[CODE] 2010-06-21,13:56:44 SysLog Scanner 3.1 - build 20100608 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) ================================================================ 注册项 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup> [(Verified)Kingsoft Corporation, 2009,10,27,1070] <"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun> [(Verified)DT Soft Ltd, 4.30.1.0] <; C:\Program Files\PPStream\ppsap.exe> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Realtek Semiconductor Corp., 2.1.6.7] [(Verified)Realtek Semiconductor Corp., 1.6.0.2] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)NVIDIA Corporation, 6.14.10.9371] [N/A] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)NVIDIA Corporation, 6.14.10.9371] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup> [(Verified)Kingsoft Corporation, 2010,05,27,1314] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components] <{44BBA842-CC51-11CF-AAFA-00AA00B6015B}> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)Microsoft Corporation, 7.00.6000.20935 (vista_ldr.081013-1507) | (Verified)N/A] <{5945c046-1e7d-11d1-bc44-00c04fd912be}> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)Microsoft Corporation, 7.00.6000.20935 (vista_ldr.081013-1507) | (Verified)N/A] <{6BF52A52-394A-11d3-B153-00C04F79FAA6}> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | (Verified)Microsoft Corporation, 7.00.6000.20935 (vista_ldr.081013-1507) | (Verified)N/A] <{89B4C1CD-B018-4511-B0A1-5476DBF70820}> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105) | Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] <{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}> [FlashGet.com, 1, 7, 3, 0] <{548BF84E-9665-47f9-B635-7380F8943E90}> [N/A] <{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt] <&U使用米人下载并收藏> [N/A] <&使用优蛋下载> [N/A] <&使用优蛋下载全部链接> [N/A] <使用网际快车下载> [N/A] <使用网际快车下载全部链接> [N/A] <使用迅雷下载> [N/A] <使用迅雷下载全部链接> [N/A] <使用迅雷查看图片> [N/A] <使用迅雷离线下载> [N/A] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors] [(Verified)SEIKO EPSON CORPORATION, 2, 8, 0, 0] ================================================================ 启动组 [EPSON Online Register] <"C:\Program Files\EPSON\Online Register\Online Register.exe"> [版权所有 (C) 2003, 1, 0, 0, 1] ================================================================ 任务计划 ================================================================ 组件 -------------------------------- Shell Extension [Display Panning CPL Extension] <{42071714-76d4-11d1-8b24-00a0c9068ff3}> [] [HyperTerminal Icon Ext] <{88895560-9AA2-1069-930E-00AA0030EBC8}> [(Verified)Hilgraeve, Inc., 5.1.2600.0] [任务栏和「开始」菜单] <{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> [] [NvCpl DesktopContext Class] <{A70C977A-BF00-412C-90B7-034C51DA2439}> [(Verified)NVIDIA Corporation, 6.14.10.9371] [Desktop Explorer] <{1CDB2949-8F65-4355-8456-263E7C208A5D}> [N/A] [WinRAR shell extension] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [SmartFTP Search Shell Namespace Extension] <{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00}> [(Verified)SmartSoft Ltd., 1.0.14.4] [SmartFTP Favorites Namespace] <{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}> [(Verified)SmartSoft Ltd., 1.0.1.14] [Fusion Cache] <{1D2680C9-0E2A-469d-B787-065558BC7D43}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [ShellLink for Application References] <{e82a2d71-5b2f-43a0-97b8-81be15854de8}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [mp3infp] <{DDB066B3-8D19-11d2-8763-006052014B08}> [win32lab.com, 2.54.5.0] [NeroDigitalIconHandler] <{B327765E-D724-4347-8B16-78AE18552FC3}> [Nero AG, 2, 0, 0, 8] [Edrawings Document Thumbnail Handler] <{21D928D4-4850-45E3-9982-AD57051ECD42}> [Dassault Systèmes SolidWorks Corp., 9.0.0.706] -------------------------------- ToolBar [FlashGet