瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 最近很流行的一个病毒,大家帮忙看看

1   1  /  1  页   跳转

最近很流行的一个病毒,大家帮忙看看

收藏
metalpoison000
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2008-05-13
  • 来自:
发表于: 2008-05-13 12:27 | 只看楼主 短消息 资料
字号: 1楼

最近很流行的一个病毒,大家帮忙看看

最近遇到好些机器都出现这个问题。主要症状有4

1服务里面的东西都没了,而且很多服务都无法打开
2任务栏消失了
3网络连接都没了
4可以复制但无法粘贴







用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; MAXTHON 2.0)
分享到:
gototop
 
metalpoison000
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2008-05-13
  • 来自:
发表于: 2008-05-13 12:28 | 只看楼主 短消息 资料
字号: 2楼

回复:最近很流行的一个病毒,大家帮忙看看

[CODE]

2008-05-12,09:47:05

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <UpdateManager><"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>  [Sonic Solutions]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <TempRemove><"C:\Program Files\Crystal Ball\CB Predictor\terminator.exe">  []
    <Sxplog><c:\SxpInst\sxpstub.exe>  [Computer Associates International, Inc.]
    <SigmatelSysTrayApp><stsystra.exe>  [SigmaTel, Inc.]
    <SDJobCheck><triggusr.exe>  [N/A]
    <SBMGRNT.EXE><C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon>  [Control Break International]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [Intel Corporation]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <ENDFORCEAgent><"C:\Program Files\ENDFORCE\AgntTray.exe">  [ENDFORCE, Inc.]
    <DsmSxplog><"C:\Program Files\CA\DSM\Bin\sxpstub.exe">  [(Verified)CA]
    <dla><C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <CAF_SystemTray><"C:\Program Files\CA\DSM\bin\cfSysTray.exe">  [(Verified)CA]
    <Apoint><C:\Program Files\Apoint\Apoint.exe>  [Alps Electric Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <1><\\asia.med.ge.com\sysvol\asia.med.ge.com\\scripts\Unicenter\DSMSDAMV3.EXE>  [N/A]
    <2><\\asia.med.ge.com\sysvol\asia.med.ge.com\scripts\Nav\NavSvr.vbs>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><C:\Program Files\SafeBoot\SBGINA.DLL>  [SafeBoot N.V.]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CAF]
    <WinlogonNotify: CAF><C:\Program Files\CA\DSM\Bin\cfwlogon.dll>  [(Verified)CA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
    <Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[Cisco Systems VPN Client]
  <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk --> C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [Cisco Systems, Inc.]><N>
[Microsoft Office]
  <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[RealSecure(r) Desktop Protector]
  <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\RealSecure(r) Desktop Protector.lnk -->  [N/A]><N>
[Scanner File Utility]
  <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner File Utility.lnk --> C:\PROGRA~1\KYOCER~1\FILEUT~1\NsCatCom.exe [KYOCERA MITA]><N>
[腾讯QQ]
  <D:\Documents and Settings\305012636\Start Menu\Programs\Startup\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[pcAnywhere Host Service / awhost32][Stopped/Manual Start]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[BlackICE / BlackICE][Running/Auto Start]
  <"C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe"><Internet Security Systems, Inc.>
[CA Message Queuing Server / CA-MessageQueuing][Running/Auto Start]
  <"C:\Program Files\CA\SC\CAM\bin\cam.exe"><CA, Inc.>
[CA DSM r11 Common Application Framework. / caf][Running/Auto Start]
  <"C:\Program Files\CA\DSM\bin\caf.exe" service><CA>
[CA-License Client / CA_LIC_CLNT][Stopped/Manual Start]
  <C:\WINDOWS\Lic98Rmt.exe><N/A>
[CA-License Server / CA_LIC_SRVR][Stopped/Manual Start]
  <C:\WINDOWS\Lic98RmtD.exe><N/A>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Cisco Systems, Inc. VPN Service / CVPND][Running/Auto Start]
  <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[ENDFORCE Agent API / ENDFORCE Agent API][Stopped/Auto Start]
  <"C:\Program Files\ENDFORCE\AgentAPI.exe"><ENDFORCE, Inc.>
[Human Intexxxce Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod 服务 / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Event Log Watch / LogWatch][Running/Auto Start]
  <C:\WINDOWS\LogWatNT.exe><N/A>
[RapApp / RapApp][Stopped/Manual Start]
  <"C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe"><Internet Security Systems, Inc.>
[SafeBoot Configuration Manager / SafeBootConfigurationManager][Running/Auto Start]
  <C:\Program Files\SafeBoot\SBMGRNT.EXE><Control Break International>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Unicenter Software Delivery / SDService][Running/Auto Start]
  <"c:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE"><Computer Associates International, Inc.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[SFUSVC / SFUSVC][Stopped/Auto Start]
  <C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.exe><KYOCERA MITA CORPORATION>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[DTS Browser / TNG-DOBA][Running/Auto Start]
