查看完整版本: 該如何殺Hacktool.Rootkit

該如何殺Hacktool.Rootkit

大大們:
請幫忙看一下
小弟幫弟弟的電腦解毒
發現情況如下

*中毒檔案wincab.sys和會改變的檔名.sys
*病毒名稱:Hacktool.Rootkit
*檔案路徑:wincab.sys為C:\WINDOWS\system32\wincab.sys
                   為C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\***.sys
*使用的防毒軟體:Norton AntiVirus
*問題敘述:中毒之後每次開資料夾就會彈出中毒警告畫面

他的SREngLOG如下[code]2007-10-06,13:04:00

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能

以下內容被選中：
    所有的啟動項目（包括註冊表、開機檔案夾、服務等）
    流覽器載入項
    正在運行的進程（包括進程模組資訊）
    文件關聯
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    進程特權掃描


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <AlcoholAutomount><"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount>  [(Verified)Alcohol Soft Code Signing Services]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <Symantec PIF AlertEng><"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{79FC744E-75CA-49B0-8F02-AEAE4CAACBE0}><C:\WINDOWS\HELP\2ACE4CFBAF2C.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
開機檔案夾
N/A

==================================
服務
[3Com DMI Agent / 3ComDMIService][Running/Auto Start]
  <C:\WINDOWS\system32\3Com_DMI\3CDMINIC.EXE><3Com Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><Symantec Corporation>
[Norton AntiVirus Auto-Protect Service / navapsvc][Running/Auto Start]
  <"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[Norton AntiVirus Firewall Monitor Service / NPFMntor][Running/Auto Start]
  <"C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"><Symantec Corporation>
[Norton Protection Center Service / NSCService][Running/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"><Symantec Corporation>
[Symantec AVScan / SAVScan][Stopped/Manual Start]
  <"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[SPBBCSvc / SPBBCSvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[StarWind AE Service / StarWindServiceAE][Running/Auto Start]
  <C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe><Rocket Division Software>
[Symantec Core LC / Symantec Core LC][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[自動 LiveUpdate 排程器 / 自動 LiveUpdate 排程器][Running/Auto Start]
  <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>

==================================
驅動程式
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[3Com BCAITDI DMI TDI / BCAITDI][Running/Auto Start]
  <system32\DRIVERS\BCAItdi.sys><3Com Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[kl1 / kl1][Running/Disabled]
  <system32\drivers\kl1.sys><N/A>
[klif / klif][Running/Disabled]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices Inc>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071005.009\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071005.009\NavEx15.Sys><Symantec Corporation>
[NOWMEMDF / NOWMEMDF][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NOWMEMDF.sys><(c)NOWCOM>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\Program Files\Gamania\天堂(Lineage 2.60C)\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT][Running/Manual Start]
  <\??\C:\Program Files\Norton AntiVirus\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SYMDNS / SYMDNS][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20071002.003\symidsco.sys><Symantec Corporation>
[symlcbrd / symlcbrd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[XDva030 / XDva030][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva030.sys><N/A>
[XDva031 / XDva031][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva031.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>

==================================
流覽器載入項
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[CNavExtBho Class]
  {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[參考資料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton AntiVirus]
  {C4069E3A-68F1-403E-B40E-20066696354B} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[ClientATXCtrl Control]
  {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} <C:\WINDOWS\DOWNLO~1\CLIENT~1.OCX, Wayi>
[ATXWSM Control]
  {C70E8BB2-849B-478E-828E-9F71729C86B2} <C:\WINDOWS\DOWNLO~1\ATXWSM.ocx, Waei>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[ClientATXCtrl Control]
  {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} <C:\WINDOWS\DOWNLO~1\CLIENT~1.OCX, Wayi>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\PROGRA~1\NextLink\GOGOBOX\GNOWST~1.OCX, (C) NOWCOM>
[CNavExtBho Class]
  {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Norton AntiVirus]
  {C4069E3A-68F1-403E-B40E-20066696354B} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[ATXWSM Control]
  {C70E8BB2-849B-478E-828E-9F71729C86B2} <C:\WINDOWS\DOWNLO~1\ATXWSM.ocx, Waei>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[&Windows Live Search]
  <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[&使用BitComet下載本頁視訊]
  <res://C:\Program Files\BitComet0.91\BitComet.exe/AddVideo.htm, N/A>
[Add to Windows &Live Favorites]
  <http://favorites.live.com/quickadd.aspx, N/A>
[使用BitComet下載全部連結]
  <res://C:\Program Files\BitComet0.91\BitComet.exe/AddAllLink.htm, N/A>
[使用BitComet下載連結(&B)]
  <res://C:\Program Files\BitComet0.91\BitComet.exe/AddLink.htm, N/A>
[匯出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[在新的前景索引標籤中開啟]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/230?c7df9f15cdae4c518406d327bed72e0a, N/A>
[在新的背景索引標籤中開啟]
  <res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/229?c7df9f15cdae4c518406d327bed72e0a, N/A>