Bar] <{E0E899AB-F487-11D5-8D29-0050BA6940E3}> [Amaze Soft, 1, 2, 0, 0] [EPSON Web-To-Page] <{EE5D279F-081B-4404-994D-C6B60AAEBA6D}> [SEIKO EPSON CORPORATION, 1, 1, 0, 0] [金山快译(&K)] <{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C}> [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.8] -------------------------------- Protocols [Cor MIME Filter, CorFltr, CorFltr 1] <{1E66F26B-79EE-11D2-8710-00C04F79ED0D}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [HxProtocol Class] <{314111c7-a502-11d2-bbca-00c04f8ec294}> [Microsoft Corporation, 2.05.50727.42 (RTM.050727-4200)] -------------------------------- Context Menu [EPPShellEx] <{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}> [SEIKO EPSON CORPORATION, 1, 2, 0, 0] [mp3infp] <{DDB066B3-8D19-11d2-8763-006052014B08}> [win32lab.com, 2.54.5.0] [OpenFolder] <{0DE1378D-F811-40E6-B60A-1CC56F57D3E9}> [(Verified)Alibaba software (Shanghai) Corporation., 1.0.0.1] [Quakecd] <{683E1524-B938-4873-A395-7DD1C3AC3A5F}> [金山软件股份有限公司, 5, 0, 0, 0] [RisingKaKaExt] <{356B11FA-929F-4eb7-8B26-D7E3184DDD16}> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [WinRAR] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [金山毒霸2009] <{E49446FE-9679-4b85-A994-D96137867905}> [(Verified)Kingsoft Corporation, 2008,07,09,459] [00nView] <{1E9B04FB-F9E5-4718-997B-B8DA88302A48}> [N/A] [NvCplDesktopContext] <{A70C977A-BF00-412C-90B7-034C51DA2439}> [(Verified)NVIDIA Corporation, 6.14.10.9371] -------------------------------- BrowserHelperObject [ThunderAtOnce Class] <{01443AEC-0FD1-40fd-9C87-E93D1494C233}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] [ktaskbar] <{1FDF86CF-5928-4c3f-8E98-2B737A98B96E}> [(Verified)Kingsoft Corporation, 2009,08,03,993] [DetectAddin Class] <{2D90D33C-DE76-42D0-9040-E4466DDC24AC}> [(Verified)Xunlei, 1, 0, 1, 34] [ShopEx助理IE插件] <{639E77B5-5782-4755-978D-86583671B997}> [ShopEx, 1.0.0.1] [Thunder Browser Helper] <{889D2FEB-5411-4565-8998-1DD2C5261283}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] [卡卡上网安全助手] <{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}> [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 28] [CBBrowerBuddy Class] <{A412E581-59B2-485E-834F-C5F0C0268C79}> [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2] [EpsonToolBandKicker Class] <{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}> [SEIKO EPSON CORPORATION, 1, 1, 0, 0] [gFlash Class] <{F156768E-81EF-470C-9057-481BA8380DBA}> [Copyright 2006, 1, 0, 0, 1] -------------------------------- ActiveX Extension [ThunderAtOnce Class] <{01443AEC-0FD1-40FD-9C87-E93D1494C233}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] [Shockwave ActiveX Control] <{166B1BCA-3F9C-11CF-8075-444553540000}> [(Verified)Adobe Systems, Inc., 11.5.7r609] [WWPicUploadCtrl Class] <{1D63232D-4F15-4A42-890D-EE617AA1537D}> [Alibaba software (Shanghai) Corporation, 1.0.0.1] [iTrusPTA Class] <{1E0DFFCF-27FF-4574-849B-55007349FEDA}> [(Verified)Copyright 2001, 2, 5, 1, 509] [InfoScan Control] <{1F14548F-6975-40F1-AE24-6E2D1D449B2F}> [CCB, 1, 0, 0, 1] [ktaskbar] <{1FDF86CF-5928-4C3F-8E98-2B737A98B96E}> [(Verified)Kingsoft Corporation, 2009,08,03,993] [DetectAddin Class] <{2D90D33C-DE76-42D0-9040-E4466DDC24AC}> [(Verified)Xunlei, 1, 0, 1, 34] [IeCatch5 Class] <{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}> [FlashGet, 1, 1, 5, 0] [Zyzzyva] <{30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC}> <> [] [Thunder Agent Class] <{485463B7-8FB2-4B3B-B29B-8B919B0EACCE}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] [EditCtrl Class] <{488A4255-3236-44B3-8F27-FA1AECAA8844}> [(Verified)Copyright 2008, 2, 4, 0, 1] [SkyDrive.Plugin.1] <{4990272A-0655-4D80-90A7-C18D0FF7A4A9}> [Copyright 1998, 1, 0, 0, 6] [UDownAgentObj Control] <{528D9365-F531-4A73-82B1-DC54B7DD692D}> [(Verified), 1.0.0.0] [WangWangX