GenUnp是什么病毒（木马）？

泡坛鱼

用的McAfee 8.5企业版
日志：
2007-6-5 7:30:02 已删除  NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\TEMP\WIN1FD8.TMP.EXE QLowZones-15 (特洛伊)
2007-6-5 7:30:05 已删除  NT AUTHORITY\SYSTEM \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\TEMP\win1FD8.tmp.exe\GenUnp QLowZones-15 (特洛伊)
2007-6-5 7:30:05 已删除  LG-NOTE\G_Nb D:\Program Files\Maxthon\Maxthon.exe E:\TEMPORARY INTERNET FILES\CONTENT.IE5\ZTFRASN2\Q3Q99[1].EXE QLowZones-15 (特洛伊)
2007-6-5 7:30:05 已删除  LG-NOTE\G_Nb D:\Program Files\Maxthon\Maxthon.exe E:\Temporary Internet Files\Content.IE5\ZTFRASN2\q3q99[1].exe\GenUnp QLowZones-15 (特洛伊)

泡坛鱼

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <H/PC Connection Agent><"D:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
    <WMPNSCFG><; C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows Component Publisher]
    <TPKMAPMN><d:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  []
    <LogitechSoftwareUpdate><; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot>  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <STYLEXP><; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  []
    <Super Rabbit IEPro><; D:\Program Files\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
    <system><; C:\WINDOWS\system32\systime.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <TP4EX><tp4ex.exe>  [Lenovo Group Limited]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray>  [Analog Devices, Inc.]
    <PWRMGRTR><rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor>  [Lenovo Group Limited]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Microsoft Windows Publisher]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TpShocks><TpShocks.exe>  [(Verified)Lenovo (Japan) Ltd.]
    <TPHOTKEY><d:\PROGRA~1\Lenovo\SOFTIN~1\HOTKEY\TPHKMGR.exe>  []
    <BackgroundSwitcher><C:\WINDOWS\system32\bgswitch.exe>  []
    <CoolSwitch><C:\WINDOWS\system32\taskswitch.exe>  []
    <FastUser><C:\WINDOWS\system32\fast.exe>  [Microsoft Corporation]
    <TVT Scheduler Proxy><C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe>  [Lenovo Group Limited]
    <TPKBDLED><C:\WINDOWS\system32\TpScrLk.exe>  []
    <Kernel and Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Microsoft Windows Publisher]
    <LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE>  [Logitech Inc.]
    <LogitechVideoRepair><d:\Program Files\Logitech\Video\ISStart.exe >  [Logitech Inc.]
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
    <Google IME Autoupdater><"d:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <ShStatEXE><"D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE>  [(Verified)"McAfee, Inc."]
    <McAfeeUpdaterUI><"D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
    <Network Associates Error Reporting Service><"C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe">  [Network Associates, Inc.]
    <McAfeeFireTray><d:\PROGRA~1\MCAFEE~1\Firetray.exe>  [McAfee, Inc.]
    <EZEJMNAP><d:\PROGRA~1\ThinkPad\UTILIT~1\EASYEJ~1\EzEjMnAp.Exe>  [(Verified)Lenovo (Japan) Ltd.]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <TPKMAPHELPER><d:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [Lenovo]
    <TPFNF7><d:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r>  [(Verified)Lenovo (Japan) Ltd.]
    <ACTray><d:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe>  [Lenovo ]
    <ACWLIcon><d:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe>  [Lenovo ]
    <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe">  [N/A]
    <cssauth><; "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent>  [N/A]
    <GrooveMonitor><; "D:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]
    <InCD><; D:\Program Files\Nero 7\Nero 7\InCD\InCD.exe>  [(Verified)Nero AG]
    <LogitechVideoTray><; d:\Program Files\Logitech\Video\LogiTray.exe>  [Logitech Inc.]
    <McAfeeHIPReg><; regsvr32 /s C:\WINDOWS\system32\FireEpo.dll>  [McAfee, Inc.]
    <NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  [(Verified)Nero AG]
    <Outpost Firewall><; D:\Program Files\Outpost Firewall\outpost.exe /waitservice>  [N/A]
    <OutpostFeedBack><; d:\Program Files\Outpost Firewall\feedback.exe /dump:os_startup>  [N/A]
    <RoxioDragToDisc><; "D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe">  [Sonic Solutions]
    <RoxWatchTray><; "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe">  []
    <SunJavaUpdateSched><; D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <System Files Updater><; C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><vrlogon.dll>  [UPEK Inc.]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><D:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [Microsoft Corporation]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
    <WinlogonNotify: ACNotify><ACNotify.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
    <WinlogonNotify: psfus><C:\WINDOWS\system32\psqlpwd.dll>  [UPEK Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    <WinlogonNotify: tpfnf2><notifyf2.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    <WinlogonNotify: tphotkey><tphklock.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbjt32]
    <WinlogonNotify: winbjt32><winbjt32.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows XP Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><; C:\WINDOWS\system32\logon.scr>  [N/A]

