[CODE] 2008-12-22,13:53:47 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup> [(Verified)Kingsoft Corporation, 2008,11,20,680, C:2008-11-17 10:07 M:2008-12-21 13:52] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0, C:2008-11-05 10:40 M:2008-06-07 09:27] <; C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe> [] [Lenovo(Beijing)Limited, 2.0.1.6, C:2007-10-11 10:40 M:2007-04-29 15:30] <360Safetray> [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12] [] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup> [(Verified)Kingsoft Corporation, 2008,12,04,691, C:2008-11-10 16:37 M:2008-12-21 13:15] <; RTHDCPL.EXE> [N/A, ] <; C:\WINDOWS\system32\igfxpers.exe> [(Verified)Intel Corporation, 6.14.10.4820, C:2008-01-03 11:13 M:2007-04-20 13:57] <; nwiz.exe /install> [N/A, C:2007-10-11 10:25 M:2007-05-11 22:57] <; RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14|(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] <; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14|(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] <; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh, 1, 0, 0, 2, C:2007-10-11 10:54 M:2001-07-09 10:50] <; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation, 6.14.10.4820, C:2008-01-03 11:13 M:2007-04-20 13:57] <; C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation, 6.14.10.4820, C:2008-01-03 11:13 M:2007-04-20 13:57] <; C:\Program Files\Lenovo\EnergyCut\utilty.exe> [] <; C:\WINDOWS\system32\WLTRAY.exe> [Broadcom Corporation, 4.10.47.2, C:2008-01-27 12:56 M:2008-04-02 10:49] <; C:\Program Files\Apoint2K\Apoint.exe> [] <; ALCMTR.EXE> [N/A, ] <; > [N/A, ] <; > [N/A, ] <; > [N/A, ] <; > [N/A, ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-01-03 11:10 M:2008-07-28 15:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-01-03 11:10 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-09-17 04:08 M:2008-09-17 04:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Intel Corporation, 6.14.10.4820, C:2008-01-03 11:13 M:2007-04-16 12:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506), C:2004-08-17 12:00 M:2008-08-26 15:57|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506), C:2004-08-17 12:00 M:2008-08-26 15:57|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14|(Verified)Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506), C:2004-08-17 12:00 M:2008-08-26 15:57|(Verified)N/A, C:2004-08-17 12:00 M:2008-04-14 09:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-01-03 11:10 M:2008-07-10 21:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}] <浩方电竞平台> [(Verified)上海浩方在线信息技术有限公司, 5.0.2.0, C:2008-09-24 11:59 M:2008-09-24 11:59] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}] <联想> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}] [(Verified)N/A, C:2008-10-25 21:51 M:2008-09-26 18:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-10-17 17:29 M:2008-10-17 17:29] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor] [Microsoft Corporation, 11.3.1897.0, C:2007-10-11 10:52 M:2003-06-18 17:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}] [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] ======================================== 启动项 ======================================== 计划任务 ======================================== 组件 IE Extension [Web 流量保护状态] {85E0B171-04FA-11D1-B7DA-00A0C90348D6} [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-10-11 10:00 M:2004-08-17 20:00] [NvCpl DesktopContext Class] {A70C977A-BF00-412C-90B7-034C51DA2439} [(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] [Play on my TV helper] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2007-10-11 10:25 M:2007-05-11 22:57] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2007-10-11 10:25 M:2007-05-11 22:57] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2007-10-11 10:25 M:2007-05-11 22:57] [WdmidleDeviceShellExtension] {2d3dd4c0-3bd7-11d2-821e-444553540000} [N/A, C:2007-10-11 10:40 M:2006-03-15 21:43] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-10-11 10:49 M:2004-09-02 09:39] [Web 流量保护状态] {85E0B171-04FA-11D1-B7DA-00A0C90348D6} [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] Protocols [Microsoft Infotech Storage Protocol for IE 4.0] {0A9007C0-4076-11D3-8789-0000F8105754} [Microsoft Corporation, 05.02.9336.01, C:2000-04-19 18:47 M:2000-04-19 18:47] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-01-03 11:10 M:2008-06-13 09:43] [IEVkbdBHO