[CODE]

2009-02-01,16:19:33

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation, 8.1.4202.0, C:2004-09-03 10:42 M:2004-08-17 21:00]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation, 5.2.2801, C:2004-09-03 10:42 M:2004-08-17 21:00]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation, 5.2.2801, C:2004-09-03 10:42 M:2004-08-17 21:00]
    <TrackPointSrv><tp4serv.exe>  [Lenovo Group Limited, 3.55, C:1980-01-01 00:00 M:2005-07-13 03:55]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation, 3.0.0.4436, C:1980-01-01 00:00 M:2005-11-28 13:55]
    <TPHOTKEY><C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A, C:2007-07-18 12:45 M:2006-03-09 16:14]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc., 6, 0, 0, 20, C:1980-01-01 00:00 M:2005-05-20 08:11]
    <SoundMAX><C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray>  [Analog Devices, Inc., 5, 2, 0, 8, C:2007-07-18 14:33 M:2005-05-06 14:06]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [N/A, C:1980-01-01 00:00 M:2004-08-17 21:00]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2008-12-18 18:48 M:2009-01-08 14:05]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-12-22 17:35 M:2008-12-22 17:34]
    <RFWTray><"D:\Rising\Rfw\RsTray.exe" -system>  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2008-12-25 17:38 M:2009-01-08 16:08]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [Adobe Systems Incorporated, 9.0.0.2008061200, C:2008-06-12 02:38 M:2008-06-12 02:38]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [奇虎网, 2, 0, 0, 1009, C:2008-03-20 01:54 M:2008-03-20 01:54]
    <360Safetray><D:\工具软件\360safe\safemon\360tray.exe /start>  [360安全中心, 5, 0, 0, 1008, C:2009-01-06 12:21 M:2009-01-06 12:21]
    <enf><C:\Program Files\Wincph\enf.exe>  [N/A, C:2008-07-11 20:01 M:2006-04-15 21:57]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Shell><Explorer.exe>  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:1980-01-01 00:00 M:2007-06-13 21:21]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-22 17:35 M:2008-12-22 17:34]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
    <BootExecute><autocheck autochk *>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
    <advapi32><advapi32.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <comdlg32><comdlg32.dll>  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <gdi32><gdi32.dll>  [Microsoft Corporation, 5.1.2600.3466 (xpsp_sp2_gdr.081022-1254), C:1980-01-01 00:00 M:2008-10-23 20:59]
    <imagehlp><imagehlp.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <kernel32><kernel32.dll>  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301), C:1980-01-01 00:00 M:2007-04-16 23:54]
    <lz32><lz32.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <ole32><ole32.dll>  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:1980-01-01 00:00 M:2005-07-26 12:39]
    <oleaut32><oleaut32.dll>  [Microsoft Corporation, 5.1.2600.3266, C:1980-01-01 00:00 M:2007-12-05 02:40]
    <olecli32><olecli32.dll>  [Microsoft Corporation, 1.07 (xpsp_sp2_gdr.050725-1528), C:1980-01-01 00:00 M:2005-07-26 12:39]
    <olecnv32><olecnv32.dll>  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:1980-01-01 00:00 M:2005-07-26 12:39]
