系统诊断报告[code]
2008-11-20,18:14:05
SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)
Windows XP Professional Service Pack 2 (build 2600) - Administrators
========================================
注册项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CalSprite><d:\Program Files\SnowFox\CalSprite\CalSprite.exe> [SnowFox Studio., 1.5.4.54, C:2005-08-03 09:38 M:2008-11-15 19:45]
<Anti-Spy Tools><D:\Program Files\ast\ast.exe -min> [超级巡警, 1, 8, 6, 117, C:2008-10-08 15:06 M:2008-10-08 15:06]
<360Safetray><D:\Program Files\360safe\safemon\360tray.exe /start> [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12]
<TBMExe><C:\Program Files\Windows NT\system\wdfmgr.exe> [N/A, C:2008-11-19 20:44 M:2008-11-20 18:11]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载]
<><D:\Program Files\QQDownload\geturl.htm> [N/A, C:2008-03-17 17:27 M:2008-03-17 17:27]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载全部链接]
<><D:\Program Files\QQDownload\getAllurl.htm> [N/A, C:2007-01-16 17:34 M:2007-01-16 17:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
<><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
<><D:\Program Files\Tencent\AddEmotion.htm> [N/A, C:2008-09-17 04:08 M:2008-09-17 04:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2006-08-28 17:25 M:2004-08-11 21:16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
<><C:\Program Files\Thunder Network\Thunder\Thunder.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPCC.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPDOS32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPM.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWIN95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWUPD32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIAUDIT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLEANER3.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-AGNT95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-PROT95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FP-WIN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPROT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMAPP.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IAMSERV.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMASN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IBMAVSP.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOAD95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOADNT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFACE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IOMON98.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JEDI.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchUI.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOCKDOWN2000.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LUALL.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAILMON.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MOOLIVE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFTRAY.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N32SCANW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVLU32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NISUM.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NMain.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NUPGRADE.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVCL.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCCWIN98.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCFWALLICON.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PERSFW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV7WIN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SAFEWEB.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANPM.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCRSCAN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SERV95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SMC.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SPHINX.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SWEEP95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TBSCAN.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TCA.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanHunter.exe]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VET95.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VETTRAY.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSCAN40.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WFINDV32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPCC.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE]
