嘟嘟网的症状，请朋友们帮忙看一看！！ bbs.ikaka.com

jeciskim - 2006-9-2 21:20:00

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\KuGoo3\KuGoo.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe
D:\常用软件\HijackThis1991汉化版\HijackThis1991汉化版\HijackThis1991zww.exe

jeciskim - 2006-9-2 21:21:00

O2 - BHO: internet explorer helper - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: tkuid Class - {A2DBE85F-37BF-488F-9B0C-AE21AE05658A} - C:\WINDOWS\system32\bsecoder.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Count Class - {CFF6E0CF-02FB-47F5-95A4-DD8610D59284} - C:\WINDOWS\system32\bsnviewer.dll
O3 - IE工具栏增项: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - IE工具栏增项: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TrackPointSrv] tp4serv.exe
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - 启动项HKLM\\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - 启动项HKLM\\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - 启动项HKLM\\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - 启动项HKLM\\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 启动项HKLM\\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - 启动项HKLM\\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - 启动项HKLM\\Run: [KuGoo3] C:\PROGRA~1\KuGoo3\KuGoo.exe
O4 - 启动项HKLM\\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - Startup: Wallpaper Calendar.lnk = C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: 蓝牙控制盘.lnk = ?

jeciskim - 2006-9-2 21:22:00

O8 - IE右键菜单中的新增项目: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - C:\PROGRA~1\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 发送到 Bluetooth(&B) - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - 浏览器额外的“工具”菜单项: IBM Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - 浏览器额外的按钮: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: 易趣购物 - {DE607144-AC19-424e-861A-1D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607144-AC19-424e-861A-1D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://hlibin.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF55F004-CFF9-4270-ADB5-6EE4D905D8AB}: Domain = shenzhen.legend
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF55F004-CFF9-4270-ADB5-6EE4D905D8AB}: NameServer = 10.5.20.25,10.99.20.14,
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O21 - SSODL: themeadp - {64274C93-3CE7-4663-9C8D-CD2DC8A3590B} - C:\WINDOWS\system32\themeadp.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O23 - NT 服务: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - NT 服务: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - NT 服务: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - NT 服务: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - NT 服务: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - NT 服务: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - NT 服务: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - NT 服务: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

jeciskim - 2006-9-2 21:22:00

谢谢大家了！！！

我无邪 - 2006-9-2 22:22:00

下载超级兔子,专业卸载。
http://www.pctutu.com/news.asp?id=92
安装好后，打开“winspeed”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载
卸载完后重启
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

jeciskim - 2006-9-3 14:11:00

谢谢！！！

我无邪 - 2006-9-3 14:39:00

还没完呢，你卸载完后重启
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

jeciskim - 2006-9-3 22:05:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
<ibmmessages><C:\Program Files\IBM\Messages By IBM\ibmmessages.exe> [IBM]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
<DrvMon.exe><C:\WINDOWS\system32\DrvMon.exe> [Alcor Micro, Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<TrackPointSrv><tp4serv.exe> [IBM Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [Intel Corporation]
<TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper> [IBM Corp.]
<TpShocks><TpShocks.exe> [IBM Corp.]
<TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe> []
<TP4EX><tp4ex.exe> [IBM Corporation]
<ControlCenter><"C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup> [UPEK Inc.]
<EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe> [IBM Corp.]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [Symantec Corporation]
<ibmmessages><C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe> [IBM]
<IBMPRC><C:\IBMTOOLS\UTILS\ibmprc.exe> [IBM Corp.]
<QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE> [IBM Corp.]
<PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor> [IBM Corp.]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [Microsoft Corporation]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> []
<QCTray><C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe> [IBM Corp.]
<StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<Symantec NetDriver Monitor><C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer> [Symantec Corporation]
<WinampAgent><C:\Program Files\Winamp\winampa.exe> []
<KuGoo3><C:\PROGRA~1\KuGoo3\KuGoo.exe> []
<{0228e555-4f9c-4e35-a3ec-b109a192b4c2}><C:\Program Files\Google\Gmail Notifier\gnotify.exe> [Google Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<themeadp><C:\WINDOWS\system32\themeadp.dll> []
<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
<WinlogonNotify: psfus><C:\Program Files\IBM fingerprint software\psfus.dll> [UPEK Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
<WinlogonNotify: QConGina><QConGina.dll> [IBM Corp.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
<WinlogonNotify: tphotkey><tphklock.dll> []

