AspWsWin 无法彻底删除？不停弹出广告窗口 bbs.ikaka.com

Giv3n - 2006-10-22 3:04:00

用“恶意软件清理助手”在安全模式下可以删除，重启后又有了
HiJackThis的扫描结果如下，能否帮忙下？

Logfile of HijackThis v1.99.1
Scan saved at 02:43:49, on 2006-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\nutsrv4.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Babylon Client] ; D:\Tools\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NuTCSetupEnviron] ; D:\Tools\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [SoDA Startup] ; D:\Tools\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O4 - HKCU\..\Run: [IBM RecordNow!] ;

Giv3n - 2006-10-22 3:05:00

O4 - Startup: IBM NotesBuddy for Notes.lnk = C:\Program Files\IBM\NotesBuddy\NotesBuddy.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - D:\programs\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - D:\programs\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Picture with QQ MMS - D:\programs\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\programs\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\programs\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\programs\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\programs\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\programs\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\programs\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\programs\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} (PBActiveX40 Control) - http://szdl.cmbchina.com/download/PB/pb50.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cn.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = cn.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A39B78-9521-4453-89C6-B55C55116097}: Domain = cn.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F54F2978-43D3-4F5E-92B8-66312596F625}: NameServer = 210.51.176.71 210.53.31.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cn.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cn.ibm.com,hk.ibm.com,tw.ibm.com,au.ibm.com,us.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cn.ibm.com,hk.ibm.com,tw.ibm.com,au.ibm.com,us.ibm.com,ibm.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live Mail desktop\mailcomm.dll
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\p66slgj716o.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Rational ClearQuest Mail Service (MailService) - Unknown owner - D:\Tools\Rational\ClearQuest\mailservice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: MySQL - Unknown owner - D:\Tools\MySQL\bin\mysqld-nt".exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - D:\Tools\Rational\Rational Test\rtpxsr.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - D:\Tools\Rational\Rational Test\rtpsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - D:\Tools\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
O23 - Service: WebSphere Embedded Messaging Publish And SubscribeWAS_IBM_99HKP50_server1 (WebSphereEmbeddedMessagingPublishAndSubscribeWAS_IBM_99HKP50_server1) - Unknown owner - D:/Tools/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe (file missing)

秋日里的蓝天 - 2006-10-22 8:42:00

运行Hijackthis，把下面的选中打上钩，修复
O20 - Winlogon Notify: DIFx - C:\WINDOWS\system32\p66slgj716o.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cn.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = cn.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A39B78-9521-4453-89C6-B55C55116097}: Domain = cn.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cn.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cn.ibm.com,hk.ibm.com,tw.ibm.com,au.ibm.com,us.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cn.ibm.com,hk.ibm.com,tw.ibm.com,au.ibm.com,us.ibm.com,ibm.com

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168
http://www.kztechs.com/sreng/sreng2.zip

Giv3n - 2006-10-22 11:08:00

多谢楼上回复
扫描记过如下：
2006-10-22,10:52:07

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<NetSP - restore settings on power failure><"C:\Program Files\AT&T Network Client\NetSP.exe" -show> [AT&T]
<TPKMAPMN><C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe> [N/A]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<MSNShell><C:\Program Files\MSNShell\BIN\MSNShell.exe autorun> [N/A]
<IBM RecordNow!><; > [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<Tpam.exe><"C:\Program Files\IBM\Personal Communications\tpam.exe"> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe> [N/A]
<BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor> [IBM Corp.]
<BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE> [N/A]
<BMMMONWND><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor> [N/A]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Synaptics, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Synaptics, Inc.]
<TP4EX><tp4ex.exe> [IBM Corporation]
<TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper> [IBM Corp.]
<TpShocks><TpShocks.exe> [IBM Corp.]
<ControlCenter><"C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup> [UPEK Inc.]
<ISSI EZUpdate Service><"c:\sdwork\issimsvc.exe"> [IBM Global Services]
<C4EBReg><"C:\Program Files\C4ebreg\c4ebreg.exe" /q> [IBM Global Services]
<ISAMTray><"C:\Program Files\C4ebreg\isamtray.exe"> [IBM Global Services]
<Zone Labs Client><"C:\Program Files\Zone Labs\Integrity Client\iclient.exe"> [(Verified)Check Point Inc.]
<stgclean><c:\sdwork\w32main2.exe /cleanup> [IBM Global Services]
<IBMPRC><C:\IBMTOOLS\UTILS\ibmprc.exe> [IBM Corp.]
<ACTray><C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe> [Lenovo]
<ACWLIcon><C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe> [Lenovo]
<Babylon Client><; D:\Tools\Babylon\Babylon.exe -AutoStart> [(Verified)Babylon Ltd.]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Computer, Inc.]
<NuTCSetupEnviron><; D:\Tools\Rational\Rational Test\nutcroot\bin\ncoeenv.exe> [N/A]
<SoDA Startup><; D:\Tools\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp> [N/A]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe> [Sun Microsystems, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellScrap]
<WinlogonNotify: ShellScrap><C:\WINDOWS\system32\lv0209doe.dll> [N/A]

