请高手指点一下,进来看一下!! bbs.ikaka.com

laoda1 - 2006-1-1 9:59:00

我重新安装了操作系统.正版的XP.发现C盘里面的可用空间成倍的缩小.里面有2个隐藏文件pagefile.sys 有1.2G hiberfil.sys 有0.8G 创建时间是31日的.不知道是系统问题还是别的问题.因为我的计算机此前是因为中了那个什么目标广告软件那个病毒的,清除不了.老是弹出一些乱七八糟的网页.搞的上网浏览速度好慢才重装了系统.
请高手指点一下,那两个文件可以删吗?怎么才能删掉!!
Logfile of HijackThis v1.99.1
Scan saved at 9:57:53, on 2006-1-1
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\setrysvc.exe
C:\WINDOWS\System32\semwltry.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\RavMon.exe
D:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\download\248783200522382732\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136043971607
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: setrysvc - Unknown owner - C:\WINDOWS\System32\setrysvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

laoda1 - 2006-1-1 10:01:00

006-01-01,10:00:01

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Home Edition Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ibmmessages><C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<S3TRAY2><S3Tray2.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIModeChange><Ati2mdxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BluetoothAuthenticationAgent><rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TpShocks><TpShocks.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BMMMONWND><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TP4EX><tp4ex.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ibmmessages><C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<UpdateManager><"c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<dla><C:\WINDOWS\system32\dla\tfswctrl.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IBMPRC><C:\IBMTOOLS\UTILS\ibmprc.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QCTRAY><C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<GCXX-Manager-Class><"C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><N>
[Digital Line Detect]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Digital Line Detect.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service]
<"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[IBM Rapid Restore Ultra Service / IBM Rapid Restore Ultra Service]
<C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe><>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[IBM PSA Access Driver Control / PsaSrv]
<C:\WINDOWS\system32\PsaSrv.exe><N/A>
[QCONSVC / QCONSVC]
<System32\QCONSVC.EXE><IBM Corp.>
[RegSrvc / RegSrvc]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation >
[setrysvc / setrysvc]
<C:\WINDOWS\System32\setrysvc.exe C:\WINDOWS\System32\semwltry.exe><N/A>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.4.1]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Java Plug-in 1.4.1]
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]

laoda1 - 2006-1-1 10:02:00

{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 796][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 844][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 872][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\Ati2evxx.dll] <N/A><N/A>
[PID: 916][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\pwdmon.dll] <N/A><N/A>
[PID: 1096][C:\WINDOWS\System32\ibmpmsvc.exe] <N/A><N/A>
[PID: 1136][C:\WINDOWS\System32\Ati2evxx.exe] <N/A><N/A>
[PID: 1156][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1260][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1296][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1384][C:\WINDOWS\System32\S24EvMon.exe] <Intel Corporation ><8, 0, 0, 164>
[PID: 1460][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1572][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1620][d:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 25>
[d:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 10>
[d:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[d:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 19>
[d:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[d:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1952][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 160][C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe] <><4,0,0,4026>
[PID: 148][C:\WINDOWS\System32\QCONSVC.EXE] <IBM Corp.><3, 1, 0, 0>
[PID: 248][C:\WINDOWS\System32\RegSrvc.exe] <Intel Corporation><8, 0, 0, 164>
[PID: 328][C:\WINDOWS\System32\setrysvc.exe] <N/A><N/A>
[PID: 348][C:\WINDOWS\System32\semwltry.exe] <Sony Ericsson Mobile Communications AB><3.31.24.0>
[PID: 360][C:\WINDOWS\system32\TpKmpSVC.exe] <N/A><N/A>
[PID: 480][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 528][C:\WINDOWS\system32\Ati2evxx.exe] <N/A><N/A>
[PID: 644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.2.54.0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.2.54.0>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] <IBM Corp.><1, 0, 0, 0>
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[C:\WINDOWS\system32\dla\tfswshx.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\tfswapi.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\dla\tfswcres.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 116][d:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 40>
[d:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 612][D:\Program Files\Rising\Rav\CCenter.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1768][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1520][D:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 99>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1524][D:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 6>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\Rising\Rav\HOOKSYS.dll] <Rising><18, 1, 0, 9>
[D:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
[D:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
[D:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[D:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[D:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 2448][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 2540][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\WINDOWS\System32\SynCOM.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\WINDOWS\system32\SynTPAPI.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>

