公司服务器托管在电信机房（公司有好几个网站），昨天下午突然无法连接，赶紧赶到机房查看，诺顿企业版已经被废，用SRENG和SSM查看，发现很多可疑进程和可执行文件，更可恶的是，在WINNT/DEBUG 下面有个字符很长的文件里面 发现 cstrike  是的 就是CS游戏 目瞪口呆.....这个黑客居然给我们上传了CS..... 继续查发现 svcohost.dll  svchost.dll  svchostkey.dll svchostdll.dll  很明显的灰鸽子 无语中....这个时候，网络管理显示有陌生IP（经查是北京网通某机房IP，估计也和我们一样，是个肉鸡）利用3389端口登录，SSM开始不断跳出对话框，C:\WINNT\EXPLORER.EXE试图允许C:\WINNT\system32\CMD.EXE 难道黑客现在在登录我们服务器？ 点击了同意，马上CMD.EXE又试图运行一些可疑的EXE文件（quser.exe  net1.exe abby.exe等）一一阻止，可是SSM还是不断弹出窗口，都是先用某个WINDOWS程序运行CME.EXE，然后CMD.EXE调用其他命令或程序，ipconfig，shutdownsystem（没想到SSM连关机命令都能阻止),唉 可惜水平有限，也没有什么办法和对方抗衡，网线一拔，备份好数据，重装系统把。重装好系统，装好诺顿更新，补丁打好，全盘扫描，其他盘也杀出很多病毒，天色已晚，快24点了....装好PcAnywhere,明天再远程弄把
  一大早到公司，PcAnywhere登录，仔细检查下系统文件，又发现很多可疑文件，无语，这个黑客真的是盯上我们了，公司业务还要正常运行，要弄也得晚上去电信机房弄，现在就将就着先把，用SRENG扫描个日志，发给各位看看，帮我分析下，给点对策，谢谢拉
  经常潜水逛卡卡论坛....里面推荐的小工具都非常不错 =.=

2007-02-02,11:51:57

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C47B9ECE-41D4-4ECD-BDDA-E17D068D99C2}><C:\WINDOWS\system32\hggdccc.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggdccc]
    <WinlogonNotify: hggdccc><hggdccc.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnli]
    <WinlogonNotify: pmnli><C:\WINDOWS\system32\pmnli.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomlijg]
    <WinlogonNotify: qomlijg><qomlijg.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywvvt]
    <WinlogonNotify: yaywvvt><yaywvvt.dll>  [N/A]

==================================
启动文件夹
[FTP Server Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\FTP Server Manager.lnk --> C:\WINDOWS\Installer\{BEA1E78E-940D-491E-A635-85E003D1E09C}\ftpmanager.exe2_BEA1E78E940D491EA63585E003D1E09C_1.exe [InstallShield Software Corp.]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[快捷方式 到 startup]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 到 startup.lnk --> D:\tomcat\bin\startup.bat [N/A]><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Windows Host Services / DLLHOST32]
  <"C:\WINDOWS\system\dllhost.exe"><N/A>
[Sonic FTP Server / FTPServer]
  <"C:\Program Files\Sonic FTP Server\ftpservice.exe"><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel PDS / Intel PDS]
  <C:\WINDOWS\system32\CBA\pds.exe><Intel? Corporation>
[Microsoft Search / MSSEARCH]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT]
  <C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[IMail Web Calendar Service / IWebCal]
  <C:\IMail\IWebCal.exe><Ipswitch, Inc.>
[IMail Web Service / IWEBMSG]
  <C:\IMail\iwebmsg.exe><Ipswitch, Inc.>
[IMail Monitor Service / IMonitor]
  <C:\IMail\IMonitor.exe><Ipswitch, Inc.>
[IMail LDAP Server / ILDAP]
  <C:\IMail\ILDAP.exe><Ipswitch, Inc.>
[IMail FINGER Server / FINGRD32]
  <C:\IMail\FINGRD32.exe><Ipswitch, Inc.>
[IMail IMAP4 Server / IMAP4D32]
  <C:\IMail\IMAP4D32.exe><Ipswitch, Inc.>
[IMail POP3 Server / POP3D32]
  <C:\IMail\POP3D32.exe><Ipswitch, Inc.>
[IMail WHOIS Server / WHOISD32]
  <C:\IMail\WHOISD32.exe><Ipswitch, Inc.>
[IMail Sys Logger Service / SYSLOGD]
  <C:\IMail\SYSLOGD.exe><Ipswitch, Inc.>
[IMail PWD Server / PSERVE]
  <C:\IMail\PSERVE.exe><Ipswitch, Inc.>

