[CODE] 2007-10-20,22:46:59 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 2 (build 2600) - Administrators ======================================== Registries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Realtek Semiconductor Corp., 2.1.0.8, C:2007-10-19 17:46 M:2006-10-30 19:49] [(Verified)Realtek Semiconductor Corp., 1.0.0.0, C:2007-10-19 17:46 M:2006-05-16 18:04] [(Verified)Realtek Semiconductor Corp., 1.6.0.2, C:2007-10-19 17:46 M:2005-05-03 18:43] [N/A, C:2007-10-20 22:28 M:2007-10-20 22:38] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2007-10-01 12:25 M:2007-08-31 17:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2007-10-01 12:25 M:2007-08-31 17:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Intel Corporation, 3.0.0.4704, C:2008-10-18 21:01 M:2006-10-06 12:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48] ======================================== Startup Folders ======================================== Task ======================================== Components ShellServiceObjectDelayLoad [] {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} [] ShellExecuteHook [] {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} [] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-10-18 20:48 M:2004-06-06 14:13] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-10-19 06:53 M:2007-04-17 13:53] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-01 12:25 M:2007-09-22 14:16] [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [N/A, C:2007-10-20 21:34 M:2007-10-20 22:25] [IER] {62E43DCB-2B2F-4279-A5A2-33BE229684FB} [N/A, C:2008-08-04 00:10 M:2008-08-04 00:10] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 42, C:2007-10-01 12:25 M:2007-09-26 20:27] ToolBar [&IE修复专家] {C690173A-46B7-4BE4-80C7-AE5BC1FBC7CA} [N/A, C:2008-08-04 00:10 M:2008-08-04 00:10] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-01 12:25 M:2007-09-22 14:16] [] {09EB15FA-17D8-4D60-8598-3F549A848DF2} [N/A, C:2007-10-20 21:34 M:2007-10-20 22:25] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2007-10-01 12:25 M:2007-09-13 14:16] [IER] {62E43DCB-2B2F-4279-A5A2-33BE229684FB} [N/A, C:2008-08-04 00:10 M:2008-08-04 00:10] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Copyright XunLei 2007, 2, 1, 2, 77, C:2007-10-19 14:52 M:2008-08-04 12:58] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2007-10-19 14:52 M:2008-08-04 12:58] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2007-10-19 14:52 M:2008-08-04 12:58] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 42, C:2007-10-01 12:25 M:2007-09-26 20:27] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5803, 60, C:2007-10-19 14:52 M:2008-08-04 12:58] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Macromedia, Inc., 6,0,79,0, C:2008-10-18 20:50 M:2004-07-17 19:41] [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2007-10-19 14:52 M:2008-08-04 12:58] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2007-10-19 14:52 M:2008-08-04 12:58] Context Menu [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-10-19 06:53 M:2007-04-17 13:53] ======================================== Services [5B4B9 / 5B4B9][Stopped/Auto Start] [] [ceshi程序 / ceshi服务][Stopped/Manual Start] [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [kupnuid / kupnuid][Stopped/Auto Start] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [Print Spooler / Spooler][Running/Auto Start] <%SystemRoot%\system32\spoolsv.exe> [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-04 00:52 M:2008-10-19 11:04] [DCOM Server Process Launcher / DcomLaunch][Running/Auto Start] <%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2004-08-04 00:52 M:2008-10-19 07:10] [Remote Procedure Call (RPC) / RpcSs][Running/Auto Start] <%SystemRoot%\system32\svchost -k rpcss --> "c:\windows\system32\rpcss.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2004-08-04 00:52 M:2008-10-19 07:10] ======================================== Drivers [BIOS / BIOS][Running/System Start] <\??\C:\WINDOWS\system32\drivers\BIOS.sys> [BIOSTAR Group, 1, 0, 0, 0, C:2008-10-18 21:00 M:2005-03-16 14:23] [FUCKALLGUARD / FUCKALLGUARD][Stopped/Manual Start] <\??