  <C:\Program Files\CA\SharedComponents\DTS\bin\tngdoba.exe><Computer Associates International, Inc.>
[DTS Metrics Gatherer / TNG-DTMG][Stopped/Manual Start]
  <C:\Program Files\CA\SharedComponents\DTS\bin\tngdtmg.exe><Computer Associates International, Inc.>
[DTS Agent / TNG-DTS][Running/Auto Start]
  <C:\Program Files\CA\SharedComponents\DTS\bin\tngdta.exe><Computer Associates International, Inc.>
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[User Profile Hive Cleanup / UPHClean][Running/Auto Start]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
驱动程序
[a320raid / a320raid][Stopped/Disabled]
  <System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[PERC 320/DC SCSI RAID Miniport Driver / aac][Stopped/Disabled]
  <System32\DRIVERS\aac.sys><Adaptec, Inc.>
[aarich / aarich][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aarich.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Disabled]
  <System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Adaptec Ultra320 SCSI Cards / adpu320][Running/Boot Start]
  <\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78u2 / aic78u2][Stopped/Disabled]
  <System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start]
  <system32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[awecho / awecho][Running/System Start]
  <system32\drivers\awechomd.sys><Symantec Corporation>
[awlegacy / awlegacy][Running/System Start]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST][Running/System Start]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Dell Wireless WLAN Card Driver / BCM43XX][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom Netgroup Packet Filter / BCMWLNPF][Stopped/Auto Start]
  <system32\drivers\bcmwlnpf.sys><N/A>
[black / black][Running/Disabled]
  <System32\drivers\BlackDrv.sys><Internet Security Systems, Inc.>
[Mobiola Web Camera driver / BTCAMDRV][Stopped/Manual Start]
  <system32\DRIVERS\BTCamDrv.sys><Windows (R) 2000 DDK provider>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Running/Boot Start]
  <\SystemRoot\system32\drivers\cercsr6.sys><Adaptec, Inc.>
[Cisco Systems VPN Adapter / CVirtA][Stopped/Manual Start]
  <system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[Cisco Systems IPsec Driver / CVPNDRVA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
[Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
  <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
  <system32\drivers\drvnddm.sys><Sonic Solutions>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[ENDFORCE Quarantine Filter / efPktFtr][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\efPktFtr.sys><ENDFORCE, Inc.>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[fasttx2k / fasttx2k][Stopped/Disabled]
  <System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[GEARAspiWDM / GEARAspiWDM][Stopped/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel AHCI/RAID Controller / iaStor][Stopped/Disabled]
  <System32\DRIVERS\iaStor.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[DELL PERC RAID Driver / megasas][Running/Boot Start]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\navex15.sys><Symantec Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RapFile / RapFile][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\RapFile.sys><Internet Security Systems, Inc.>
[RapNet / RapNet][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\RapNet.sys><Internet Security Systems, Inc.>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[sscdbhk5 / sscdbhk5][Running/System Start]
  <system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
  <system32\drivers\ssrtln.sys><Sonic Solutions>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Symmpi / Symmpi][Stopped/Disabled]
  <System32\DRIVERS\symmpi.sys><LSI Logic>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[tfsnboio / tfsnboio][Running/Auto Start]
  <system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
  <system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
  <system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
  <system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
  <system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
  <system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
  <system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
  <system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
  <system32\dla\tfsnudfa.sys><Sonic Solutions>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[USB Smart Card reader / USBCCID][Running/Manual Start]
  <system32\DRIVERS\usbccid.sys><Microsoft Corporation>
[vmscsi / vmscsi][Stopped/Disabled]
  <system32\drivers\vmscsi.sys><VMware, Inc.>
[vsdatant / vsdatant][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\vsdatant.sys><Zone Labs Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
gototop
 
metalpoison000
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2008-05-13
  • 来自:
发表于: 2008-05-13 12:29 | 只看楼主 短消息 资料
字号: 3楼

