|
|
分发或者延迟过程中调用中断(DPC):但一个线程不能继续运行的时候,比如因为线程已经终止了或者它主动进入到等待状态,内核就会直接调用分发器,从而直接导致一个环境切换。然后有时候,内核检测已经深入到了许多层代码中了,这时候应该进行重新调度,在这个时候内核请求分发操作,但将它推迟到完成了当前的行为以后再进行,使用DPC软件中断是实现这种拖延的便捷方法。
DPC赋予了操作系统一个能力:产生一个中断并且在内核模式下执行一个系统函数
DPC是通过一个DPC对象来表示的,DPC对象是一个内核控制对象,它对于用户层来说是不可见的。
利用windows中内置的事件追踪支持功能可以追踪特定的中断服务例程和延迟的过程调用的执行情况:
C:\>tracelog -stop /?
Microsoft (R) TraceLog.Exe (5.1.2600.5512)
?Microsoft Corporation. All rights reserved.
Usage: tracelog [actions] [options] | [-h | -help | -?]
actions:
-start [LoggerName] Starts up the [LoggerName] trace session
-stop [LoggerName] Stops the [LoggerName] trace session
-update [LoggerName] Updates the [LoggerName] trace session
-enable [LoggerName] Enables providers for the [LoggerName] session
-disable [LoggerName] Disables providers for the [LoggerName] session
-flush [LoggerName] Flushes the [LoggerName] active buffers
-remove GlobalLogger Removes registry keys that activate GlobalLogger
-enumguid Enumerate Registered Trace Guids
-q [LoggerName] Query status of [LoggerName] trace session
-l List all trace sessions
-x Stops all active trace sessions
options:
-b <n> Sets buffer size to <n> Kbytes
-min <n> Sets minimum buffers
-max <n> Sets maximum buffers
-f <name> Log to file <name>
-append Append to file
-prealloc Pre-allocate
-seq <n> Sequential logfile of up to n Mbytes
-cir <n> Circular logfile of n Mbytes
-newfile <n> Log to a new file after every n Mbytes
-ft <n> Set flush timer to n seconds
-paged Use pageable memory for buffers
-noprocess Disable Process Start/End tracing
-nothread Disable Thread Start/End tracing
-nodisk Disable Disk I/O tracing
-nonet Disable Network TCP/IP tracing
-fio Enable file I/O tracing
-pf Enable page faults tracing
-hf Enable hard faults tracing
-img Enable image load tracing
-cm Enable registry calls tracing
-um Enable Process Private tracing
-guid <file> Start tracing for providers in file
-rt Enable tracing in real time mode
-age <n> Modify aging decay time to n minutes
-level <n> Enable Level passed to the providers
-flag <n> Enable Flags passed to the providers
-eflag <n> <flag...> Enable flags (several) to providers
-ls Generate Local Sequence Numbers
-gs Generate Global Squence Numbers
-pids <n> <pid1 pid2 ... >
Tracing for Heap and Crit Sect for different proce
ss
-h
-help
-? Display usage information
注意SP2和2003 SP1以后可以使用
C:\>tracelog -stop to stop logging
Invalid option given: stop
但是在本机中WINDOWS SP3中不支持
C:\>tracelog -stop
Operation Status: 0L Logger Name: NT Kernel Logger
Logger Id: ffff
Logger Thread Id: 00000A34
Buffer Size: 64 Kb
Maximum Buffers: 26
Minimum Buffers: 4
Number of Buffers: 18
Free Buffers: 18
Buffers Written: 1158
Events Lost: 0
Log Buffers Lost: 0
Real Time Buffers Lost: 0
AgeLimit: 15
Log File Mode: Sequential
Enabled tracing: Process Thread Disk File ImageLoad
Log Filename: C:\kernel.etl
C:\>
就这样,C:\kernel.etl产生了
然后为时间捕获生成报告:
C:\>tracerpt c:\kernel.etl -df -o -report
输入
----------------
文件:
c:\kernel.etl
事件定义: 资源
输出
----------------
文字(CSV): dumpfile.csv
报告: workload.txt
命令成功结束。
C:\>
在dumpfile.csv中发现DPC:
PerfInfo, ISR, 0xFFFFFFFF, 129733344630354430, 0, 0, 129733344630354243, 0x8A384CB8, 0, 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354431, 0, 0, 0x86B0BCB0, "\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2791.32008__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL", 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354438, 0, 0, 0x86B48840, "\Program Files\Avira\AntiVir Desktop\hbedv.key", 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354446, 0, 0, 0x87BCF8F0, "\cygwin\bin\tac.exe", 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354450, 0, 0, 0x87AEA868, "\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\F\2F\49B6Ad01", 0, 0
DiskIo, Write, 0x0A34, 129733344630354457, 0, 0, 0, 0x00000A01, 65536, 2325803, 32910740992, 0x86978C78, 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354460, 0, 0, 0x87B1EF90, "\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy", 0, 0
FileIo, Name, 0xFFFFFFFF, 129733344630354474, 0, 0, 0x86BD70C8, "\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\F\97\FF42Ad01", 0, 0
PerfInfo, DPC, 0xFFFFFFFF, 129733344630354478, 0, 0, 129733344630354434, 0x8A384AB8, 0, 0
默认的调试器是\windows\system32\drwtsn32.exe 也称为Dr.Watson ,实际上它不是一个调试器而是一个事后分析器,捕获了应用程序的崩溃时的状态,而且将其记录在一个日志drwtsn32.log中,和一个进程崩溃转储文件user.dmp 默认这2个文件放在C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson和C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
注意不同的CPU使用的系统服务分发器不一样!!!