\C:\00148626\0014862E> [] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 23:14 M:2004-08-03 23:14] [ygoj / ygoj][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ygoj.sys> [] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2005-01-07 17:07] [ialm / ialm][Running/Manual Start] [(Verified)Intel Corporation, 6.14.10.4704, C:2008-10-18 21:01 M:2006-10-06 14:24] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.5319 built by: WinDDK, C:2007-10-19 17:46 M:2006-11-03 09:32] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 06:13 M:2004-06-06 06:13] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2008-10-18 20:40 M:2004-08-03 22:31] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)N/A, C:2004-07-17 11:36 M:2004-07-17 11:36] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [(Verified)TENCENT, 0, 0, 8, 4, C:2007-10-19 11:00 M:2007-10-20 18:49] ======================================== Running Processes [PID: 504 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 552 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 576 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 620 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 632 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 788 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] c:\windows\system32\rpcss.dll [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2004-08-04 00:52 M:2008-10-19 07:10] [PID: 840 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] c:\windows\system32\rpcss.dll [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2004-08-04 00:52 M:2008-10-19 07:10] [PID: 920 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 1016 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 1044 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 1208 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-04 00:52 M:2008-10-19 11:04] [PID: 1448 / w] C:\WINDOWS\explorer.exe [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] C:\Program Files\WinRAR\rarext.dll [N/A, C:2008-10-19 06:53 M:2007-04-17 13:53] D:\Thunder\Components\ResWorker\DsBho_01.dll [Copyright ? 2007, 1, 0, 0, 12, C:2007-10-06 09:16 M:2007-09-27 22:21] D:\Thunder\Components\ResWorker\DataProcessor_01.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 13, C:2007-10-06 09:16 M:2007-09-27 22:21] [PID: 1764 / w] C:\WINDOWS\RTHDCPL.EXE [(Verified)Realtek Semiconductor Corp., 2.1.0.8, C:2007-10-19 17:46 M:2006-10-30 19:49] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 1792 / w] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 368 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] [PID: 496 / w] C:\WINDOWS\system32\wscntfy.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 1320 / w] D:\QQ\QQ.exe [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\QQBaseClassInDll.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\QQHelperDll.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 16:04 M:2007-09-17 16:04] D:\QQ\BasicCtrlDll.dll [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52] D:\QQ\MFC42.DLL [Microsoft Corporation, 6.00.8665.0, C:2006-12-20 13:47 M:2006-12-20 13:47] D:\QQ\RICHED32.DLL [Microsoft Corporation, 5.00.2134.1, C:2006-12-20 13:47 M:2006-12-20 13:47] D:\QQ\RICHED20.dll [Microsoft Corporation, 5.31.23.1218, C:2006-12-20 13:47 M:2006-12-20 13:47] D:\QQ\QQAPI.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\LoginCtrl.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:51 M:2007-09-17 14:51] D:\QQ\LoginCtrlRes.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:51 M:2007-09-17 14:51] D:\QQ\QQRes.dll [(Verified)TENCENT, 8,0,978,1833, C:2007-09-17 14:57 M:2007-09-17 14:57] D:\QQ\QQMainFrame.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56] D:\QQ\UnReadMsgMgr.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:00 M:2007-09-17 15:00] D:\QQ\QQAllInOne.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\SCCore.dll [(Verified)TENCENT, 1, 6, 0, 2, C:2007-09-17 14:59 M:2007-09-17 14:59] D:\QQ\CameraDll.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:03 M:2007-09-17 15:03] D:\QQ\CQQApplication.