[CODE] 2009-02-01,11:15:14 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\AT&T Network Client\NetSP.exe" -show> [AT&T] [File is missing] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\IBM\Personal Communications\tpam.exe"> [] <"C:\progra~1\c4ebreg\isamtray.exe"> [IBM Corp.] [IBM Global Services] [(Verified)Microsoft Windows Publisher] [Intel Corporation] [Intel Corporation] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\progra~1\c4ebreg\c4ebreg.exe" /q> [IBM Corp.] [] [IBM Corp.] [] [] [] [Lenovo Group Limited] [Lenovo] [Lenovo, Ltd. and IBM Corporation.] [Lenovo] [Lenovo] [File is missing] <"C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup> [File is missing] <"c:\sdwork\issimsvc.exe"> [IBM Corp.] <"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation] [(Verified)Symantec Corporation] [File is missing] [File is missing] [(Verified)Microsoft Windows Publisher] <; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atmgrtok] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [(Verified)Symantec Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcsinst] [IBM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] [] ================================== 启动文件夹 [Lotus QuickStart] C:\lotus\wordpro\ltsstart.exe [Lotus Development Corporation]> ================================== 服务 [Ac Profile Manager Service / AcPrfMgrSvc][Running/Auto Start] [ACU Configuration Service / ACS][Running/Manual Start] [Access Connections Main Service / AcSvc][Running/Auto Start] [AppnNode / AppnNode][Stopped/Manual Start] [Symantec Event Manager / ccEvtMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Symantec Network Proxy / ccProxy][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"> [Symantec Settings Manager / ccSetMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"> [Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start] <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"> [Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start] [ThinkPad PM Service / IBMPMSVC][Running/Auto Start] <> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"> [Windows CardSpace / idsvc][Stopped/Manual Start] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"> [IBM Standard Asset Manager Service / ISAMSvc][Running/Auto Start] <"C:\progra~1\c4ebreg\c4ebreg.exe"> [ISSI EZUpdate / ISSIMon][Running/Auto Start] [IS Service / ISSVC][Running/Auto Start] <"C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"> [IBM Enterprise Extender / ldlcserv][Running/Auto Start] [LiveUpdate / LiveUpdate][Stopped/Manual Start] <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"> [Network Configuration Service / NetCfgSvr][Running/Auto Start] [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"> [SavRoam / SavRoam][Running/Auto Start] <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"> [Symantec Network Drivers Service / SNDSrvc][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"> [Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"> [Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start] <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"> [Symantec SecurePort / SymSecurePort][Running/Auto Start] <"C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"> [ThinkPad HDD APS Logging Service / TPHDEXLGSVC][Running/Auto Start] <(File is missing)> [IBM KCU Service / TpKmpSVC][Running/Auto Start] [IBM Trace Facility / TrcBoot][Running/Auto Start] [CLCV0 / UTSCSI][Stopped/Auto Start] <> ================================== 驱动程序 [Net Firewall Miniport Interface / ABVPN2K][Stopped/Manual Start] [aeaudio / aeaudio][Running/Manual Start] [AEGIS Protocol (IEEE 802.1x) v3.4.10.0 / AegisP][Running/Auto Start] [AGN Filter Interface / agnfilt][Running/Manual Start] [AT&T Wi-Fi Support Driver / agnwifi][Stopped/Disabled] [AliIde / AliIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [AMD AGP Bus Filter Driver / amdagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\amdagp.sys> [ANC / ANC][Running/System Start] [Anydlc / Anydlc][Running/Manual Start] <\SystemRoot\System32\drivers\anydlc.sys> [Appn / Appn][Running/Manual Start] <\SystemRoot\System32\drivers\appn.sys> [AppnApi / AppnApi][Running/Auto Start] <\SystemRoot\System32\drivers\appnapi.sys> [AppnBase / AppnBase][Running/Manual Start] <\SystemRoot\System32\drivers\AppnBase.sys> [Dual-band Wi-Fi Wireless Mini PCI Adapter / AR5211][Running/Manual Start] [asc / asc][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc.sys> [asc3550 / asc3550][Running/Boot Start] <\SystemRoot\system32\DRIVERS\asc3550.sys> [AGN Virtual Network Adapter / avpnnic][Stopped/Manual Start] [CMB8100 / CMB8100][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CertClient.dat> [CMBProtector / CMBProtector][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat> [CmdIde / CmdIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\cmdide.sys> [dac2w2k / dac2w2k][Running/Boot Start] <\SystemRoot\system32\DRIVERS\dac2w2k.sys> [Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start] [Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start] [Symantec Eraser Control driver / eeCtrl][Running/System Start] <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys> [IBM eGatherer driver / EGATHDRV][Stopped/Manual Start] <\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS> [EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start] <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys> [FTCProtect / FTCProtect][Stopped/Manual Start] [HSFHWICH / HSFHWICH][Running/Manual Start] [HSF_DP / HSF_DP][Running/Manual Start] [ialm / ialm][Running/Manual Start] [Intel