在pentium 2之前的X86,windows使用int 0x2e 十进制46,会导致一个陷阱windows会填充IDT的46号表项,该陷阱导致执行线程转换到内核线程中
在pentium 2后的处理器,windows使用sysenter指令,这个是intel专门为快速系统服务分发而定义的指令,为了支持这个指令,windows在引导的时候将内核的系统服务分发器的地址保存在与该指令相关联的寄存器中,在指令执行的时候就会导致变换到内核模式下。
对于AMD的K6以后的32位处理器,windows使用syscall来处理
在64bit X86的windows上,采用syscall进行,在IA64上,windows使用epc进入特权代码指令
难道这就是ms对AMD的支持更有利于内存寄存器更快的原因吗?
使用winobj.exe来显示内部的对象管理器的名字空间,sysinternals上的这个程序的版本比SDK上的更精准!
Handle v3.46
Copyright (C) 1997-2011 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
System pid: 4 NT AUTHORITY\SYSTEM
14C: File (---) C:\WINDOWS\system32\config\software
150: File (---) C:\WINDOWS\system32\config\default.LOG
158: File (---) C:\WINDOWS\system32\config\SECURITY.LOG
15C: File (---) C:\WINDOWS\system32\config\default
160: File (---) C:\WINDOWS\system32\config\SAM
164: File (---) C:\WINDOWS\system32\config\SAM.LOG
170: File (---) C:\WINDOWS\system32\config\system.LOG
178: File (---) C:\WINDOWS\system32\config\SECURITY
184: File (-WD) C:\WINDOWS\system32\drivers\sptd.sys
190: File (---) C:\WINDOWS\system32\config\software.LOG
19C: File (---) C:\WINDOWS\system32\config\system
34C: File (---) C:\Documents and Settings\NetworkService\ntuser.dat.LOG
354: File (---) C:\Documents and Settings\NetworkService\NTUSER.DAT
358: File (---) C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
35C: File (---) C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
428: File (---) C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
430: File (---) C:\Documents and Settings\LocalService\NTUSER.DAT
434: File (RW-) \Device\Mup
438: File (---) C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
43C: File (---) C:\Documents and Settings\LocalService\ntuser.dat.LOG
480: File (---) C:\Documents and Settings\jamin\ntuser.dat.LOG
B94: File (---) C:\Documents and Settings\jamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
B98: File (---) C:\Documents and Settings\jamin\NTUSER.DAT
B9C: File (---) C:\Documents and Settings\jamin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
D24: File (R--) C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log
------------------------------------------------------------------------------
smss.exe pid: 612 NT AUTHORITY\SYSTEM
8: File (RW-) C:\WINDOWS
1C: File (RW-) C:\WINDOWS\system32
------------------------------------------------------------------------------
csrss.exe pid: 1128 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
38: Section \NLS\NlsSectionUnicode
40: Section \NLS\NlsSectionLocale
44: Section \NLS\NlsSectionCType
48: Section \NLS\NlsSectionSortkey
4C: Section \NLS\NlsSectionSortTbls
26C: File (R--) C:\WINDOWS\system32\ega.cpi
46C: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
winlogon.exe pid: 1160 NT AUTHORITY\SYSTEM
DC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
120: Section \BaseNamedObjects\mmGlobalPnpInfo
138: File (RW-) C:\WINDOWS\system32
168: Section \BaseNamedObjects\ShimSharedMemory
1DC: File (RW-) C:\WINDOWS\system32\dllcache
1E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1EC: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
1F0: File (RW-) C:\WINDOWS\AppPatch
1F4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
1F8: File (RW-) C:\WINDOWS\Help
1FC: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
200: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
204: File (RW-) C:\WINDOWS\system32\inetsrv
208: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
20C: File (RW-) C:\WINDOWS\Fonts
210: File (RW-) C:\WINDOWS\system32\drivers
214: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
218: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
21C: File (RW-) C:\Program Files\microsoft frontpage\version3.0\bin
220: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
224: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\2052
228: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
22C: File (RW-) C:\WINDOWS
230: File (RW-) C:\Program Files\Common Files\Microsoft Shared\DAO
234: File (RW-) C:\Program Files\Windows Media Player
238: File (RW-) C:\Program Files\Common Files\System\msadc
23C: File (RW-) C:\Program Files\Common Files\System\ado
240: File (RW-) C:\Program Files\Common Files\System\Ole DB
244: File (RW-) C:\WINDOWS\inf
248: File (RW-) C:\WINDOWS\system
24C: File (RW-) C:\WINDOWS\msagent
250: File (RW-) C:\WINDOWS\msagent\intl
254: File (RW-) C:\Program Files\MSN Gaming Zone\Windows
258: File (RW-) C:\WINDOWS\pchealth\helpctr\binaries
25C: File (RW-) C:\Program Files\NetMeeting
260: File (RW-) C:\WINDOWS\system32\drivers\disdn
264: File (RW-) C:\WINDOWS\ime\CHTIME\Applets
268: File (RW-) C:\WINDOWS\system32\wbem
26C: File (RW-) C:\WINDOWS\system32\IME\CINTLGNT
270: File (RW-) C:\WINDOWS\system32\Com
274: File (RW-) C:\WINDOWS\system32\Setup
278: File (RW-) C:\WINDOWS\ime\IMJP8_1
27C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Triedit
280: File (RW-) C:\Program Files\Windows NT
284: File (RW-) C:\Program Files\Common Files\System
288: File (RW-) C:\WINDOWS\system32\1033
28C: File (RW-) C:\WINDOWS\system32\2052
290: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
294: File (RW-) C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
298: File (RW-) C:\WINDOWS\system32\usmt
29C: File (RW-) C:\WINDOWS\ime\IMKR6_1\Dicts
2A4: File (RW-) C:\WINDOWS\system32\mui\0804
2AC: File (RW-) C:\WINDOWS\ime\IMKR6_1\Applets
2B0: File (RW-) C:\Program Files\Internet Explorer
2B4: File (RW-) C:\WINDOWS\ime\IMJP8_1\APPLETS
2B8: File (RW-) C:\WINDOWS\system32\xircom
2BC: File (RW-) C:\Program Files\Internet Explorer\Connection Wizard
2C0: File (RW-) C:\WINDOWS\ime\IMKR6_1
2C4: File (RW-) C:\Program Files\Common Files\Microsoft Shared\MSInfo