Class] <{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}> [(Verified)Alibaba software (Shanghai) Corporation., 1.0.0.1] [PowerPlayer Control] <{5EC7C511-CD0F-42E6-830C-1BD9882F3458}> [(Verified)PPStream Inc., 2,3,550,2096] [ShopEx助理IE插件] <{639E77B5-5782-4755-978D-86583671B997}> [ShopEx, 1.0.0.1] [金山快译(&K)] <{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C}> [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.8] [MediaComm Class] <{7670648D-461B-42AF-BDFE-46D26AF5EFF2}> [Thunder Networking Technologies,LTD, 3, 1, 7, 83] [Thunder Browser Helper] <{889D2FEB-5411-4565-8998-1DD2C5261283}> [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] [XML DOM Document 4.0] <{88D969C0-F192-11D4-A65F-0040963251E5}> [Microsoft Corporation, 4.20.9818.0] [OFrameObject Class] <{9701758C-4373-482E-B13C-776C048EC890}> [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 3, 5919, 286] [卡卡上网安全助手] <{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}> [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 28] [VersionDetector Class] <{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}> [(Verified)深圳市迅雷网络技术有限公司, 1, 1, 0, 30] [HallToolkit Class] <{A24E6133-404F-4431-A296-2DE576FC5AEE}> [(Verified)Thunder Networking Technologies,LTD, 1.0.0.6] [CBBrowerBuddy Class] <{A412E581-59B2-485E-834F-C5F0C0268C79}> [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2] [APlayer Control] <{A9322148-C691-4B9D-91FC-B9C461DBE9DD}> [(Verified)ShenZhen Thunder Networking Technologies, LTD, 2.0.5.273] [QQCertificateCtrl Class] <{BAEA0695-03A4-43BB-8495-C7025E1A8F42}> [(Verified)Tencent, 1, 2, 0, 3] [InfosecCCBNetSign Class] <{BC96F5A4-C930-4226-ADAB-59349AE585E9}> [(Verified)Infosec Technologies Co., Ltd., 1, 0, 9, 7] [QQPlayerCtrl Class] <{CD108273-D434-43E6-AA90-1469F97EB398}> [(Verified)Tencent, 3, 2, 165, 710] [WDCCBCtrl Class] <{CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB}> [(Verified)Copyright 2007, 1, 0, 0, 7] [Shockwave Flash Object] <{D27CDB6E-AE6D-11CF-96B8-444553540000}> [(Verified)Adobe Systems, Inc., 10,1,53,64] [kingsoft browser shield] <{D963BE1A-6B35-47DB-B002-49FAE71D85CC}> [(Verified)Kingsoft Corporation, 2009,04,13,824] [FlashGet Bar] <{E0E899AB-F487-11D5-8D29-0050BA6940E3}> [Amaze Soft, 1, 2, 0, 0] [QQPasswordCtrl Class] <{E787FD25-8D7C-4693-AE67-9406BC6E22DF}> [(Verified)Tencent, 1, 2, 0, 3] [EpsonToolBandKicker Class] <{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}> [SEIKO EPSON CORPORATION, 1, 1, 0, 0] [SSOForPTLogin2 Class] <{EAAED308-7322-4B9B-965E-171933ADD473}> [(Verified)(c) Tencent Co. Ltd. All rights reserved., 1, 0, 1, 4] [TimwpDll.TimwpCheck] <{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}> [(Verified)Tencent, 1, 48, 1700, 0] [gFlash Class] <{F156768E-81EF-470C-9057-481BA8380DBA}> [Copyright 2006, 1, 0, 0, 1] [XPPlayer Class] <{F3E70CEA-956E-49CC-B444-73AFE593AD7F}> [(Verified)深圳市迅雷网络技术有限公司, 2, 1, 59150, 261] ================================================================ 服务 [Apache2 / Apache2][Running/Auto Start] <"C:\Program Files\phpStudy\apache2\bin\httpd.exe" -k runservice> [Apache Software Foundation, 2.2.8] [Human Interface Device Access / HidServ][Running/Auto Start] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\Documents and Settings\All Users\DRM\black.lnk%SESSIONNAME%\filyc.cc3"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [Windows CardSpace / idsvc][/Manual Start] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"> [Microsoft Corporation, 3.0.4506.30 (WAPRTM.004506-0030)] [MySQL / MySQL][Running/Auto Start] <"C:\Program Files\phpStudy\MySQL\bin\mysqld-nt" MySQL> [N/A] [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"> [Microsoft Corporation, 3.0.4506.30 (WAPRTM.004506-0030)] [SolidWorks Licensing Service / SolidWorks Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe"> [SolidWorks, 