回复:最近很流行的一个病毒,大家帮忙看看

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <C:\PROGRA~1\NetAnts\NetAnts.exe,  >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SupportCentral]
  {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} <C:\WINDOWS\system32\SCTOOL~1.DLL, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[SupportCentral]
  {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} <C:\WINDOWS\system32\SCTOOL~1.DLL, >
[&Download by NetAnts]
  <C:\PROGRA~1\NetAnts\NAGet.htm, N/A>
[Download &All by NetAnts]
  <C:\PROGRA~1\NetAnts\NAGetAll.htm, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 348][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\SafeBoot\SBGINA.DLL]  [SafeBoot N.V., 4, 2, 15, 1]
    [C:\Program Files\SafeBoot\SBIPC.DLL]  [Control Break International, 4, 2, 11, 0]
    [C:\Program Files\CA\DSM\Bin\cfwlogon.dll]  [CA, 11.2.3.1895]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\PCANotify.dll]  [Symantec Corporation, 11.5.0.121]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.2.2002]
[PID: 480][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][C:\Program Files\SafeBoot\SBMGRNT.EXE]  [Control Break International, 4, 2, 11, 0]
    [C:\Program Files\SafeBoot\SBCFGMGR.dll]  [Control Break International, 4, 2, 14, 0]
    [C:\Program Files\SafeBoot\SBMCHN.dll]  [SafeBoot N.V., 4, 2, 15, 2]
    [C:\Program Files\SafeBoot\SBUSER.dll]  [SafeBoot N.V., 4, 2, 15, 1]
    [C:\Program Files\SafeBoot\sbdbmgr.dll]  [Control Break International, 4, 2, 15, 0]
    [C:\Program Files\SafeBoot\SBALG.dll]  [Control Break International, 4, 2, 9, 0]
    [C:\Program Files\SafeBoot\scom.dll]  [SafeBoot N.V., 4, 2, 15, 1]
    [C:\Program Files\SafeBoot\sbm.dll]  [SafeBoot N.V., 4, 2, 15, 1]
    [C:\Program Files\SafeBoot\SBGROUP.dll]  [Control Break International, 4, 2, 7, 0]
    [C:\Program Files\SafeBoot\SBUtils.dll]  [Control Break International, 4, 2, 15, 0]
    [C:\Program Files\SafeBoot\SbHashes.dll]  [Control Break International, 4, 2, 7, 0]
    [C:\Program Files\SafeBoot\SBFile.dll]  [Control Break International, 4, 2, 7, 0]
    [C:\Program Files\SafeBoot\SbIpc.dll]  [Control Break International, 4, 2, 11, 0]
[PID: 836][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple, Inc., 1, 14, 0, 0]
[PID: 912][C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe]  [Internet Security Systems, Inc., 7.0.322]
    [C:\Program Files\ISS\issSensors\DesktopProtection\FileSec.dll]  [Internet Security Systems, Inc., 7.0.319]
    [C:\Program Files\ISS\issSensors\DesktopProtection\AC_Base.dll]  [N/A, ]
    [C:\WINDOWS\system32\blackdll.dll]  [Internet Security Systems, Inc., 7.0.321]
    [C:\Program Files\ISS\issSensors\DesktopProtection\RapAd.dll]  [Internet Security Systems, Inc., 7.0.05.0]
    [C:\Program Files\ISS\issSensors\DesktopProtection\VpnICE.dll]  [Internet Security Systems, Inc., 7.0.320]
    [C:\Program Files\ISS\issSensors\DesktopProtection\Comply\AC_McAfee.dll]  [Internet Security Systems, Inc., 7.0.320]
    [C:\Program Files\ISS\issSensors\DesktopProtection\Comply\AC_Norton.dll]  [Internet Security Systems, Inc., 7.0.320]
    [C:\Program Files\ISS\issSensors\DesktopProtection\iss-pam1.dll]  [Internet Security Systems, 1.10.106.3]
[PID: 932][C:\Program Files\CA\SC\CAM\bin\cam.exe]  [CA, Inc., 3.11.54.16]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 944][C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe]  [Cisco Systems, Inc., 4.6.02.0011]
    [C:\WINDOWS\system32\vsdata.dll]  [Zone Labs Inc., 5.5.058.000]
    [C:\WINDOWS\system32\VSINIT.dll]  [Zone Labs Inc., 5.5.058.000]
[PID: 964][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 992][C:\WINDOWS\LogWatNT.exe]  [N/A, ]
    [C:\CA_LIC\lic98.dll]  [Computer Associates, 01.46]
[PID: 1004][c:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE]  [Computer Associates International, Inc., 4, 0, 2102, 0]
[PID: 1028][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.140 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.140 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.141 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.140 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.2.2002]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.7.3]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.14.08]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.7.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 51.2.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\ccEraser.dll]  [Symantec Corporation, 107.4.1.2]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\ecmsvr32.dll]  [Symantec Corporation, 71.4.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\NAVEX32a.DLL]  [Symantec Corporation, 20071.4.3.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080506.003\NAVENG32.DLL]  [Symantec Corporation, 20071.4.3.10]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.2.2002]
[PID: 1096][C:\Program Files\CA\SharedComponents\DTS\bin\tngdoba.exe]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\DTSHARE.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtscore.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SC\CAWIN\CAWINXSN.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\SharedComponents\DTS\bin\tngdoba.ENU]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtstcp.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtsppp.dll]  [Computer Associates International, Inc., 3.0.2128]
gototop
 