==================================
正在運行的進程
[PID: 992 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\system32\klogon.dll]  [N/A, ]
[PID: 1168 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
[PID: 1356 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1452 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
[PID: 1592 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [N/A, ]
[PID: 1788 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 1832 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
[PID: 1900 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 104.0.8.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.8.3]
[PID: 308 / 波蘭誌][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll]  [N/A, ]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Norton AntiVirus\NavShExt.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 392 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 104.0.8.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 2,0,0,73]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\NORTON~1\HPPEVT32.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\HPPRES32.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\PROGRA~1\NORTON~1\NAVEVENT.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\SYSTEM32\SYMNETI.DLL]  [Symantec Corporation, 6.0.0.99]
[PID: 508 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe]  [Symantec Corporation, 1.2.0.18]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll]  [Symantec Corporation, 1.2.0.18]
[PID: 524 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe]  [Symantec Corporation, 6.0.0.99]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [N/A, ]
    [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 6.0.0.99]
[PID: 556 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe]  [Symantec Corporation, 2,0,0,73]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 2,0,0,73]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll]  [Symantec Corporation, 2,0,0,73]
[PID: 580 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe]  [Symantec Corporation, 1.9.1.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll]  [Symantec Corporation, 1.9.1.762]
    [C:\WINDOWS\system32\MSVCR71.DLL]  [Microsoft Corporation, 7.10.3052.4]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
[PID: 1068 / SYSTEM][C:\WINDOWS\system32\3Com_DMI\3CDMINIC.EXE]  [3Com Corporation, 3, 7, 0, 0]
    [C:\WINDOWS\system32\3Com_DMI\DAAS_TD.DLL]  [3Com Corporation, 1, 0, 0, 8]
    [C:\WINDOWS\system32\3Com_DMI\bcayhwac.dll]  [3Com Corporation, 2, 0, 0, 21]
[PID: 1256 / SYSTEM][C:\Program Files\Norton AntiVirus\navapsvc.exe]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Norton AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Norton AntiVirus\navapsvc.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\N32Exclu.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 1408 / SYSTEM][C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Norton AntiVirus\IWP\iwp.dll]  [Symantec Corporation, 12.8.0.4]
[PID: 1688 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1768 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe]  [Rocket Division Software, 3.2.3 Build 20070527]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
[PID: 1948 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe]  [Symantec Corporation, 3.0.0.171]
    [C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 2060 / 波蘭誌][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 4, 0, 4, 11]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Device, Inc., 1, 0, 22, 26]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 2068 / 波蘭誌][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 4, 0, 4, 25]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
[PID: 2084 / 波蘭誌][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 6.00.1027]
    [C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll]  [CyberLink Corp., 3.2.2021 ]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 2092 / 波蘭誌][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 104.0.8.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\ALERTENG.DLL]  [Symantec Corporation, 1.2.0.18]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.LOC]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\NORTON~1\CCIMSCAN.DLL]  [Symantec Corporation, 104.0.5.3]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\NORTON~1\DEFALERT.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\HPP32.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 6.0.0.99]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.dll]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\NORTON~1\HPPRES32.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\ccAVMail.dll]  [Symantec Corporation, 104.0.5.3]
    [C:\PROGRA~1\NORTON~1\IWP\IWP.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\NAVAPW32.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\apwutil.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\navapw32.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\NAVOPTRF.DLL]  [Symantec Corporation, 12.0.0.94]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
    [C:\Program Files\Norton AntiVirus\HPPEVT32.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\STATUSHP.DLL]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\NORTON~1\apwutil.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\apwcmdnt.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\Navlcom.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 2,0,0,73]
    [C:\Program Files\Norton AntiVirus\NAVError.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\apwcmdNT.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Norton AntiVirus\naverror.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\NAVEvent.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\IWP\SymFWAgt.dll]  [Symantec Corporation, 104.0.1.17]
    [C:\WINDOWS\system32\SymNeti.DLL]  [Symantec Corporation, 6.0.0.99]
    [C:\Program Files\Common Files\Symantec Shared\ccLogin.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Norton AntiVirus\IWP\ccFWSetg.dll]  [Symantec Corporation, 104.0.1.17]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Norton AntiVirus\N32Exclu.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\rcAlert.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Norton AntiVirus\NAVOpts.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\navopts.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\NAVAPSCR.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Symantec\LiveUpdate\ProductRegCom_3_0.DLL]  [Symantec Corporation, 3.0.0.171]
    [C:\Program Files\Symantec\LiveUpdate\NetDetectController_3_0.DLL]  [Symantec Corporation, 3.0.0.171]
    [C:\Program Files\Symantec\LiveUpdate\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec\LiveUpdate\LuComServerPS_3_0.DLL]  [Symantec Corporation, 3.0.0.171]
[PID: 2116 / 波蘭誌][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 2264 / 波蘭誌][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll]  [N/A, ]
[PID: 2512 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 27 ]
[PID: 2980 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3856 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL40.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 104.0.8.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC]  [Symantec Corporation, 2006.1.8.2]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCJSBL.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Norton AntiVirus\avFPXY.dll]  [Symantec Corporation, 2006.1.4.4]
    [C:\Program Files\Norton AntiVirus\avFMST.dll]  [Symantec Corporation, 2006.1.4.4]
    [C:\Program Files\Norton AntiVirus\avNSCPlg.dll]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Norton AntiVirus\avNSCPlg.loc]  [Symantec Corporation, 12.8.0.4]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.DLL]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.LOC]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll]  [Symantec Corporation, 2006.1.8.2]
    [C:\Program Files\Norton AntiVirus\NAVEvent.dll]  [Symantec Corporation, 12.8.0.4]
[PID: 780 / 波蘭誌][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\msiexec.exe]  [Microsoft Corporation, 3.1.4000.1823]
    [C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll]  [N/A, ]
[PID: 3760 / 波蘭誌][C:\Documents and Settings\波蘭誌\桌面\新資料夾\sreng2\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\波蘭誌\桌面\新資料夾\sreng2\sreng2\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]  [N/A, ]
    [C:\Documents and Settings\波蘭誌\桌面\新資料夾\sreng2\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件關聯
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
進程特權掃描
特殊特權被允許： SeLoadDriverPrivilege [PID = 1768, C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 2060, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 2068, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 2084, C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE]