2.80.002] [WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] [SW Distributed TS Coordinator Service / CoordinatorServiceHost][Stopped/Manual Start] <"C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe"> [(Verified)Dassault Systèmes SolidWorks Corp., 17.0.0.6014] [Diskeeper / Diskeeper][Stopped/Auto Start] <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"> [(Verified)Diskeeper Corporation, 14.0.900.0] [Kingsoft Basic Service / kaccore][Stopped/Manual Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [(Verified)Kingsoft Corporation, 2009,06,05,614] [Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start] [(Verified)Kingsoft Corporation, 2009,12,23,6] [Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start] [(Verified)Kingsoft Corporation, 2008,04,22,364] [Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE"> [(Verified)Kingsoft Corporation, 2009,02,13,759] [Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start] <"C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE"> [(Verified)Kingsoft Corporation, 2010,01,29,1163] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.10.9371] [VMware DHCP Service / VMnetDHCP][Running/Auto Start] [(Verified)VMware, Inc., 6.5.2 build-156735] [VMware NAT Service / VMware NAT Service][Running/Auto Start] [(Verified)VMware, Inc., 6.5.2 build-156735] ================================================================ 驱动 [BIOS / BIOS][Running/System Start] <\??\C:\WINDOWS\system32\drivers\BIOS.sys> [BIOSTAR Group, 1, 0, 0, 0] [CrystalSysInfo / CrystalSysInfo][Stopped/Manual Start] <\??\C:\Documents and Settings\Komugi\桌面\MediaCoder\MediaCoder\SysInfo.sys> [] [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [InCD File System / InCDFs][Stopped/Disabled] [] [InCDPass / InCDPass][Stopped/System Start] [] [InCD Reader / InCDRm][Stopped/System Start] [] [sptd / sptd][Running/Boot Start] [N/A] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [DKRtWrt / DKRtWrt][Running/Manual Start] [(Verified)Diskeeper Corporation, 1.0.6.0 built by: WinDDK] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5497 built by: WinDDK] [KAVBase / KAVBase][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys> [(Verified)Kingsoft Corporation, 2009,06,17,160] [KAVBootC / KAVBootC][Running/Boot Start] [(Verified)Kingsoft Corporation, 2010,02,04,479] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2010,05,21,727] [KNetWch / KNetWch][Running/System Start] <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security\KNetWch.SYS> [(Verified)Kingsoft Corporation, 2009,04,21,847] [KWatch3 / KWatch3][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KWatch3.sys> [(Verified)Kingsoft Corporation, 2009,12,16,80] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.9371] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)] [Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start] [(Verified)Feitian Technologies Co., Ltd., 5.0.4.0211] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.686.0103.2008 built by: WinDDK] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086] [Virtual Machine Communication Interface Driver / vmci][Running/Auto Start] <\??\E:\ha_VMware\VMware\vmci.sys> [(Verified)VMware, Inc., 6.5.2] [VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start] [(Verified)VMware, Inc., 4.0.2.0] [VMware Bridge Protocol / VMnetBridge][Running/Auto Start] [(Verified)VMware, Inc., 4.0.2.0] [VMware Network Application Interface / VMnetuserif][Running/Auto Start] <\??\E:\ha_VMware\VMware\vmnetuserif.sys> [(Verified)VMware, Inc., 4.0.2.0] [VMware Virtualization Driver / vmx86][Running/Auto Start] <\??\E:\ha_VMware\VMware\vmx86.sys> [(Verified)VMware, Inc., 6.5.2] [XunLei Network Dispatch Miniport / xlnetdispat][Running/Manual Start] [(Verified)Thunder Networking Technologies,LTD, 1.0.2.4] ================================================================ 活动进程 [PID: 1928 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] c:\documents and settings\all users\drm\black.lnk%sessionname%\filyc.cc3 [] C:\WINDOWS\System32\msdmo.dll [(Verified)N/A] [PID: 804 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] C:\WINDOWS\system32\E_FLBECC.DLL [(Verified)SEIKO EPSON CORPORATION, 2, 8, 0, 0] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [PID: 1456 / SYSTEM] C:\Program Files\phpStudy\apache2\bin\httpd.exe [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\apache2\bin\libapr-1.dll [Apache Software Foundation, 1.2.12] C:\Program Files\phpStudy\apache2\bin\libaprutil-1.dll [Apache Software Foundation, 1.2.12] C:\Program Files\phpStudy\apache2\bin\libapriconv-1.dll [Apache Software Foundation, 1.2.1] C:\Program Files\phpStudy\apache2\bin\libhttpd.dll [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_actions.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_alias.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_asis.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_auth_basic.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authn_default.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authn_file.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_default.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_groupfile.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_host.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_user.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_autoindex.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_cgi.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_dir.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_env.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_include.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_isapi.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_log_config.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_mime.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_negotiation.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_rewrite.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_setenvif.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\PHP5\php5apache2_2.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\php5ts.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\ZendOptimizer\lib\ZendExtensionManager.dll [N/A] C:\Program Files\phpStudy\PHP5\ext\php_gd2.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_mbstring.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_mysql.dll [The PHP Group, 5.2.6.6] C:\WINDOWS\system32\LIBMYSQL.dll [N/A] C:\Program Files\phpStudy\PHP5\ext\php_pdo.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_sqlite.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\eaccelerator.dll [N/A] C:\Program Files\phpStudy\ZendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll [N/A] [PID: 1732 / SYSTEM] C:\Program Files\phpStudy\MySQL\bin\mysqld-nt.exe [N/A] [PID: 352 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.10.9371] C:\WINDOWS\system32\nvapi.dll [(Verified)N/A] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 356 / SYSTEM] C:\WINDOWS\system32\cmd.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1644 / SYSTEM] E:\ha_VMware\VMware\vmnat.exe [(Verified)VMware, Inc., 6.5.2 build-156735] [PID: 1700 / SYSTEM] C:\Program Files\phpStudy\Apache2\bin\rotatelogs.exe [Apache Software Foundation, 2.2.8] [PID: 264 / SYSTEM] C:\Program Files\phpStudy\apache2\bin\httpd.exe [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\apache2\bin\libapr-1.dll [Apache Software Foundation, 1.2.12] C:\Program Files\phpStudy\apache2\bin\libaprutil-1.dll [Apache Software Foundation, 1.2.12] C:\Program Files\phpStudy\apache2\bin\libapriconv-1.dll [Apache Software Foundation, 1.2.1] C:\Program Files\phpStudy\apache2\bin\libhttpd.dll [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_actions.