laoda1 - 2006-1-1 10:02:00

[PID: 2708][D:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 2712][C:\WINDOWS\system32\TpShocks.exe] <IBM Corp.><1, 0, 0, 1>
[C:\WINDOWS\system32\Sensor.dll] <N/A><N/A>
[PID: 2876][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2960][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] <N/A><N/A>
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] <N/A><N/A>
[C:\WINDOWS\system32\Oemdspif.dll] <ATI Technologies, Inc.><6.14.0010>
[PID: 3084][C:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll] <N/A><N/A>
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] <IBM Corp.><1, 0, 0, 0>
[PID: 3116][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe] <N/A><N/A>
[PID: 3196][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe] <IBM Corporation><1.06>
[PID: 3216][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] <IBM Corp.><1, 0, 0, 0>
[PID: 3280][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe] <IBM><2.011>
[C:\WINDOWS\system32\AIBMRUNL.dll] <N/A><N/A>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll] <><1, 0, 0, 4>
[C:\WINDOWS\System32\IbmEgath.dll] <IBM Corporation><3, 0, 0, 11>
[PID: 3312][C:\WINDOWS\system32\dla\tfswctrl.exe] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\tfswapi.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\dla\tfswcres.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3332][C:\IBMTOOLS\UTILS\ibmprc.exe] <IBM Corp.><1, 0, 0, 3>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3348][C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE] <IBM Corp.><3, 1, 0, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll] <IBM Corp.><3, 1, 0, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll] <Novatel Wireless Inc.><1, 0, 0, 1>
[C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll] <N/A><N/A>
[C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll] <N/A><N/A>
[C:\Program Files\ThinkPad\ConnectUtilities\Res\CH\TrayRes.dll] <N/A><N/A>
[C:\WINDOWS\system32\SbrngAPI.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\PfMgrApi.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\PsRegApi.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\WConfig.DLL] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\WiFiAdap.DLL] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\C1XStngs.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\S24MUDLL.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3364][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE] <IBM Corp.><3, 1, 0, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll] <IBM Corp.><3, 1, 0, 0>
[C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll] <Novatel Wireless Inc.><1, 0, 0, 1>
[C:\Program Files\ThinkPad\ConnectUtilities\ANCA.dll] <N/A><N/A>
[C:\Program Files\ThinkPad\ConnectUtilities\ANC.dll] <N/A><N/A>
[C:\WINDOWS\system32\SbrngAPI.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\PfMgrApi.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\PsRegApi.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\WConfig.DLL] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\WiFiAdap.DLL] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\C1XStngs.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\S24MUDLL.dll] <Intel Corporation><8, 0, 0, 164>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\Program Files\ThinkPad\ConnectUtilities\Res\CH\IconRes.dll] <N/A><N/A>
[PID: 3376][C:\WINDOWS\system32\RunDll32.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] <IBM Corp.><1, 0, 0, 0>
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] <IBM Corp.><1, 0, 0, 0>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3516][C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe] <Sony Ericsson><3.2.2.1414 10/27/2004 21:33:32>
[C:\Program Files\Sony Ericsson\Wireless Manager\GCXX_RC.DLL] <Sony Ericsson><3.2.2.1414 10/27/2004 21:33:32>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3688][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 576][C:\Program Files\Digital Line Detect\DLG.exe] <BVRP Software><1, 0, 0, 1>
[C:\Program Files\Digital Line Detect\BVRPDIAG.dll] <BVRP Software><1.0>
[C:\WINDOWS\system32\MdmXSdk.dll] <Conexant><1.0.2.002>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[PID: 3228][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.2.54.0>
[D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] <Adobe Systems Incorporated><6.0.0.2003051500>
[C:\WINDOWS\system32\dla\tfswshx.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\tfswapi.dll] <Sonic Solutions><1.04.07a>
[C:\WINDOWS\system32\dla\tfswcres.dll] <Sonic Solutions><1.04.07a>
[D:\Program Files\Rising\Rav\RavScrCh.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[C:\WINDOWS\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 4060][D:\download\8\sreng2\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\system32\SynTPFcs.dll] <Synaptics, Inc.><7.5.17.8 19Nov03>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