AHCI Controller / iastor][Running/Boot Start] <\SystemRoot\System32\Drivers\iaStor.sys> [IBMPMDRV / IBMPMDRV][Running/Manual Start] [IBMTPCHK / IBMTPCHK][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys> [IBM 个人通信 LLC2 驱动程序 / IBM_LLC2][Running/Auto Start] [KLOGNT / KLOGNT][Running/Manual Start] <\SystemRoot\System32\drivers\klognt.sys> [mdmxsdk / mdmxsdk][Running/Auto Start] [mraid35x / mraid35x][Running/Boot Start] <\SystemRoot\system32\DRIVERS\mraid35x.sys> [NAVENG / NAVENG][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\naveng.sys> [NAVEX15 / NAVEX15][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\navex15.sys> [NSC Infrared Device Driver / NSCIRDA][Running/Manual Start] [NsTrcNT / NsTrcNT][Running/Auto Start] <\SystemRoot\System32\drivers\nstrcnt.sys> [PDLC Adapter -- COM / pdlnacom][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnacom.sys> [PDLC Adapter Factory / pdlnafac][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnafac.sys> [Twinax Adapter Common / pdlnatcm][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnatcm.sys> [Twinax Adapter / pdlnatdl][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnatdl.sys> [PDLC CxM Classes / pdlncbas][Running/Manual Start] <\SystemRoot\System32\drivers\pdlncbas.sys> [PDLC Connection Manager / pdlncfwk][Running/Manual Start] <\SystemRoot\System32\drivers\pdlncfwk.sys> [Twinax CUT Adapter / pdlnctdl][Running/Auto Start] <\SystemRoot\System32\drivers\pdlnctdl.sys> [PDLC DLC Classes / pdlndint][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndint.sys> [IBM Enterprise Extender (HPR/IP) / pdlndldl][Running/Auto Start] <\SystemRoot\System32\drivers\pdlndldl.sys> [PDLC LAPB / pdlndlpb][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndlpb.sys> [PDLC OEM Interface / pdlndoem][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndoem.sys> [PDLC QLLC / pdlndqll][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndqll.sys> [PDLC SDLC / pdlndsdl][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndsdl.sys> [Twinax DLC / pdlndtdl][Running/Manual Start] <\SystemRoot\System32\drivers\pdlndtdl.sys> [PDLC Environment / pdlnebas][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnebas.sys> [PDLC Configuration / pdlnecfg][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnecfg.sys> [PDLC Mapper / pdlnemap][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnemap.sys> [PDLC Message Driver / pdlnemsg][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnemsg.sys> [PDLC Buffer Manager / pdlnepkt][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnepkt.sys> [PDLC Hayes At signalling / pdlnshay][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnshay.sys> [PDLC SDLC Leased / pdlnslea][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnslea.sys> [PDLC V25bis signalling / pdlnsv25][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnsv25.sys> [PDLC X.25 / pdlnsx25][Running/Manual Start] <\SystemRoot\System32\drivers\pdlnsx25.sys> [PMEM / PMEM][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [ql1080 / ql1080][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql1080.sys> [ql12160 / ql12160][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql12160.sys> [ql1280 / ql1280][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ql1280.sys> [SAVRT / SAVRT][Running/System Start] <\??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys> [SAVRTPEL / SAVRTPEL][Running/System Start] <\??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys> [Secdrv / Secdrv][Stopped/Manual Start] [SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys> [Smapint / Smapint][Running/System Start] [smwdm / smwdm][Running/Manual Start] [Sparrow / Sparrow][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sparrow.sys> [SPBBCDrv / SPBBCDrv][Running/System Start] <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys> [symc810 / symc810][Running/Boot Start] <\SystemRoot\system32\DRIVERS\symc810.sys> [symc8xx / symc8xx][Running/Boot Start] <\SystemRoot\system32\DRIVERS\symc8xx.sys> [SYMDNS / SYMDNS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMDNS.SYS> [SymEvent / SymEvent][Running/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS> [SYMFW / SYMFW][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMFW.SYS> [SYMIDS / SYMIDS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMIDS.SYS> [SYMIDSCO / SYMIDSCO][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090129.001\symidsco.sys> [SYMNDIS / SYMNDIS][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMNDIS.SYS> [SYMREDRV / SYMREDRV][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS> [SYMTDI / SYMTDI][Running/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS> [sym_hi / sym_hi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sym_hi.sys> [sym_u3 / sym_u3][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sym_u3.sys> [TCP/IP Protocol Driver / Tcpip][Running/System Start] [TDSMAPI / TDSMAPI][Running/System Start] [PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start] [TPPWR / TPPWR][Running/System Start] [TSMAPIP / TSMAPIP][Running/System Start] [ultra / ultra][Running/Boot Start] <\SystemRoot\system32\DRIVERS\ultra.sys> [winachsf / winachsf][Running/Manual Start] ================================== 浏览器加载项 [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [CBBrowerBuddy Class] {A412E581-59B2-485E-834F-C5F0C0268C79} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Uploader Control] {654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [LNWebAssist Class] {9519B2A2-6592-4E41-8290-D0298459270C} [] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, > [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, > [] {889D2FEB-5411-4565-8998-1DD2C5261283} <, > [] {9701758C-4373-482E-B13C-776C048EC890} <, > [CBBrowerBuddy Class] {A412E581-59B2-485E-834F-C5F0C0268C79} [] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, > [E&xport to Microsoft Excel] ================================== 正在运行的进程 [PID: 676 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 724 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 748 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\WINDOWS\system32\tphklock.dll] [N/A, ] [C:\Program Files\IBM\Personal Communications\atmgrtok.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\MILLUTIL.DLL] [IBM Corporation, 5070.10.4118.928] [C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\pcsinst.dll] [IBM, 1, 0, 0, 1] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\notifyf2.dll] [N/A, ] [PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 980 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe] [, ] [PID: 1008 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1204 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1320 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1476 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 244 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 104.0.11.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [PID: 272 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 104.0.11.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 2.2.0.7] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\SYMANT~2\SYMANT~1\LOGFWDER.DLL] [Symantec Corporation, 8.7.4.97] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 6.0.4.402] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000] [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\nts.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\cba.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\SNLog.dll] [Symantec Corporation, 8.7.4.97] [PID: 532 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccProxy.exe] [Symantec Corporation, 104.0.11.1] [C:\WINDOWS\system32\SYMREDIR.dll] [Symantec Corporation, 6.0.4.402] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 6.0.4.402] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\DPHTML.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\DPJS.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\DPVBS.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\PFMisc.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\PFPriv.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\PFSec.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\PxyIM.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccLogin.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [PID: 572 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe] [Symantec Corporation, 8.7.4.97] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 6.0.4.402] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1] [PID: 620 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe] [Symantec Corporation, 6.0.4.402] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\SymNeti.dll] [Symantec Corporation, 6.0.4.402] [PID: 716 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe] [Symantec Corporation, 2.2.0.7] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.7] [C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll] [Symantec Corporation, 2.2.0.7] [PID: 1408 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\E_FLBCFP.DLL] [SEIKO EPSON CORPORATION, 2, 4, 0, 0] [C:\WINDOWS\system32\selnt.dll] [N/A, ] [C:\WINDOWS\system32\pdclntif.dll] [N/A, ] [C:\WINDOWS\system32\pdprDlg.dll] [N/A, ] [C:\WINDOWS\system32\pdresrc.dll] [N/A, ] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\unidrvui.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [PID: 1692 / SYSTEM][C:\WINDOWS\system32\Drivers\trcboot.exe] [IBM Corporation, 5070.10.4118.928] [PID: 1712 / SYSTEM][C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\DEFSECUR.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\ATMGRTOK.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\MILLUTIL.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\PCSWLIB.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSPREF.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSCLIB.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSMSG.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSW32X.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\PCSWLIBI.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\NODEINIT.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Trace Facility\NSTRC.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\SPELLING.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Trace Facility\FMT_UTIL.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\PCSCAPI.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\OOCSVCS2.dll] [N/A, ] [C:\Program Files\IBM\Personal Communications\MESSAGE.DLL] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\MSGIO.dll] [IBM Corporation, 5070.10.4118.928] [C:\Program Files\IBM\Personal Communications\PCSRTMSN.DLL] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSTQ.dll] [IBM Corporation, 5070.10.4119.386] [C:\Program Files\IBM\Personal Communications\PCSZLIB.dll] [IBM Corporation, 5070.10.4119.386] [PID: 1860 / SYSTEM][C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll] [N/A, ] [PID: 1904 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1428 / SYSTEM][d:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 9, 1, 15] [d:\Program Files\StormII\bfoptdll.dll] [北京暴风网际科技有限公司, 3, 8, 7, 16] [d:\Program Files\StormII\box\BoxLog.dll] [北京暴风网际科技有限公司, 3, 9, 1, 15] [PID: 2016 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [PID: 144 / SYSTEM][C:\progra~1\c4ebreg\c4ebreg.exe] [IBM Corp., 7.10] [C:\progra~1\c4ebreg\osprules.dll] [IBM Corp., 2.0] [C:\progra~1\c4ebreg\python23.dll] [Python Software Foundation, 2.3.4] [PID: 424 / SYSTEM][c:\sdwork\issimsvc.exe] [IBM Corp., 3.07] [PID: 612 / SYSTEM][C:\Program Files\AT&T Network Client\NetCfgSv.EXE] [AT&T, 6.9.0.3006] [C:\Program Files\AT&T Network Client\WwanCore.dll] [PCTEL Inc., 2.50.05.0] [C:\Program Files\AT&T Network Client\ToolBx.dll] [PCTEL Inc., 2.50.05.0] [C:\Program Files\AT&T Network Client\Diagnostic.dll] [PCTEL Inc., 2.50.05.