==================================
Startup Folders
[IBM NotesBuddy for Notes]
<C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IBM NotesBuddy for Notes.lnk --> C:\PROGRA~1\IBM\NOTESB~1\NOTESB~1.EXE [International Business Machines Corp.]><N>

==================================
Services
[Ac Profile Manager Service / AcPrfMgrSvc]
<C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe><N/A>
[Access Connections Main Service / AcSvc]
<C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe><Lenovo>
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Aventail Connect / As32Svc]
<C:\Program Files\Aventail\Connect\as32svc.exe><Aventail Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EvtEng / EvtEng]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service]
<"C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"><>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[iPod Service / iPod Service]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[IBM Standard Asset Manager Service / ISAMSvc]
<C:\Program Files\C4ebreg\c4ebreg.exe><IBM Global Services>
[ISSI EZUpdate / ISSIMon]
<c:\sdwork\issimsvc.exe><IBM Global Services>
[IBM Enterprise Extender / ldlcserv]
<C:\WINDOWS\system32\Drivers\ldlcserv.exe><IBM Corporation>
[Rational ClearQuest Mail Service / MailService]
<D:\Tools\Rational\ClearQuest\mailservice.exe><N/A>
[Multi-user Cleanup Service / Multi-user Cleanup Service]
<C:\notes\ntmulti.exe><IBM Corp>
[My Help / MyHelp]
<C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe><N/A>
[MySQL / MySQL]
<"D:\Tools\MySQL\bin\mysqld-nt" --defaults-file="D:\Tools\MySQL\my.ini" MySQL><N/A>
[Network Configuration Service / NetCfgSvr]
<C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE><AT&T>
[NuTCRACKERService / NuTCRACKERService]
<C:\WINDOWS\system32\nutsrv4.exe><DataFocus, Inc.>
[ProxyServer Service / ProxyServerService]
<"D:\Tools\Rational\Rational Test\rtpxsr.exe"><Rational Software>
[IBM PSA Access Driver Control / PsaSrv]
<C:\WINDOWS\system32\PsaSrv.exe><N/A>
[Rational Test Agent Service / RationalTestAgentService]
<"D:\Tools\Rational\Rational Test\rtpsvc.exe"><Rational Software>
[RegSrvc / RegSrvc]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Apache Tomcat / Tomcat5]
<"D:\Tools\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5><Apache Software Foundation>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[IBM Trace Facility / TrcBoot]
<C:\WINDOWS\system32\Drivers\trcboot.exe><IBM Corporation>
[VMware Authorization Service / VMAuthdService]
<C:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
<C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2]
<"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
<C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[TrueVector Internet Monitor / vsmon]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Check Point Inc.>
[Protector Suite Virtual Token / vtserver]
<"C:\Program Files\Common Files\Virtual Token\vtserver.exe"><UPEK Inc.>
[WebSphere Embedded Messaging Publish And SubscribeWAS_IBM_99HKP50_server1 / WebSphereEmbeddedMessagingPublishAndSubscribeWAS_IBM_99HKP50_server1]
<D:/Tools/IBM/WebSphere MQ/WEMPS/bin/bipservice.exe><N/A>