==================================
启动文件夹
[Digital Line Detect]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Digital Line Detect.lnk><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[蓝牙控制盘]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\蓝牙控制盘.lnk><N>
[Wallpaper Calendar]
<C:\Documents and Settings\Libby Han\「开始」菜单\程序\启动\Wallpaper Calendar.lnk><N>

jeciskim - 2006-9-3 22:05:00

==================================
服务
[Bluetooth Service / btwdins]
<C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[EvtEng / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service]
<"C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"><>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[JMediaService / JMediaService]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service><N/A>
[Norton AntiVirus Auto-Protect Service / navapsvc]
<"C:\Program Files\Norton AntiVirus\navapsvc.exe"><Symantec Corporation>
[Norton AntiVirus Firewall Monitor Service / NPFMntor]
<"C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"><Symantec Corporation>
[IBM PSA Access Driver Control / PsaSrv]
<C:\WINDOWS\system32\PsaSrv.exe><N/A>
[QCONSVC / QCONSVC]
<System32\QCONSVC.EXE><IBM Corp.>
[RegSrvc / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[SAVScan / SAVScan]
<"C:\Program Files\Norton AntiVirus\SAVScan.exe"><Symantec Corporation>
[ScriptBlocking Service / SBService]
<C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[StdService / StdService]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
[IBM HDD APS Logging Service / TPHDEXLGSVC]
<System32\TPHDEXLG.EXE><IBM Corporation>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[Protector Suite Virtual Token / vtserver]
<"C:\Program Files\Common Files\Virtual Token\vtserver.exe"><UPEK Inc.>

==================================
浏览器加载项
[internet explorer helper]
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[tkuid Class]
{A2DBE85F-37BF-488F-9B0C-AE21AE05658A} <C:\WINDOWS\system32\bsecoder.dll, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Count Class]
{CFF6E0CF-02FB-47F5-95A4-DD8610D59284} <C:\WINDOWS\system32\bsnviewer.dll, >
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[酷热影音]
{7D73FF86-05F1-39ed-C850-A423120EC338} <www.kuree.com/index.htm?id=00011001, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[BitCometBar]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll, N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Java Plug-in 1.4.2]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll, IBM.>
[Java Plug-in 1.4.2]
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} <C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll, IBM.>
[internet explorer helper]
{02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[BitCometBar]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll, N/A>
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Vision]
{6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[stdup]
{6A512BF7-EC78-4E8D-9841-6C02E8FA9838} <C:\WINDOWS\SYSTEM32\stdup.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[tkuid Class]
{A2DBE85F-37BF-488F-9B0C-AE21AE05658A} <C:\WINDOWS\system32\bsecoder.dll, >
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} <C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Count Class]
{CFF6E0CF-02FB-47F5-95A4-DD8610D59284} <C:\WINDOWS\system32\bsnviewer.dll, >
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<C:\PROGRA~1\KuGoo3\KuGoo3DownX.htm, N/A>
[发送到 Bluetooth(&B)]
<C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