泡坛鱼

==================================
启动文件夹
[Adobe Acrobat Speed Launcher]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[AutoCAD Startup Accelerator]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD Startup Accelerator.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Digital Line Detect]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Digital Line Detect.lnk --> C:\PROGRA~1\DIGITA~1\DLG.exe [BVRP Software]><N>
[Logitech SetPoint]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk --> D:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N>
[OneNote 2007 屏幕剪辑程序和启动程序]
  <C:\Documents and Settings\G_Nb\「开始」菜单\程序\启动\OneNote 2007 屏幕剪辑程序和启动程序.lnk --> D:\PROGRA~1\MI69DF~1\Office12\ONENOTEM.EXE [Microsoft Corporation]><N>

==================================
服务
[Ac Profile Manager Service / AcPrfMgrSvc][Stopped/Auto Start]
  <d:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe><Lenovo>
[Access Connections Main Service / AcSvc][Stopped/Auto Start]
  <d:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe><Lenovo>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Crypkey License / Crypkey License][Stopped/Auto Start]
  <crypserv.exe><Kenonic Controls Ltd.>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Stopped/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[McAfee Desktop Firewall Service / FireSvc][Stopped/Auto Start]
  <d:\PROGRA~1\MCAFEE~1\FireSvc.exe><McAfee, Inc.>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HP Port Resolver / HP Port Resolver][Stopped/Manual Start]
  <C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE><Hewlett-Packard Company>
[HP Status Server / HP Status Server][Stopped/Manual Start]
  <C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE><Hewlett-Packard Company>
[ThinkPad PM Service / IBMPMSVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\ibmpmsvc.exe><Lenovo>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[InCD Helper / InCDsrv][Stopped/Disabled]
  <D:\Program Files\Nero 7\Nero 7\InCD\InCDsrv.exe><Nero AG>
[InteractiveLogon / InteractiveLogon][Stopped/Auto Start]
  <C:\WINDOWS\system32\Fast.exe -service><Microsoft Corporation>
[McAfee Framework Service / McAfeeFramework][Stopped/Auto Start]
  <"D:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Stopped/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Stopped/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
[Machine Debug Manager / MDM][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"><Microsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[NBService / NBService][Stopped/Disabled]
  <D:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe><HP>
[IBM PSA Access Driver Control / PsaSrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Stopped/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[LiveShare P2P Server / RoxLiveShare][Stopped/Disabled]
  <"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe"><Sonic Solutions>
[RoxMediaDB / RoxMediaDB][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"><Sonic Solutions>
[RoxUPnPRenderer / RoxUPnPRenderer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe"><Sonic Solutions>
[RoxUpnpServer / RoxUpnpServer][Stopped/Auto Start]
  <"D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"><Sonic Solutions>
[Roxio Hard Drive Watcher / RoxWatch][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe"><Sonic Solutions>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Stopped/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[StarWind iSCSI Service / StarWindService][Stopped/Auto Start]
  <d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[StyleXPService / StyleXPService][Stopped/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[System Update / SUService][Stopped/Auto Start]
  <d:\program files\lenovo\system update\suservice.exe><Lenovo Group Limited>
[ThinkVantage Registry Monitor Service / ThinkVantage Registry Monitor Service][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe"><Lenovo Group Limited>
[ThinkPad HDD APS Logging Service / TPHDEXLGSVC][Stopped/Auto Start]
  <System32\TPHDEXLG.exe><N/A>
[IBM KCU Service / TpKmpSVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[TVT Backup Protection Service / TVT Backup Protection Service][Stopped/Auto Start]
  <"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe"><>
[TVT Backup Service / TVT Backup Service][Stopped/Auto Start]
  <"C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe"><Lenovo Group Limited>
[TVT Scheduler / TVT Scheduler][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe"><Lenovo Group Limited>
[tvtnetwk / tvtnetwk][Stopped/Auto Start]
  <C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe><N/A>
[User Profile Hive Cleanup / UPHClean][Stopped/Auto Start]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