==================================
API HOOK
RVA  錯誤： LoadLibraryA (危險等級: 高,  被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  錯誤： LoadLibraryExA (危險等級: 高,  被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  錯誤： LoadLibraryExW (危險等級: 高,  被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  錯誤： LoadLibraryW (危險等級: 高,  被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  錯誤： GetProcAddress (危險等級: 高,  被下麵模組所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隱藏進程
N/A

==================================[/code]

[color=Blue]關閉系統還原  進入安全模式
將下列檔案刪除 [/color]
==================================
正在運行的進程
[color=Red] [C:\WINDOWS\HELP\2ACE4CFBAF2C.dll]
C:\WINDOWS\HELP\2ACE4CFBAF2C.exe   <---請檢查是不是有這個檔案 [N/A, ][/color]

執行  SRENG 將下列登錄檔刪除
註冊表
[color=Red] <{79FC744E-75CA-49B0-8F02-AEAE4CAACBE0}><C:\WINDOWS\HELP\2ACE4CFBAF2C.dll>  [][/color]

[color=Blue]清除後 請完整掃毒 [/color]

小弟想請問  
您是否有安裝  Kaspersky Internet Security 7.0  如果沒有或是已經沒有使用  
請將 Kaspersky Internet Security 7.0 移除  
下列資料夾刪除 C:\Program Files\Kaspersky Lab

[[i] 本帖最後由 kaogg 於 2007-10-6 02:02 PM 編輯 [/i]]

回覆 頭香 的帖子

[color=8080FF]這[/color][color=8D7FE3]一[/color][color=957ED4]份[/color][color=9D7EC7]報[/color][color=A57CBA]表[/color][color=AB7BAE]不[/color][color=B279A5]只[/color][color=B9779C]有[/color][color=BF7494]卡[/color][color=C5718D]巴[/color][color=CB6E88]和[/color][color=D06B84]諾[/color][color=D56781]頓[/color][color=DA647F]還[/color][color=DF607F]有[/color][color=E15C7F]n[/color][color=E55780]o[/color][color=E95383]d[/color][color=ED4E87]3[/color][color=EF478C]2[/color][color=F34291]這[/color][color=F53B99]樣[/color][color=F735A2]安[/color][color=F92EAB]裝[/color][color=FB27B6]能[/color][color=FC20C2]相[/color][color=FD18CF]容[/color][color=FE10DD]嗎[/color][color=FE08ED]?[/color][color=FE02F9]?[/color]

[color=802AFF]還[/color][color=7A3CF4]是[/color][color=7747EE]只[/color][color=7551E9]是[/color][color=725AE3]沒[/color][color=7063DD]有[/color][color=6D6BD7]移[/color][color=6B74D1]除[/color][color=697BCB]乾[/color][color=6782C5]淨[/color][color=6589C0]呢[/color][color=648FBA]?[/color][color=6194B4]?[/color]