metalpoison000
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2008-05-13
  • 来自:
发表于: 2008-05-13 12:30 | 只看楼主 短消息 资料
字号: 4楼

回复:最近很流行的一个病毒,大家帮忙看看

[PID: 1112][c:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE]  [Computer Associates International, Inc., 4, 0, 2107, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\ACPORT32.dll]  [Computer Associates International, Inc., 4, 0, 2106, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\RDCNF.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDStrCnv.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDCAWIN.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDWINAPI.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\CTRLCOM.dll]  [Computer Associates International, Inc., 4, 0, 2107, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDWCHAR.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDNLS.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDOSAPI.dll]  [Computer Associates International, Inc., 4, 0, 2106, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\ASMCOM32.dll]  [Computer Associates International, Inc., 4, 0, 2106, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\NATFCL32.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDLIC.dll]  [Computer Associates International, Inc., 4, 0, 2107, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDRES.dll]  [Computer Associates International, Inc., 4, 0, 2901, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\GENERAL.dll]  [Computer Associates International, Inc., 4, 0, 2106, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\COMPON.dll]  [Computer Associates International, Inc., 4, 0, 2107, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\sdevent.dll]  [Computer Associates International, Inc., 4, 0, 2106, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDINFOV.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDFILSYS.dll]  [Computer Associates International, Inc., 4, 0, 2107, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\FILECOPY.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAPI.dll]  [Computer Associates International, Inc., 4, 0, 2107, 0]
[PID: 1124][C:\Program Files\CA\SharedComponents\DTS\bin\tngdta.exe]  [Computer Associates International, Inc., 3.0.2128]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtscore.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SC\CAWIN\CAWINXSN.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtacomn.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\tngdta.ENU]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\DTSMAD.DLL]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\DTSHARE.DLL]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtstcp.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtshttp.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtsudp.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtsmcast.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtsbcast.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\dtsppp.dll]  [Computer Associates International, Inc., 3.0.2128]
    [C:\Program Files\CA\SharedComponents\DTS\bin\DTANTFY.DLL]  [Computer Associates International, Inc., 3.0.2128]
[PID: 1148][C:\Program Files\UPHClean\uphclean.exe]  [Microsoft Corporation, 1.6.30.0]
[PID: 1208][C:\Program Files\CA\DSM\bin\caf.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\CFSMCAPI.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfmspi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\bin\cfEventLog.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfPlugin.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\awmsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\bin\cfcertidentity.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfCompressZLib.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfspanif.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfPmuxPlugin.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfPmuxApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfspannt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfcertex.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfnotify.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfRegister.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cainf.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfSvcLocator.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfScheduler.dll]  [CA, 11.2.3.1895]
[PID: 1344][C:\Program Files\CA\DSM\Bin\cfsmsmd.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CFSMCAPI.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfmspi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\awmsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\Bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\cfcertidentity.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfCompressZLib.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfspanif.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