jeciskim - 2006-9-3 22:07:00

==================================
正在运行的进程
[PID: 1000][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1108][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\IBM fingerprint software\psfus.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\psutil.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\Remote.dll] <UPEK Inc.><4.5.3.179>
[C:\WINDOWS\system32\tphklock.dll] <N/A><N/A>
[C:\Program Files\Common Files\Virtual Token\passport.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\resmgr.dll] <UPEK Inc.><4.5.3.179>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3984>
[PID: 1152][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\pwdmon.dll] <N/A><N/A>
[PID: 1320][C:\Program Files\Common Files\Virtual Token\vtserver.exe] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\psutil.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\IBM fingerprint software\psfus.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\passport.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\DevTc.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\BTcVer.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\Remote.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\LocPass.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\AlgVer.dll] <UPEK Inc.><4.5.3.179>
[C:\Program Files\Common Files\Virtual Token\resmgr.dll] <UPEK Inc.><4.5.3.179>
[PID: 1340][C:\WINDOWS\system32\ibmpmsvc.exe] <N/A><N/A>
[PID: 1364][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1408][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1548][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1588][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 83>
[PID: 1732][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] <Intel Corporation ><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 83>
[PID: 1812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 196][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 784][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[C:\WINDOWS\system32\bthcrp.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\WidcommSdk.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\wbtapi.dll] <Broadcom Corporation><3.0.1.915>
[PID: 880][C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe] <Broadcom Corporation><3.0.1.915>
[PID: 928][C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe] <><4,1,0,4072>
[PID: 956][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\MMSASS~1\MMSSVER.DLL] <><1, 2, 0, 6>
[PID: 1760][C:\WINDOWS\System32\QCONSVC.EXE] <IBM Corp.><3, 7, 1, 0>
[PID: 636][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] <Intel Corporation><9, 0, 1, 83>
[PID: 1524][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL] <IBM Corp.><1, 0, 0, 0>
[C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL] <N/A><N/A>
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL] <N/A><N/A>
[C:\WINDOWS\system32\Sensor.dll] <IBM Corporation><1.30.1.0>
[C:\WINDOWS\system32\OEMDSPIF.DLL] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3984>
[C:\DOCUME~1\LIBBYH~1\LOCALS~1\Temp\themeadp.nls] <N/A><N/A>
[C:\WINDOWS\webwork\webwork.nls] <MSWebwork Cop.><1, 0, 0, 1>
[C:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] <Zepsoft><1.0.3.3>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[C:\PROGRA~1\MMSASS~1\mmsass~1.dll] <><1, 2, 0, 6>
[C:\WINDOWS\system32\bsecoder.dll] <><1, 0, 0, 1>
[C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] <N/A><N/A>
[C:\Program Files\Norton AntiVirus\NavShExt.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\bsnviewer.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] <WinZip Computing, Inc.><4.1 (32-bit)>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\btncopy.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3984>
[PID: 440][C:\WINDOWS\system32\tp4serv.exe] <IBM Corporation><3.50>
[C:\WINDOWS\system32\tp4uires.dll] <N/A><N/A>
[PID: 444][C:\WINDOWS\system32\igfxtray.exe] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.3984>
[PID: 624][C:\WINDOWS\system32\hkcmd.exe] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxhk.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.3984>
[PID: 464][C:\WINDOWS\system32\TpShocks.exe] <IBM Corp.><1, 3, 1, 0>
[C:\Program Files\ThinkPad\TpShocks\MUI\0804\TpShocks.dll] <IBM Corp.><1, 3, 1, 0>
[C:\WINDOWS\system32\Sensor.dll] <IBM Corporation><1.30.1.0>
[PID: 1008][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] <N/A><N/A>
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] <N/A><N/A>
[C:\WINDOWS\system32\Oemdspif.dll] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3984>
[C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll] <N/A><N/A>
[PID: 1372][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] <IBM Corp.><1, 0, 0, 0>
[C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll] <N/A><N/A>
[PID: 1496][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe] <N/A><N/A>
[PID: 1508][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe]

jeciskim - 2006-9-3 22:07:00

<IBM><2.101>
[C:\WINDOWS\system32\AIBMRUNL.dll] <N/A><N/A>
[C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll] <><1, 0, 0, 4>
[C:\WINDOWS\system32\IbmEgath.dll] <IBM Corporation><3, 0, 0, 18>
[PID: 1516][C:\IBMTOOLS\UTILS\ibmprc.exe] <IBM Corp.><1, 0, 0, 3>
[PID: 1520][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe] <IBM Corporation><1.06>
[PID: 1584][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE] <IBM Corp.><3, 7, 1, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll] <IBM Corp.><3, 7, 1, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll] <Novatel Wireless Inc.><1, 0, 0, 1>
[C:\Program Files\ThinkPad\ConnectUtilities\QCMurPI.DLL] <IBM Corp.><3, 7, 1, 0>
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\MurocAPI.dll] <Intel Corporation><9, 0, 1, 59>
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\IconRes.dll] <N/A><N/A>
[PID: 1624][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL] <IBM Corp.><1, 0, 0, 0>
[C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL] <N/A><N/A>
[C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL] <N/A><N/A>
[C:\WINDOWS\system32\Sensor.dll] <IBM Corporation><1.30.1.0>
[C:\WINDOWS\system32\OEMDSPIF.DLL] <Intel Corporation><3.0.0.3984>
[C:\WINDOWS\system32\igfxdev.dll] <Intel Corporation><3.0.0.3984>
[PID: 1856][C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe] <IBM Corp.><3, 7, 1, 0>
[C:\PROGRA~1\ThinkPad\CONNEC~1\QCON.dll] <IBM Corp.><3, 7, 1, 0>
[C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll] <Novatel Wireless Inc.><1, 0, 0, 1>
[C:\PROGRA~1\ThinkPad\CONNEC~1\Res\SC\TrayRes.dll] <N/A><N/A>
[C:\PROGRA~1\ThinkPad\CONNEC~1\QCMurPI.DLL] <IBM Corp.><3, 7, 1, 0>
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\MurocAPI.dll] <Intel Corporation><9, 0, 1, 59>
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[C:\PROGRA~1\ThinkPad\CONNEC~1\ANCA.dll] <IBM Corp.><8.3>
[C:\PROGRA~1\ThinkPad\CONNEC~1\ANC.dll] <IBM Corp.><8.3>
[PID: 1652][C:\Program Files\Winamp\winampa.exe] <N/A><N/A>
[C:\Program Files\Winamp\NSCRT.dll] <Nullsoft, Inc.><7.10.0000>
[PID: 1924][C:\PROGRA~1\KuGoo3\KuGoo.exe] <><3.2.0.83>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 1936][C:\Program Files\Google\Gmail Notifier\gnotify.exe] <Google Inc.><1.0.25.0>
[PID: 1960][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1992][C:\WINDOWS\system32\DrvMon.exe] <Alcor Micro, Corp.><1, 0, 0, 9>
[PID: 2020][C:\Program Files\Digital Line Detect\DLG.exe] <BVRP Software><1, 0, 0, 1>
[C:\Program Files\Digital Line Detect\BVRPDIAG.dll] <BVRP Software><1.0>
[C:\WINDOWS\system32\MdmXSdk.dll] <Conexant><1.0.2.006>
[PID: 2052][C:\Program Files\IBM\Bluetooth Software\BTTray.exe] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\wbtapi.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\btosif.dll] <Broadcom Corporation><3.0.1.915>
[C:\Program Files\IBM\Bluetooth Software\BtBalloon.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\btrez.dll] <Broadcom Corporation><3.0.1.915>
[C:\WINDOWS\system32\CSH.dll] <Blue Sky Software Corporation><2.00.039>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[PID: 2060][C:\Program Files\zepsoft\Wallpaper Calendar\WallCal3.exe] <Zepsoft><3.0.2.85>
[C:\Program Files\zepsoft\Wallpaper Calendar\MHookWC.dll] <Zepsoft><1.0.3.3>
[PID: 2676][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2708][C:\WINDOWS\System32\TPHDEXLG.EXE] <IBM Corporation><1.0.0.1>
[PID: 2732][C:\WINDOWS\system32\TpKmpSVC.exe] <N/A><N/A>
[PID: 2752][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 4024][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3072][C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe] <Intel><9, 0, 1, 83>
[C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll] <Meetinghouse Data Communications><3, 0, 0, 44>
[C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] <Intel Corporation><9, 0, 1, 83>
[C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] <Intel Corporation><9, 0, 1, 83>
[C:\Program Files\Intel\Wireless\Bin\D8021Xps.DLL] <N/A><N/A>
[PID: 3848][C:\Program Files\MSN Messenger\msnmsgr.exe] <Microsoft Corporation><8.0.0812.00>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 1696][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2012][C:\Program Files\eMule\emule.exe]