    <olesvr32><olesvr32.dll>  [Microsoft Corporation, 1.09 (XPClient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <olethk32><olethk32.dll>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <rpcrt4><rpcrt4.dll>  [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051), C:1980-01-01 00:00 M:2007-07-09 21:09]
    <shell32><shell32.dll>  [Microsoft Corporation, 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240), C:1980-01-01 00:00 M:2008-07-03 21:03]
    <url><url.dll>  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:1980-01-01 00:00 M:2007-08-13 18:44]
    <urlmon><urlmon.dll>  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:1980-01-01 00:00 M:2007-08-13 18:54]
    <user32><user32.dll>  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222), C:1980-01-01 00:00 M:2007-03-08 23:37]
    <version><version.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
    <wininet><wininet.dll>  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:1980-01-01 00:00 M:2007-08-13 18:54]
    <wldap32><wldap32.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Google 搜索(&G)]
    <><res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Excel(&x)]
    <><res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [Microsoft Corporation, 5.131.2600.3272 (xpsp_sp2_qfe.071212-1253), C:1980-01-01 00:00 M:2007-12-13 12:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:2007-08-13 18:39 M:2008-10-16 21:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-16 21:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{D9FCD29C-7E14-4AF4-A935-B1321815EDEE}]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 17.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-17 04:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-17 04:38|N/A, C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-17 04:38|N/A, C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-17 04:38|N/A, C:2007-07-18 14:25 M:2004-08-11 21:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.00.2900.3402 (xpsp_sp2_qfe.080702-1240), C:1980-01-01 00:00 M:2008-07-03 21:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507), C:1980-01-01 00:00 M:2008-10-16 21:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 1.1.4322.573, C:2003-02-20 19:09 M:2003-02-20 19:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><D:\Program Files\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-12-29 17:14 M:2008-12-18 16:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ2009\Bin\AddEmotion.htm>  [N/A, C:2009-02-01 15:22 M:2009-02-01 15:22]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor]
    <PrintMonitor: BJ Language Monitor><cnbjmon.dll>  [Microsoft Corporation, 5.1.2600.2082 (xpsp(skatari).040213-0952), C:2004-08-16 16:38 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port]
    <PrintMonitor: Local Port><localspl.dll>  [Microsoft Corporation, 5.1.2600.3365 (xpsp_sp2_qfe.080503-1352), C:1980-01-01 00:00 M:2008-05-05 19:08]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor]
    <PrintMonitor: PJL Language Monitor><pjlmon.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-16 16:39 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port]
    <PrintMonitor: Standard TCP/IP Port><tcpmon.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor]
    <PrintMonitor: USB Monitor><usbmon.dll>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]