<><c:\\MMM.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69627B-8489-41C2-971A-B927DF7A5B0F}]
<><> []
========================================
启动项
========================================
计划任务
========================================
组件
Shell Extension
[Display Panning CPL Extension]
{42071714-76d4-11d1-8b24-00a0c9068ff3} <deskpan.dll> []
[HyperTerminal Icon Ext]
{88895560-9AA2-1069-930E-00AA0030EBC8} <C:\WINDOWS\system32\hticons.dll> [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2006-08-28 12:17 M:2004-08-17 20:00]
[WinRAR shell extension]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} <C:\Program Files\WinRAR\rarext.dll> [N/A, C:2006-12-09 14:02 M:2006-12-05 08:19]
[Shell Extensions for RealOne Player]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} <C:\Program Files\Real\RealPlayer\rpshell.dll> [RealNetworks, Inc., 1.0.1.2239, C:2006-12-09 16:04 M:2006-12-09 18:09]
[NvCpl DesktopContext Class]
{A70C977A-BF00-412C-90B7-034C51DA2439} <C:\WINDOWS\system32\nvcpl.dll> [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
[Desktop Explorer]
{1CDB2949-8F65-4355-8456-263E7C208A5D} <C:\WINDOWS\system32\nvshell.dll> [N/A, C:2008-03-24 19:52 M:2008-03-24 19:52]
[Desktop Explorer Menu]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} <C:\WINDOWS\system32\nvshell.dll> [N/A, C:2008-03-24 19:52 M:2008-03-24 19:52]
[nView Desktop Context Menu]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} <C:\WINDOWS\system32\nvshell.dll> [N/A, C:2008-03-24 19:52 M:2008-03-24 19:52]
[Play on my TV helper]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} <C:\WINDOWS\system32\nvcpl.dll> [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
BrowserHelperObject
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\QQDownload\QQIEHelper01.dll> [(Verified)腾讯公司, 1, 8, 215, 215, C:2007-07-09 10:20 M:2007-07-09 10:20]
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll> [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
ActiveX Extension
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\QQDownload\QQIEHelper01.dll> [(Verified)腾讯公司, 1, 8, 215, 215, C:2007-07-09 10:20 M:2007-07-09 10:20]
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <c:\PowerPlr\PowerPlr.ocx> [创智数码科技股份有限公司, 3, 5, 4, 0, C:2008-10-22 21:30 M:2007-09-06 23:19]
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX6.dll> [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-11-11 20:01 M:2008-03-18 12:14]
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll> [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00]
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\Program Files\360safe\safemon\safemon.dll> [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42]
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll> [RealNetworks, Inc., 6.0.9.2320, C:2006-12-09 18:09 M:2006-12-09 18:09]
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx> [(Verified)Adobe Systems, Inc., 9,0,28,0, C:2006-11-10 06:46 M:2006-11-10 06:46]
Context Menu
[WinRAR]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} <C:\Program Files\WinRAR\rarext.dll> [N/A, C:2006-12-09 14:02 M:2006-12-05 08:19]
========================================
服务
[Help and Support / helpsvc][Stopped/Disabled]
<%SystemRoot%\System32\svchost.exe -k netsvcs --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[Human Interface Device Access / HidServ][Stopped/Disabled]
<%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<%SystemRoot%\system32\nvsvc32.exe> [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
========================================
驱动
[A320RAID / A320RAID][Stopped/Boot Start]
<System32\Drivers\a320raid.sys> [Adaptec, Inc., 3.00.00.63, C:2006-10-28 11:50 M:2005-10-25 01:29]
[ADPU320 / ADPU320][Stopped/Boot Start]
<System32\Drivers\adpu320.sys> [Adaptec, Inc., 7.0.000.000 (NT.040809-2325), C:2006-10-28 11:50 M:2005-05-21 20:43]