Class] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-01-03 11:10 M:2008-06-13 09:43] [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [] [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [(Verified)Kingsoft Corporation, 2008,06,26,421, C:2008-09-19 19:01 M:2008-09-19 19:01] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-01-03 11:10 M:2008-06-13 09:43] [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [(Verified)Copyright 2001, 2, 5, 1, 509, C:2007-04-19 18:43 M:2008-04-29 10:36] [DrvCert Class] {2FD68643-4BCE-4EF5-B7B8-F0F1192FDE86} [联想(北京)有限公司, 3.2.3.9, C:2007-04-18 00:29 M:2007-04-18 00:29] [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-07 21:27 M:2008-12-21 13:10] [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [Apple Computer, Inc., 7.1.3, C:2006-09-01 17:26 M:2006-09-01 17:26] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-01-03 11:10 M:2008-06-13 09:43] [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [(Verified)Copyright 2007, 2, 1, 2, 1, C:2007-04-19 18:46 M:2008-05-20 10:51] [IEVkbdBHO Class] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] [DrvINFReader Class] {631AC624-4EA0-49AB-ABD7-64409592AE15} [联想(北京)有限公司, 1.0.0.0, C:2007-04-18 00:25 M:2007-04-18 00:25] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Xunlei Networking Technologies,LTD, 2, 1, 6, 81, C:2008-01-03 11:10 M:2008-11-13 10:54] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-01-03 11:10 M:2008-11-13 10:54] [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-06-07 13:40 M:2008-03-18 12:14] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [(Verified)Thunder Networking Technologies,LTD, 3, 1, 6, 81, C:2008-12-21 16:16 M:2008-11-25 11:16] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 1, 1029, C:2008-11-25 09:42 M:2008-11-25 09:42] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-01-03 11:10 M:2008-06-13 09:43] [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Microsoft Corporation, 5.00.2916.0, C:2003-05-16 17:49 M:2003-05-16 17:49] [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [] [DrvInst Class] {9222E48D-8985-4BE2-B9DB-EBE734CBE7B5} [联想(北京)有限公司, 1.0.0.0, C:2007-04-18 00:26 M:2007-04-18 00:26] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5803, 60, C:2008-10-16 16:11 M:2008-08-04 12:58] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [] [WDCCBCtrl Class] {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} [(Verified)Copyright 2007, 1, 0, 0, 7, C:2008-09-13 18:25 M:2008-05-28 14:34] [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-09-19 19:01 M:2008-09-19 19:01] [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [(Verified)Kingsoft Corporation, 2008,06,26,421, C:2008-09-19 19:01 M:2008-09-19 19:01] [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-10-16 16:11 M:2008-08-04 12:58] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2008-10-16 16:11 M:2008-08-04 12:58] Context Menu [Kaspersky Anti-Virus] {dd230880-495a-11d1-b064-008048ec2fc5} [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-10-11 10:49 M:2004-09-02 09:39] [金山毒霸2009] {E49446FE-9679-4b85-A994-D96137867905} [(Verified)Kingsoft Corporation, 2008,07,09,459, C:2008-09-19 19:01 M:2008-09-19 19:01] ======================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0, C:2008-11-05 10:40 M:2008-06-07 09:27] [Broadcom Wireless LAN Tray Service / wltrysvc][Running/Auto Start] <%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe> [N/A, C:2008-01-27 12:56 M:2005-12-14 23:10] [Kaspersky Anti-Virus / AVP][Running/Auto Start] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r> [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20] [Contrl Center of Storm Media / ccosm][Running/Auto Start] [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33] [DCOM 服务器进程启动器 / DcomLaunch][Stopped/Auto Start] <%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2008-12-22 11:00 M:2005-07-26 12:39] [DU Meter Service / DUMeterSvc][Running/Auto Start] [(Verified)Hagel Technologies Ltd, 4.0 Build R3009, C:2008-12-16 11:46 M:2007-10-15 15:19] [Kingsoft Basic Service / kaccore][Stopped/Manual Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [(Verified)Kingsoft Corporation, 2008,10,20,303, C:2008-10-28 12:53 M:2008-10-28 12:53] [Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start] [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE"> [(Verified)Kingsoft Corporation, 2008,11,20,680, C:2008-10-22 20:55 M:2008-12-21 13:16] [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE"> [(Verified)Kingsoft Corporation, 2008,10,21,649, C:2008-09-19 19:01 M:2008-12-21 13:06] [NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] [Remote Procedure Call (RPC) / RpcSs][Running/Auto Start] <%SystemRoot%\system32\svchost -k rpcss --> "%SystemRoot%\system32\rpcss.