==================================

驱动程序
[a347bus / a347bus]
  <\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[标准 IDE/ESDI 硬盘控制器 / atapi]
  <\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ati2mpad / ati2mpad]
  <system32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.>
[awecho / awecho]
  <system32\drivers\awechomd.sys><Symantec Corporation>
[awlegacy / awlegacy]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[dpti2o / dpti2o]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Adaptec, Inc.>
[Intel(R) PRO/1000 Network Connection Driver / E1000]
  <system32\DRIVERS\e1000325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Gernuwa / Gernuwa]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[IP in IP Tunnel Driver / IpInIp]
  <system32\DRIVERS\ipinip.sys><N/A>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>

==================================
浏览器加载项
[]
  {2BB9EC7C-29EA-4C3A-AD40-57D4BF41F152} <C:\WINDOWS\system32\pmnli.dll, N/A>
[]
  {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} <C:\WINDOWS\system32\fdqjbdcy.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[]
  {2BB9EC7C-29EA-4C3A-AD40-57D4BF41F152} <C:\WINDOWS\system32\pmnli.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[]
  {68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50} <C:\WINDOWS\system32\fdqjbdcy.dll, N/A>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>

==================================

正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 892][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\PCANotify.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\WINDOWS\system32\pmnli.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hggdccc.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\qomlijg.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\yaywvvt.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.0.359]
[PID: 952][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 980][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1252][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1352][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1404][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1432][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\NicCo32.dll]  [Intel Corporation, 1.0.5.0 built by: WinDDK]
[PID: 1548][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.1.9]
[PID: 1588][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 103.5.1.9]
[PID: 1816][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
[PID: 1844][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2032][C:\Program Files\Symantec\pcAnywhere\awhost32.exe]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\Util.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\InstData.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL]  [Symantec Corporation, 15.0.0.14]
    [C:\Program Files\Symantec\pcAnywhere\AWSES32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awio.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awgui32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWDS32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awcm32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\crypto.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awtime32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\pcaime.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awRes-all.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awres-host.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWHXPRB.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awhprobedll.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWDSP32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awcp.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL]  [PKWare, 1, 0, 0, 1]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\ijl20.dll]  [Intel Corporation, 2,0,13,45]
    [C:\Program

Files\Symantec\pcAnywhere\AwioResources.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awhutil.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\crypshim.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\SymCrypt.dll]  [Symantec Corporation, 1.0.0.8]
    [C:\Program Files\Symantec\pcAnywhere\awlog32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\snmputil.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\libsnmp.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWHLOGON.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AWHSEQ.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\RMcommServer.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\RMcomm.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\DSMgr.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\awxfer.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\ftstatus.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\FTStatusResources.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\CMDQENG.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Symantec\pcAnywhere\LocalEng.DLL]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 216][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.0.359]
[PID: 392][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 404][C:\Program Files\Sonic FTP Server\ftpservice.exe]  [N/A, N/A]
[PID: 552][C:\WINDOWS\system32\CBA\pds.exe]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\loc32vc0.dll]  [Intel, 3, 0, 0, 2]
[PID: 3064][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3460][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\pmnli.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hggdccc.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll]  [Alcohol Soft Development Team, 1.4.7.1024]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\fdqjbdcy.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
[PID: 4092][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2044][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.0.359]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\WINDOWS\system32\nts.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\cba.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 372][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 660][C:\Program Files\Sonic FTP Server\ftpmanager.exe]  [N/A, N/A]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 232][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 808][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3692][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 364][C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.2039.00]
[PID: 3848][C:\Sun\AppServer\JDK\bin\java.exe]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\JDK\jre\bin\client\jvm.dll]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\JDK\jre\bin\hpi.dll]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\JDK\jre\bin\verify.dll]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\JDK\jre\bin\java.dll]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\JDK\jre\bin\zip.dll]  [Sun Microsystems, Inc., 5.0.20.9]
    [C:\Sun\AppServer\jdk\jre\bin\net.dll]  [Sun Microsystems, Inc., 5.0.20.9]
[PID: 3532][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 5608][C:\WINDOWS\System32\NOTEPAD.EXE]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 6056][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 4620][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 5372][c:\windows\system32\inetsrv\w3wp.exe]

[Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [\\?\C:\php\sapi\php4isapi.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\php4ts.dll]  [The PHP Group, 4.4.0.0]
    [c:\php\extensions\php_domxml.dll]  [N/A, N/A]
    [c:\php\dlls\iconv.dll]  [Free Software Foundation, 1.9]
    [c:\php\extensions\php_iconv.dll]  [N/A, N/A]
    [c:\php\extensions\php_java.dll]  [N/A, N/A]
[PID: 780][c:\windows\system32\inetsrv\w3wp.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Code.h_pjnuhd.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\assembly\dl3\bc4a9545\94f0f648_68f6c601\TbeCares.DLL]  [ , 1.0.2484.30215]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\assembly\dl3\d7ed3ddd\167ec45b_b483c601\AjaxPro.2.DLL]  [Michael Schwarz, 5.11.4.2]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_av_v2.ashx.cdcab7d2.d3iafcmj.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_av.ashx.cdcab7d2.-i3re_wv.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_rt.ashx.cdcab7d2.rt0_9uw1.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\fecc6a65\e8fb0487_292ac701\AjaxPro.2.DLL]  [Michael Schwarz, 6.7.2.1]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\a7206fae\f6f5da85_292ac701\Interop.MoncaEncryptLib.DLL]  [ , 1.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\bdced42c\8c81b480_292ac701\TbeCares.DLL]  [ , 1.0.2336.16074]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_WebReferences.s-kah72j.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Code.yfwrpm8c.dll]  [N/A, 1.0.2589.19355]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_zrsgp1-3.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_zbsflx1g.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_operatorlogin.aspx.fdf7a39c.cjmtuip5.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_indexframe.aspx.fdf7a39c.dxdebu7u.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_index.aspx.fdf7a39c.y8x3zwwo.dll]  [N/A, 0.0.0.0]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_default.aspx.fdf7a39c.6l8ku4cu.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_stateadd1_edit.aspx.fdf7a39c._ipdtkvv.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_calendarform.aspx.fdf7a39c.2ifdzypa.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_searchflight.aspx.473cc45b.f25k_0yu.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_nwj0vb_e.dll]  [N/A, N/A]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_showairways.aspx.473cc45b.tjir2cmi.dll]  [N/A, N/A]
[PID: 3752][C:\IMail\IMonitor.exe]  [Ipswitch, Inc. , 3, 3, 11, 8]
    [C:\IMail\IMailsec.dll]  [Ipswitch, Inc. , 3, 3, 5, 4]
    [C:\IMail\ipnotify.dll]  [Ipswitch, Inc. , 3, 3, 11, 8]
[PID: 4904][C:\IMail\IMAP4D32.exe]  [Ipswitch, Inc. , 3, 3, 11, 8]
    [C:\IMail\IMailsec.dll]  [Ipswitch, Inc. , 3, 3, 5, 4]
    [C:\IMail\Mailbox.dll]  [Ipswitch, Inc. , 3, 3, 5, 4]

[PID: 5984][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2212][C:\WINDOWS\system\dllhost.exe]  [N/A, N/A]
[PID: 1140][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
[PID: 2272][C:\Program Files\Rising\AntiSpyware\Ras.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 4, 5]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\RasGui.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINDOWS\system32\hggdccc.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Rising\AntiSpyware\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\zip.dll]  [rising, 13, 0, 0, 1]
[PID: 5588][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\WINDOWS\system32\pmnli.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\fdqjbdcy.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 4660][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.0.359]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.0.359]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\ccEraser.dll]  [Symantec Corporation, 106.3.3.2]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\ecmsvr32.dll]  [Symantec Corporation, 71.1.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVENG32.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2572][C:\Documents and Settings\Administrator\桌面\20061271247623938\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Documents and Settings\Administrator\桌面\20061271247623938\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2592][E:\softbak\temp\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

请大家多多帮忙看看，给点意见......

顶啊 沉的太快了