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:50 M:2007-09-17 14:50] D:\QQ\FlashAvatarDll.dll [(Verified)版权所有 (C) 2008, 1, 0, 0, 1, C:2007-09-17 14:50 M:2007-09-17 14:50] D:\QQ\NewSkin.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52] D:\QQ\MailSummary.dll [(Verified)TENCENT, 8,0,1234,1851, C:2007-09-17 14:51 M:2007-09-17 14:51] D:\QQ\QQSpace.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:57 M:2007-09-17 14:57] D:\QQ\vbscript.dll [Microsoft Corporation, 5.6.0.7426, C:2006-12-20 13:47 M:2006-12-20 13:47] C:\WINDOWS\system32\macromed\flash\flash.ocx [(Verified)Macromedia, Inc., 6,0,79,0, C:2008-10-18 20:50 M:2004-07-17 19:41] D:\QQ\msdmo.dll [(Verified)N/A, C:2007-09-17 15:10 M:2007-09-17 15:10] D:\QQ\QQAvatar.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\OEMApplication.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52] D:\QQ\QQKnowledgeSearch.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55] D:\QQ\QQGroupMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55] D:\QQ\QQPlugin.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56] D:\QQ\QQPet.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56] D:\QQ\QQSysMsgMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:58 M:2007-09-17 14:58] D:\QQ\UserDefinedHead.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:01 M:2007-09-17 15:01] D:\QQ\QQConfigPlugin.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53] D:\QQ\QQMagicFace.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55] D:\QQ\QQCustomFace.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:54 M:2007-09-17 14:54] D:\QQ\ImageOle.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:04 M:2007-09-17 15:04] D:\QQ\QRingMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:58 M:2007-09-17 14:58] D:\QQ\QQLiveQMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55] D:\QQ\LongConnection.dll [(Verified)TENCENT, 8,0,1249,1851, C:2007-09-17 15:05 M:2007-09-17 15:05] D:\QQ\PhoneAPI.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52] D:\QQ\DialerAllinOne.dll [(Verified)tencent, 1, 4, 0, 0, C:2007-09-17 14:50 M:2007-09-17 14:50] D:\QQ\VqqAllInOne.dll [(Verified)Tencent, 2, 2, 0, 3, C:2007-09-17 15:08 M:2007-09-17 15:08] D:\QQ\tencent-proto1.dll [(Verified)tencent, 2, 1, 0, 0, C:2007-09-17 15:07 M:2007-09-17 15:07] D:\QQ\tencent-comlib.dll [(Verified)tencent, 2, 1, 0, 0, C:2007-09-17 15:07 M:2007-09-17 15:07] D:\QQ\tencent-proto2.dll [(Verified)tencent, 2, 1, 0, 0, C:2007-09-17 15:07 M:2007-09-17 15:07] D:\QQ\InPlus.dll [Tencent, 2, 1, 0, 0, C:2007-09-17 15:04 M:2007-09-17 15:04] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] D:\QQ\BQQApplication.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:49 M:2007-09-17 14:49] D:\QQ\CommercesMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:49 M:2007-09-17 14:49] D:\QQ\PersonalDesktop.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:06 M:2007-09-17 15:06] D:\QQ\QQAddr.dll [(Verified)深圳市腾讯计算机系统有限公司, 5, 0, 101, 330, C:2007-09-17 15:06 M:2007-09-17 15:06] D:\QQ\QQSceneMng.dll [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:57 M:2007-09-17 14:57] D:\QQ\AddrSearch.dll [(Verified)腾讯科技(深圳)有限公司, 2, 2, 1, 17, C:2007-09-17 14:49 M:2007-10-20 21:15] [PID: 1380 / w] D:\QQ\TXPlatform.exe [Tencent, 1, 5, 225, 0, C:2008-05-20 17:53 M:2008-10-19 11:04] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 736 / w] ? [] [PID: 884 / w] C:\Program Files\WinRAR\WinRAR.exe [N/A, C:2008-10-19 06:53 M:2007-04-17 13:53] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 200 / w] C:\DOCUME~1\w\LOCALS~1\Temp\Rar$EX01.219\Syslog.exe [N/A, C:2007-10-20 22:46 M:2008-08-27 08:39] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] [PID: 1728 / w] C:\DOCUME~1\w\LOCALS~1\Temp\RarSFX0\1.exe [N/A, C:2007-10-20 22:46 M:2008-08-04 21:19] D:\QQ\DShared.dll [(Verified)Tencent, 2, 1, 0, 0, C:2007-09-17 15:03 M:2007-09-17 15:03] ======================================== File Link ======================================== Autorun ======================================== Winsock Providers [/CODE]