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2008-12-22 11:00 M:2005-07-26 12:39] ======================================== 驱动 [00087c7c / 00087c7c][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\00087c7c.sys> [] [b1a18a3e / b1a18a3e][Stopped/Manual Start] <\??\C:\WINDOWS\system32\b1a18a3e.sys> [] [b770ca2 / b770ca2][Stopped/Manual Start] <\??\C:\WINDOWS\system32\b770ca2.sys> [] [c6424110 / c6424110][Stopped/Manual Start] <\??\C:\WINDOWS\system32\c6424110.sys> [] [FTCProtect / FTCProtect][Stopped/Manual Start] [风云谷科技, 2.0.0.0, C:2008-12-21 12:12 M:2007-11-18 01:47] [Kl1 / kl1][Stopped/Boot Start] [] [Kaspersky Lab Driver / KLIF][Stopped/System Start] [] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2004-08-17 12:00 M:2008-06-20 19:51] [USB PC Camera 301P / ZSMC301b][Stopped/Manual Start] [VM, 4.2.1010.41, C:2008-07-19 18:43 M:2003-04-27 11:32] [Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start] [(Verified)Lenovo Corporation, 5.1.2601.0, C:2007-10-11 10:40 M:2007-04-12 11:44] [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] [(Verified)Alps Electric Co., Ltd., 5.3.201.240, C:2007-10-11 10:44 M:2006-04-11 08:19] [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] [(Verified)Broadcom Corporation, 10.26.0.0 built by: WinDDK, C:2007-10-11 10:42 M:2007-02-16 15:46] [Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Running/Manual Start] [(Verified)Broadcom Corp., 4.170.25.12, C:2008-03-17 11:28 M:2007-09-20 21:26] [Lavalys EVEREST Kernel Driver / EverestDriver][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EverestDriver.sys> [(Verified)N/A, C:2008-12-21 16:53 M:2008-03-09 13:46] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2008-04-14 00:36] [ialm / ialm][Running/Manual Start] [(Verified)Intel Corporation, 6.14.10.4820, C:2008-01-03 11:13 M:2007-04-16 14:16] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5404 built by: WinDDK, C:2007-10-11 10:37 M:2007-04-23 18:12] [KAVBase / KAVBase][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys> [(Verified)Kingsoft Corporation, 2008,11,07,144, C:2008-12-21 12:17 M:2008-12-21 13:58] [KAVBootC / KAVBootC][Running/Boot Start] [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-12-21 12:16 M:2008-09-19 19:01] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-12-21 12:16 M:2008-09-19 19:01] [Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start] [(Verified)Kaspersky Lab, 8.0.6.2, C:2008-01-29 18:29 M:2008-01-29 18:29] [Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start] [(Verified)Kaspersky Lab, 6.1.28.0, C:2008-04-30 18:06 M:2008-04-30 18:06] [KNetWch / KNetWch][Running/System Start] <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security\KNetWch.SYS> [(Verified)Kingsoft Corporation, 2008,11,29,687, C:2008-12-21 13:58 M:2008-12-21 13:52] [KWatch3 / KWatch3][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KWatch3.sys> [(Verified)Kingsoft Corporation, 2008,09,25,71, C:2008-12-21 12:17 M:2008-10-07 16:14] [用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Stopped/Manual Start] [(Verified)Intel? Corporation, 10, 5, 1, 75, C:2007-10-11 10:25 M:2006-11-15 05:48] [WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start] [(Verified)CACE Technologies, 4.0.0.755, C:2007-01-26 01:31 M:2007-01-26 01:31] [nv / nv][Stopped/Manual Start] [(Verified)NVIDIA Corporation, 6.14.11.0128, C:2007-10-11 10:25 M:2007-05-11 22:57] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00] [USB Mass Stroage Device / RTSTOR][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 2.0.9.91, C:2007-10-11 10:41 M:2007-01-15 14:37] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-08-17 12:00 M:2007-11-13 18:25] [smserial / smserial][Running/Manual Start] [(Verified)Motorola Inc., SM56 Rel. 6.12 Build 05, C:2008-07-25 01:41 M:2006-11-22 17:35] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [(Verified)TENCENT, 0, 0, 8, 8, C:2008-06-26 13:05 M:2008-11-05 13:30] ======================================== 进程 [PID: 632 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 1308 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:13] [PID: 1332 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2004-08-17 12:00 M:2008-04-14 10:14] C:\WINDOWS\system32\klogon.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] [PID: 1376 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 1388 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 1576 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] c:\windows\system32\rpcss.dll [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:2008-12-22 11:00 M:2005-07-26 12:39] [PID: 1612 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 1768 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 1928 / SYSTEM] C:\WINDOWS\System32\WLTRYSVC.EXE [N/A, C:2008-01-27 12:56 M:2005-12-14 23:10] C:\WINDOWS\System32\MSVCR71.dll [Microsoft Corporation, 7.10.6030.0, C:2004-04-05 10:31 M:2007-03-21 20:33] [PID: 1952 / SYSTEM] C:\WINDOWS\System32\bcmwltry.exe [Broadcom Corporation, 4.10.47.2, C:2008-01-27 12:56 M:2008-04-02 10:49] C:\WINDOWS\System32\bcm1xsup.dll [N/A, C:2008-01-27 12:56 M:2005-12-14 23:10] C:\WINDOWS\System32\bcmwlpkt.dll [CACE Technologies, 3, 1, 0, 27, C:2008-01-27 12:56 M:2005-12-14 23:10] C:\WINDOWS\System32\MSVCR71.dll [Microsoft Corporation, 7.10.6030.0, C:2004-04-05 10:31 M:2007-03-21 20:33] C:\WINDOWS\System32\MFC71.DLL [Microsoft Corporation, 7.10.6041.0, C:2008-01-27 12:56 M:2007-03-21 20:39] C:\WINDOWS\System32\MSVCP71.dll [Microsoft Corporation, 7.10.6030.0, C:2004-04-05 10:31 M:2007-03-21 20:33] C:\WINDOWS\System32\atl71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-01-27 12:56 M:2005-12-14 23:10] C:\WINDOWS\System32\wltrynt.dll [Broadcom Corporation, 4.10.47.2, C:2008-01-27 12:56 M:2005-12-14 23:10] [PID: 236 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2004-08-17 12:00 M:2008-04-14 10:14] C:\WINDOWS\system32\mdimon.dll [Microsoft Corporation, 11.3.1897.0, C:2007-10-11 10:52 M:2003-06-18 17:31] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll [Microsoft Corporation, 11.3.1897.0, C:2007-10-11 10:52 M:2003-06-18 17:31] [PID: 448 / SYSTEM] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\fssync.dll [(Verified)Kaspersky Lab, 8.0.5.454, C:2008-07-29 20:21 M:2008-07-29 20:21] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Ushata.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\CLLDR.DLL [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\winreg.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:27 M:2008-07-29 20:27] c:\program files\kaspersky lab\kaspersky anti-virus 2009\mkavio.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\tm.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\nfio.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\fsdrvplg.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\bl.ppl [(Verified)Kaspersky Lab, 8.0.0.459, C:2008-07-29 20:23 M:2008-10-20 17:03] c:\program files\kaspersky lab\kaspersky anti-virus 2009\wmihlpr.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:27 M:2008-07-29 20:27] c:\program files\kaspersky lab\kaspersky anti-virus 2009\regmap.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\ndetect.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\crpthlpr.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\dtreg.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\sfdb.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\schedule.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\timer.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\thpimpl.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\lic.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\report.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\reportdb.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\hashmd5.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\avs.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\vmarea.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:27 M:2008-07-29 20:27] c:\program files\kaspersky lab\kaspersky anti-virus 2009\avlib.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\avspm.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\qb.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\procmon.ppl [(Verified)Kaspersky Lab, 8.0.0.461, C:2008-07-29 20:25 M:2008-10-20 17:03] c:\program files\kaspersky lab\kaspersky anti-virus 2009\propmap.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\filemap.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\syswatch.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\httpscan.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\oas.