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_alias.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_asis.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_auth_basic.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authn_default.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authn_file.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_default.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_groupfile.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_host.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_authz_user.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_autoindex.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_cgi.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_dir.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_env.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_include.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_isapi.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_log_config.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_mime.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_negotiation.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_rewrite.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\Apache2\modules\mod_setenvif.so [Apache Software Foundation, 2.2.8] C:\Program Files\phpStudy\PHP5\php5apache2_2.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\php5ts.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\ZendOptimizer\lib\ZendExtensionManager.dll [N/A] C:\Program Files\phpStudy\PHP5\ext\php_gd2.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_mbstring.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_mysql.dll [The PHP Group, 5.2.6.6] C:\WINDOWS\system32\LIBMYSQL.dll [N/A] C:\Program Files\phpStudy\PHP5\ext\php_pdo.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\php_sqlite.dll [The PHP Group, 5.2.6.6] C:\Program Files\phpStudy\PHP5\ext\eaccelerator.dll [N/A] C:\Program Files\phpStudy\ZendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll [N/A] [PID: 204 / SYSTEM] C:\WINDOWS\system32\cmd.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1488 / SYSTEM] C:\Program Files\phpStudy\Apache2\bin\rotatelogs.exe [Apache Software Foundation, 2.2.8] [PID: 1896 / SYSTEM] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 2, 1, 1, 40] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 3004 / SYSTEM] E:\ha_VMware\VMware\VMnetDHCP.exe [(Verified)VMware, Inc., 6.5.2 build-156735] [PID: 1900 / Komugi] C:\WINDOWS\system32\wscntfy.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 3632 / Komugi] C:\WINDOWS\RTHDCPL.EXE [(Verified)Realtek Semiconductor Corp., 2.1.6.7] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] [PID: 3724 / Komugi] C:\WINDOWS\system32\RUNDLL32.EXE [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\NvMcTray.dll [(Verified)NVIDIA Corporation, 6.14.10.9371] C:\WINDOWS\system32\nvapi.dll [(Verified)N/A] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 2268 / Komugi] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll [Watchdata, 2, 1, 1, 40] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDPKCS.dll [ Beijing WatchData System Co., Ltd., 3, 6, 2, 15] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDEvent.dll [ Beijing WatchData System Co., Ltd., 3, 2, 5, 0] [PID: 2364 / Komugi] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.29] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.33] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\AntiSpyware\rsxml1.