==================================
Drivers
[abp480n5 / abp480n5]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[AGN VPN Client Miniport Interface / ABVPN2K]
<system32\DRIVERS\abvpn2k.sys><AT&T>
[adpu160m / adpu160m]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[afpa / afpa]
<\??\C:\WINDOWS\system32\drivers\afpa.sys><IBM Corporation>
[AT&T Wi-Fi Support Driver / agnwifi]
<system32\DRIVERS\agnwifi.sys><AT&T>
[Aha154x / Aha154x]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[ANC / ANC]
<System32\drivers\ANC.SYS><IBM Corp.>
[ANCSQ / ANCSQ]
<\SystemRoot\System32\drivers\ANCSQ.sys><IBM Corp.>
[Anydlc / Anydlc]
<\SystemRoot\System32\drivers\anydlc.sys><IBM Corporation>
[Appn / Appn]
<\SystemRoot\System32\drivers\appn.sys><IBM Corporation>
[AppnApi / AppnApi]
<\SystemRoot\System32\drivers\appnapi.sys><IBM Corporation>
[AppnBase / AppnBase]
<\SystemRoot\System32\drivers\AppnBase.sys><IBM Corporation>
[asc / asc]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>

Giv3n - 2006-10-22 11:12:00

[asc3550 / asc3550]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Ascrypto / Ascrypto]
<\??\C:\Program Files\Aventail\Connect\ascrypto.sys><Aventail Corporation>
[Askernel / Askernel]
<\??\C:\Program Files\Aventail\Connect\asntkrnl.sys><Aventail Corporation>
[Astdi / Astdi]
<\??\C:\Program Files\Aventail\Connect\asnttdi.sys><Aventail Corporation>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AtmelTpm / AtmelTpm]
<system32\DRIVERS\AtmelTpm.sys><Atmel, Inc.>
[AGN Virtual Network Adapter / avpnnic]
<system32\DRIVERS\avpnnic.sys><AT&T>
[cd20xrnt / cd20xrnt]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[d347bus / d347bus]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Panasonic GP-KR661US / DCamUSBPanas]
<system32\DRIVERS\pcam.sys><Divio Inc.>
[dpti2o / dpti2o]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO/1000 Adapter Driver / E1000]
<system32\DRIVERS\e1000325.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Eacfilt Miniport / Eacfilt]
<system32\DRIVERS\eacfilt.sys><Nortel Networks>
[IBM Access Support / EGATHDRV]
<\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[GEARAspiWDM / GEARAspiWDM]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[gwiopm / gwiopm]
<\??\C:\Program Files\wst\gwiopm.sys><N/A>
[VMware hcmon / hcmon]
<\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[HSFHWICH / HSFHWICH]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ibmfilter / ibmfilter]
<\??\C:\WINDOWS\system32\drivers\ibmfilter.sys><IBM>
[IBMPMDRV / IBMPMDRV]
<system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK]
<\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys><N/A>
[IBM Personal Communications LLC2 Driver / IBM_LLC2]
<system32\DRIVERS\llc2.sys><IBM Corporation>
[ini910u / ini910u]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[Nortel Extranet Access Protocol / IPSECEXT]
<system32\DRIVERS\ipsecw2k.sys><Nortel Networks NA, Inc.>
[Nortel IPSECSHM Adapter / IPSECSHM]
<system32\DRIVERS\ipsecw2k.sys><Nortel Networks NA, Inc.>
[KLOGNT / KLOGNT]
<\SystemRoot\System32\drivers\klognt.sys><IBM Corporation>
[mdmxsdk / mdmxsdk]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[mraid35x / mraid35x]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
<\??\D:\programs\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NsTrcNT / NsTrcNT]
<\SystemRoot\System32\drivers\nstrcnt.sys><IBM Corporation>
[PDLC Adapter -- COM / pdlnacom]
<\SystemRoot\System32\drivers\pdlnacom.sys><IBM Corporation>
[PDLC Adapter Factory / pdlnafac]
<\SystemRoot\System32\drivers\pdlnafac.sys><IBM Corporation>
[Twinax Adapter Common / pdlnatcm]