========================================
启动项

[AutoCAD 启动加速器]
    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> "C:\Program Files\Common Files\Autodesk Shared\acstart16.exe"  > [Autodesk, Inc, 16.1.63.0, C:2004-02-25 09:35 M:2004-02-25 09:35]


========================================
计划任务

[PMTask.job]
    <C:\WINDOWS\tasks\PMTask.job --> "C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE"  > [N/A, C:2007-07-18 14:53 M:2006-03-23 01:13]


========================================
服务

[Ac Profile Manager Service / AcPrfMgrSvc][Running/Auto Start]
    <C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe>  [N/A, C:2007-07-18 14:53 M:2006-01-31 22:23]
[Access Connections Main Service / AcSvc][Running/Auto Start]
    <C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe>  [Lenovo, 4, 11, 0, 0, C:2007-07-18 14:53 M:2006-01-31 22:24]
[Alerter / Alerter][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\system32\alrsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Application Layer Gateway Service / ALG][Running/Manual Start]
    <%SystemRoot%\System32\alg.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Application Management / AppMgmt][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\appmgmts.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
    <%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe>  [Microsoft Corporation, 1.1.4322.2032, C:2004-07-15 01:49 M:2004-07-15 01:49]
[Windows Audio / AudioSrv][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\audiosrv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe">  [Autodesk, Inc., 2.51.000, C:2007-07-20 09:44 M:2007-07-20 09:44]
[Background Intelligent Transfer Service / BITS][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\qmgr.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:49 M:2004-08-17 21:00]
[Computer Browser / Browser][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\browser.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <D:\Program Files\stormliv.exe /asservice>  [北京暴风网际科技有限公司, 3, 8, 12, 12, C:2008-12-17 17:41 M:2008-12-17 17:41]
[Indexing Service / CiSvc][Stopped/Manual Start]
    <%SystemRoot%\system32\cisvc.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[ClipBook / ClipSrv][Stopped/Manual Start]
    <%SystemRoot%\system32\clipsrv.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[COM+ System Application / COMSysApp][Stopped/Manual Start]
    <C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Cryptographic Services / CryptSvc][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\cryptsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:1980-01-01 00:00 M:2005-07-26 12:39]
[DHCP Client / Dhcp][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\dhcpcsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003), C:1980-01-01 00:00 M:2006-05-19 21:14]
[Diskeeper / Diskeeper][Running/Auto Start]
    <C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe>  [Diskeeper Corporation, 9.0.537.0, C:2006-03-01 11:50 M:2006-03-01 11:50]
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
    <%SystemRoot%\System32\dmadmin.exe /com>  [Microsoft Corp., Veritas Software, 2600.2180.503.0, C:1980-01-01 00:00 M:2004-08-17 21:00]
[Logical Disk Manager / dmserver][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\dmserver.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corp., 2600.2180.503.0, C:1980-01-01 00:00 M:2004-08-17 21:00]
[DNS Client / Dnscache][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k NetworkService --> "%SystemRoot%\System32\dnsrslvr.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316), C:1980-01-01 00:00 M:2008-02-20 13:33]
[Error Reporting Service / ERSvc][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\ersvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Event Log / Eventlog][Running/Auto Start]
    <%SystemRoot%\system32\services.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[COM+ Event System / EventSystem][Running/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\es.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 2001.12.4414.320, C:1980-01-01 00:00 M:2008-07-08 04:30]
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:1980-01-01 00:00 M:2006-12-20 05:49]
[Help and Support / helpsvc][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:49 M:2004-08-17 21:00]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[HTTP SSL / HTTPFilter][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k HTTPFilter --> "%SystemRoot%\System32\w3ssl.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
    <%SystemRoot%\system32\ibmpmsvc.exe>  [N/A, C:1980-01-01 00:00 M:2005-11-11 01:33]
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe">  [Macrovision Corporation, 10.50.125, C:2004-10-22 03:24 M:2004-10-22 03:24]
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
    <C:\WINDOWS\system32\imapi.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[IPS 核心服务 / IPSSVC][Running/Auto Start]
    <%SystemRoot%\system32\IPSSVC.EXE>  [Lenovo Group Limited, 2, 0, 0, 0, C:2007-07-18 12:43 M:2006-03-23 02:03]
[Server / lanmanserver][Running/Disabled]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\srvsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729), C:1980-01-01 00:00 M:2004-12-08 03:34]
[Workstation / lanmanworkstation][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\wkssvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3365 (xpsp_sp2_qfe.080503-1352), C:1980-01-01 00:00 M:2008-05-05 19:08]
[TCP/IP NetBIOS Helper / LmHosts][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\lmhsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Machine Debug Manager / MDM][Running/Auto Start]
    <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe">  [Microsoft Corporation, 7.00.9064.9150, C:2001-02-23 10:07 M:2001-02-23 10:07]
[Messenger / Messenger][Stopped/Disabled]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\msgsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
    <C:\WINDOWS\system32\mnmsrvc.exe>  [Microsoft Corporation, 5.1.2600.2180, C:2004-09-03 10:49 M:2004-08-17 21:00]
[Distributed Transaction Coordinator / MSDTC][Stopped/Manual Start]
    <C:\WINDOWS\system32\msdtc.exe>  [Microsoft Corporation, 2001.12.4414.258, C:2004-09-03 10:47 M:2004-08-17 21:00]
[Windows Installer / MSIServer][Stopped/Manual Start]
    <C:\WINDOWS\system32\msiexec.exe /V>  [Microsoft Corporation, 3.1.4000.1823, C:1980-01-01 00:00 M:2005-05-04 14:45]
[Network DDE / NetDDE][Stopped/Manual Start]
    <%SystemRoot%\system32\netdde.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Network DDE DSDM / NetDDEdsdm][Stopped/Disabled]
    <%SystemRoot%\system32\netdde.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Net Logon / Netlogon][Stopped/Disabled]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Network Connections / Netman][Running/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\netman.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525), C:1980-01-01 00:00 M:2005-08-23 02:35]
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mswsock.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
[NT LM Security Support Provider / NtLmSsp][Stopped/Manual Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Removable Storage / NtmsSvc][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\ntmssvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2400.2180, C:1980-01-01 00:00 M:2004-08-17 21:00]
[Plug and Play / PlugPlay][Running/Auto Start]
    <%SystemRoot%\system32\services.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[IPSEC Services / PolicyAgent][Running/Auto Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Protected Storage / ProtectedStorage][Running/Auto Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Remote Access Auto Connection Manager / RasAuto][Stopped/Disabled]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\rasauto.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Remote Access Connection Manager / RasMan][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\rasmans.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347), C:1980-01-01 00:00 M:2006-06-22 18:47]
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\CCENTER.EXE>  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-12-18 18:47 M:2008-12-18 18:45]
[Rising RavTask Manager / RavTask][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask>  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-12-18 18:47 M:2009-01-20 14:12]
[Remote Desktop Help Session Manager / RDSessMgr][Stopped/Manual Start]
    <C:\WINDOWS\system32\sessmgr.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:47 M:2004-08-17 21:00]
[Routing and Remote Access / RemoteAccess][Stopped/Disabled]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mprdim.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Remote Registry / RemoteRegistry][Stopped/Disabled]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\system32\regsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
    <D:\Rising\Rfw\CCENTER.EXE>  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-12-25 17:38 M:2008-12-25 17:37]
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
    <D:\Rising\Rfw\rfwsrv.exe>  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-12-25 17:38 M:2008-12-25 17:37]
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
    <"D:\Rising\Rfw\RavTask.exe" RfwTask>  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-12-25 17:38 M:2009-01-20 14:12]
[Remote Procedure Call (RPC) Locator / RpcLocator][Stopped/Manual Start]
    <%SystemRoot%\system32\locator.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k rpcss --> "%SystemRoot%\system32\rpcss.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528), C:1980-01-01 00:00 M:2005-07-26 12:39]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\RavMonD.exe>  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 18:48 M:2008-12-18 18:36]
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\ScanFrm.exe>  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-12-18 18:47 M:2008-12-18 18:35]
[QoS RSVP / RSVP][Stopped/Manual Start]
    <%SystemRoot%\system32\rsvp.exe>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Security Accounts Manager / SamSs][Running/Auto Start]
    <%SystemRoot%\system32\lsass.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Smart Card / SCardSvr][Stopped/Manual Start]
    <%SystemRoot%\System32\SCardSvr.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Task Scheduler / Schedule][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\schedsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:49 M:2004-08-17 21:00]
[Secondary Logon / seclogon][Running/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\seclogon.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[System Event Notification / SENS][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\sens.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Windows Firewall/Internet Connection Sharing (ICS) / SharedAccess][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\ipnathlp.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3355 (xpsp_sp2_qfe.080421-1247), C:1980-01-01 00:00 M:2008-04-22 02:40]
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:1980-01-01 00:00 M:2006-12-20 05:49]