[PID: 1644][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Internet Explorer\mui\0804\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\system32\dla\tfswshx.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4634]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4634]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4634]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4634]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
    [C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow! Plus\shlext.dll]  [, 7.0.0.0]
    [C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow! Plus\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 84, 83, 7]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 84, 100, 4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 84, 51, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 84, 15, 1]
    [C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll]  [Microsoft Corporation, 8.5.1302.1018]
[PID: 2036][C:\Program Files\CA\DSM\Bin\ccnfagent.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\Bin\cfspannt.dll]  [CA, 11.2.3.1895]
[PID: 1196][C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CFSMCAPI.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfmspi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\Bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfEventLog.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfcertidentity.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfCompressZLib.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfspanif.dll]  [CA, 11.2.3.1895]
[PID: 808][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.7.0.10]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.2.2002]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.2.2002]
    [C:\WINDOWS\system32\nts.dll]  [LANDesk Software Ltd., 6.12.0.141 E]
    [C:\WINDOWS\system32\cba.dll]  [LANDesk Software Ltd., 6.12.0.140 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.140 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.140 E]
[PID: 1508][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.1622]
[PID: 792][C:\WINDOWS\stsystra.exe]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
    [C:\WINDOWS\system32\STLang.dll]  [SigmaTel, Inc., 1.1.4991.0  nd229 cp1]
    [C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4995.1  nd446 cp1]
[PID: 1604][C:\SxpInst\sxplog32.exe]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\SXPFILEC.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\SxpInst\ccsTrc32.dll]  [Computer Associates International, Inc., 6.4/67]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDStrCnv.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [c:\Program Files\CA\Unicenter Software Delivery\BIN\SDCAWIN.dll]  [Computer Associates International, Inc., 4, 0, 2102, 0]
    [C:\SxpInst\CCSINI32.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\CCSLCK32.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\CCSTOO32.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\SXPAAF32.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\SXP2MSI.dll]  [Computer Associates International, Inc., 6.4/67]
    [C:\SxpInst\CCSCMP32.dll]  [Computer Associates International, Inc., 6.4/67]
    [c:\Program Files\CA\Unicenter Software Delivery\SD\NLS\sxplog32.ENU]  [Computer Associates International, Inc., 6.4/56]
[PID: 1260][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe]  [Nokia, 6, 84, 78, 3]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 84, 100, 4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL]  [Nokia, 6, 84, 20, 3]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL]  [Nokia., 6, 84, 89, 1]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_chi-sc.NLR]  [Nokia, 6, 84, 81, 2]
    [C:\Program Files\PC Connectivity Solution\ConfServer.dll]  [Nokia, 6, 84, 37, 0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 2032][C:\WINDOWS\system32\dla\tfswctrl.exe]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\tfswapi.dll]  [Sonic Solutions, 1.04.08a]
    [C:\WINDOWS\system32\dla\tfswcres.dll]  [Sonic Solutions, 1.04.08a]
[PID: 648][C:\Program Files\CA\DSM\bin\cfSysTray.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\bin\cfCafApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\CFSMCAPI.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfmspi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfTrayUtils.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfTrayPlugin.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\sd_aguiplugin.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\bin\cfcertidentity.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfCompressZLib.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfspanif.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfspannt.dll]  [CA, 11.2.3.1895]
gototop
 
metalpoison000
头像
初生襁褓狮
  • 帖子:5
  • 注册: 2008-05-13
  • 来自:
发表于: 2008-05-13 12:30 | 只看楼主 短消息 资料
字号: 5楼

