[PID: 4956 / Yang][C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe] [Lenovo Group Limited, 1.50.0021.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll] [Lenovo Group Limited, 6.01.0044.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll] [IBM, 1,1,2,009]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll] [IBM, 1,1,2,009]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\dlganswerprompt.dll] [Lenovo Group Limited, 6.01.0044.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\csswait.dll] [Lenovo Group Limited, 6.01.0044.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\PWMgrHook.dll] [Lenovo Group Limited, 1.50.0021.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\cssdlgpwentry.dll] [Lenovo Group Limited, 6.01.0044.00]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\css_strings.dll] [Lenovo Group Limited, 6.01.0044.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\ThinkVantage Fingerprint Software\infra.dll] [UPEK Inc., 5.5.0.2918]
[C:\Program Files\ThinkVantage Fingerprint Software\remote.dll] [UPEK Inc., 5.5.0.2918]
[C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll] [UPEK Inc., 5.5.0.2918]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.20 14Feb06]
[C:\WINDOWS\system32\PROCHLP.DLL] [Lenovo Group Limited, 2, 0, 6, 0]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 5580 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.3.2.6]
[C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.3.2.2]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.3.2.6]
[PID: 5552 / Yang][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL] [N/A, ]
[C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopResources_zh_cn.dll] [N/A, ]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.20 14Feb06]
[C:\WINDOWS\system32\PROCHLP.DLL] [Lenovo Group Limited, 2, 0, 6, 0]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corporation, 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\Program Files\MSN Messenger\lmcdata.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\contact.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\abssm.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\vsnp2std.dll] [Sonix, 1, 1, 1, 1]
[PID: 5164 / Yang][C:\Program Files\Tencent\TT\TTraveler.exe] [Tencent, 3, 7, 305, 201]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.20 14Feb06]
[C:\WINDOWS\system32\PROCHLP.DLL] [Lenovo Group Limited, 2, 0, 6, 0]
[C:\Program Files\KDDI\auMusicPort\bin\atl.dll] [Microsoft Corporation, 3.00.9435]
[C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.4r20]
[C:\Program Files\Tencent\TT\TTNetFavor.dll] [N/A, ]
[C:\Program Files\IBM ThinkVantage\Client Security Solution\PWMgrHook.dll] [Lenovo Group Limited, 1.50.0021.00]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.0.0.6138]
[PID: 4360 / Yang][C:\移动硬盘\SCAN\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.17.20 14Feb06]
[C:\WINDOWS\system32\PROCHLP.DLL] [Lenovo Group Limited, 2, 0, 6, 0]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\移动硬盘\SCAN\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1472, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 836, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2580, C:\PROGRAM FILES\IBM THINKVANTAGE\RESCUE AND RECOVERY\RRSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2592, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2704, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1808, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2120, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2156, C:\PROGRA~1\THINKPAD\UTILIT~1\EZEJMNAP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2184, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2212, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2228, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2412, C:\PROGRA~1\THINKV~2\PRDCTR\LPMGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2436, C:\PROGRA~1\THINKV~2\AMSG\AMSG.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2568, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2892, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3148, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3396, C:\PROGRAM FILES\IBM THINKVANTAGE\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 392, C:\PROGRAM FILES\PICASA2\PICASAMEDIADETECTOR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3472, C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3644, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3704, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3752, C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPINDEX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3972, C:\PROGRAM FILES\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPDISPLAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4016, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3940, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3836, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4028, C:\PROGRAM FILES\FARSTONE\VDPPRO\VHD\RDTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3816, C:\PROGRAM FILES\FARSTONE\VDPPRO\DVDCREATOR\DVDCTRAYICONSHL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 760, C:\PROGRAM FILES\FARSTONE\VDPPRO\VDP\VDTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1784, C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2100, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2100, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2252, C:\WINDOWS\SYSTEM32\TPSCRLK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3680, C:\PROGRAM FILES\RISING\KAKATOOLBAR\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3736, C:\PROGRAM FILES\KDDI\AUMUSICPORT\AMPSTATION.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 5164, C:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/CODE]