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [PID: 464 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe] [symantec, 10.1.5.5000] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000] [PID: 488 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 500 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000] [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.15.3] [C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 51.3.0.11] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\ccEraser.dll] [Symantec Corporation, 108.2.4.3] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\ecmsvr32.dll] [Symantec Corporation, 81.3.0.13] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\NAVEX32a.DLL] [Symantec Corporation, 20081.3.0.17] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090130.003\NAVENG32.DLL] [Symantec Corporation, 20081.3.0.17] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpmsece4.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.7] [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.5.5000] [PID: 1128 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe] [Symantec Corporation, 8.7.4.97] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 6.0.4.402] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [PID: 1600 / SYSTEM][C:\WINDOWS\System32\TPHDEXLG.EXE] [Lenovo., 1.40] [PID: 1828 / SYSTEM][C:\WINDOWS\system32\TpKmpSVC.exe] [N/A, ] [PID: 2220 / SYSTEM][C:\WINDOWS\system32\Drivers\ldlcserv.exe] [IBM Corporation, 5070.10.4118.928] [PID: 2388 / SYSTEM][C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcHlpr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll] [IBM Corp., 8.3] [C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll] [IBM Corp., 8.3] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcAtheros.DLL] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACAthMSVC6.dll] [Lenovo, 4, 11, 0, 0] [C:\WINDOWS\system32\wcapi.dll] [Atheros, 4.1.1.233] [C:\WINDOWS\system32\athcfg11.dll] [Atheros, 4.1.1.233] [C:\WINDOWS\system32\athcfg11Res.dll] [Atheros Communications, Inc., 4.1.1.233] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 3268 / TOM HUA][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\atl32.dll] [Microsoft Corporation, 6.10.3005.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3879] [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)] [C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\system32\tsd32.dll] [, ] [C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 3648 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2820 / SYSTEM][C:\WINDOWS\system32\acs.exe] [N/A, ] [C:\WINDOWS\system32\athcfg11.dll] [Atheros, 4.1.1.233] [C:\WINDOWS\system32\athcfg11Res.dll] [Atheros Communications, Inc., 4.1.1.233] [C:\PROGRA~1\ThinkPad\CONNEC~1\ACATHE~1.DLL] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\AegisE5.dll] [Meetinghouse Data Communications, 3, 0, 32, 0] [PID: 1264 / TOM HUA][C:\Program Files\IBM\Personal Communications\tpam.exe] [, ] [PID: 2260 / TOM HUA][C:\progra~1\c4ebreg\isamtray.exe] [IBM Corp., 7.10] [PID: 2792 / SYSTEM][C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll] [Lenovo, 4, 11, 0, 0] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll] [Lenovo, 4, 0, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\SvcHlprRes.dll] [Lenovo, 4, 0, 0, 0] [PID: 2872 / TOM HUA][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3879] [PID: 3004 / TOM HUA][C:\WINDOWS\system32\tp4serv.exe] [Lenovo Group Limited, 3.55] [C:\WINDOWS\system32\tp4uires.dll] [N/A, ] [PID: 2052 / TOM HUA][C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe] [N/A, ] [C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll] [N/A, ] [C:\WINDOWS\system32\Oemdspif.dll] [Intel Corporation, 3.0.0.3879] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3879] [C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll] [N/A, ] [PID: 2616 / TOM HUA][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0] [C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0] [C:\WINDOWS\system32\sensor.dll] [Lenovo., 1.40] [PID: 2692 / TOM HUA][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll] [, ] [C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0] [C:\WINDOWS\system32\sensor.dll] [Lenovo., 1.40] [PID: 3264 / TOM HUA][C:\WINDOWS\system32\TpShocks.exe] [Lenovo, Ltd. and IBM Corporation., 1, 4, 1, 0] [C:\Program Files\ThinkPad\TpShocks\MUI\0804\TpShocks.dll] [Lenovo, Ltd. and IBM Corporation., 1, 4, 1, 0] [C:\WINDOWS\system32\Sensor.dll] [Lenovo., 1.40] [PID: 3560 / TOM HUA][C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, ] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll] [Lenovo, 4, 0, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\TrayRes.dll] [Lenovo, 4, 0, 0, 0] [PID: 308 / TOM HUA][C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\ThinkPad\ConnectUtilities\ACGUIHlpr.dll] [Lenovo, 4, 11, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll] [N/A, ] [C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll] [N/A, ] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\GUIHlprRes.dll] [Lenovo, 4, 0, 0, 0] [C:\Program Files\ThinkPad\ConnectUtilities\Res\SC\IconRes.dll] [Lenovo, 4, 0, 0, 0] [PID: 2320 / TOM HUA][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.11.