[ahci8086 / ahci8086][Running/Boot Start]
<System32\Drivers\ahci8086.sys> [ATI Technologies Inc., 2.5.1540.28 built by: WinDDK, C:2006-10-28 11:50 M:2006-05-18 19:50]
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys> [Advanced Micro Devices, 1.3.1 (dnsrv(wmbla).060510-1126), C:2006-10-28 11:50 M:2006-05-10 17:27]
[ASTDriver / ASTDriver][Running/Manual Start]
<\??\D:\Program Files\ast\ASTDriver.sys> [Windows (R) Server 2003 DDK provider, 5.2.3790.1830 built by: WinDDK, C:2008-03-10 13:50 M:2008-03-10 13:50]
[ASTTools / ASTTools][Stopped/Manual Start]
<\??\D:\Program Files\ast\ASTTools.sys> [DSW Lab, 1.0.0.2 built by: WinDDK, C:2008-08-12 11:07 M:2008-08-12 11:07]
[CSB6IDE / CSB6IDE][Running/Boot Start]
<System32\Drivers\csb6ide.sys> [ServerWorks Corporation, 1.00, C:2006-10-28 11:50 M:2002-06-27 17:26]
[FASTTRAK / FASTTRAK][Running/Boot Start]
<System32\Drivers\fasttrak.sys> [Promise Technology, Inc., 2.00.0.34, C:2006-10-28 11:50 M:2003-04-25 16:20]
[FTSATA2 / FTSATA2][Running/Boot Start]
<System32\Drivers\ftsata2.sys> [Promise Technology, Inc., 1.00.0.36, C:2006-10-28 11:50 M:2005-01-21 13:35]
[gdrv / gdrv][Stopped/Manual Start]
<\??\C:\WINDOWS\gdrv.sys> [Windows (R) 2000 DDK provider, 5.00.2195.1620, C:2008-10-16 11:18 M:2008-10-16 11:18]
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys> [Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-10-16 10:36 M:2005-01-07 17:07]
[IASTOR / IASTOR][Running/Boot Start]
<System32\Drivers\iaStor.sys> [Intel Corporation, 6.1.0.1002, C:2006-10-28 11:50 M:2006-06-14 13:56]
[ITERAID / ITERAID][Stopped/Boot Start]
<System32\Drivers\iteraid.sys> [Integrated Technology Express, Inc., v1.7.1.91 built by: WinDDK, C:2006-10-28 11:50 M:2005-08-04 13:51]
[JRAID / JRAID][Running/Boot Start]
<System32\Drivers\JRAID.SYS> [JMicron Technology Corp., 5.1.2600.1040 built by: WinDDK, C:2006-10-28 11:50 M:2006-02-15 10:13]
[M5228 / M5228][Stopped/Boot Start]
<System32\Drivers\m5228.sys> [ALi Corporation., 5.028, C:2006-10-28 11:50 M:2004-09-14 14:58]
[M5281 / M5281][Running/Boot Start]
<System32\Drivers\m5281.sys> [ALi Corporation, 5.029, C:2006-10-28 11:50 M:2005-03-07 13:23]
[M5289 / M5289][Running/Boot Start]
<System32\Drivers\m5289.sys> [ULi Electronics Inc., 5.030, C:2006-10-28 11:50 M:2005-07-04 14:21]
[npkcrypt / npkcrypt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\npkcrypt.sys> [INCA Internet Co., Ltd., 2005. 11. 1. 1, C:2008-10-22 21:28 M:2008-11-20 15:23]
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys> [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
[NVATABUS / NVATABUS][Running/Boot Start]
<System32\Drivers\NVATABUS.SYS> [NVIDIA Corporation, 5.10.2600.0654 built by: WinDDK, C:2006-10-28 11:50 M:2006-10-20 00:00]
[NVRAID / NVRAID][Running/Boot Start]
<System32\Drivers\NVRAID.SYS> [NVIDIA Corporation, 5.10.2600.0622 built by: WinDDK, C:2006-10-28 11:50 M:2005-08-12 14:31]
[SI3112R / SI3112R][Stopped/Boot Start]
<System32\Drivers\SI3112r.sys> [Silicon Image, Inc, 1, 0, 56, 0, C:2006-10-28 11:50 M:2006-01-12 11:56]
[SI3114R / SI3114R][Stopped/Boot Start]
<SYSTEM32\Drivers\SI3114R.sys> [Silicon Image, Inc, 1, 0, 15, 0, C:2006-10-28 11:50 M:2006-04-10 19:08]
[SI3114R5 / SI3114R5][Stopped/Boot Start]
<System32\Drivers\Si3114r5.sys> [Silicon Image, Inc, 1, 4, 3, 0, C:2006-10-28 11:50 M:2006-01-12 11:36]
[SI3124 / SI3124][Stopped/Boot Start]
<SYSTEM32\Drivers\SI3124.sys> [Silicon Image, Inc., 1, 3, 17, 0, C:2006-10-28 11:50 M:2005-11-29 10:15]
[SI3124R / SI3124R][Stopped/Boot Start]
<SYSTEM32\Drivers\SI3124R.sys> [Silicon Image, Inc, 1, 0, 0, 2, C:2006-10-28 11:50 M:2004-02-03 16:17]
[SI3124R5 / SI3124R5][Stopped/Boot Start]
<SYSTEM32\Drivers\Si3124r5.sys> [Silicon Image, Inc, 1, 4, 3, 0, C:2006-10-28 11:50 M:2006-01-12 11:38]
[SI3132 / SI3132][Stopped/Boot Start]
<System32\Drivers\SI3132.sys> [Silicon Image, Inc., 1, 0, 15, 0, C:2006-10-28 11:50 M:2006-03-16 14:03]
[SI3132R5 / SI3132R5][Stopped/Boot Start]
<System32\Drivers\Si3132r5.sys> [Silicon Image, Inc, 1, 4, 3, 0, C:2006-10-28 11:50 M:2006-01-12 11:41]
[SISRAID2 / SISRAID2][Stopped/Boot Start]
<System32\Drivers\SiSRaid2.sys> [Silicon Integrated Systems Corp, 2.03.00, C:2006-10-28 11:50 M:2005-01-11 17:58]