2C8: File (RW-) C:\Program Files\Windows NT\Accessories
2CC: File (RW-) C:\WINDOWS\ime\SHARED
2D0: File (RW-) C:\WINDOWS\system32\IME\PINTLGNT
2DC: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
2E0: File (RW-) C:\WINDOWS\Resources\Themes\Luna
2E4: File (RW-) C:\Program Files\Movie Maker
2E8: File (RW-) C:\WINDOWS\ime
2F0: File (RW-) C:\WINDOWS\srchasst
300: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries
304: File (RW-) C:\Program Files\Outlook Express
308: File (RW-) C:\WINDOWS\system32\oobe
30C: File (RW-) C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
310: File (RW-) C:\WINDOWS\system32\npp
314: File (RW-) C:\Program Files\Windows NT\Pinball
318: File (RW-) C:\WINDOWS\ime\SHARED\RES
34C: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
354: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
358: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech
35C: File (RW-) C:\WINDOWS\ime\CHSIME\APPLETS
360: File (RW-) C:\WINDOWS\system32\Restore
370: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
378: File (RW-) C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
37C: File (RW-) C:\WINDOWS\system32\wbem\snmp
380: File (RW-) C:\Program Files\Common Files\SpeechEngines\Microsoft
384: File (RW-) C:\Program Files\Common Files\Microsoft Shared\Speech\2052
388: File (RW-) C:\WINDOWS\PeerNet
38C: File (RW-) C:\WINDOWS\system32\spool\drivers\color
390: File (RW-) C:\WINDOWS\system32\IME\TINTLGNT
394: File (RW-) C:\WINDOWS\Help\Tours\mmTour
398: File (RW-) C:\WINDOWS\pchealth\UploadLB\Binaries
39C: File (RW-) C:\Program Files\Common Files\Microsoft Shared\VGX
3A0: File (RW-) C:\WINDOWS\system32\wbem\xml
3A4: File (RW-) C:\Program Files\xerox\nwwia
3B4: File (RW-) C:\WINDOWS\WinSxS
70C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
740: Section \BaseNamedObjects\WDMAUD_Callbacks
7C0: File (RW-) C:\WINDOWS\system32
------------------------------------------------------------------------------
services.exe pid: 1204 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
27C: Section \BaseNamedObjects\ShimSharedMemory
2E0: File (R--) C:\WINDOWS\system32\config\ACEEvent.evt
2F0: File (R--) C:\WINDOWS\system32\config\AppEvent.Evt
300: File (R--) C:\WINDOWS\system32\config\SecEvent.Evt
310: File (R--) C:\WINDOWS\system32\config\SysEvent.Evt
------------------------------------------------------------------------------
lsass.exe pid: 1216 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
158: Section \BaseNamedObjects\Debug.Memory.4c0
248: File (RW-) C:\WINDOWS\Debug\PASSWD.LOG
634: File (RWD) C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
------------------------------------------------------------------------------
avguard.exe pid: 1384 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
124: File (---) \FileSystem\Filters\avgntflt
140: File (---) \FileSystem\Filters\FltMgrMsg
1C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
23C: Section \BaseNamedObjects\ShimSharedMemory
29C: Section \BaseNamedObjects\AVSDA_KERNELOBJECT_2007_0410_095423
2BC: File (---) C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\avguard2.tmp
------------------------------------------------------------------------------
avshadow.exe pid: 1572 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
------------------------------------------------------------------------------
ati2evxx.exe pid: 1592 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
AC: Section \BaseNamedObjects\ShimSharedMemory
E8: Section \BaseNamedObjects\AtiEeuSharedAdapterData_89ef8000
10C: Section \BaseNamedObjects\AtiEeuSharedAdapterHeader
------------------------------------------------------------------------------
svchost.exe pid: 1612 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
108: File (---) \Dfs
154: Section \BaseNamedObjects\RotHintTable
168: Section \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
214: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
svchost.exe pid: 1676 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: File (---) \Dfs
468: Section \BaseNamedObjects\RotHintTable
------------------------------------------------------------------------------
ati2evxx.exe pid: 140 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
80: Section \BaseNamedObjects\ShimSharedMemory
90: Section \BaseNamedObjects\AtiEeuSharedAdapterHeader
94: Section \BaseNamedObjects\AtiEeuSharedAdapterData_89ef8000
------------------------------------------------------------------------------
svchost.exe pid: 784 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A4: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_310
35C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
378: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
39C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
460: Section \BaseNamedObjects\mmGlobalPnpInfo
680: Section \BaseNamedObjects\RotHintTable
69C: Section \BaseNamedObjects\SENS Information Cache
6A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
6A8: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_310
6B0: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_310
6B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
744: File (---) D:
748: File (---) C:
74C: File (RWD) C:\$Extend\$ObjId
754: File (R--) D:\System Volume Information\tracking.log
780: File (RWD) D:\$Extend\$ObjId
78C: File (R--) C:\System Volume Information\tracking.log
80C: File (RWD) C:\WINDOWS\system32\wbem\mof
958: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
960: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
964: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
968: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