[Print Spooler / Spooler][Running/Auto Start]
    <%SystemRoot%\system32\spoolsv.exe>  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:1980-01-01 00:00 M:2005-06-11 07:53]
[System Restore Service / srservice][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\srsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:49 M:2004-08-17 21:00]
[SSDP Discovery Service / SSDPSRV][Running/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\ssdpsrv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Windows Image Acquisition (WIA) / stisvc][Running/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k imgsvc --> "%SystemRoot%\system32\wiaservc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3051 (xpsp_sp2_gdr.061219-0316), C:1980-01-01 00:00 M:2006-12-20 02:17]
[MS Software Shadow Copy Provider / SwPrv][Stopped/Manual Start]
    <C:\WINDOWS\system32\dllhost.exe /Processid:{95785197-5EFA-41CD-8A5E-2B796F8304FB}>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
    <%SystemRoot%\system32\smlogsvc.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Telephony / TapiSrv][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\tapisrv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657), C:1980-01-01 00:00 M:2005-07-09 00:28]
[Terminal Services / TermService][Stopped/Disabled]
    <%SystemRoot%\System32\svchost -k DComLaunch --> "%SystemRoot%\System32\termsrv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:47 M:2004-08-17 21:00]
[Themes / Themes][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\shsvcs.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316), C:1980-01-01 00:00 M:2006-12-20 05:49]
[Telnet / TlntSvr][Stopped/Manual Start]
    <C:\WINDOWS\system32\tlntsvr.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
    <C:\WINDOWS\system32\TpKmpSVC.exe>  [N/A, C:2007-07-18 14:31 M:2005-06-06 21:26]
[Distributed Link Tracking Client / TrkWks][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\trkwks.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[TVT Backup Service / TVT Backup Service][Running/Auto Start]
    <"C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe">  [Copyright 2002, 3,0,27,0, C:2005-12-21 18:20 M:2005-12-21 18:20]
[TVT Scheduler / TVT Scheduler][Running/Auto Start]
    <"C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe">  [Copyright 2004, 3,0,9,0, C:2005-12-21 18:34 M:2005-12-21 18:34]
[ThinkVantage System Update / UCLauncherService][Running/Auto Start]
    <C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe>  [N/A, C:2005-08-01 17:32 M:2005-08-01 17:32]
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
    <C:\WINDOWS\system32\wdfmgr.exe>  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act), C:2004-08-10 22:05 M:2004-08-10 22:05]
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\upnphost.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255), C:1980-01-01 00:00 M:2007-02-06 04:19]
[Uninterruptible Power Supply / UPS][Stopped/Manual Start]
    <%SystemRoot%\System32\ups.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Volume Shadow Copy / VSS][Stopped/Manual Start]
    <%SystemRoot%\System32\vssvc.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Windows Time / W32Time][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\w32time.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.3365 (xpsp_sp2_qfe.080503-1352), C:1980-01-01 00:00 M:2008-05-05 19:08]
[WebClient / WebClient][Running/Auto Start]
    <%SystemRoot%\system32\svchost.exe -k LocalService --> "%SystemRoot%\System32\webclnt.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536), C:1980-01-01 00:00 M:2006-01-04 11:35]
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
    <%systemroot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\wbem\WMIsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:47 M:2004-08-17 21:00]
[Windows Media Connect (WMC) / WmcCds][/Manual Start]
    <c:\program files\windows media connect\mswmccds.exe>  [Microsoft Corporation, 5.1.2600.1 built by: DNSRV(bld4act), C:2004-08-11 00:46 M:2004-08-11 00:46]
[Windows Media Connect (WMC) 帮助程序 / WmcCdsLs][Stopped/Manual Start]
    <C:\Program Files\Windows Media Connect\mswmcls.exe>  [Microsoft Corporation, 5.1.2600.1 built by: DNSRV(bld4act), C:2004-08-10 21:50 M:2004-08-10 21:50]
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\MsPMSNSv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 10.0.3790.3646, C:1980-01-01 00:00 M:2004-08-11 00:45]
[Windows Management Instrumentation Driver Extensions / Wmi][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\advapi32.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[WMI Performance Adapter / WmiApSrv][Stopped/Manual Start]
    <C:\WINDOWS\system32\wbem\wmiapsrv.exe>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:47 M:2004-08-17 21:00]
[Security Center / wscsvc][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SYSTEMROOT%\system32\wscsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]
[Automatic Updates / wuauserv][Running/Auto Start]
    <%systemroot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\wuauserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:49 M:2004-08-17 21:00]
[Wireless Zero Configuration / WZCSVC][Running/Auto Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\wzcsvc.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2658 (xpsp.050419-1524), C:2004-08-16 16:39 M:2005-04-21 03:31]
[Network Provisioning Service / xmlprov][Stopped/Manual Start]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\xmlprov.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00|Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-17 21:00]