[SYMMPI / SYMMPI][Stopped/Boot Start]
<System32\Drivers\symmpi.sys> [LSI Logic, 1.21.10.00 built by: WinDDK, C:2006-10-28 11:50 M:2005-12-07 18:04]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys> [Microsoft Corporation, 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254), C:2004-08-17 12:00 M:2006-08-28 17:38]
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<System32\Drivers\viamraid.sys> [VIA Technologies inc,.ltd, 5.1.2600.310, C:2006-10-28 11:50 M:2004-05-18 16:55]
[vmscsi / vmscsi][Stopped/Boot Start]
<System32\Drivers\vmscsi.sys> [VMware, Inc., 1, 2, 0, 0, C:2006-10-28 11:50 M:2004-01-31 15:13]
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
<system32\DRIVERS\fetnd5b.sys> [(Verified)VIA Technologies, Inc. , 3.13.00.0348, C:2006-05-29 23:18 M:2002-12-25 10:09]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys> [(Verified)Realtek Semiconductor Corp., 5.10.00.5319 built by: WinDDK, C:2008-10-16 10:36 M:2006-11-03 09:32]
[KAVBootC / KAVBootC][Running/Boot Start]
<system32\Drivers\KAVBootC.sys> [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-11-19 18:07 M:2008-11-19 18:07]
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2008,03,04,62, C:2008-11-19 18:07 M:2008-11-19 18:07]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys> [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00]
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys> [(Verified)Realtek Semiconductor Corporation , 5.658.0814.2006 built by: WinDDK, C:2008-10-16 10:36 M:2006-08-14 21:09]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys> [(Verified)360安全中心, 2, 2, 2, 1007, C:2008-09-02 18:12 M:2008-09-02 18:12]
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys> [(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]
[SISRAID4 / SISRAID4][Stopped/Boot Start]
<System32\Drivers\SiSRaid4.sys> [(Verified)Silicon Integrated Systems, 3.00.08 (NT.051206-1933), C:2006-10-28 11:50 M:2006-03-22 13:10]
[sym_hi / sym_hi][Running/Boot Start]
<System32\Drivers\sym_hi.sys> [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2006-10-28 11:50 M:2001-08-17 14:07]
[sym_u3 / sym_u3][Running/Boot Start]
<System32\Drivers\sym_u3.sys> [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2006-10-28 11:50 M:2001-08-17 14:07]
[ULSATA / ULSATA][Running/Boot Start]
<System32\Drivers\ulsata.sys> [(Verified)Promise Technology, Inc., 1.1.0.31, C:2006-10-28 11:50 M:2006-10-04 14:53]
[ULSATA2 / ULSATA2][Running/Boot Start]
<System32\Drivers\ulsata2.sys> [(Verified)Promise Technology, Inc., 1.0.0.38, C:2006-10-28 11:50 M:2006-10-04 14:53]
========================================
进程
[PID: 648 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[PID: 704 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[PID: 728 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 772 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 784 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 936 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1024 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1112 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1192 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1268 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1396 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1640 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
D:\Program Files\ast\AST.dll [超级巡警, 1.0.2.10, C:2008-03-11 16:06 M:2008-03-11 16:06]
C:\WINDOWS\system32\nvcpl.dll [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
C:\WINDOWS\system32\nvapi.dll [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
C:\WINDOWS\system32\nvshell.dll [N/A, C:2008-03-24 19:52 M:2008-03-24 19:52]
[PID: 1732 / Administrator] D:\Program Files\SnowFox\CalSprite\CalSprite.exe [SnowFox Studio., 1.5.4.54, C:2005-08-03 09:38 M:2008-11-15 19:45]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
D:\Program Files\ast\AST.dll [超级巡警, 1.0.2.10, C:2008-03-11 16:06 M:2008-03-11 16:06]
[PID: 1760 / Administrator] ? []
[PID: 1756 / Administrator] D:\Program Files\ast\ast.exe [超级巡警, 1, 8, 6, 117, C:2008-10-08 15:06 M:2008-10-08 15:06]
D:\Program Files\ast\MFC80.DLL [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:26 M:2006-12-02 00:26]