96C: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
970: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
974: File (R--) C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
984: Section \BaseNamedObjects\Wmi Provider Sub System Counters
AB8: File (R--) C:\WINDOWS\system32\h323log.txt
E88: Section \BaseNamedObjects\Debug.Memory.310
13B8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
190C: File (RWD) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My
1954: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
svchost.exe pid: 824 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D8: File (RWD) C:\WINDOWS\system32\drivers\etc
------------------------------------------------------------------------------
svchost.exe pid: 944 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
140: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
sched.exe pid: 1624 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
170: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
inetinfo.exe pid: 1024 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
588: Section \BaseNamedObjects\RotHintTable
600: File (RWD) C:\Inetpub\mailroot\Pickup
604: Section \BaseNamedObjects\NTFSDrv
608: Section \BaseNamedObjects\NTFSDRV_OBJ0
684: Section \BaseNamedObjects\Pws_DataSpace
6EC: File (RWD) C:\WINDOWS\Help\iisHelp
6F4: File (RWD) C:\Inetpub\wwwroot
820: File (RW-) C:\WINDOWS\system32\Logfiles\W3SVC1\ex120210.log
------------------------------------------------------------------------------
jqs.exe pid: 1052 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
108: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_41c.dat
10C: Section \BaseNamedObjects\Perflib_Perfdata_41c
2AC: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
sqlservr.exe pid: 1280 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
D8: File (R--) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG
DC: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf
E8: Section \BaseNamedObjects\SQLSERVER2005DUMP_1280
EC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
F0: Section \BaseNamedObjects\SQL60_RUNNING$SQLEXPRESS
1B8: Section \BaseNamedObjects\SQL_90_MEMOBJ_SQLEXPRESS_0
1CC: File (RW-) C:\DOCUME~1\NETWOR~1\LOCALS~1\Temp\Perflib_Perfdata_500.dat
1D0: Section \BaseNamedObjects\Perflib_Perfdata_500
1D8: Section \BaseNamedObjects\SQLCounters$SQLEXPRESS
338: Section \BaseNamedObjects\ShimSharedMemory
388: Section \BaseNamedObjects\Debug.Memory.500
3D4: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf
428: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf
430: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf
438: File (R--) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_14.trc
46C: File (R--) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mssqlsystemresource.mdf
474: File (R--) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mssqlsystemresource.ldf
490: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf
49C: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf
4A0: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf
4BC: File (---) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf
------------------------------------------------------------------------------
sqlwriter.exe pid: 1880 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
------------------------------------------------------------------------------
vmware-authd.exe pid: 1908 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B0: Section \BaseNamedObjects\Perflib_Perfdata_774
B4: File (RW-) C:\WINDOWS\Temp\Perflib_Perfdata_774.dat
10C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
vmount2.exe pid: 480 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: File (R--) C:\WINDOWS\Temp\vmware-vmount.log
------------------------------------------------------------------------------
vmnat.exe pid: 604 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
------------------------------------------------------------------------------
vmnetdhcp.exe pid: 1004 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
68: File (RW-) C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases
------------------------------------------------------------------------------
vmserverdWin32.exe pid: 440 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
140: File (RW-) C:\WINDOWS\Temp\vmware-serverd.log
238: Section \BaseNamedObjects\mmGlobalPnpInfo
24C: Section \BaseNamedObjects\WDMAUD_Callbacks
304: File (R--) C:\WINDOWS\system32\activeds.tlb
30C: File (R--) C:\WINDOWS\system32\adsiis.dll
------------------------------------------------------------------------------
alg.exe pid: 3276 NT AUTHORITY\LOCAL SERVICE
C: File (RW-) C:\WINDOWS\system32
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
explorer.exe pid: 2156 AMD6000\jamin
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
80: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B0: Section \BaseNamedObjects\ShimSharedMemory
178: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
184: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
204: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
218: File (RWD) C:\Documents and Settings\jamin\桌面
224: File (RWD) C:\Documents and Settings\All Users\桌面
230: File (RWD) C:\Documents and Settings\jamin\Local Settings\Application Data\Microsoft\CD Burning
248: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
300: Section \BaseNamedObjects\UrlZonesSM_jamin
304: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
30C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
358: File (RWD) C:\Documents and Settings\jamin\Application Data\Microsoft\Internet Explorer\Quick Launch