泡坛鱼

==================================
驱动程序
[aeaudio / aeaudio][Stopped/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.6.0.0 / AegisP][Stopped/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[ANC / ANC][Stopped/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Stopped/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BHDCKEY / BHDCKEY][Stopped/Manual Start]
  <System32\Drivers\usbdriver.sys><BHDC>
[Logitech QuickCam Pro 3000(CamDrl) / CamDrL][Stopped/Manual Start]
  <system32\DRIVERS\Camdrl.sys><Logitech Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
  <\SystemRoot\system32\drivers\drvmcdb.sys><Sonic Solutions>
[IBM Access Support / EGATHDRV][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\EGATHDRV.SYS><IBM Corporation>
[McAfee Desktop Firewall / FireHook][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Firehk5x.sys><McAfee, Inc.>
[firelm01 / firelm01][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\firelm01.sys><N/A>
[McAfee Desktop Firewall Policy Manager Driver / FirePM][Running/Boot Start]
  <\SystemRoot\System32\Drivers\FirePM.sys><McAfee, Inc.>
[McAfee Desktop Firewall TDI Driver / FireTDI][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\FireTDI.sys><McAfee, Inc.>
[HSFHWICH / HSFHWICH][Stopped/Manual Start]
  <system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Stopped/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[HUAWEI Mobile Connect - 3G Modem / hwcdcmdm0][Stopped/Manual Start]
  <system32\DRIVERS\ewusbmdm.sys><QUALCOMM Incorporated>
[HUAWEI Mobile Connect - 3G Application Interface / hwusbser][Stopped/Manual Start]
  <system32\DRIVERS\ewusbser.sys><QUALCOMM Incorporated>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[IBMTPCHK / IBMTPCHK][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys><N/A>
[InCD File System / InCDfs][Running/Disabled]
  <system32\drivers\InCDFs.sys><Nero AG>
[InCDPass / InCDPass][Running/System Start]
  <system32\drivers\InCDPass.sys><Nero AG>
[InCD Reader / incdrm][Running/System Start]
  <system32\drivers\InCDRm.sys><Nero AG>
[Logitech SetPoint Keyboard Driver / L8042Kbd][Running/Manual Start]
  <system32\DRIVERS\L8042Kbd.sys><Logitech Inc.>
[LBeepKE / LBeepKE][Stopped/Auto Start]
  <System32\Drivers\LBeepKE.sys><Logitech Inc.>
[Logitech SetPoint KMDF HID Filter Driver / LHidFilt][Running/Manual Start]
  <system32\DRIVERS\LHidFilt.Sys><Logitech, Inc.>
[SetPoint HID Mouse Filter Driver / LHidKe][Stopped/Manual Start]
  <system32\DRIVERS\LHidKE.Sys><Logitech Inc.>
[SetPoint USB Receiver device driver / LHidUsbK][Stopped/Manual Start]
  <System32\Drivers\LHidUsbK.Sys><Logitech Inc.>
[Logitech SetPoint KMDF Mouse Filter Driver / LMouFilt][Running/Manual Start]
  <system32\DRIVERS\LMouFilt.Sys><Logitech, Inc.>
[SetPoint Mouse Filter Driver / LMouKE][Stopped/Manual Start]
  <system32\DRIVERS\LMouKE.Sys><Logitech Inc.>
[Logitech SetPoint KMDF USB Filter / LUsbFilt][Running/Manual Start]
  <System32\Drivers\LUsbFilt.Sys><Logitech, Inc.>
[Logitech USB Monitor Filter / LVUSBSta][Stopped/Manual Start]
  <system32\drivers\lvusbsta.sys><Logitech Inc.>
[mdmxsdk / mdmxsdk][Stopped/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[McAfee Inc. / mfeapfk][Stopped/Manual Start]