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.65] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11] C:\Program Files\Rising\AntiSpyware\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [PID: 2392 / Komugi] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 2436 / Komugi] C:\Program Files\DAEMON Tools Lite\daemon.exe [(Verified)DT Soft Ltd, 4.30.1.0] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\DAEMON Tools Lite\DaemonPlugin.dll [(Verified)DT Soft Ltd, 4.12.0.0] C:\Program Files\DAEMON Tools Lite\daemon.dll [(Verified)DT Soft Ltd., 4.30.0.0] C:\Program Files\DAEMON Tools Lite\imgengine.dll [(Verified)DT Soft Ltd., 1.17.0.0] C:\Program Files\DAEMON Tools Lite\Lang\CHS.dll [N/A] C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll [N/A] C:\Program Files\DAEMON Tools Lite\Plugins\ISOmaker.dll [DT Soft Ltd, 1.0.0.0] [PID: 2388 / Komugi] C:\WINDOWS\ALCFDRTM.EXE [Realtek Semiconductor Corp., 1, 3, 0, 1] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 2676 / Komugi] C:\Program Files\Rising\AntiSpyware\knownsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.14] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3020 / Komugi] C:\WINDOWS\system32\conime.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] [PID: 2064 / Komugi] C:\WINDOWS\explorer.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,03,17,11] C:\Program Files\Kingsoft\Kingsoft Internet Security\ktaskbar.dll [(Verified)Kingsoft Corporation, 2009,08,03,993] C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll [Nero AG, 2, 0, 0, 8] C:\Program Files\Common Files\Ahead\lib\MFC71.DLL [Microsoft Corporation, 7.10.3077.0] C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\mp3infp.dll [win32lab.com, 2.54.5.0] C:\WINDOWS\system32\nvcpl.dll [(Verified)NVIDIA Corporation, 6.14.10.9371] C:\WINDOWS\system32\nvapi.dll [(Verified)N/A] C:\WINDOWS\system32\nvshell.dll [N/A] C:\Program Files\Thunder Network\Thunder\ComDlls\ATL71.DLL [Microsoft Corporation, 7.10.6101.0] C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\Program Files\Thunder Network\Thunder\ComDlls\zlib1.dll [(C) 1995-2004 Jean-loup Gailly & Mark Adler, 1.2.3] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)] C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.20.1418.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [SEIKO EPSON CORPORATION, 1, 1, 0, 0] [PID: 1880 / Komugi] C:\Program Files\SmartFTP Client\SmartFTP.exe [SmartSoft Ltd., 3.0.1023.4] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\SmartFTP Client\sfFavorites.dll [(Verified)SmartSoft Ltd., 1.0.19.4] C:\Program Files\SmartFTP Client\SmartFTPCHS.dll [SmartSoft Ltd., 3.0.1023.1] C:\Program Files\SmartFTP Client\sfFTPLib.dll [SmartSoft Ltd., 1.5.14.6] C:\Program Files\SmartFTP Client\sfFTPLibCHS.dll [Copyright © 2007 by SmartSoft, 1.5.14.5] C:\Program Files\SmartFTP Client\sfFavoritesCHS.dll [SmartSoft Ltd., 1.0.19.1] C:\Program Files\SmartFTP Client\sfTransferQueue.dll [(Verified)SmartSoft Ltd., 1.0.16.4] C:\Program Files\SmartFTP Client\sfTransferQueueCHS.dll [SmartSoft Ltd., 1.0.16.1] C:\Program Files\SmartFTP Client\sfFavoritesShellExtensionCHS.dll [SmartSoft Ltd., 1.0.1.14] C:\Program Files\SmartFTP Client\sfPidlStorage.dll [(Verified)SmartSoft Ltd., 1.0.14.4] C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll [(Verified)SmartSoft Ltd., 1.0.14.4] C:\Program Files\SmartFTP Client\sfFTPShellExtensionCHS.dll [SmartSoft Ltd., 1.0.14.1] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)] C:\Program Files\SmartFTP Client\SmartFTPPS.dll [(Verified)SmartSoft Ltd., 3.0.1023.4] [PID: 3860 / Komugi] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 7.00.6000.20935 (vista_ldr.081013-1507)] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kswebshield.dll [(Verified)Kingsoft Corporation, 2010,03,17,11] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kswbc.dll [(Verified)Kingsoft Corporation, 2010,03,17,11] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)] C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\Program