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\stat.ppl [(Verified)Kaspersky Lab, 8.0.0.458, C:2008-07-29 20:26 M:2008-10-20 17:03] c:\program files\kaspersky lab\kaspersky anti-virus 2009\aphisht.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\mc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\httpanlz.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\pdm2rt.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\trafmon2.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\CKAHUM.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] c:\program files\kaspersky lab\kaspersky anti-virus 2009\CKAHComm.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] c:\program files\kaspersky lab\kaspersky anti-virus 2009\ckahrule.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] c:\program files\kaspersky lab\kaspersky anti-virus 2009\sc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\urlflt.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:27 M:2008-07-29 20:27] c:\program files\kaspersky lab\kaspersky anti-virus 2009\avpgs.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avzkrnl.dll [(Verified), 4.30.0.10, C:2008-07-29 20:21 M:2008-07-29 20:21] c:\program files\kaspersky lab\kaspersky anti-virus 2009\ichk2.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\ichksa.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\smtpprtc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\pop3prtc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\imapprtc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\nntpprtc.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] [PID: 472 / SYSTEM] C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33] [PID: 512 / SYSTEM] D:\DU Meter\DUMeterSvc.exe [(Verified)Hagel Technologies Ltd, 4.0 Build R3009, C:2008-12-16 11:46 M:2007-10-15 15:19] D:\DU Meter\sqlite3.dll [Hagel Technologies Ltd, 3.4.2, C:2008-12-16 11:46 M:2007-10-15 15:18] [PID: 624 / SYSTEM] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [(Verified)Microsoft Corporation, 7.00.9466, C:2003-06-19 23:25 M:2003-06-19 23:25] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll [Microsoft Corporation, 7.00.9466, C:2002-01-29 15:06 M:2002-01-29 15:06] [PID: 688 / SYSTEM] C:\WINDOWS\system32\msiexec.exe [(Verified)Microsoft Corporation, 3.1.4001.5512, C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 796 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 832 / SYSTEM] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0, C:2008-11-05 10:40 M:2008-06-07 09:27] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2, C:2008-11-05 10:40 M:2008-06-07 09:27] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20, C:2008-11-05 10:40 M:2008-05-28 14:34] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 1, 0, 0, 11, C:2008-11-05 10:40 M:2008-05-28 14:34] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDPKCS.dll [ Beijing WatchData System Co., Ltd., 3, 6, 2, 15, C:2008-11-05 10:40 M:2008-05-30 11:08] [PID: 1172 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2004-08-17 12:00 M:2008-04-14 10:13] [PID: 1652 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-17 12:00 M:2008-04-14 10:14] [PID: 672 / 123] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:14] C:\Program Files\Kingsoft\Kingsoft Internet Security\ktaskbar.dll [(Verified)Kingsoft Corporation, 2008,11,29,687, C:2008-11-13 17:52 M:2008-12-21 13:14] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-01-03 11:10 M:2008-06-13 09:43] C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-01-03 11:10 M:2008-06-13 09:43] C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-10-16 16:11 M:2008-08-04 12:58] C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-10-16 16:11 M:2008-08-04 12:58] C:\WINDOWS\system32\msdmo.dll [(Verified)N/A, C:2004-08-17 12:00 M:2008-04-14 10:13] C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVEXT.DLL [(Verified)Kingsoft Corporation, 2008,07,09,459, C:2008-09-19 19:01 M:2008-09-19 19:01] E:\QQ\qdshm.dll [(Verified)Copyright 2004, 1, 0, 101, 20, C:2008-05-30 09:03 M:2008-05-14 20:49] C:\Program Files\WinRAR\rarext.dll [N/A, C:2007-10-11 10:49 M:2004-09-02 09:39] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] [PID: 1636 / 123] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prremote.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\fssync.dll [(Verified)Kaspersky Lab, 8.0.5.454, C:2008-07-29 20:21 M:2008-07-29 20:21] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\Ushata.