是不是中了什么病毒
[CODE]

2007-10-18,12:27:57

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Advanced Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINNT\system32\msow32cn.dll>  [TEC Solutions Limited.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQL$CONDUCTOR / MSSQL$CONDUCTOR][Running/Auto Start]
  <C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe -sCONDUCTOR><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><N/A>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLAgent$CONDUCTOR / SQLAgent$CONDUCTOR][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlagent.exe -i CONDUCTOR><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><N/A>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Explorer Helper / Winehplr][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\WinRdg32.exe><TEC Solutions Limited.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[atirage3 / atirage3][Running/Manual Start]
  <system32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100bnt5.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[3Com EtherLink XL B/C Adapter Driver / EL90BC][Running/Manual Start]
  <system32\DRIVERS\el90xbc5.sys><3Com Corporation>
[Network Packet Filter / IPNPF][Running/Boot Start]
  <\SystemRoot\system32\drivers\ipnpf.sys><Politecnico di Torino>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QntmX32 / QntmX32][Running/Manual Start]
  <system32\DRIVERS\QntmX32.sys><Quantum Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Tape drive CDB workaround for ATAPI / Xlatex32][Running/Manual Start]
  <system32\DRIVERS\Xlatex32.sys><Quantum Corporation>

==================================
浏览器加载项
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)

==================================
正在运行的进程
[PID: 184][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 232][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\WinWdg32.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\NavLogon.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
[PID: 260][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 272][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 464][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 3221, 0]
    [C:\WINNT\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINNT\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
[PID: 492][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[PID: 552][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.1.9]
[PID: 564][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 584][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\winoa32.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 3221, 0]
    [C:\WINNT\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINNT\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
    [C:\WINNT\system32\orcsdll.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINNT\system32\orcshook.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
[PID: 616][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 704][C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9054.0 built by: Lab06_N(_sqlbld)]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.dll]  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild)]
[PID: 360][C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~4\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9054.0 built by: Lab06_N(_sqlbld)]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.dll]  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild)]
[PID: 788][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 792][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.0.0.359]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINNT\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINNT\system32\NTS.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINNT\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.0.359]

[C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\ccEraser.dll]  [Symantec Corporation, 107.3.3.4]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\ecmsvr32.dll]  [Symantec Corporation, 71.3.0.25]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\NAVEX32a.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071017.018\NAVENG32.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
[PID: 1036][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 1076][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1132][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 103.5.1.9]

[PID: 1148][C:\WINNT\system32\Dfssvc.exe]  [Microsoft Corporation, 5.00.2195.6664]
[PID: 244][C:\WINNT\System32\dns.exe]  [Microsoft Corporation, 5.00.2195.7135]
[PID: 1264][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
[PID: 1356][C:\WINNT\system32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
[PID: 1420][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\shlcn32.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\winimhs.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1468][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll]  [Microsoft Corporation, 9.107.8320.0]
    [C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll]  [Microsoft Corporation, 9.107.8320.0]
[PID: 1752][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.1.9]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.1.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.1.9]
    [C:\WINNT\system32\SYMREDIR.DLL]  [Symantec Corporation, 5.5.1.6]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.1.9]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
[PID: 1772][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.0.359]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.0.359]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
[PID: 1800][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
[PID: 1848][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9054.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
[PID: 2148][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 504][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINNT\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 516, 0]
    [C:\WINNT\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINNT\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINNT\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 4529, 0]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.984\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 704, C:\PROGRA~1\MICROS~4\MSSQL$~1\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 360, C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1468, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1468, C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1848, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]

==================================
API HOOK
入口点错误：DeleteFileA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：DeleteFileW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：MoveFileA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：MoveFileExA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：MoveFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：MoveFileW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：SHFileOperation (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：SHFileOperationA (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)
入口点错误：SHFileOperationW (危险等级: 高,  被下面模块所HOOK: C:\WINNT\system32\winhafn.dll)