36C: Section \BaseNamedObjects\mmGlobalPnpInfo
388: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3AC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3E4: Section \BaseNamedObjects\WDMAUD_Callbacks
3FC: Section \BaseNamedObjects\MSCTF.Shared.SFM.AIH
410: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_86c
418: File (RWD) C:\Documents and Settings\jamin\PrintHood
41C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
424: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_86c
474: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
480: Section \BaseNamedObjects\MSCTF.Shared.SFM.MCO
498: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
4A0: File (---) \Dfs
4A4: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
4B0: Section \BaseNamedObjects\MSCTF.Shared.SFM.AHI
4C0: Section \BaseNamedObjects\MSCTF.Shared.SFM.AHI
4E4: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
4EC: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_MSHist012012021020120211_index.dat_32768
4FC: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
510: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
538: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
54C: File (RWD) C:\Documents and Settings\All Users\「开始」菜单
554: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
558: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
560: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_196608
574: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
578: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5BC: Section \BaseNamedObjects\MSCTF.Shared.SFM.IOK
5C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
5F0: Section \BaseNamedObjects\MSCTF.Shared.SFM.ELJ
5F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
5FC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
600: Section \BaseNamedObjects\MSCTF.Shared.SFM.MMH
60C: Section \BaseNamedObjects\MSCTF.Shared.SFM.MCP
614: File (RWD) C:\Documents and Settings\jamin\「开始」菜单
618: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\MSHist012012021020120211\index.dat
650: Section \BaseNamedObjects\MSCTF.Shared.SFM.MLO
68C: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EII.BJ.BDDBACB
6C4: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EII.CJ.BDDBACB
708: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
710: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
724: Section \BaseNamedObjects\MSCTF.Shared.SFM.IIP
734: File (RWD) C:\Documents and Settings\jamin\Recent
748: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EII.DJ.BDDBACB
760: Section \BaseNamedObjects\MSCTF.Shared.SFM.AKM
77C: Section \BaseNamedObjects\MSCTF.Shared.SFM.IEP
784: Section \BaseNamedObjects\MSCTF.Shared.SFM.AGP
79C: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EII.MI.KEMLLBB
7AC: File (RW-) C:\Documents and Settings\jamin
7C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7E4: Section \BaseNamedObjects\MSCTF.Shared.SFM.IFK
7F4: Section \BaseNamedObjects\MSCTF.Shared.SFM.EOH
828: Section \BaseNamedObjects\MSCTF.Shared.SFM.EAH
848: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.EII.PI.LIKHPBB
------------------------------------------------------------------------------
RTHDCPL.EXE pid: 2248 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
58: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: Section \BaseNamedObjects\ShimSharedMemory
F4: Section \BaseNamedObjects\mmGlobalPnpInfo
120: Section \BaseNamedObjects\WDMAUD_Callbacks
208: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
21C: Section \BaseNamedObjects\DirectSound Administrator shared thread array
238: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
334: Section \BaseNamedObjects\DirectSound Administrator capture focus array
------------------------------------------------------------------------------
MOM.exe pid: 2264 AMD6000\jamin
30: Section \BaseNamedObjects\ShimSharedMemory
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
58: Section \BaseNamedObjects\Cor_Private_IPCBlock_2264
64: Section \BaseNamedObjects\Cor_Public_IPCBlock_2264
B8: File (R-D) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
BC: File (R-D) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C8: File (R-D) C:\Documents and Settings\jamin\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
10C: File (R--) C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index51.dat
110: File (RW-) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
114: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
11C: File (R--) C:\WINDOWS\assembly\pubpol1.dat
120: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2827.38662__90ba9c70f846762e\MOM.Implementation.DLL
12C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.DLL
134: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
13C: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
170: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2791.31993__90ba9c70f846762e\LOG.Foundation.Private.DLL
174: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2827.38660__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
19C: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
1BC: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
1C0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.DLL
214: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2791.32009__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
21C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
36C: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
378: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.Resources.dll
380: Section \BaseNamedObjects\NLS_00000804_Exception_Table_3_2
3A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3B0: Section \BaseNamedObjects\UrlZonesSM_jamin
458: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2827.38367__90ba9c70f846762e\AEM.Server.DLL
460: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.DLL
------------------------------------------------------------------------------
GooglePinyinDaemon.exe pid: 2280 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
114: Section \BaseNamedObjects\GPY2SETTINGS
138: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
144: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
194: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
1A0: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
1A8: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
1AC: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
1BC: Section \BaseNamedObjects\ShimSharedMemory
1C0: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
1CC: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
1D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
24C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
284: Section \BaseNamedObjects\SENS Information Cache
2C8: Section \BaseNamedObjects\UrlZonesSM_jamin
334: File (RWD) C:\Documents and Settings\jamin\Application Data\Microsoft\SystemCertificates\My
454: File (RWD) C:\Documents and Settings\jamin\Application Data\Microsoft\SystemCertificates\My
4F0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4F8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
504: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
50C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
SetPoint.exe pid: 2336 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
24: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
28: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
2C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
30: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
34: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
38: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
8C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
9C: Section \BaseNamedObjects\CLogiInstanceCheck_MMF_SetPoint
A8: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
C0: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
C4: File (RW-) C:\Program Files\Logitech\SetPointP
E4: Section \BaseNamedObjects\ShimSharedMemory
104: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
108: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
10C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
110: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
114: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2
11C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
120: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
124: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2
128: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
12C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
130: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2
134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
138: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
13C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
140: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2
1AC: Section \BaseNamedObjects\LogiBugShow
1C4: Section \BaseNamedObjects\LD_KHAL_SharedGblMem
310: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
31C: Section \BaseNamedObjects\UrlZonesSM_jamin
32C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
330: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
34C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e
350: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943
370: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
374: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
avgnt.exe pid: 2848 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
7C: File (RW-) C:\Documents and Settings\jamin
E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
16C: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
Probe2.exe pid: 3308 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
60: Section \BaseNamedObjects\ShimSharedMemory
7C: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
94: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
124: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
140: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
144: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
15C: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
164: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
170: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
178: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
17C: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
188: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
1B0: File (RW-) C:\Program Files\ASUS\PC Probe II\Pci.tab
228: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
230: Section \BaseNamedObjects\UrlZonesSM_jamin
270: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
2A8: Section \BaseNamedObjects\mmGlobalPnpInfo
2C0: Section \BaseNamedObjects\WDMAUD_Callbacks
30C: File (RW-) C:\DOCUME~1\jamin\LOCALS~1\Temp\Perflib_Perfdata_cec.dat
31C: Section \BaseNamedObjects\Perflib_Perfdata_cec
498: File (RW-) C:\Program Files\ASUS\PC Probe II\SmBIOS.ini
49C: File (RW-) C:\Program Files\ASUS\PC Probe II\WMIConfig.ini
------------------------------------------------------------------------------
ctfmon.exe pid: 3348 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
3C: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
98: Section \BaseNamedObjects\MSCTF.GCompartListSFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
A4: Section \BaseNamedObjects\CTF.AsmListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003
110: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
YoudaoNote.exe pid: 3624 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E8: File (R--) C:\Documents and Settings\jamin\Local Settings\Application Data\youdao\ynote\log\YoudaoNote.exe.log
108: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
120: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
128: Section \BaseNamedObjects\ShimSharedMemory
12C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\SkinFore.png
130: File (R--) C:\Program Files\Youdao\YoudaoNote\res\backImage\default.jpg
134: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state1.png
138: File (R--) C:\Program Files\Youdao\YoudaoNote\res\error_state.png
13C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state2.png
140: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state3.png
144: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state4.png
148: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state5.png
14C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state6.png
150: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state7.png
154: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state8.png
158: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state9.png
15C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state10.png
160: File (R--) C:\Program Files\Youdao\YoudaoNote\res\error_state.png
164: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state1.png
168: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state2.png
16C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state3.png
170: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state4.png
174: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state5.png
178: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state6.png
17C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state7.png
180: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state8.png
184: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state9.png
188: File (R--) C:\Program Files\Youdao\YoudaoNote\res\sync_state10.png
18C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\attach_icon.png
190: File (R--) C:\Program Files\Youdao\YoudaoNote\res\collapse.png
194: File (R--) C:\Program Files\Youdao\YoudaoNote\res\expand.png
198: File (R--) C:\Program Files\Youdao\YoudaoNote\res\folder.png
19C: File (R--) C:\Program Files\Youdao\YoudaoNote\res\note.png
1A0: File (R--) C:\Program Files\Youdao\YoudaoNote\res\dft-mark.png
1A4: File (R--) C:\Program Files\Youdao\YoudaoNote\res\error-mark.png
1A8: File (R--) C:\Program Files\Youdao\YoudaoNote\res\local-mark.png
1AC: File (R--) C:\Program Files\Youdao\YoudaoNote\res\trash.png
1B0: File (R--) C:\Program Files\Youdao\YoudaoNote\res\tag.png
1B4: File (R--) C:\Program Files\Youdao\YoudaoNote\res\separator.png
1B8: File (R--) C:\Program Files\Youdao\YoudaoNote\res\calendar.png
240: Section \BaseNamedObjects\libcef_160879209403318924
284: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
39C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3A4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3B0: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
3BC: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
3C4: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
3CC: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
3D0: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
3DC: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
424: Section \BaseNamedObjects\UrlZonesSM_jamin
440: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
444: Section \BaseNamedObjects\MSCTF.Shared.SFM.MCO
480: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\YNote\Data\jaminwm@yeah.net_thumbnails.db
49C: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\YNote\Data\jaminwm@yeah.net.db
4AC: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\YNote\Data\jaminwm@yeah.net.db
4B4: Section \BaseNamedObjects\SENS Information Cache
4C4: File (RWD) C:\Documents and Settings\jamin\Local Settings\Application Data\youdao\ynote\Attachments
4D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
58C: Section \BaseNamedObjects\GPY2SETTINGS
5D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5D4: File (R--) C:\WINDOWS\system32\shdocvw.dll
5DC: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
5E0: File (RW-) C:\Documents and Settings\jamin\桌面
5EC: File (R--) C:\WINDOWS\system32\stdole2.tlb
628: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
65C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
734: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
74C: File (R--) C:\WINDOWS\Fonts\arial.ttf
750: File (R--) C:\WINDOWS\Fonts\simsun.ttc
758: File (R--) C:\WINDOWS\Fonts\arialbd.ttf
798: Section \BaseNamedObjects\GooglePinyinDashboardIPCMem
7D8: Section \BaseNamedObjects\Microsoft_VS80_Publisher-3624
------------------------------------------------------------------------------
GooglePinyinService.exe pid: 1368 AMD6000\jamin
8: Section \BaseNamedObjects\c:_progra~1_google_google~1_go4069~1.exe_GPY_SANDBOX_IPC_SHAREDMEM
20: File (RW-) C:\Documents and Settings\jamin
------------------------------------------------------------------------------
YodaoDict.exe pid: 408 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B4: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
CC: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
D8: File (R--) C:\Documents and Settings\jamin\Local Settings\Application Data\Yodao\DeskDict\CrashRpt\dmp_20120210114001.txt
F4: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