回复:最近很流行的一个病毒,大家帮忙看看

[PID: 1380][C:\Program Files\Apoint\Apoint.exe]  [Alps Electric Co., Ltd., 5.5.101.155]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.9]
    [C:\Program Files\Apoint\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.104.284]
    [C:\Program Files\Apoint\EzAuto.dll]  [Alps Electric Co., Ltd., 5.5.1.85]
    [C:\Program Files\Apoint\EzLaunch.DLL]  [Alps Electric Co., Ltd., 5.5.1.71]
[PID: 180][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 108][C:\Program Files\Apoint\HidFind.exe]  [Alps Electric Co., Ltd., 1.1.0.23]
[PID: 404][C:\Program Files\Apoint\Apntex.exe]  [Alps Electric Co., Ltd., 5.5.1.22]
    [C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.9]
    [C:\Program Files\Apoint\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.104.284]
[PID: 668][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\Program Files\CA\DSM\Bin\ccsmagtd.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\ccsmxml.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\ccsmtrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\Bin\ccsmagent.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\ccsmcomm.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CFSMCAPI.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfmspi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfcertidentity.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfCompressZLib.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfspanif.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\ccnfcsmplugin.dll]  [CA, 11.2.3.1895]
[PID: 884][C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe]  [Internet Security Systems, Inc., 7.0.320]
    [C:\Program Files\ISS\issSensors\DesktopProtection\FileSec.dll]  [Internet Security Systems, Inc., 7.0.319]
    [C:\Program Files\ISS\issSensors\DesktopProtection\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\mui\0804\hhctrlui.dll]  [Microsoft Corporation, 4.74.9273]
[PID: 1340][C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe]  [KYOCERA MITA, 3, 8, 0, 1]
    [C:\Program Files\Kyocera Mita\FileUtility\HgTiff2Pdf.dll]  [N/A, ]
    [C:\Program Files\Kyocera Mita\FileUtility\nsSvcCtrl.dll]  [KYOCERA MITA CORPORATION, 1, 0, 0, 1]
[PID: 800][C:\Program Files\CA\DSM\Bin\amswmagt.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
[PID: 392][C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe]  [N/A, ]
    [C:\Program Files\CA\DSM\bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\bin\cfTrace.dll]  [CA, 11.2.3.1895]
[PID: 1300][C:\Program Files\CA\DSM\Bin\cfftplugin.exe]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfUtilities.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\SC\CAWIN\CAWINEXF.dll]  [Computer Associates International, Inc., 1.20.31]
    [C:\Program Files\CA\DSM\Bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CA\DSM\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\CA\DSM\Bin\cfRunTime.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfTrace.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfOSServices.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfXMLParser.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\CcnfAgentApi.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfEncrypt.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\libetpki2.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\libetpki2_thread.dll]  [Computer Associates International, Inc., Version 3.0.0]
    [C:\Program Files\CA\DSM\Bin\ipthread.dll]  [Computer Associates, 2, 1, 060216]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_crypto.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\libetpki_openssl_ssl.dll]  [N/A, ]
    [C:\Program Files\CA\DSM\Bin\cfNetwork.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfMessenger.dll]  [CA, 11.2.3.1895]
    [C:\PROGRA~1\CA\SC\CAM\bin\AwMsq.dll]  [CA, Inc., 3.11.54.16]
    [C:\Program Files\CA\DSM\Bin\cfBuffer.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfSock.dll]  [CA, 11.2.3.1895]
    [C:\Program Files\CA\DSM\Bin\cfPmuxApi.dll]  [CA, 11.2.3.1895]
[PID: 1948][C:\WINDOWS\system32\mmc.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]
[PID: 1288][C:\WINDOWS\system32\mspaint.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
[PID: 1660][C:\WINDOWS\system32\mmc.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]
[PID: 2488][E:\System repair engineer 2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\System repair engineer 2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [E:\System repair engineer 2\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 432, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 480, C:\WINDOWS\SYSTEM32\SERVICES.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 492, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 900, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 912, C:\PROGRAM FILES\ISS\ISSSENSORS\DESKTOPPROTECTION\BLACKD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1644, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1508, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 792, C:\WINDOWS\STSYSTRA.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1604, C:\SXPINST\SXPLOG32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1260, C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2032, C:\WINDOWS\SYSTEM32\DLA\TFSWCTRL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1380, C:\PROGRAM FILES\APOINT\APOINT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 180, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 108, C:\PROGRAM FILES\APOINT\HIDFIND.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 404, C:\PROGRAM FILES\APOINT\APNTEX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 668, C:\WINDOWS\SYSTEM32\CONIME.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 884, C:\PROGRAM FILES\ISS\ISSSENSORS\DESKTOPPROTECTION\BLACKICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1340, C:\PROGRAM FILES\KYOCERA MITA\FILEUTILITY\NSCATCOM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1948, C:\WINDOWS\SYSTEM32\MMC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1288, C:\WINDOWS\SYSTEM32\MSPAINT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1660, C:\WINDOWS\SYSTEM32\MMC.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT