瑞星卡卡安全论坛
suzhou758 - 2007-1-30 23:07:00
现象如下,只要是USB盘,接触的有32M-1G的,插到我的电脑上就会自动产生2个文件:autorun.inf和cn911.exe,属性都为系统和隐含,用的是公司笔记本,装有企业版的Nortn,个人感觉这个Norton什么都不如,啥也查不到的,包括这个CN911。
但插的是移动硬盘的话不会产生。
在网上看过一些资料,手动删了,包括电脑硬盘里的,还有相关注册表,当时是以“cn911.exe为搜索目标的,反正现在已经搜索不到了。也用过瑞星在线杀毒杀过,以及一些专杀工具。问题依然....个把月了:(
在拔掉USB前删了那2个文件,插到别人电脑上,不会产生,但再次插回我的电脑,又有了。C盘等根目录下没有发现autorun.inf,右击各硬盘没有发现“自动播放”,用Total commander搜索也未发现。
autorun.inf文件内容如下:
[Autorun]
open=cn911.exe
shellexecute=cn911.exe
shell\auto\command=cn911.exe
我已经无力再折腾了,希望这里的高手指点下迷津,不甚感激。
小小小神仙 - 2007-1-30 23:16:00
没错的,就是病毒!
首先你点击菜单栏上的 工具/文件夹选项/查看 把“显示系统文件夹内容、隐藏受保护的操作系统文件(推荐)、显示所有文件夹和文件”这三项勾上,然后看看你的U盘中还隐藏了哪些东东,把隐藏了的和Cn911.exe文件全部删掉,在到开始/搜索 与Cn911.exe的相关的文件,全部删掉,最后打开 开始/运行 输入regedit 确定,在菜单栏上的 编辑/查找 Cn911.exe 的相关项全部删除 就搞定了!
PS提示一下,万一要是杀毒后,遇到U盘插入不能自动播放的问题请参见我的提问“可移动磁盘无法自动播放”
suzhou758 - 2007-1-30 23:36:00
这个是网上复制的吧,中的时候就已经看过了,没有用,不过还是要谢谢。
newcenturymoon - 2007-1-30 23:37:00
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
友情提示:
扫描前关闭所有手工打开的软件和窗口,扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前,勿要胡乱修复,否则系统可能变的情况更糟。
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.
另外那个 病毒文件麻烦发到newcenturymoon@126.com
寻找北方的哥儿 - 2007-1-30 23:42:00
| 引用: |
【newcenturymoon的贴子】下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
友情提示:
扫描前关闭所有手工打开的软件和窗口,扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前,勿要胡乱修复,否则系统可能变的情况更糟。
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.
另外那个 病毒文件麻烦发到newcenturymoon@126.com
……………… |
这段话抄下来了....好用,以后用上,哈哈
suzhou758 - 2007-1-31 0:29:00
[CODE]
2007-01-30,23:59:20
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINNT\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<IBM RecordNow!><> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent> [(Verified)Microsoft Corporation]
<MNUNET><"C:\Program Files\Mobiliti\Unplugged\BIN\MNUNET.EXE"> [Mobiliti, Inc.]
<MNUAutoSync><"C:\Program Files\Mobiliti\Unplugged\BIN\MNUNPLUG.EXE" /AutoStartUpSync> [Mobiliti, Inc.]
<CyberArmorHelper><C:\Program Files\CyberArmor\pcshelp.exe -check> [InfoExpress]
<updcauser><C:\Program Files\CyberArmor\updca.bat> [N/A]
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe> [Sun Microsystems, Inc.]
<TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe> [N/A]
<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Synaptics, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Synaptics, Inc.]
<BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor> [IBM Corp.]
<BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE> [N/A]
<BMMMONWND><rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor> [N/A]
<EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe> [IBM Corp.]
<TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper> [IBM Corp.]
<TrackPointSrv><tp4serv.exe> [(Verified)IBM Corporation]
<TP4EX><tp4ex.exe> [IBM Corporation]
<ZCfgSvc.exe><c:\WINNT\system32\ZCfgSvc.exe> [Intel Corporation]
<PRONoMgr.exe><c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe> [Intel(R) Corporation]
<ControlCenter><"C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup> [UPEK Inc.]
<IMJPMIG8.1><"C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMEKRMIG6.1><C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<MSPY2002><C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corp.]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corp.]
<PCSuiteTrayApplication><C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
<Hot Key Kbd Daemon><SKDAEMON.EXE> [LITE-ON TECHNOLOGY CORP.]
<Protect Tray><"C:\Program Files\Pointsec\P95tray.exe"> [Pointsec Mobile Technologies AB]
<lcfep><"C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe" -x> [N/A]
<SwdisUsrPCN.IL8450249><"C:\PROGRA~1\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\Program Files\Tivoli\swdis\1\wdusrpcn.envIL8450249"> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\Symantec\SCS3\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<ODBCJET><C:\WINNT\system32\ODBCJET.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINNT\system32\userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs>< cahooknt.dll> [InfoExpress]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><pssogina.dll> [Pointsec Mobile Technologies AB]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
<WinlogonNotify: ckpNotify><ckpNotify.dll> [Check Point Software Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
<WinlogonNotify: psfus><C:\Program Files\IBM fingerprint software\psfus.dll> [UPEK Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
<WinlogonNotify: Sebring><c:\WINNT\system32\LgNotify.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
<WinlogonNotify: tphotkey><tphklock.dll> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINNT\system32\pscr_nt.SCR> [N/A]
suzhou758 - 2007-1-31 0:34:00
==================================
Startup Folders
[BTTray]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk --> C:\PROGRA~1\IBM\BLUETO~1\BTTray.exe [Broadcom Corporation]><N>
==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINNT\system32\ati2sgag.exe><>
[BBDistHandler / BBDistHandler][Running/Auto Start]
<C:\MAINT\sid\DISTH\DistH.exe><IBM>
[Bluetooth Service / btwdins][Running/Auto Start]
<C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[CyberArmor Run Service / CyberArmorRunService][Running/Auto Start]
<C:\Program Files\CyberArmor\casvc.exe><InfoExpress>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec\SCS3\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Nokia GCS / GCSR4][Running/Auto Start]
<"C:\Program Files\Nokia\GCS\GCSServer.exe"><Nokia>
[Nokia GCS Sync / GCSSync][Running/Auto Start]
<"C:\Program Files\Nokia\GCS\gcssync.exe"><Nokia>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINNT\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP Poster Service / HTTP Poster][Stopped/Auto Start]
<C:\WINNT\system32\HTTP_Poster.exe><Nokia>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
<C:\WINNT\system32\ibmpmsvc.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPassConnectEngine / iPassConnectEngine][Stopped/Manual Start]
<C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe><iPass>
[iPCAgent / iPCAgent][Running/Auto Start]
<C:\Program Files\iPass\iPassConnect\iPCAgent.exe><iPass, Inc.>
[Tivoli Endpoint / lcfd][Running/Auto Start]
<"C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe"><N/A>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start]
<C:\Apps\oracle\ora92\BIN\ONRSD.EXE><N/A>
[Pointsec / Pointsec][Running/Auto Start]
<C:\WINNT\system32\PROT_SRV.EXE><N/A>
[Pointsec update agent / Pointsec_agent][Running/Auto Start]
<C:\WINNT\system32\pagents.exe><N/A>
[Pointsec service start / Pointsec_start][Running/Auto Start]
<C:\WINNT\system32\PSTARTSR.EXE><N/A>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
<C:\WINNT\system32\S24EvMon.exe><Intel Corporation>
[SavRoam / SavRoam][Running/Auto Start]
<"C:\Program Files\Symantec\SCS3\Symantec AntiVirus\SavRoam.exe"><symantec>
[ServiceLayer / ServiceLayer][Running/Manual Start]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Check Point SecuRemote Service / SR_Service][Running/Auto Start]
<"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"><Check Point Software Technologies>
[Check Point SecuRemote WatchDog / SR_WatchDog][Running/Auto Start]
<"C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"><Check Point Software Technologies>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec\SCS3\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Tivoli License Mgr Agent / Tivoli License Mgr Agent][Running/Auto Start]
<"C:\WINNT\itlm\tlmagent.exe"><N/A>
[Tivoli Remote Control Service / TME10RC][Running/Auto Start]
<C:\WINNT\RCSERV.EXE><IBM Corporation>
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
<C:\WINNT\system32\TpKmpSVC.exe><N/A>
[Protector Suite Virtual Token / vtserver][Running/Auto Start]
<"C:\Program Files\Common Files\Virtual Token\vtserver.exe"><UPEK Inc.>
[Windows Security Update / WSUSrv][Stopped/Manual Start]
<C:\WINNT\TEMP\_WSU\WSUSrv.exe><N/A>
suzhou758 - 2007-1-31 0:37:00
==================================
Drivers
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.0.0.7 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Bluetooth Audio Device / btaudio][Running/Manual Start]
<system32\drivers\btaudio.sys><Broadcom Corporation>
[Bluetooth Virtual Communications Driver / BTDriver][Running/Manual Start]
<system32\DRIVERS\btport.sys><Broadcom Corporation>
[Bluetooth Protocol Stack / BTKRNL][Running/Boot Start]
<\SystemRoot\system32\drivers\btkrnl.sys><Broadcom Corporation>
[Bluetooth LAN Access Server / BTWDNDIS][Stopped/Manual Start]
<system32\DRIVERS\btwdndis.sys><Broadcom Corporation>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
<System32\Drivers\btwusb.sys><Broadcom Corporation>
[CITMDRV / CITMDRV][Running/Auto Start]
<\??\C:\WINNT\System32\drivers\CITMDRV.SYS><N/A>
[Check Point Office Mode Module / CP_OMDRV][Running/Auto Start]
<System32\drivers\omdrv.sys><Check Point Software Technologies>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Eqnmirdd / Eqnmirdd][Running/Manual Start]
<system32\DRIVERS\Eqnmirdd.sys><IBM Corp.>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[SecuRemote Miniport / FW1][Running/System Start]
<system32\DRIVERS\fw.sys><Check Point Software Technologies>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[IBM TlmK tlmkagent-2_1_0_0 / IBM TlmK tlmkagent-2_1_0_0][Running/Manual Start]
<\??\C:\WINNT\itlm\tlmkagent-2_1_0_0.sys><N/A>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
<system32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[iPass Protocol (IEEE 802.1x) v3.4.9.0 / iPassP][Running/Auto Start]
<system32\DRIVERS\iPassP.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[MNUMON / MNUMON][Running/Auto Start]
<\SystemRoot\System32\drivers\MNUMON.sys><Mobiliti, Inc>
[MNUPFILT / MNUPFILT][Running/Auto Start]
<\SystemRoot\System32\drivers\MNUPfilt.sys><Mobiliti, Inc>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Users\tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[VPN-1 SecureClient Adapter / OMVA][Stopped/Manual Start]
<system32\DRIVERS\OMVA.sys><Check Point Software Technologies>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINNT\system32\drivers\PnpWmkDrv.sys><N/A>
[TPM Service / portio][Running/Manual Start]
<system32\DRIVERS\NscTpmDD.sys><National Semiconductor Corp.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[WLAN Transport / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec\SCS3\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec\SCS3\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[SecureClient Application Policy Module / Scap][Running/Auto Start]
<System32\DRIVERS\Scap.sys><Check Point Software Technologies>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Smapint / Smapint][Running/System Start]
<System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TC USB Kernel Driver / TcUsb][Running/Manual Start]
<System32\Drivers\tcusb.sys><UPEK Inc.>
[TDSMAPI / TDSMAPI][Running/System Start]
<System32\drivers\TDSMAPI.SYS><N/A>
[TPInput / TPInput][Running/Manual Start]
<System32\DRIVERS\TPInput.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
<System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP][Running/System Start]
<System32\drivers\TSMAPIP.SYS><N/A>
[CyberArmor Registry Driver / Viexca2k][Running/Auto Start]
<system32\drivers\viexca2k.sys><InfoExpress>
[CyberArmor W2KDriver / Viexpf2k][Running/Auto Start]
<system32\drivers\viexpf2k.sys><N/A>
[Check Point Virtual Network Adapter - SecureClient / VNASC][Running/Auto Start]
<system32\DRIVERS\vnasc.sys><Check Point Software Technologies>
[VPN-1 Module / VPN-1][Running/Auto Start]
<\SystemRoot\System32\drivers\vpn.sys><Check Point Software Technologies>
[Intel(R) PRO/Wireless 2200 Adapter Driver for Windows XP / w22n51][Stopped/Manual Start]
<system32\DRIVERS\w22n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
suzhou758 - 2007-1-31 0:37:00
==================================
Browser Add-ons
[HelperObject Class]
{00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll, TechSmith Corporation>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\USERS\tencent\QQ.EXE, TENCENT>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[PjtICAHelper.ICAHelper]
{492BB930-5C14-4DD4-BE4D-F166C12A141C} <C:\WINNT\Downloaded Program Files\ICAHelper.ocx, Citrix Consulting Services>
[Java Plug-in]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Java Plug-in]
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[HelperObject Class]
{00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll, TechSmith Corporation>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINNT\system32\wmpdxm.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, N/A>
[Microsoft Hierarchical FlexGrid Control6.0 (SP4) (OLEDB)]
{0ECD9B64-23AA-11D0-B351-00A0C9055D8E} <C:\WINNT\system32\mshflxgd.ocx, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINNT\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Microsoft Chart Control 6.0 (SP4) (OLEDB)]
{3A2B370C-BA0A-11D1-B137-0000F8753F5D} <C:\WINNT\system32\mschrt20.ocx, Microsoft Corporation>
[PjtICAHelper.ICAHelper]
{492BB930-5C14-4DD4-BE4D-F166C12A141C} <C:\WINNT\Downloaded Program Files\ICAHelper.ocx, Citrix Consulting Services>
[Microsoft Licensed Class Manager 1.0]
{5220CB21-C88D-11CF-B347-00AA00A28331} <C:\WINNT\system32\licmgr10.dll, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINNT\system32\HHCTRL.OCX, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINNT\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINNT\system32\shdocvw.dll, Microsoft Corporation>
[CibaCtrl Class]
{8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll, TechSmith Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[上传到QQ网络硬盘]
<C:\USERS\tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\USERS\tencent\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\USERS\tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\USERS\tencent\SendMMS.htm, N/A>
suzhou758 - 2007-1-31 0:40:00
==================================
Running Processes
[PID: 732][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\pssogina.dll] [Pointsec Mobile Technologies AB, 5.2.2]
[C:\WINNT\system32\vrlogon.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\IBM fingerprint software\ExtVapi.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\psutil.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\resmgr.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\Remote.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\passport.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\psdlg.dll] [UPEK Inc., 4.5.3.167]
[C:\WINNT\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4149]
[C:\Program Files\IBM fingerprint software\psfus.dll] [UPEK Inc., 4.5.3.167]
[C:\WINNT\system32\tphklock.dll] [N/A, N/A]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUNETU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\RSSU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\WINNT\system32\PssoCM32.dll] [Pointsec Mobile Technologies AB, 5.2.2]
[C:\WINNT\system32\ckpNotify.dll] [Check Point Software Technologies, 59,8,0010,19]
[c:\WINNT\system32\LgNotify.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\NavLogon.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Common Files\Virtual Token\BGTcVer.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\BTcVer.dll] [UPEK Inc., 4.5.3.167]
[PID: 884][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 896][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\TivoliAP.dll] [IBM Corporation, 1.27.1.0]
[PID: 1080][C:\Program Files\Common Files\Virtual Token\vtserver.exe] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\psutil.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\IBM fingerprint software\psfus.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\passport.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\DevTc.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\BTcVer.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\Remote.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\LocPass.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\AlgVer.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\resmgr.dll] [UPEK Inc., 4.5.3.167]
[C:\Program Files\Common Files\Virtual Token\psdlg.dll] [UPEK Inc., 4.5.3.167]
[PID: 1100][C:\WINNT\system32\ibmpmsvc.exe] [N/A, N/A]
[PID: 1204][C:\WINNT\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4149]
[C:\WINNT\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2508]
[C:\WINNT\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513]
[PID: 1224][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 1296][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 1440][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\System32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Apps\oracle\ora92\bin\oci.dll] [Oracle Corporation, 9.2.0.1.0]
[PID: 1568][C:\WINNT\system32\S24EvMon.exe] [Intel Corporation , 8, 1, 0, 47_ITP]
[PID: 1592][C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe] [Check Point Software Technologies, 1, 0, 0, 1]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\FileHash_DYN.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpbcrypt.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\DataStruct.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\RunAs.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPDtRegSvr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprod50.dll] [Check Point Software Technologies, 54,8,2000,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\addreg.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtplat.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtrtm.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpfwsys.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsys.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\cvars.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpopenssl.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\ComUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolve.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\mastersapi.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsmtpobj.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\objlib.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPSrvIS.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcert.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\Encode.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprng.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcryptutil.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\ndb.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\AppUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\EventUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwadb.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\skey.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsetdb.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\userc.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\sic.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\cp_policy.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\sicauth.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpca.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\ckpssl.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\FwBinding.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpii.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\dt_ie_proxy.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\VPN.DLL] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\scvprod_lang_pack.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\LangPack.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtis_lang_pack.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\DBObjects.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\GuiServiceInterface.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\srcert.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\clientProviders.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\p12Prov.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\p11Prov.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\capiProv.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\entProv.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\keydb_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsic.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\messaging.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\sicobj.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpauth.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolver.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\bind82.dll] [N/A, N/A]
suzhou758 - 2007-1-31 0:41:00
[C:\Program Files\CheckPoint\SecuRemote\bin\cpP11Modules.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\exm_objlib.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\ocsp_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\srcln_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\vpninfo_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpstatlib.dll] [Check Point Software Technologies, 54,8,2000,07]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpstatreg.dll] [Check Point Software Technologies, 54,8,2000,07]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpdag.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\IkeStatus.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\ReportDT.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\tunnel_test_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\ieproxy_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\om_services.dll] [Check Point Software Technologies, 59,8,000,038]
[C:\Program Files\CheckPoint\SecuRemote\bin\cprti.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\ikessl_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\CAEnroll_usersr.dll] [Check Point Software Technologies, 59,8,0010,00]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogLUUID.dll] [Check Point Software Technologies, 54,8,2000,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\ckp_scv.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\scv\SCVMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\ScriptRun.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\RegMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\ProcessMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\OsMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\HWMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\HotFixMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\GroupMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\BrowserMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\scv\AntiVirusMonitor.dll] [Check Point Software Technologies, 59,8,0010,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\proxystub.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\Dispatcher.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\SwInst.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\SiteMgr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\SimpIpc.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\ScvMgr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\PolMgr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtftpclient.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\verify.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\PolClnt.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtmessage.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\LogMgr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\HAPolSrv.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\ConnMgr.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogRepository.dll] [Check Point Software Technologies, 54,8,2000,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogKlogUnify.dll] [Check Point Software Technologies, 54,8,2000,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogLuuidDatabase.dll] [Check Point Software Technologies, 54,8,2000,04]
[C:\Program Files\CheckPoint\SecuRemote\bin\cp_bdb.dll] [Check Point Software Technologies, 54,8,2000,05]
[PID: 1620][C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtplat.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\FileHash_DYN.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpbcrypt.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\DataStruct.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\RunAs.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 1636][C:\MAINT\sid\DISTH\DistH.exe] [IBM, 4.5.0.4822]
[PID: 1652][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 1712][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
suzhou758 - 2007-1-31 0:41:00
[PID: 1848][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[PID: 1920][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 2.2.0.7]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 104.0.11.1]
[PID: 280][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\bthcrp.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\WidcommSdk.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\wbtapi.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\dbmon.dll] [Lotus Development Corporation, 2.00.00.88]
[C:\WINNT\system32\dbmonlang.dll] [Lotus Development Corporation, 2.00.00.88]
[PID: 568][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 592][C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 624][C:\Program Files\Symantec\SCS3\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[PID: 672][C:\Program Files\Nokia\GCS\GCSServer.exe] [Nokia, 4, 2, 20, 0]
[PID: 764][C:\Program Files\Nokia\GCS\gcssync.exe] [Nokia, 4, 2, 20, 0]
[PID: 784][C:\Program Files\iPass\iPassConnect\iPCAgent.exe] [iPass, Inc., 3, 40, 0, 0]
[PID: 860][C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe] [N/A, N/A]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libmrt60.dll] [N/A, N/A]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libcpl60.dll] [N/A, N/A]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libdes60.dll] [N/A, N/A]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libguid60.dll] [N/A, N/A]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libmem60.dll] [N/A, N/A]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\libtcp60.dll] [N/A, N/A]
[PID: 1332][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 1348][C:\WINNT\system32\PROT_SRV.EXE] [N/A, N/A]
[PID: 1372][C:\WINNT\system32\pagents.exe] [N/A, N/A]
[PID: 1392][C:\WINNT\system32\PSTARTSR.EXE] [N/A, N/A]
[PID: 1556][C:\Program Files\Symantec\SCS3\Symantec AntiVirus\SavRoam.exe] [symantec, 10.1.4.4010]
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.1.4.4010]
[C:\WINNT\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.4.4010]
[PID: 2036][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[PID: 188][C:\Program Files\Symantec\SCS3\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.1.4.4010]
[C:\WINNT\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.1.4.4010]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.4.4010]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.14.10]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 51.3.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\ecmsvr32.dll] [Symantec Corporation, 71.1.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\NAVEX32a.DLL] [Symantec Corporation, 20071.1.0.15]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\NAVENG32.DLL] [Symantec Corporation, 20071.1.0.15]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.1.4]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\vpmsece4.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.7]
suzhou758 - 2007-1-31 0:42:00
[PID: 356][C:\WINNT\RCSERV.EXE] [IBM Corporation, 3, 8, 1, 0]
[PID: 388][C:\WINNT\system32\TpKmpSVC.exe] [N/A, N/A]
[PID: 604][C:\Program Files\CyberArmor\casvc.exe] [InfoExpress, 3.0.40520]
[PID: 612][C:\WINNT\itlm\tlmagent.exe] [N/A, N/A]
[C:\Program Files\IBM\GSK7\lib\gsk7ssl.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7cms.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7sys.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7km.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7kjni.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7kicc.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7iccs.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\icc\icclib\icclib.dll] [N/A, N/A]
[C:\Program Files\IBM\GSK7\icc\osslib\libeay32.dll] [N/A, N/A]
[C:\Program Files\IBM\GSK7\lib\gsk7dbfl.dll] [IBM Corporation, 7.0.3.16]
[C:\Program Files\IBM\GSK7\lib\gsk7valn.dll] [IBM Corporation, 7.0.3.16]
[PID: 2452][C:\MAINT\SID\DISTH\BBCLIENT.EXE] [IBM, 1, 0, 0, 4]
[PID: 3420][C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe] [Nokia., 6, 80, 56, 4]
[C:\WINNT\system32\NclTools.dll] [Nokia., 6, 80, 18, 3]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 80, 26, 0]
[C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll] [Nokia, 6, 80, 33, 0]
[C:\Program Files\Common Files\PCSuite\Transports\NCLUSBMM.dll] [Nokia, 6, 80, 37, 0]
[C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll] [Nokia., 6, 80, 38, 2]
[C:\Program Files\Common Files\PCSuite\Transports\NclBCBTMM.dll] [Nokia, 6, 80, 48, 2]
[PID: 2984][C:\PROGRA~1\CYBERA~1\pcs.exe] [InfoExpress, 3.0.40520B]
[C:\WINNT\system32\Vsctool.dll] [N/A, N/A]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[PID: 4092][C:\PROGRA~1\CYBERA~1\pcshelp.exe] [InfoExpress, 3.0.40520]
[PID: 2864][C:\WINNT\system32\ZCfgSvc.exe] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\PfMgrApi.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\PsRegApi.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\WConfig.DLL] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\WiFiAdap.DLL] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\PsGuiMgr.dll] [Intel Corporation., 8, 1, 0, 47_ITP]
[C:\WINNT\system32\ShellNav.dll] [, 1, 0, 0, 1]
[C:\WINNT\system32\C1XStngs.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\LSAWRAPI.dll] [N/A, N/A]
[C:\WINNT\system32\S24MUDLL.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\D8021Xps.dll] [N/A, N/A]
[PID: 2660][C:\WINNT\system32\1XConfig.exe] [Intel, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\IntelAE5.dll] [Meetinghouse Data Communications, 5, 0, 3, 3]
[C:\WINNT\system32\PsRegApi.dll] [Intel Corporation, 8, 1, 0, 47_ITP]
[C:\WINNT\system32\D8021Xps.dll] [N/A, N/A]
[PID: 3444][C:\WINNT\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4149]
[C:\WINNT\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2508]
[C:\WINNT\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513]
[C:\WINNT\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4149]
[PID: 720][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUNETU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\RSSU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[PID: 2928][C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe] [Check Point Software Technologies, 1, 0, 0, 1]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprod50.dll] [Check Point Software Technologies, 54,8,2000,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\DataStruct.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpbcrypt.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolve.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\objlib.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPSrvIS.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\ComUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcert.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\Encode.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprng.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpopenssl.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcryptutil.dll] [Check Point Software Technologies, 59,8,000,013]
[C:\Program Files\CheckPoint\SecuRemote\bin\ndb.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\AppUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\EventUtils.dll] [Check Point Software Technologies, 59,8,000,026]
[C:\Program Files\CheckPoint\SecuRemote\bin\FileHash_DYN.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\gui.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtplat.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\GuiServiceInterface.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\LangPack.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\proxystub.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\Dispatcher.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\FwBinding.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpfwsys.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsys.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\cvars.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\mastersapi.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsmtpobj.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwadb.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\skey.dll] [Check Point Software Technologies, 54,8,2000,06]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsetdb.dll] [Check Point Software Technologies, 54,8,2000,03]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpii.dll] [Check Point Software Technologies, 54,8,2000,26]
[C:\Program Files\CheckPoint\SecuRemote\bin\ReportDT.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtis_lang_pack.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\IkeStatus.dll] [Check Point Software Technologies, 59,8,0010,05]
[C:\Program Files\CheckPoint\SecuRemote\bin\SimpIpc.dll] [Check Point Software Technologies, 59,8,0010,19]
[C:\Program Files\CheckPoint\SecuRemote\bin\LogRedir.dll] [Check Point Software Technologies, 59,8,0010,19]
[PID: 1864][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[PID: 2796][C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe] [Nokia, 6, 80, 1, 1]
[C:\WINNT\system32\NclTools.dll] [Nokia., 6, 80, 18, 3]
[C:\WINNT\system32\wbtapi.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
suzhou758 - 2007-1-31 0:43:00
[PID: 428][C:\Program Files\Mobiliti\Unplugged\BIN\MNUNET.EXE] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWPROJ.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWUSER.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUSYNCC.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWRAS.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUNETSP.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNULOG.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\oaobsrvr.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUTRCAN.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNURES.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUFILE.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUINET.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\monuse.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUSYNCS.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWUTIL.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\DTMPROXY.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Mobiliti\Unplugged\BIN\RSSU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MBCSUDTM.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MBCSLDTM.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUCSAFE.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\DSSdelta.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[PID: 988][C:\Program Files\CyberArmor\pcshelp.exe] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[PID: 3188][C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.60.5]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[PID: 3228][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe] [N/A, N/A]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll] [N/A, N/A]