jeciskim - 2006-9-3 22:07:00

<http://www.emule.org.cn><0.47.0>
[C:\Program Files\eMule\VNNClientS.Dll] <VNN><3.0.22.1>
[C:\Program Files\eMule\ZipLib.dll] <VNN><1.0.0.1>
[C:\Program Files\eMule\vdevstate.dll] <N/A><N/A>
[C:\Program Files\eMule\lang\zh_CN.dll] <http://www.emule-project.net><0.47.0>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[C:\WINDOWS\system32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 348][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2504][C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe] <Gabest><6, 4, 9, 0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\tssoft32.acm] <DSP GROUP, INC.><1.01>
[C:\WINDOWS\system32\tsd32.dll] <N/A><N/A>
[C:\WINDOWS\system32\sl_anet.acm] <Sipro Lab Telecom Inc.><3.02>
[C:\WINDOWS\system32\iac25_32.ax] <Intel Corporation><2.05.53>
[C:\WINDOWS\system32\l3codeca.acm] <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
[C:\WINDOWS\system32\vorbis.acm] <HMS http://hp.vector.co.jp/authors/VA012897/><0, 0, 3, 6>
[C:\WINDOWS\system32\vct3216.acm] <Voxware, Inc.><1.6.0.17>
[C:\WINDOWS\system32\vct3216.dll] <Voxware, Inc.><1.6.0.12>
[C:\WINDOWS\system32\msms001.vwp] <Voxware, Inc.><2.0.2.61>
[C:\WINDOWS\system32\mvoice.vwp] <Voxware, Inc.><2.0.0.12.01>
[C:\WINDOWS\system32\ffdshow.ax] <N/A><1.0.2.2028>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] <Gabest><1, 0, 1, 3>
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll] <N/A><N/A>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[C:\WINDOWS\system32\xvid.ax] <N/A><N/A>
[C:\WINDOWS\system32\xvidcore.dll] <N/A><N/A>
[C:\Program Files\KuGoo3\kgmpg.dll] < ><1, 0, 4, 1>
[PID: 2440][D:\常用软件\BALL.EXE] <m53group><1.2>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[PID: 3408][C:\Program Files\Maxthon\maxthon.exe] <Maxthon International Ltd.><1, 5, 6, 42>
[C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><11.0.9.16>
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] <Symantec Corporation><103.0.4.3>
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.0.4.3>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] <N/A><N/A>
[PID: 224][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[PID: 3944][C:\Documents and Settings\Libby Han\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

瑞星卡卡安全论坛