  <system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. / mfeavfk][Stopped/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Stopped/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Stopped/Manual Start]
  <system32\drivers\mfehidk.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Stopped/System Start]
  <\??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfetdik][Stopped/System Start]
  <system32\drivers\mfetdik.sys><McAfee, Inc.>
[NetworkX / NetworkX][Stopped/System Start]
  <\SystemRoot\system32\ckldrv.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Program Files\qq2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Stopped/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Upper Class Filter Driver / NTIDrvr][Running/Manual Start]
  <system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[pmem / pmem][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\pmemnt.sys><Microsoft Corporation>
[Lenovo Parties Service Access Device Driver / psadd][Stopped/Manual Start]
  <system32\DRIVERS\psadd.sys><Lenovo (United States) Inc.>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RxFilter / RxFilter][Stopped/System Start]
  <system32\DRIVERS\RxFilter.sys><Sonic Solutions>
[WLAN 传输 / s24trans][Stopped/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Shockprf / Shockprf][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\Apsx86.sys><Lenovo.>
[Smapint / Smapint][Stopped/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[SMI Helper Driver (smihlp2) / smihlp2][Stopped/Auto Start]
  <\??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys><UPEK Inc.>
[smwdm / smwdm][Stopped/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
  <system32\DRIVERS\sonypvs1.sys><Sony Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[StyleXPHelper / StyleXPHelper][Stopped/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TCP/IP Protocol Driver / Tcpip][Stopped/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TC USB Kernel Driver / TcUsb][Stopped/Manual Start]
  <System32\Drivers\tcusb.sys><UPEK Inc.>
[TDSMAPI / TDSMAPI][Stopped/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TPDIGIMN / TPDIGIMN][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ApsHM86.sys><Lenovo.>
[TPInput / TPInput][Running/Manual Start]
  <System32\DRIVERS\TPInput.sys><Lenovo, Ltd. and IBM Corporation.>
[Winbond Trusted Platform Module / TPM][Stopped/Manual Start]
  <system32\DRIVERS\tpm.sys><Winbond Electronics Corp.>
[NSC Integrated Trusted Platform Module 1.1 / TPM11][Running/Manual Start]
  <system32\DRIVERS\nsctpm11.sys><National Semiconductor Corp.>
[TPPWRIF / TPPWRIF][Stopped/System Start]
  <System32\drivers\Tppwrif.sys><N/A>
[TSMAPIP / TSMAPIP][Stopped/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[tvtfilter / tvtfilter][Stopped/Auto Start]
  <system32\DRIVERS\tvtfilter.sys><Lenovo>
[Lenovo SM bus driver / TVTI2C][Stopped/Manual Start]
  <system32\DRIVERS\Tvti2c.sys><Lenovo (United States) Inc.>
[TVT Packet Filter Service / TVTPktFilter][Stopped/Manual Start]
  <system32\DRIVERS\tvtpktfilter.sys><Lenovo Group Limited>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\drivers\UIUSys.sys><N/A>
[Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start]
  <system32\DRIVERS\usbsermpt.sys><Microsoft Corporation>
[vaxscsi / vaxscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Stopped/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