[C:\WINNT\system32\Oemdspif.dll] [ATI Technologies, Inc., 6.14.0017]
[C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll] [N/A, N/A]
[PID: 3952][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 4072][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynCOM.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\WINNT\system32\SynTPAPI.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 376][C:\WINNT\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll] [IBM Corp., 1, 0, 0, 0]
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0]
[PID: 2512][C:\WINNT\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll] [N/A, N/A]
[C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll] [IBM Corp., 1, 0, 0, 0]
[PID: 2372][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] [IBM Corp., 1, 0, 0, 0]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\PROGRA~1\ThinkPad\UTILIT~1\US\EzMApRes.dll] [N/A, N/A]
[PID: 2340][C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE] [Nokia, 6, 80, 53, 3]
[C:\WINNT\system32\ConnAPI.DLL] [Nokia., 6, 80, 55, 5]
[C:\PROGRA~1\Nokia\NOKIAP~1\PCSCM.dll] [Nokia, 6, 80, 66, 0]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\Program Files\Common Files\PCSuite\ConfServer\ConfServer.dll] [Nokia, 6, 80, 20, 4]
[C:\WINNT\system32\NclTools.dll] [Nokia., 6, 80, 18, 3]
[C:\PROGRA~1\Nokia\NOKIAP~1\Lang\LaunchApplication_eng.NLR] [Nokia, 6, 80, 56, 1]
[PID: 2168][C:\WINNT\system32\SKDAEMON.EXE] [LITE-ON TECHNOLOGY CORP., 1, 0, 0, 3]
[C:\WINNT\system32\skutil.dll] [LITE-ON TECHNOLOGY CORP., 1, 1, 0, 1]
[C:\WINNT\system32\SKUsbKbd.dll] [LITE-ON TECHNOLOGY CORP., 1, 1, 0, 0]
[C:\WINNT\system32\skosd.dll] [LITE-ON TECHNOLOGY CORP., 1, 1, 0, 0]
[C:\WINNT\system32\skhooks.dll] [LITE-ON Corp., 1, 0, 0, 0]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 1724][C:\Program Files\Pointsec\P95tray.exe] [Pointsec Mobile Technologies AB, 5.2.2]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 3172][C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe] [N/A, N/A]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 3528][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.11.1]
[PID: 4048][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe] [N/A, N/A]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 2596][C:\PROGRA~1\Symantec\SCS3\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.1.4.4010]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.1.4]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.11.1]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Symantec\SCS3\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.4.4010]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.4.4010]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
[C:\WINNT\system32\nts.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\cba.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINNT\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[PID: 3392][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe] [IBM Corporation, 1.06]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 620][C:\WINNT\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 3484][C:\Program Files\IBM\Bluetooth Software\BTTray.exe] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\wbtapi.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\btosif.dll] [Broadcom Corporation, 3.0.1.915]
[C:\Program Files\IBM\Bluetooth Software\BtBalloon.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\btrez.dll] [Broadcom Corporation, 3.0.1.915]
[C:\WINNT\system32\CSH.dll] [Blue Sky Software Corporation, 2.00.039]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[C:\Program Files\IBM\Bluetooth Software\btkeyind.dll] [N/A, N/A]
suzhou758 - 2007-1-31 0:43:00
[PID: 3740][C:\Program Files\Mobiliti\Unplugged\BIN\MNUAGENT.EXE] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWUSER.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWUTIL.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWPROJ.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUINET.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUNETSP.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUPREF.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWRAS.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNURES.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUSYNCC.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNULOG.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\oaobsrvr.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUTRCAN.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUFILE.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\monuse.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUSYNCS.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\DTMPROXY.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUSCHED.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUABOUT.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\NAWSETUP.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\Program Files\Mobiliti\Unplugged\BIN\RSSU.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MBCSUDTM.DLL] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MBCSLDTM.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\MNUCSAFE.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\Program Files\Mobiliti\Unplugged\BIN\DSSdelta.dll] [Mobiliti, Inc., 4, 7, 0, 20 ]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
[PID: 1368][C:\Users\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINNT\system32\cahooknt.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\cahookd.dll] [InfoExpress, 3.0.40520]
[C:\WINNT\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.13 08Nov04]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
125.91.6.27session.17game.com
125.91.12.67session.17game.com
59.188.15.100 chargeuser.wjwg.com
59.188.15.100 bbs.wjwg.com
==================================
API HOOK
Warning! System Repair Engineer
remind you that following
functions have modified to
abnormal values by unknown
reasons:
Entry Error: LoadLibraryExW
Entry Error: CreateProcessA
Entry Error: CreateProcessW
==================================
[/CODE]
suzhou758 - 2007-1-31 0:51:00
| 引用: |
【newcenturymoon的贴子】下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
友情提示:
扫描前关闭所有手工打开的软件和窗口,扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前,勿要胡乱修复,否则系统可能变的情况更糟。
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.