<\SystemRoot\System32\drivers\pdlnatcm.sys><IBM Corporation>
[Twinax Adapter / pdlnatdl]
<\SystemRoot\System32\drivers\pdlnatdl.sys><IBM Corporation>
[PDLC CxM Classes / pdlncbas]
<\SystemRoot\System32\drivers\pdlncbas.sys><IBM Corporation>
[PDLC Connection Manager / pdlncfwk]
<\SystemRoot\System32\drivers\pdlncfwk.sys><IBM Corporation>
[Twinax CUT Adapter / pdlnctdl]
<\SystemRoot\System32\drivers\pdlnctdl.sys><IBM Corporation>
[PDLC DLC Classes / pdlndint]
<\SystemRoot\System32\drivers\pdlndint.sys><IBM Corporation>
[IBM Enterprise Extender (HPR/IP) / pdlndldl]
<\SystemRoot\System32\drivers\pdlndldl.sys><IBM Corporation>
[PDLC LAPB / pdlndlpb]
<\SystemRoot\System32\drivers\pdlndlpb.sys><IBM Corporation>
[PDLC OEM Interface / pdlndoem]
<\SystemRoot\System32\drivers\pdlndoem.sys><IBM Corporation>
[PDLC QLLC / pdlndqll]
<\SystemRoot\System32\drivers\pdlndqll.sys><IBM Corporation>
[PDLC SDLC / pdlndsdl]
<\SystemRoot\System32\drivers\pdlndsdl.sys><IBM Corporation>
[Twinax DLC / pdlndtdl]
<\SystemRoot\System32\drivers\pdlndtdl.sys><IBM Corporation>
[PDLC Environment / pdlnebas]
<\SystemRoot\System32\drivers\pdlnebas.sys><IBM Corporation>
[PDLC Configuration / pdlnecfg]
<\SystemRoot\System32\drivers\pdlnecfg.sys><IBM Corporation>
[PDLC Mapper / pdlnemap]
<\SystemRoot\System32\drivers\pdlnemap.sys><IBM Corporation>
[PDLC Message Driver / pdlnemsg]
<\SystemRoot\System32\drivers\pdlnemsg.sys><IBM Corporation>
[PDLC Buffer Manager / pdlnepkt]
<\SystemRoot\System32\drivers\pdlnepkt.sys><IBM Corporation>
[PDLC Hayes At signalling / pdlnshay]
<\SystemRoot\System32\drivers\pdlnshay.sys><IBM Corporation>
[PDLC SDLC Leased / pdlnslea]
<\SystemRoot\System32\drivers\pdlnslea.sys><IBM Corporation>
[PDLC V25bis signalling / pdlnsv25]
<\SystemRoot\System32\drivers\pdlnsv25.sys><IBM Corporation>
[PDLC X.25 / pdlnsx25]
<\SystemRoot\System32\drivers\pdlnsx25.sys><IBM Corporation>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[IBM PSA Access Driver / psadd]
<\??\C:\WINDOWS\system32\Drivers\psadd.sys><IBM Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[WLAN Transport / s24trans]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[S3Inc / S3Inc]
<system32\DRIVERS\s3mt3d.sys><S3 Incorporated>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[ShockMgr / ShockMgr]
<C:\WINDOWS\SYSTEM32\DRIVERS\ShockMgr.SYS><IBM Corporation>
[Shockprf / Shockprf]
<C:\WINDOWS\SYSTEM32\DRIVERS\Shockprf.SYS><IBM Corporation>
[SIS AGP Bus Filter / sisagp]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint]
<System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TC USB Kernel Driver / TcUsb]
<System32\Drivers\tcusb.sys><UPEK Inc.>
[TDSMAPI / TDSMAPI]
<System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[TPHKDRV / TPHKDRV]
<C:\WINDOWS\SYSTEM32\DRIVERS\TPHKDRV.SYS><IBM Corporation>
[TPPWR / TPPWR]
<System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP]
<System32\drivers\TSMAPIP.SYS><N/A>
[ultra / ultra]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter]
<system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge]
<system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif]
<\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport]
<\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86]
<\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[vsdatant / vsdatant]
<System32\vsdatant.sys><Check Point Inc.>
[Vstor2 Virtual Storage Driver / vstor2]
<\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP / w22n51]
<system32\DRIVERS\w22n51.sys><N/A>
[Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP / w29n51]
<system32\DRIVERS\w29n51.sys><Intel? Corporation>