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\CLLDR.DLL [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prloader.dll [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\prkernel.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\pxstub.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\params.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\winreg.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:27 M:2008-07-29 20:27] c:\program files\kaspersky lab\kaspersky anti-virus 2009\mkavio.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\tempfile.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] c:\program files\kaspersky lab\kaspersky anti-virus 2009\avpgui.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\nfio.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:25 M:2008-07-29 20:25] c:\program files\kaspersky lab\kaspersky anti-virus 2009\fsdrvplg.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:24 M:2008-07-29 20:24] c:\program files\kaspersky lab\kaspersky anti-virus 2009\basegui.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:23 M:2008-07-29 20:23] c:\program files\kaspersky lab\kaspersky anti-virus 2009\thpimpl.ppl [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:26 M:2008-07-29 20:26] [PID: 1656 / 123] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0, C:2008-11-05 10:40 M:2008-06-07 09:27] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2, C:2008-11-05 10:40 M:2008-06-07 09:27] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20, C:2008-11-05 10:40 M:2008-05-28 14:34] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 1, 0, 0, 11, C:2008-11-05 10:40 M:2008-05-28 14:34] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDPKCS.dll [ Beijing WatchData System Co., Ltd., 3, 6, 2, 15, C:2008-11-05 10:40 M:2008-05-30 11:08] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDEvent.dll [ Beijing WatchData System Co., Ltd., 1, 0, 0, 1, C:2008-11-05 10:40 M:2008-06-07 09:27] [PID: 1668 / 123] C:\Program Files\Lenovo\EnergyCut\utilty.exe [Lenovo(Beijing)Limited, 2.0.1.6, C:2007-10-11 10:40 M:2007-04-29 15:30] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\Program Files\Lenovo\EnergyCut\kbdhook.dll [N/A, C:2007-10-11 10:40 M:2007-02-26 14:04] [PID: 1072 / 123] D:\360safe\safemon\360Tray.exe [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] D:\360safe\safemon\SafeKrnl.dll [(Verified)奇虎网, 4, 3, 0, 1003, C:2008-08-26 16:55 M:2008-08-26 16:55] D:\360safe\AntiAdwa.dll [(Verified)360Safe.com, 4, 2, 0, 1001, C:2008-06-13 20:16 M:2008-06-13 20:16] D:\360safe\live.dll [(Verified)360.cn, 1, 0, 1, 1029, C:2008-11-25 09:42 M:2008-11-25 09:42] [PID: 2036 / 123] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-03-14 13:23] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] [PID: 2636 / 123] C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE [(Verified)Microsoft Corporation, 11.0.5604, C:2003-08-06 13:24 M:2003-08-06 13:24] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL [Microsoft Corporation, 1.0.1038.0, C:2001-02-07 02:17 M:2001-02-07 02:17] C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll [Microsoft Corporation, 5.50.30.2002, C:2003-07-17 13:41 M:2003-07-17 13:41] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll [Microsoft Corporation, 11.3.1897.0, C:2007-10-11 10:52 M:2003-06-18 17:31] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll [Microsoft Corporation, 11.3.1897.0, C:2007-10-11 10:52 M:2003-06-18 17:31] C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL [Microsoft Corporation, 6.0.3260.0, C:2003-06-20 13:28 M:2003-06-20 13:28] [PID: 3508 / 123] C:\WINDOWS\system32\conime.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-17 12:00 M:2008-04-14 10:13] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] [PID: 3964 / 123] E:\治疗木马群套装\arswp2\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-12-22 10:17 M:2008-11-15 11:58] D:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2008-09-19 19:01 M:2008-09-19 19:01] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2008,11,18,676, C:2008-10-21 17:50 M:2008-12-21 13:58] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.762, C:2008-10-17 17:29 M:2008-10-17 17:29] E:\治疗木马群套装\arswp2\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-12-22 10:17 M:2007-11-28 15:19] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 ======================================== HOSTS 127.0.0.1 localhost [/CODE]