泡坛鱼

浏览器加载项
[IE7pro BHO]
  {00011268-E188-40DF-A514-835FCD78B1BF} <d:\Program Files\IE7pro\IE7Pro.dll, IE7Pro.com>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\qq2005\QQIEHelper.dll, N/A>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll, McAfee, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <d:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[IE7pro ToolsExt]
  {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} <d:\Program Files\IE7pro\IE7Pro.dll, IE7Pro.com>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <D:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <D:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <D:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <D:\PROGRA~1\NetAnts\NetAnts.exe,  >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\qq2005\QQ.EXE, TENCENT>
[更新 ThinkPad 软件]
  {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} <d:\Program Files\Lenovo\Soft Installer\\PkgMgr.exe, Lenovo Group Limited>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <d:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\qq2005\QQIEHelper.dll, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <d:\Program Files\CyberArticle\CAExp.dll, Wizissoft>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[IASRunner Class]
  {2DAD3559-2923-4935-AD49-B673D2539944} <C:\WINDOWS\Downloaded Program Files\acpir2.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[IBM Access Support]
  {74FFE28D-2378-11D5-990C-006094235084} <C:\WINDOWS\Downloaded Program Files\IbmEgath.dll, IBM Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CTAdjust Class]
  {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >
[IE7pro BHO]
  {00011268-E188-40DF-A514-835FCD78B1BF} <d:\Program Files\IE7pro\IE7Pro.dll, IE7Pro.com>
[Outlook Today's Data-binding control]
  {0468C085-CA5B-11D0-AF08-00609797F0E0} <D:\PROGRA~1\MI69DF~1\Office12\OUTLCTL.DLL, >
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[IASRunner Class]
  {2DAD3559-2923-4935-AD49-B673D2539944} <C:\WINDOWS\Downloaded Program Files\acpir2.dll, >
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\qq2005\QQIEHelper.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[IBM Access Support]
  {74FFE28D-2378-11D5-990C-006094235084} <C:\WINDOWS\Downloaded Program Files\IbmEgath.dll, IBM Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[CyberArticle Express]
  {769A6A36-ED24-4376-BC7C-80225BF35698} <d:\Program Files\CyberArticle\CAExp.dll, Wizissoft>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll, McAfee, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Adobe PDF Conversion Toolbar Helper]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Microsoft Office 12 Authorization Control]
  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <D:\PROGRA~1\MI69DF~1\Office12\AUTHZAX.DLL, Microsoft Corporation>
[SDProjWiz2 Class]
  {D245F352-3F45-4516-B1E6-04608DA126CC} <D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\ProjWiz.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CTAdjust Class]
  {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} <C:\WINDOWS\Downloaded Program Files\clearadjust.dll, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <d:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <d:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&Download by NetAnts]
  <D:\PROGRA~1\NetAnts\NAGet.htm, N/A>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[Download &All by NetAnts]
  <D:\PROGRA~1\NetAnts\NAGetAll.htm, N/A>
[Download with GetRight Pro]
  <D:\Program Files\GetRight\GRdownload.htm, N/A>
[Open with GetRight Pro Browser]
  <D:\Program Files\GetRight\GRbrowse.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\qq2005\AddToNetDisk.htm, N/A>
[下载页面上的ED2(&K)链接]
  <d:\Program Files\eMule\ed2k.html, N/A>
[保存: 完整网页...]
  <d:\Program Files\CyberArticle\script\Save.htm, N/A>
[保存: 更多保存内容...]
  <d:\Program Files\CyberArticle\script\SaveAuto.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Excel(&X)]
  <res://D:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\qq2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\qq2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\qq2005\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <D:\Program Files\BitSpirit\bsurl.htm, N/A>
[转换为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 260][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 308][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.1.51.0]
    [C:\WINDOWS\System32\cscui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\themeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, Inc., 17.1.51.0]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll]  [Autodesk, 17.1.51.0]
    [D:\Program Files\Logitech\Video\AlbuDBps.dll]  [Logitech Inc., 8.4.7.1034]
    [C:\WINDOWS\system32\mp3infp.dll]  [win32lab.com, 2.52.12.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Nero 7\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 7, 3, 2]
    [D:\Program Files\Nero 7\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Nero 7\Nero 7\Nero BackItUp\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.6030.0]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\Program Files\McAfee\VirusScan Enterprise\shext.dll]  [McAfee, Inc., 8.5.0.781]
    [D:\Program Files\Nero 7\Nero 7\InCD\InCDshx.dll]  [Nero AG, 5, 5, 1, 23]
    [D:\Program Files\Nero 7\Nero 7\InCD\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll]  [GlobalSCAPE Texas, LP., 50, 6, 3, 2]
    [D:\Program Files\Nero 7\Nero 7\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 2, 8, 3, 0]
[PID: 1188][D:\tools\SREng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.1.51.0]
    [C:\WINDOWS\System32\cscui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, Inc., 17.1.51.0]
[PID: 1328][C:\WINDOWS\system32\LVComsX.exe]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\setupapi.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.255.255.255 serial.alcohol-soft.com
127.255.255.255 www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com
127.0.0.1  serial.alcohol-soft.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