Giv3n - 2006-10-22 11:14:00

==================================
Browser Add-ons
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\programs\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\programs\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[LNWebAssist Class]
{9519B2A2-6592-4E41-8290-D0298459270C} <C:\WINDOWS\DOWNLO~1\LNWEBA~1.DLL, IBM Corporation>
[gpwsx.plugin]
{A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} <C:\WINDOWS\Downloaded Program Files\gpwsx.ocx, IBM>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\CmbPb40.ocx, China Merchants Bank>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Microsoft ProgressBar Control, version 5.0 (SP2)]
{0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\WINDOWS\system32\COMCTL32.OCX, Microsoft Corporation>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FlashGet\jccatch.dll, FlashGet>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\programs\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[LNWebAssist Class]
{9519B2A2-6592-4E41-8290-D0298459270C} <C:\WINDOWS\DOWNLO~1\LNWEBA~1.DLL, IBM Corporation>
[gpwsx.plugin]
{A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} <C:\WINDOWS\Downloaded Program Files\gpwsx.ocx, IBM>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MainBHO Class]
{DE63E1D9-B5DB-4E7E-8902-5F4F3E3EC532} <C:\WINDOWS\system32\shdoclc2.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[PBActiveX40 Control]
{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} <C:\WINDOWS\system32\CmbPb40.ocx, China Merchants Bank>
[Add to QQ Customized Emoticons]
<D:\programs\Tencent\QQ\AddEmotion.htm, N/A>
[Add to QQ Customized Panel]
<D:\programs\Tencent\QQ\AddPanel.htm, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[Send Picture with QQ MMS]
<D:\programs\Tencent\QQ\SendMMS.htm, N/A>
[Set As Messenger Live Display Picture]
<C:\Program Files\MSNShell\BIN\SetMSNDP.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\programs\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\programs\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\programs\Tencent\QQ\SendMMS.htm, N/A>

==================================
Running Processes
[PID: 1368][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\curtmgr.dll] [N/A, N/A]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[PID: 364][C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\DEFSECUR.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\ATMGRTOK.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\MILLUTIL.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSWLIB.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSPREF.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSCLIB.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSMSG.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSW32X.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSWLIBI.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\NODEINIT.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Trace Facility\NSTRC.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\SPELLING.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Trace Facility\FMT_UTIL.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSCAPI.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\OOCSVCS2.dll] [N/A, N/A]
[C:\Program Files\IBM\Personal Communications\MESSAGE.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\MSGIO.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSRTMSN.DLL] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSTQ.dll] [IBM Corporation, 5070.10.4118.928]
[C:\Program Files\IBM\Personal Communications\PCSZLIB.dll] [IBM Corporation, 5070.10.4118.928]
[PID: 1720][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\curtmgr.dll] [N/A, N/A]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 9.0.3.1000]
[D:\Tools\EditPlus\eppshell.dll] [N/A, N/A]
[C:\WINDOWS\system32\contmenu.dll] [N/A, N/A]
[D:\Tools\Rational\ClearCase\bin\ccshelxb.dll] [N/A, N/A]
[D:\Tools\Rational\ClearCase\bin\libatriaview.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\LIBRPCSVC.dll] [N/A, N/A]
[D:\Tools\Rational\ClearCase\bin\LIBATRIANT.dll] [N/A, N/A]
[D:\Tools\Rational\ClearCase\bin\LIBATRIAADM.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriavob.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriaccfs.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriaxdr.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriacredmap.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\LIBATRIATBS.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriamvfs.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriaks.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\LIBEZRPC.dll] [N/A, N/A]
[D:\Tools\Rational\ClearCase\bin\LIBATRIADBRPC.dll] [IBM Corporation, 6.0.0.389]
[D:\Tools\Rational\ClearCase\bin\libatriacm.dll] [IBM Corporation, 6.0.0.389]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[PID: 2016][C:\WINDOWS\system32\nutsrv4.exe] [DataFocus, Inc., 4.50.0000]
[C:\WINDOWS\system32\nutmsg4.dll] [DataFocus, Inc., 4.50.0000]
[PID: 2356][C:\Program Files\IBM\Personal Communications\tpam.exe] [N/A, N/A]
[PID: 2392][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 2.2.2.008]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.2.008]
[C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL] [Symantec Corporation, 2.0.39.0]
[C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL] [Symantec Corporation, 2.0.39.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 2.2.2.008]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 2.2.2.008]
[C:\WINDOWS\system32\SYMREDIR.dll] [Symantec Corporation, 5.3.6.13]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 2.2.2.008]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 9.0.3.1000]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 2.2.2.008]
[PID: 2480][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 9.0.3.1000]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 9.0.3.1000]
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 9.0.3.1000]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 9.0.3.1000]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]