另外那个 病毒文件麻烦发到newcenturymoon@126.com
……………… |
扫描完了,报告贴上来了,我的是英文XP,SP2,公司笔记本,进程很多,贴了不少.病毒文件也已经发你了,请查收.
suzhou758 - 2007-1-31 10:07:00
似乎没人过问,伤心的~~
现在电脑已经不能注销或重启了,因为这样做都会蓝屏....
不知道是不是病毒发作了:(
suzhou758 - 2007-1-31 20:41:00
没人可以救我?
baohe - 2007-1-31 21:02:00
| 引用: |
【suzhou758的贴子】似乎没人过问,伤心的~~
现在电脑已经不能注销或重启了,因为这样做都会蓝屏....
不知道是不是病毒发作了:(
……………… |
中“熊猫烧香”变种了。病毒主体文件名为:ncscv32.exe。
解决办法:
1、将下列内容粘贴到记事本窗口:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncscv32.exe]
"Debugger"="ncscv32.exe"
末尾留一空行。保存为kill_panda.reg。
2、双击kill_panda.reg,将其导入注册表。重启系统,这只熊猫就死了。
此外,你系统中还有这只熊猫下载的一些木马。建议:重装一下杀软,升级病毒库,全盘杀毒吧。瑞星已经能杀这个变种。
suzhou758 - 2007-2-2 10:32:00
在盘里没找到ncscv32.exe(可能本来就没有,不清楚),打开了显示系统隐含文件....
文件也已经导入注册表并重启系统,已确认在注册表里可以找到,但问题还是发生.苦恼中....
对那句"末尾留一空行"不是很能明白,不理解,不知道baohu斑竹是否可以做下那个reg文件发我邮箱里,ryx1191@sina.con,谢谢先.
先用了电脑上的升过级更新完的Symantec Antivirus全盘杀了,没有发现任何.后又用了瑞星的在线杀毒,10元/月的那个,结果也是没有发现任何异常.郁闷的.......
寻找北方的哥儿 - 2007-2-2 10:35:00
| 引用: |
【suzhou758的贴子】在盘里没找到ncscv32.exe(可能本来就没有,不清楚),打开了显示系统隐含文件....
文件也已经导入注册表并重启系统,已确认在注册表里可以找到,但问题还是发生.苦恼中....
对那句"末尾留一空行"不是很能明白,不理解,不知道baohu斑竹是否可以做下那个reg文件发我邮箱里,ryx1191@sina.con,谢谢先.
先用了电脑上的升过级更新完的Symantec Antivirus全盘杀了,没有发现任何.后又用了瑞星的在线杀毒,10元/月的那个,结果也是没有发现任何异常.郁闷的.......
……………… |
钱呀....
凝逸飘飞 - 2007-2-2 10:40:00
用我写的专杀试下,
先点
取本机小木马
取本机小病毒
会提取出 cn911.exe
清除方法:
关了没用的程序,关了网络,用本程序全盘扫描!
完成后,重启系统,进入DOS,用GHOST备分还原系统,
(GHOST要改了*.gho的扩展名防被病毒删除)
进入系统
右建 >>资源管理 进入
把原在运行过exe程序,如qq删除,
这样就干净了
xiaoyueIQ - 2007-2-2 10:40:00
今日才知道..如何将记事本的内容导入注册表中
哂哂~~~将文件格式保存为.reg 后以击就OK了?"?
呵呵
xiaoyueIQ - 2007-2-2 10:41:00
今日才知道..如何将记事本的内容导入注册表中
哂哂~~~将文件格式保存为.reg 后以击就OK了?"?
呵呵
寻找北方的哥儿 - 2007-2-2 10:42:00
....................晕..
你直接看一下,随便去运行那REGEDIT,然后导出注册表,,,,那不就清清楚楚 ......
baohe - 2007-2-2 10:56:00
| 引用: |
【suzhou758的贴子】在盘里没找到ncscv32.exe(可能本来就没有,不清楚),打开了显示系统隐含文件....
文件也已经导入注册表并重启系统,已确认在注册表里可以找到,但问题还是发生.苦恼中....
对那句"末尾留一空行"不是很能明白,不理解,不知道baohu斑竹是否可以做下那个reg文件发我邮箱里,ryx1191@sina.con,谢谢先.
先用了电脑上的升过级更新完的Symantec Antivirus全盘杀了,没有发现任何.后又用了瑞星的在线杀毒,10元/月的那个,结果也是没有发现任何异常.郁闷的.......
……………… |
1、
附件:
155847200722104655.jpg
baohe - 2007-2-2 10:56:00
baohe - 2007-2-2 10:57:00
baohe - 2007-2-2 10:57:00
baohe - 2007-2-2 11:02:00
还可再狠一点:仿前法炮制个禁止Cn911.exe的.reg,也导入注册表中。
附件:
155847200722105255.jpg
© 2000 - 2026 Rising Corp. Ltd.