回覆 4# 的帖子

我猜大概有些是屬於手動啟動的。

因為沒見到啟動點|y11| 。


(純屬推測。)

回覆 5# 的帖子

[color=8080FF]我[/color][color=887FED]在[/color][color=8D7FE3]想[/color][color=937FD8]是[/color][color=977ECF]用[/color][color=9D7EC7]了[/color][color=9F7DC2]一[/color][color=A57CBA]堆[/color][color=A97BB2]有[/color][color=AD7AAB]超[/color][color=B279A5]強[/color][color=B7789F]移[/color][color=B9779C]除[/color][color=BD7596]能[/color][color=C17391]力[/color][color=C5718D]的[/color][color=C96F8A]軟[/color][color=CD6E87]體[/color][color=CF6C85]進[/color][color=D26A83]行[/color][color=D56781]移[/color][color=D86580]除[/color][color=DB627F],[/color][color=DF607F]反[/color][color=E05E7F]而[/color][color=E35B7F]沒[/color][color=E55780]有[/color][color=E85482]移[/color][color=EA5184]除[/color][color=ED4E87]乾[/color][color=ED4B88]淨[/color]

[color=8066FF]如[/color][color=8469F0]果[/color][color=876BE8]是[/color][color=8B6DDF]沒[/color][color=8D6ED7]有[/color][color=9170D1]移[/color][color=9271CC]除[/color][color=9672C6]乾[/color][color=9873BF]淨[/color][color=9A74B9]也[/color][color=9D75B3]不[/color][color=A176AE]可[/color][color=A276AB]能[/color][color=A476A6]吧[/color][color=A776A1]![/color][color=A9769D]![/color]

[color=804CFF]A[/color][color=8052F3]P[/color][color=8156ED]I[/color][color=825BE6] [/color][color=835FE1]H[/color][color=8563DB]O[/color][color=8564D8]O[/color][color=8667D2]K[/color][color=876BCD]的[/color][color=876EC8]部[/color][color=8870C3]份[/color][color=8A74BF]卡[/color][color=8A75BC]巴[/color][color=8B77B7]沒[/color][color=8B79B3]有[/color][color=8C7BAF]移[/color][color=8D7DAC]除[/color][color=8E80A8],[/color][color=8E80A6]W[/color][color=8F81A3]i[/color][color=8F82A0]n[/color][color=8F839D]s[/color][color=90849A]o[/color][color=928698]c[/color][color=918597]k[/color][color=928694] [/color][color=928692]提[/color][color=938691]供[/color][color=938690]者[/color][color=94868F]是[/color][color=94858E]N[/color][color=94848D]O[/color][color=94848C]D[/color][color=95828B]3[/color][color=96818B]2沒[/color][color=96808B]有[/color][color=967E8B]移[/color][color=977C8B]除[/color]


[color=8026FF]N[/color][color=7B31F8]o[/color][color=7938F5]r[/color][color=7640F1]t[/color][color=7448EE]o[/color][color=734FEB]n[/color][color=7252E9] [/color][color=6F58E5]A[/color][color=6E5FE1]n[/color][color=6B65DE]t[/color][color=696ADA]i[/color][color=6971D7]V[/color][color=6774D4]i[/color][color=6679D0]r[/color][color=637ECC]u[/color][color=6283C8]s[/color][color=6188C5]相[/color][color=608DC1]容[/color][color=5E8FBF]性[/color][color=5D93BB]有[/color][color=5B97B7]這[/color][color=5A9AB3]麼[/color][color=599EAF]好[/color][color=59A2AB]嗎[/color][color=57A3A9]?[/color][color=56A6A4]?[/color][color=55A9A0]?[/color][color=54AB9D]應[/color][color=53AE99]該[/color][color=53B095]是[/color][color=52B192]企[/color][color=51B28E]業[/color][color=50B48A]版[/color][color=4FB585]的[/color][color=4FB681]才[/color][color=4FB87D]對[/color][color=4EB87A],[/color][color=4DB876]家[/color][color=4DB871]用[/color][color=4DB86D]版[/color][color=4CB869]應[/color][color=4DB864]該[/color][color=4CB761]會[/color][color=4CB65E]卡[/color][color=4BB659]死[/color][color=4BB554]吧[/color][color=4BB34F]![/color][color=4BB24D]![/color]

[color=800BFF]只[/color][color=771AFC]有[/color][color=7324FB]等[/color][color=6E2EF9]求[/color][color=6A38F7]助[/color][color=6741F6]者[/color][color=6445F4]出[/color][color=5F4EF2]來[/color][color=5C57EF]說[/color][color=585FED]了[/color][color=5466EA]~[/color][color=526FE7]~[/color][color=4F73E5]不[/color][color=4C7AE2]然[/color][color=4882DE]無[/color][color=4489DA]解[/color]|y22|