Giv3n - 2006-10-22 11:14:00

[PID: 3124][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] [N/A, N/A]
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] [N/A, N/A]
[C:\WINDOWS\system32\Oemdspif.dll] [ATI Technologies, Inc., 6.14.0010]
[C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll] [N/A, N/A]
[PID: 3132][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0]
[C:\WINDOWS\system32\sensor.dll] [IBM Corporation, 1.30.1.0]
[PID: 3148][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll] [N/A, N/A]
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0]
[C:\WINDOWS\system32\sensor.dll] [IBM Corporation, 1.30.1.0]
[PID: 3340][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 2736][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 3996][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe] [N/A, N/A]
[PID: 1632][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe] [IBM Corporation, 1.06]
[PID: 2208][C:\WINDOWS\system32\TpShocks.exe] [IBM Corp., 1, 0, 0, 1]
[C:\WINDOWS\system32\Sensor.dll] [IBM Corporation, 1.30.1.0]
[PID: 3704][C:\Program Files\C4ebreg\isamtray.exe] [IBM Global Services, 6.12]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 2872][C:\IBMTOOLS\UTILS\ibmprc.exe] [IBM Corp., 1, 0, 0, 3]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 2904][C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] [Lenovo, 4, 11, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll] [Lenovo, 4, 11, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll] [Lenovo, 4, 0, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\TrayRes.dll] [Lenovo, 4, 0, 0, 0]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 2912][C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe] [Lenovo, 4, 11, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll] [Lenovo, 4, 11, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll] [Lenovo, 4, 0, 0, 0]
[C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\IconRes.dll] [Lenovo, 4, 0, 0, 0]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 3028][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 3268][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe] [N/A, N/A]
[C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 3612][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0068.00_ClientV8.1]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\MSNShell\BIN\ShellDll02.dll] [MSNShell Team, 4.2.28.17]
[C:\Program Files\MSNShell\BIN\Skin\SkinPlusPlusDLL.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\devenum.dll] [N/A, N/A]
[C:\WINDOWS\system32\quartz.dll] [N/A, N/A]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[PID: 4012][C:\Program Files\MSNShell\BIN\MSNShell.exe] [N/A, N/A]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 1548][C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, N/A]
[C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\MurocAPI.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 9, 0, 4, 0]
[C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, N/A]
[C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 9, 0, 4, 0]
[PID: 2024][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.0.7: 2006090918]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.0.7: 2006090918]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.1]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Netscape Communications Corporation, 3.10.2]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.0.7: 2006090918]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.0.7: 2006090918]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll] [Netscape Communications Corporation, 1.53]
[C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vyekxfxl.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll] [http://minimizetotray.mozdev.org/, 0.0.1.2005072516+]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.0.7: 2006090918]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [N/A, N/A]
[PID: 308][D:\Tools\UltraEdit\uedit32.exe] [IDM Computer Solutions, Inc., 12.00+3]
[D:\Tools\UltraEdit\tidylib.dll] [N/A, N/A]
[D:\Tools\UltraEdit\SftpDLL.dll] [WeOnlyDo! COM, 3, 0, 3, 32]
[D:\Tools\UltraEdit\ueres.dll] [IDM Computer Solutions, Inc., 12.00+3]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAD1DA.DLL] [Lexmark International, Inc., 8.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAD1DL.DLL] [Lexmark International, Inc., 8.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAD1DF.DLL] [Lexmark International, Inc., 8.0]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[PID: 1216][D:\downloads\roguecleaner_PConline\RogueCleaner.exe] [Tommsoft.com, 2.2.0.1]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]
[PID: 3420][D:\Tools\EditPlus\editplus.exe] [ES-Computing, 2, 1, 2, 76]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[PID: 1060][D:\downloads\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\MSNShell\BIN\ShellDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.12 16Jun04]
[C:\Program Files\Aventail\Connect\asdns.dll] [Aventail Corporation, 5.30.172]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF Error. [piffile]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [UltraEdit.ini]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. [UltraEdit.js]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
N/A

==================================

秋日里的蓝天 - 2006-10-22 11:33:00

运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除
C:\WINDOWS\system32\lv0209doe.dll

删除
C:\WINDOWS\system32\lv0209doe.dll
C:\WINDOWS\system32\curtmgr.dll

运行SREng2,使用：系统修复－－文件关联－－全选－－修复

Giv3n - 2006-10-22 12:33:00

这个注册项好像无法干净删除，每次删除之后都会自动生成一个新的类似的，同时还有system32下的同名dll

附件: 77196220061022122536.jpg

neversaygoodbye - 2006-10-22 12:42:00

怎么每个人中的AspwsWin情况都不太一样啊.我的注册表项目中没有查到类似你的这种值

Giv3n - 2006-10-22 12:46:00

我现在都不赶完全肯定就是AspWsWin了…… 只是不定时的弹出来广告窗口……

neversaygoodbye - 2006-10-22 12:51:00

是否弹出的是一个叫www.smallqqy.com以及它的附属域名的?好烦啊.只有用广告猎手一类的阻挡一下.不治本啊..哭..真恶心这些东西

Giv3n - 2006-10-22 13:02:00

类似这样，域名飘忽不定，没有规律同样一个页面也可以是不同的域名

附件: 77196220061022125404.jpg

Giv3n - 2006-10-22 13:10:00

还有这样的……

附件: 77196220061022130155.jpg

neversaygoodbye - 2006-10-22 13:12:00

比我还要惨一些.建议你现在去天空或者华军下一个正式版的傲游浏览器,比较好用.先暂时阻挡一下.....

Giv3n - 2006-10-22 13:43:00

没用的，如果当前focus焦点不是浏览器他就会调用默认浏览器弹出一个窗口，不管你的默认浏览器是IE，Firefox还是遨游

neversaygoodbye - 2006-10-22 15:18:00

ASPWSWIN真痞....XTNN的
如果重装系统会有用吗

Giv3n - 2006-10-22 17:59:00

最麻烦重装系统了……

难道真的没药治啊

秋日里的蓝天 - 2006-10-22 18:03:00

下载个恶意软件清理助手　2.2

Giv3n - 2006-10-22 18:45:00

引用:

【秋日里的蓝天的贴子】下载个恶意软件清理助手　2.2

………………

Yes，发帖之前就已经用过这个并且阿他也显示成功清理并且已经没有其他恶意软件了……

秋日里的蓝天 - 2006-10-22 18:50:00

引用:

【Giv3n的贴子】

Yes，发帖之前就已经用过这个并且阿他也显示成功清理并且已经没有其他恶意软件了……
………………

解决了是吧！我今天才更新这个

jjxxzl - 2006-10-22 21:08:00

选择安全模式进入选择你的用户进入桌面打开恶意软件清理助手将使用强制清理模式前面的对号打上然后清理会显示清理成功

地狱天使1982 - 2006-10-22 21:13:00

我的也是老是弹出网页，帮助找工作的网页等等，烦死了，怎么办啊

秋日里的蓝天 - 2006-10-22 21:14:00

引用:

【地狱天使1982的贴子】我的也是老是弹出网页，帮助找工作的网页等等，烦死了，怎么办啊

………………

你可以发个新贴子

请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168
http://www.kztechs.com/sreng/sreng2.zip

地狱天使1982 - 2006-10-22 21:31:00

【回复“秋日里的蓝天”的帖子】
2006-10-22,21:20:26

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<UpdateRun><C:\Program Files\Common Files\updat\Update.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [YAHOO Corporation Limited]

地狱天使1982 - 2006-10-22 21:31:00

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\THTF\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[DNS Cache / BKMARKS]
<C:\WINDOWS\SYSTEM32\RUN32.EXE C:\WINDOWS\SYSTEM32\WBEM\PMIBBR05.DLL,Export 1087><Microsoft Corporation>
[DCBAE15F / DCBAE15F]
<C:\WINDOWS\system32\DCBAE15F.EXE -service><Microsoft Corporation>
[Network Security / Hardware]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jbsaey25.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MessageService / MessageService]
<C:\WINDOWS\system32\Svchost.exe -k MessageService-->C:\WINDOWS\system32\MsServices\svchost.dll><N/A>
[WindowsNT Protected Storage / NTProStorage]
<C:\WINDOWS\System32\svchost.exe -k NTProStorage-->c:\windows\system32\ntprostorage.dll><Microsoft Corporation>
[Remote IIS Admin Service / ReIISAdmin]
<C:\WINDOWS\System32\svchost.exe -k ReIISAdmin-->c:\windows\system32\reinetinfo.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bootbus / bootbus]
<\??\C:\WINDOWS\system32\drivers\bootbus.sys><N/A>
[C-Media WDM Audio Interface / cmuda]
<system32\drivers\cmuda.sys><C-Media Inc>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HOOKAPI / HOOKAPI]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HSFHWBS2 / HSFHWBS2]
<system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP]
<system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[mdmxsdk / mdmxsdk]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[ProcServ / ProcServ]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp]
<system32\drivers\srvkp.sys><Silicon Integrated Systems Corporation>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