Files\Thunder Network\Thunder\ComDlls\ATL71.DLL [Microsoft Corporation, 7.10.6101.0] C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCP71.dll [Microsoft Corporation, 7.10.6030.0] C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCR71.dll [Microsoft Corporation, 7.10.6030.0] C:\Program Files\Kingsoft\Kingsoft Internet Security\ktaskbar.dll [(Verified)Kingsoft Corporation, 2009,08,03,993] C:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll [(Verified)Xunlei, 1, 0, 1, 34] C:\Program Files\ShopEx\ShopAssis3.2\ShopAssisTBIEPlugin.dll [ShopEx, 1.0.0.1] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\Program Files\Thunder Network\Thunder\ComDlls\zlib1.dll [(C) 1995-2004 Jean-loup Gailly & Mark Adler, 1.2.3] C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.20.1418.dll [(Verified)深圳市迅雷网络技术有限公司, 5,9,20,1418] C:\WINDOWS\system32\UrlFilter.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 28] C:\Program Files\Rising\AntiSpyware\UrlRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.21] C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [SEIKO EPSON CORPORATION, 1, 1, 0, 0] C:\PROGRA~1\FlashGet\getflash.dll [Copyright 2006, 1, 0, 0, 1] C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx [(Verified)Adobe Systems, Inc., 10,1,53,64] [PID: 832 / Komugi] C:\Documents and Settings\Komugi\桌面\文件夹\临时存放文件夹\WINDOW清理助手\ArSwp3.exe [(Verified)Windows 清理助手, 3.1.1.0608] C:\Program Files\Rising\AntiSpyware\RegCall.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] C:\Program Files\Kingsoft\Kingsoft Internet Security\KMailOEBand.DLL [(Verified)Kingsoft Corporation, 2009,02,13,759] C:\Program Files\Kingsoft\Kingsoft Internet Security\kis.dll [(Verified)Kingsoft Corporation, 2009,06,15,929] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL [Microsoft Corporation, 8.00.50727.4053] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL [Microsoft Corporation, 8.00.50727.4053] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kwsui.dll [(Verified)Kingsoft Corporation, 2010,03,31,16] C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx [(Verified)Adobe Systems, Inc., 10,1,53,64] ================================================================ 文件关联 [.mp3] <"C:\Program Files\Winamp\Winamp.exe" "%1"> [Nullsoft, Inc., 5,5,7,2830] [.zip] <"C:\Program Files\WinRAR\WinRAR.exe" "%1"> [N/A] [.wav] <"C:\Program Files\Winamp\winamp.exe" "%1"> [Nullsoft, Inc., 5,5,7,2830] [.ram] [] [.mod] <"C:\Program Files\Winamp\Winamp.exe" "%1"> [Nullsoft, Inc., 5,5,7,2830] ================================================================ Autorun.Inf ================================================================ Winsock提供者 ================================================================ 隐藏进程 [PID: 2412] C:\Program Files\Kingsoft\Kingsoft Internet Security\kpfw32.exe [(Verified)Kingsoft Corporation, 2009,10,27,1070] [PID: 1724] C:\Program Files\Kingsoft\Kingsoft Internet Security\kmailmon.exe [(Verified)Kingsoft Corporation, 2009,08,03,993] [PID: 1528] C:\Program Files\Kingsoft\Kingsoft Internet Security\kissvc.exe [(Verified)Kingsoft Corporation, 2008,04,22,364] [PID: 720] C:\Program Files\Kingsoft\Kingsoft Internet Security\kwatch.exe [(Verified)Kingsoft Corporation, 2010,01,29,1163] [PID: 536] C:\Program Files\Kingsoft\Kingsoft Internet Security\webshield\kswebshield.exe [(Verified)Kingsoft Corporation, 2009,12,23,6] [PID: 548] C:\Program Files\Kingsoft\Kingsoft Internet Security\kpfwsvc.exe [(Verified)Kingsoft Corporation, 2009,02,13,759] [PID: 2264] C:\Program Files\Kingsoft\Kingsoft Internet Security\kavstart.exe [(Verified)Kingsoft Corporation, 2010,05,27,1314] ================================================================ 可疑文件 ================================================================ HOSTS 127.0.0.1 localhost [/CODE]