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 104.0.11.1] [C:\PROGRA~1\SYMANT~2\SYMANT~1\NISPROD.DLL] [Symantec Corporation, 8.7.4.97] [C:\PROGRA~1\SYMANT~2\SYMANT~1\NISTRAY.DLL] [Symantec Corporation, 8.7.4.97] [C:\WINDOWS\system32\SymNeti.DLL] [Symantec Corporation, 6.0.4.402] [C:\PROGRA~1\SYMANT~2\SYMANT~1\NISALERT.DLL] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISRes.dll] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Common Files\Symantec Shared\ccLogin.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1] [C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 6.0.4.402] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccEmlflt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\NISLCOM.dll] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymFWAgt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\SFWAlert.dll] [Symantec Corporation, 8.7.4.97] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\ccFWSetg.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\pRSettg.dll] [N/A, ] [C:\Program Files\Common Files\Symantec Shared\Options\VTCache.dll] [Symantec Corporation, 2005.3.0.58] [C:\Program Files\Symantec Client Security\Symantec Client Firewall\TLevel.dll] [Symantec Corporation, 104.0.11.1] [PID: 2736 / TOM HUA][C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.11.1] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000] [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1] [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.5.5000] [C:\WINDOWS\system32\nts.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\cba.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E] [C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E] [PID: 356 / TOM HUA][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3020 / TOM HUA][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3140 / TOM HUA][C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe] [N/A, ] [PID: 3116 / TOM HUA][C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe] [Lenovo Group Limited, 1.17] [PID: 5428 / TOM HUA][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3832 / TOM HUA][C:\WINDOWS\system32\mms.exe] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [PID: 5112 / TOM HUA][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 2876 / TOM HUA][C:\Documents and Settings\Administrator\桌面\sreng2\SREc3d0a28f.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 2388, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2820, C:\WINDOWS\SYSTEM32\ACS.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 1264, C:\PROGRAM FILES\IBM\PERSONAL COMMUNICATIONS\TPAM.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1264, C:\PROGRAM FILES\IBM\PERSONAL COMMUNICATIONS\TPAM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1264, C:\PROGRAM FILES\IBM\PERSONAL COMMUNICATIONS\TPAM.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 2260, C:\PROGRA~1\C4EBREG\ISAMTRAY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2260, C:\PROGRA~1\C4EBREG\ISAMTRAY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2260, C:\PROGRA~1\C4EBREG\ISAMTRAY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2792, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 2872, C:\WINDOWS\SYSTEM32\HKCMD.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2872, C:\WINDOWS\SYSTEM32\HKCMD.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2872, C:\WINDOWS\SYSTEM32\HKCMD.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 2052, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2052, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2052, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 3264, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3264, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3264, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 3560, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3560, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3560, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 308, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 308, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 308, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 3140, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3140, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3140, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 3116, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3116, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3116, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 3832, C:\WINDOWS\SYSTEM32\MMS.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3832, C:\WINDOWS\SYSTEM32\MMS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3832, C:\WINDOWS\SYSTEM32\MMS.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 5112, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 5112, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 5112, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] ================================== 计划任务 [已禁用] BMMTask.job C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE ================================== API HOOK 入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D) ================================== 隐藏进程 N/A ================================== [/CODE]