1\IBM\CLIENT~1\Emulator\PCSTBAR.DLL]  [N/A, ]
    [C:\WINDOWS\system32\kavo1.dll]  [N/A, ]
    [C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSKTK52.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSHSPT.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSUPM.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Mri2987\cwbmsgb.dll]  [IBM Corporation, 09.000]
    [C:\Program Files\IBM\Client Access\Mri2987\cwbcomsg.dll]  [N/A, ]
[PID: 3400 / WinnieLee][C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSWLIBI.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSWLIB.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSPREF.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSCLIB.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSMSG.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSW32X.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\DEFSECUR.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\pcsevtry.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSPIPDA.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSCW.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSCC.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSSFX.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSTQ.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSKBD.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSULIB.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSCDLG.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSHELP.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSFONT.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSKBDCW.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSPS.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSZLIB.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSXLT.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSLDLG.dll]  [N/A, ]
    [C:\WINDOWS\system32\CWBNL.DLL]  [N/A, ]
    [C:\WINDOWS\system32\cwbcore.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbunpls.dll]  [IBM Corporation, 09.000]
    [C:\WINDOWS\system32\cwbrw.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Mri2987\PCSMGRES.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSWSAPI.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSTRACE.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSMSUB.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSAPI32.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\nstrc.dll]  [IBM Corporation, 2.0.0.0]
    [C:\Program Files\IBM\Client Access\Emulator\PCSXLJPN.DLL]  [N/A, ]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSPP.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSSPI.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSALARM.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSRTMSN.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSTN52.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSTLNET.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSRQMGR.dll]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSLT52.DLL]  [N/A, ]
    [C:\Program Files\IBM\Client Access\Emulator\PCSWP.dll]  [N/A, ]
[PID: 532 / WinnieLee][C:\Documents and Settings\winnielee\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\winnielee\桌面\sreng2\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\WINDOWS\HELP\F3C74E3FA248.dll]  [N/A, ]
    [C:\WINDOWS\system32\kavo1.dll]  [N/A, ]
    [C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll]  [N/A, ]
    [C:\Documents and Settings\winnielee\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[D:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[E:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2680, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2688, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2696, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2848, C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTTRAYAPP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2880, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2712, C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\JUCHECK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3000, C:\PROGRA~1\IBM\CLIENT~1\EMULATOR\PCSWS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3400, C:\PROGRAM FILES\IBM\CLIENT ACCESS\EMULATOR\PCSCM.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================





献花 x0 回到顶端 [楼 主] From:台湾 | Posted:2007-11-08 11:08 |
D2K8X8
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x1
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

由你的内容看出这是一部run Oracle的机器,但却做了很多不该是资料库主机应该做的事,比如上网(因为有装了windows live toolbar),所以控管上应该有问题吧!

可以去找kavo_killer.exe去解决这只毒,以下是你的中毒资讯 


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<kava><C:\WINDOWS\system32\kavo.exe>

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<tasa><C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso.exe>

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1DBD6574-D6D0-4782-94C3-69619E719765}><C:\WINDOWS\HELP\F3C74E3FA248.dll>

正在运行的进程
以下每个程序几乎都有红字的部份
[PID: 2508 / WinnieLee][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\HELP\F3C74E3FA248.dll] [N/A, ]
[C:\DOCUME~1\WINNIE~1\LOCALS~1\Temp\taso0.dll] [N/A, ]

[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\kavo1.dll] [N/A, ]

正常电脑不应该在各磁碟槽有autorun.inf

Autorun.inf
[C:\]
[AutoRun]
open=ntdelect.com <----这就是病毒档之一
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[D:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com
[E:\]
[AutoRun]
open=ntdelect.com
;shell\open=Open(&O)
shell\open\Command=ntdelect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=ntdelect.com


献花 x0 回到顶端 [1 楼] From:台湾台北市 | Posted:2007-11-08 13:03 |
cutedune
数位造型
个人文章 个人相簿 个人日记 个人地图
小人物
级别: 小人物 该用户目前不上站
推文 x0 鲜花 x2
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

楼上的大大 看的真仔细   表情


献花 x0 回到顶端 [2 楼] From:台湾 | Posted:2007-11-08 13:08 |
julie9104
数位造型
个人文章 个人相簿 个人日记 个人地图
路人甲
级别: 路人甲 该用户目前不上站
推文 x0 鲜花 x0
分享: 转寄此文章 Facebook Plurk Twitter 复制连结到剪贴簿 转换为繁体 转换为简体 载入图片

感谢大大提供方法又有详细的叙述,让我明白如何看该报告,
已用kavo_killer.exe解决完该病毒..谢谢...


献花 x0 回到顶端 [3 楼] From:台湾 | Posted:2007-11-08 14:25 |

首页  发表文章 发表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.064553 second(s),query:16 Gzip disabled
本站由 瀛睿律师事务所 担任常年法律顾问 | 免责声明 | 本网站已依台湾网站内容分级规定处理 | 连络我们 | 访客留言