D:\Program Files\ast\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2007-09-27 20:47 M:2007-09-27 20:47]
D:\Program Files\ast\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:03 M:2006-12-01 22:03]
D:\Program Files\ast\common.dll [超级巡警, 1, 4, 2, 32, C:2008-09-24 14:32 M:2008-09-24 14:32]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
D:\Program Files\ast\EngineSDK.dll [超级巡警, 2, 2, 2, 61, C:2008-07-09 16:16 M:2008-07-09 16:16]
D:\Program Files\ast\AST.dll [超级巡警, 1.0.2.10, C:2008-03-11 16:06 M:2008-03-11 16:06]
D:\Program Files\ast\AutoRun.dll [超级巡警, 2, 2, 2, 26, C:2008-07-01 15:57 M:2008-07-01 15:57]
D:\Program Files\ast\FileAnalyser.dll [超级巡警, 1.0.1.11, C:2008-03-03 14:15 M:2008-03-03 14:15]
D:\Program Files\ast\FileForceKiller.dll [DSW Lab, 1, 0, 0, 1, C:2008-08-11 21:23 M:2008-08-11 21:23]
D:\Program Files\ast\ManagerProcess.dll [超级巡警, 1.3.4.13, C:2008-04-03 16:12 M:2008-04-03 16:12]
D:\Program Files\ast\ManagerService.dll [超级巡警, 1.0.6.4, C:2008-01-17 12:32 M:2008-01-17 12:32]
D:\Program Files\ast\Monitor.dll [超级巡警, 1, 7, 9, 42, C:2008-07-21 11:57 M:2008-07-21 11:57]
D:\Program Files\ast\PortAssociate.dll [超级巡警, 1.0.3.7, C:2008-03-17 10:21 M:2008-03-17 10:21]
D:\Program Files\ast\StateViewer.dll [超级巡警, 1, 0, 10, 18, C:2008-05-19 11:45 M:2008-05-19 11:45]
D:\Program Files\ast\TIERepair.dll [超级巡警, 1, 2, 2, 20, C:2008-05-06 17:39 M:2008-05-06 17:39]
D:\Program Files\ast\aScanCom.dll [超级巡警, 2, 1, 2, 58, C:2008-07-31 14:16 M:2008-07-31 14:16]
D:\Program Files\ast\ssdt.dll [超级巡警, 1.0.2.4, C:2008-04-02 13:43 M:2008-04-02 13:43]
D:\Program Files\ast\tRubbishClear.dll [超级巡警, 1, 5, 2, 24, C:2008-09-25 09:40 M:2008-09-25 09:40]
D:\Program Files\ast\tSecurityOptimize.dll [超级巡警, 1, 1, 2, 9, C:2008-10-13 15:45 M:2008-10-13 15:45]
D:\Program Files\ast\zDiagnosticTool.dll [超级巡警, 1.2.1.3, C:2008-03-24 13:12 M:2008-03-24 13:12]
D:\Program Files\ast\KillModule.dll [超级巡警, 1, 2, 2, 30, C:2008-07-16 17:54 M:2008-07-16 17:54]
D:\Program Files\ast\MScaner.dll [超级巡警, 1.0.0.26, C:2008-03-19 15:51 M:2008-03-19 15:51]
D:\Program Files\ast\SKEngine.dll [超级巡警, 1.6.5.12, C:2008-03-18 11:07 M:2008-03-18 11:07]
D:\Program Files\ast\ScanAd.dll [Secward Technologies, Inc., 1.0.1.2, C:2008-05-16 10:47 M:2008-05-16 10:47]
D:\Program Files\ast\smart.dll [超级巡警, 1.0.0.31, C:2008-03-19 15:51 M:2008-03-19 15:51]
D:\Program Files\ast\unarc.dll [超级巡警, 1.2.5, C:2007-12-11 16:45 M:2007-12-11 16:45]
D:\Program Files\ast\SScanner.dll [超级巡警, 1, 0, 5, 8, C:2008-09-25 14:54 M:2008-09-25 14:54]
[PID: 1828 / Administrator] C:\WINDOWS\system32\conime.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1832 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1956 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
C:\WINDOWS\system32\nvapi.dll [NVIDIA Corporation, 6.14.11.7474, C:2008-03-24 19:52 M:2008-03-24 19:52]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1508 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 3056 / Administrator] D:\Program Files\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-15 11:58 M:2008-11-15 11:58]
C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
D:\Program Files\ast\AST.dll [超级巡警, 1.0.2.10, C:2008-03-11 16:06 M:2008-03-11 16:06]
C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx [(Verified)Adobe Systems, Inc., 9,0,28,0, C:2006-11-10 06:46 M:2006-11-10 06:46]
D:\Program Files\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]
[PID: 3308 / SYSTEM] C:\WINDOWS\system32\wuauclt.exe [(Verified)Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla), C:2006-08-28 12:19 M:2005-05-26 04:16]
C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-08-28 17:38]
[PID: 1760 / Administrator] 庀 []
========================================
文件关联
[.txt] <NOTEPAD.EXE %1> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), ]
[.log] <NOTEPAD.EXE %1> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), ]
========================================
AutoRun.INF
========================================
Winsock提供者
========================================
HOSTS
127.0.0.1 localhost
127.0.0.1 locator.metadata.windowsmedia.com
127.0.0.1 onlinestore.smgbb.cn
[/code]