泡坛鱼

保存于      上午 10:16:58, 日期 2007-6-6
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v7.00 (7.00.6000.16441)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\ctfmon.exe
D:\tools\HijackThis1991汉化版\HijackThis1991zww.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - d:\Program Files\IE7pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\qq2005\QQIEHelper.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\Program Files\FlashGet\getflash.dll
O3 - IE工具栏增项: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - IE工具栏增项: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - d:\Program Files\CyberArticle\CAExp.dll
O3 - IE工具栏增项: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TP4EX] tp4ex.exe
O4 - 启动项HKLM\\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - 启动项HKLM\\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - 启动项HKLM\\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - 启动项HKLM\\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - 启动项HKLM\\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - 启动项HKLM\\Run: [TpShocks] TpShocks.exe
O4 - 启动项HKLM\\Run: [TPHOTKEY] d:\PROGRA~1\Lenovo\SOFTIN~1\HOTKEY\TPHKMGR.exe
O4 - 启动项HKLM\\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - 启动项HKLM\\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - 启动项HKLM\\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - 启动项HKLM\\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - 启动项HKLM\\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - 启动项HKLM\\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - 启动项HKLM\\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - 启动项HKLM\\Run: [LogitechVideoRepair] d:\Program Files\Logitech\Video\ISStart.exe
O4 - 启动项HKLM\\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - 启动项HKLM\\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - 启动项HKLM\\Run: [Google IME Autoupdater] "d:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - 启动项HKLM\\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - 启动项HKLM\\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - 启动项HKLM\\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe"
O4 - 启动项HKLM\\Run: [McAfeeFireTray] d:\PROGRA~1\MCAFEE~1\Firetray.exe
O4 - 启动项HKLM\\Run: [EZEJMNAP] d:\PROGRA~1\ThinkPad\UTILIT~1\EASYEJ~1\EzEjMnAp.Exe
O4 - 启动项HKLM\\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - 启动项HKLM\\Run: [TPKMAPHELPER] d:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - 启动项HKLM\\Run: [TPFNF7] d:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - 启动项HKLM\\Run: [ACTray] d:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - 启动项HKLM\\Run: [ACWLIcon] d:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - 启动项HKLM\\Run: [ATICCC] ; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - 启动项HKLM\\Run: [cssauth] ; "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - 启动项HKLM\\Run: [GrooveMonitor] ; "D:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - 启动项HKLM\\Run: [InCD] ; D:\Program Files\Nero 7\Nero 7\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [LogitechVideoTray] ; d:\Program Files\Logitech\Video\LogiTray.exe
O4 - 启动项HKLM\\Run: [McAfeeHIPReg] ; regsvr32 /s C:\WINDOWS\system32\FireEpo.dll
O4 - 启动项HKLM\\Run: [NeroFilterCheck] ; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - 启动项HKLM\\Run: [Outpost Firewall] ; D:\Program Files\Outpost Firewall\outpost.exe /waitservice
O4 - 启动项HKLM\\Run: [OutpostFeedBack] ; d:\Program Files\Outpost Firewall\feedback.exe /dump:os_startup
O4 - 启动项HKLM\\Run: [RoxioDragToDisc] ; "D:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - 启动项HKLM\\Run: [RoxWatchTray] ; "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] ; D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - 启动项HKLM\\Run: [System Files Updater] ; C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TPKMAPMN] d:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] ; C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Super Rabbit IEPro] ; D:\Program Files\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [system] ; C:\WINDOWS\system32\systime.exe
O4 - Startup: desktop.ini
O4 - Startup: OneNote 2007 屏幕剪辑程序和启动程序.lnk = D:\Program Files\Microsoft Office 2007\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: desktop.ini
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - IE右键菜单中的新增项目: &Download by NetAnts - D:\PROGRA~1\NetAnts\NAGet.htm
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: &使用快车(FlashGet)下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: Download &All by NetAnts - D:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - IE右键菜单中的新增项目: Download with GetRight Pro - D:\Program Files\GetRight\GRdownload.htm
O8 - IE右键菜单中的新增项目: Open with GetRight Pro Browser - D:\Program Files\GetRight\GRbrowse.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\qq2005\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 下载页面上的ED2(&K)链接 - d:\Program Files\eMule\ed2k.html
O8 - IE右键菜单中的新增项目: 保存: 完整网页... - d:\Program Files\CyberArticle\script\Save.htm
O8 - IE右键菜单中的新增项目: 保存: 更多保存内容... - d:\Program Files\CyberArticle\script\SaveAuto.htm
O8 - IE右键菜单中的新增项目: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\system32\fmrsslink.dll/201
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&X) - res://D:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\qq2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\qq2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\qq2005\SendMMS.htm
O8 - IE右键菜单中的新增项目: 用比特精灵下载(&B) - D:\Program Files\BitSpirit\bsurl.htm
O8 - IE右键菜单中的新增项目: 转换为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换选定的链接为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