地狱天使1982 - 2006-10-22 21:31:00

==================================
浏览器加载项
[symndis]
{166DF856-08F0-4D1C-991D-7CE3DB5C26F5} <C:\WINDOWS\system32\rasacd.dll, >
[SrchHook Class]
{6E1BC898-505A-44f4-BC88-BCE43016AC96} <C:\WINDOWS\system32\BarSea.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[netup]
{0A44CDEC-87D0-4D4D-BF97-DE9AFB9B104A} <C:\WINDOWS\system32\netiup.dll, >
[symndis]
{166DF856-08F0-4D1C-991D-7CE3DB5C26F5} <C:\WINDOWS\system32\rasacd.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[SYM]
{36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} <C:\WINDOWS\system32\usersrd.dll, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SrchHook Class]
{6E1BC898-505A-44F4-BC88-BCE43016AC96} <C:\WINDOWS\system32\BarSea.dll, N/A>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Search Bar]
{FBFF8F98-AE9D-4599-975E-E9B31E88EF04} <C:\WINDOWS\system32\ToolBar.dll, N/A>

==================================

地狱天使1982 - 2006-10-22 21:32:00

正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 460][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\DCBAE15F.DLL] [Microsoft Corporation, 5.2.3790.1830]
[PID: 528][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 820][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\jbsaey25.dll] [Microsoft Corporation, 5.1.2600.0]
[PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1188][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\DCBAE15F.DLL] [Microsoft Corporation, 5.2.3790.1830]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [N/A, N/A]
[C:\WINDOWS\system32\soundmix.dll] [, 1, 4, 0, 0]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[C:\WINDOWS\SYSTEM32\WBEM\PMIBBR05.DLL] [Microsoft Corporation, 5, 1, 2600, 2709]
[C:\WINDOWS\system32\ext\dtsm.dll] [N/A, N/A]
[C:\WINDOWS\system32\ext\dtdl.dll] [N/A, N/A]
[c:\windows\system32\jbsaey25.dll] [Microsoft Corporation, 5.1.2600.0]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[PID: 1312][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1412][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1908][C:\WINDOWS\SYSTEM32\RUN32.EXE] [Microsoft Corporation, 5.00.2134.1]
[C:\WINDOWS\SYSTEM32\WBEM\PMIBBR05.DLL] [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 2008][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\msservices\svchost.dll] [N/A, N/A]
[c:\windows\system32\msservices\MsService.dll] [, 1, 0, 0, 1]
[c:\windows\system32\msservices\unreg1.dll] [N/A, N/A]
[c:\windows\system32\msservices\OldUnReg.dll] [N/A, N/A]
[PID: 2028][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\ntprostorage.dll] [Microsoft Corporation, 6.6.3791.1832]
[PID: 120][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\reinetinfo.dll] [Microsoft Corporation, 6.6.3791.1832]
[PID: 992][c:\windows\system32\wbem\services.exe] [Microsoft, 1.0.0.0]
[PID: 1356][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2220][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 41, 6]
[C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[PID: 2260][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 2276][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2356][C:\Program Files\Common Files\updat\Update.exe] [N/A, N/A]
[PID: 2432][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3976][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1952][C:\WINDOWS\system32\alexa.exe] [N/A, N/A]
[C:\DOCUME~1\THTF\LOCALS~1\Temp\nsr10.tmp\InstallOptions.dll] [N/A, N/A]
[PID: 2800][C:\WINDOWS\system32\sthu1.exe] [N/A, N/A]
[C:\DOCUME~1\THTF\LOCALS~1\Temp\nsg13.tmp\InstallOptions.dll] [N/A, N/A]
[PID: 312][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2736][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4414.258]
[PID: 3476][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] [Yahoo! China, 3, 0, 0, 1000]
[C:\WINDOWS\system32\BarSea.dll] [N/A, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\WINDOWS\system32\rasacd.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\kakatool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 0, 9]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3668][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\rasacd.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\BarSea.dll] [N/A, 1, 0, 0, 1]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[PID: 3300][C:\Program Files\Windows Media Player\wmplayer.exe] [Microsoft Corporation, 9.00.00.3250]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 2840][C:\DOCUME~1\THTF\LOCALS~1\Temp\Rar$EX00.328\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

瑞星卡卡安全论坛