========================================
驱动

[360procmon / 360procmon][Running/Manual Start]
    <\??\D:\工具软件\360safe\safemon\360procmon.sys>  [版权所有 (C) 2006-2008 360.cn, 1, 0, 0, 1001, C:2008-09-28 00:56 M:2008-09-28 00:56]
[abp480n5 / abp480n5][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\ABP480N5.SYS>  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2004-09-03 13:05 M:2001-08-17 13:52]
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
    <system32\drivers\ac97intc.sys>  [Intel Corporation, 5.10.3523 built by: WinDDK, C:2004-09-03 10:44 M:2001-08-17 12:20]
[Microsoft ACPI Driver / ACPI][Running/Boot Start]
    <system32\DRIVERS\ACPI.sys>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-16 16:22 M:2004-08-17 21:00]
[Microsoft Embedded Controller Driver / ACPIEC][Running/Boot Start]
    <system32\DRIVERS\ACPIEC.sys>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2001-08-31 15:21 M:2004-08-17 21:00]
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
    <system32\drivers\ADIHdAud.sys>  [Analog Devices, Inc., 5.10.01.4310 built by: WinDDK, C:1980-01-01 00:00 M:2006-01-31 10:19]
[adpu160m / adpu160m][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\adpu160m.sys>  [Microsoft Corporation, v3.60a (Lab01_N(johnstra).010529-2218), C:2004-09-03 12:55 M:2001-08-17 14:07]
[AEAudio Service / AEAudioService][Running/Manual Start]
    <system32\drivers\AEAudio.sys>  [Andrea Electronics Corporation, 4.0.1.20, C:1980-01-01 00:00 M:2005-06-07 13:53]
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
    <system32\drivers\aec.sys>  [Microsoft Corporation, 5.1.2601.2180, C:2004-09-03 10:46 M:2006-02-15 08:22]
[AFD / AFD][Running/System Start]
    <\SystemRoot\System32\drivers\afd.sys>  [Microsoft Corporation, 5.1.2600.3463 (xpsp_sp2_qfe.081016-1724), C:1980-01-01 00:00 M:2008-10-16 22:48]
[Intel AGP Bus Filter / agp440][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\agp440.sys>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-09-03 10:45 M:2004-08-03 23:07]



========================================
进程


========================================
文件关联

[.hlp] <%SystemRoot%\system32\winhlp32.exe %1> [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
[.vbs] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.6.0.8820, C:1980-01-01 00:00 M:2004-08-17 21:00]
[.js] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.6.0.8820, C:1980-01-01 00:00 M:2004-08-17 21:00]
[.chm] <"C:\WINDOWS\hh.exe" %1> [Microsoft Corporation, 5.2.3790.2453 (srv03_sp1_gdr.050525-1542), C:1980-01-01 00:00 M:2005-05-27 07:22]


========================================
AutoRun.INF



========================================
Winsock提供者

MSAFD Tcpip [TCP/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD Tcpip [UDP/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD Tcpip [RAW/IP]
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
RSVP UDP Service Provider
    <%SystemRoot%\system32\rsvpsp.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
RSVP TCP Service Provider
    <%SystemRoot%\system32\rsvpsp.dll>  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:1980-01-01 00:00 M:2004-08-17 21:00]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{61CBBE37-1982-41B8-8BE9-2AAA20ED3CAF}] SEQPACKET 3
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{61CBBE37-1982-41B8-8BE9-2AAA20ED3CAF}] DATAGRAM 3
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F04C193-B95D-43F4-8234-6B051958D83A}] SEQPACKET 0
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{0F04C193-B95D-43F4-8234-6B051958D83A}] DATAGRAM 0
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{882E3AE6-F9C7-47B6-9725-FCE286D7E87F}] SEQPACKET 1
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{882E3AE6-F9C7-47B6-9725-FCE286D7E87F}] DATAGRAM 1
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{27676B63-A53C-4C05-863A-AF29F8531188}] SEQPACKET 2
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{27676B63-A53C-4C05-863A-AF29F8531188}] DATAGRAM 2
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{827F5046-F535-4D52-96E8-BC5D7141E92F}] SEQPACKET 4
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{827F5046-F535-4D52-96E8-BC5D7141E92F}] DATAGRAM 4
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{62C44470-9147-46E9-91D4-674E5483F910}] SEQPACKET 5
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]
MSAFD NetBIOS [\Device\NetBT_Tcpip_{62C44470-9147-46E9-91D4-674E5483F910}] DATAGRAM 5
    <%SystemRoot%\system32\mswsock.dll>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:1980-01-01 00:00 M:2008-06-21 01:36]


========================================
HOSTS

    127.0.0.1 localhost


[/CODE]