泡坛鱼

O8 - IE右键菜单中的新增项目: 转换选定的链接为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - IE右键菜单中的新增项目: 转换选项为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换选项为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - IE右键菜单中的新增项目: 转换链接目标为 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - IE右键菜单中的新增项目: 转换链接目标为现有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - 浏览器额外的按钮: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IE7pro\IE7Pro.dll
O9 - 浏览器额外的“工具”菜单项: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IE7pro\IE7Pro.dll
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - 浏览器额外的按钮: 发送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - 浏览器额外的“工具”菜单项: 发送至 OneNote(amp;E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - 浏览器额外的按钮: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的按钮: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的“工具”菜单项: 创建移动收藏... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - 浏览器额外的按钮: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - 浏览器额外的“工具”菜单项: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - 浏览器额外的按钮: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\qq2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\qq2005\QQ.EXE
O9 - 浏览器额外的按钮: 更新 ThinkPad 软件 - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - d:\Program Files\Lenovo\Soft Installer\\PkgMgr.exe
O9 - 浏览器额外的按钮: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - 浏览器额外的“工具”菜单项: 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\qq2005\QQIEHelper.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\qq2005\QQIEHelper.dll (file missing)
O9 - 浏览器额外的按钮: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - 浏览器额外的“工具”菜单项: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/suppo ... n/content/AcpIR.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micr ... e.cab?1153403248574
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micr ... e.cab?1153403227295
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D664DAD6-6541-410E-B975-AECE6F0F944B}: NameServer = 211.161.46.86,202.106.46.151
O18 - 列举现有的协议: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: System Safety Monitor - C:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winbjt32 - C:\WINDOWS\SYSTEM32\winbjt32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - NT 服务: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - d:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - NT 服务: Access Connections Main Service (AcSvc) - Lenovo  - d:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - NT 服务: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - d:\PROGRA~1\MCAFEE~1\FireSvc.exe
O23 - NT 服务: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - NT 服务: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - NT 服务: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: McAfee Framework Service (McAfeeFramework) - Unknown owner - D:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - NT 服务: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - NT 服务: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - NT 服务: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - NT 服务: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - NT 服务: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - NT 服务: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - NT 服务: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - NT 服务: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - NT 服务: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - NT 服务: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - NT 服务: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - NT 服务: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - NT 服务: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - NT 服务: System Update (SUService) - Lenovo Group Limited - d:\program files\lenovo\system update\suservice.exe
O23 - NT 服务: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - NT 服务: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - NT 服务: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - NT 服务: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - NT 服务: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - NT 服务: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - NT 服务: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe

泡坛鱼

麻烦各位高手帮忙看看，今儿折腾一天，都没搞好。谢了！

泡坛鱼

竟然没高手知道吗？

wangjay1980

<system><; C:\WINDOWS\system32\systime.exe>  [N/A]
删除这个，其他没问题