13C: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
144: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
14C: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
150: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
15C: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
16C: Section \BaseNamedObjects\ShimSharedMemory
208: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
22C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
230: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
298: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2D0: Section \BaseNamedObjects\SENS Information Cache
314: Section \BaseNamedObjects\UrlZonesSM_jamin
318: Section \BaseNamedObjects\_SFM_OBJ_
330: File (R--) C:\WINDOWS\system32\mshtml.tlb
340: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
44C: Section \BaseNamedObjects\Microsoft_VS80_Publisher-408
4C4: File (R--) C:\Program Files\Youdao\Dict4\dictcn.db
4D8: File (R--) C:\Program Files\Youdao\Dict4\dicten.db
4FC: File (R--) C:\Program Files\Youdao\Dict4\localdicts\basicCE.ydic
50C: Section \BaseNamedObjects\YoudaoDictGlyph{4182F9D6-9D84-49E3-A327-55B0799AEBC2}
540: File (R--) C:\WINDOWS\system32\shdocvw.dll
548: File (R--) C:\Program Files\Youdao\Dict4\localdicts\21EC.ydic
54C: File (R--) C:\Program Files\Youdao\Dict4\localdicts\basicEC.ydic
554: File (R--) C:\Program Files\Youdao\Dict4\localdicts\newCE.ydic
56C: File (R--) C:\WINDOWS\system32\stdole2.tlb
578: Section \BaseNamedObjects\MSIMGSIZECacheMap
5A0: File (R--) C:\Program Files\Youdao\Dict4\localdicts\phrase.ydic
5C8: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\KB53AEBH\dictwandblank[1].html
5D8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
------------------------------------------------------------------------------
klive.exe pid: 3696 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
84: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
C8: Section \BaseNamedObjects\ShimSharedMemory
D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
120: File (RW-) C:\Documents and Settings\jamin\Application Data\Kingsoft\klive\info\data.db
154: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
15C: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
168: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
170: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
174: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
180: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
1A8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1EC: Section \BaseNamedObjects\SENS Information Cache
330: File (RW-) C:\快盘\.klive\klivestate.db
368: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3A4: File (RW-) C:\快盘
------------------------------------------------------------------------------
aaCenter.exe pid: 192 AMD6000\jamin
C: File (RW-) C:\Documents and Settings\jamin
54: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
70: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
78: Section \BaseNamedObjects\ShimSharedMemory
194: File (RW-) C:\DOCUME~1\jamin\LOCALS~1\Temp\Perflib_Perfdata_c0.dat
198: Section \BaseNamedObjects\Perflib_Perfdata_c0
334: File (R--) C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
33C: File (R--) C:\WINDOWS\system32\stdole2.tlb
34C: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
35C: Section \BaseNamedObjects\MSCTF.Shared.SFM.MMH
------------------------------------------------------------------------------
CCC.exe pid: 936 AMD6000\jamin
30: Section \BaseNamedObjects\ShimSharedMemory
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
58: Section \BaseNamedObjects\Cor_Private_IPCBlock_936
64: Section \BaseNamedObjects\Cor_Public_IPCBlock_936
BC: File (R-D) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C0: File (R-D) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CC: File (R-D) C:\Documents and Settings\jamin\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
110: File (R--) C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index51.dat
118: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
130: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
134: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
138: File (RW-) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
140: File (R--) C:\WINDOWS\assembly\pubpol1.dat
144: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2827.38661__90ba9c70f846762e\CCC.Implementation.DLL
150: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2791.31986__90ba9c70f846762e\LOG.Foundation.DLL
158: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2791.32006__90ba9c70f846762e\MOM.Foundation.DLL
160: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2791.31988__90ba9c70f846762e\CLI.Foundation.DLL
168: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2791.32009__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
170: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2827.38660__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
184: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
18C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2791.31993__90ba9c70f846762e\LOG.Foundation.Private.DLL
194: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2827.38705__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
1A0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2791.32001__90ba9c70f846762e\AEM.Server.Shared.DLL
230: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
240: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
248: Section \BaseNamedObjects\NLS_00000804_Exception_Table_3_2
24C: File (R-D) C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
298: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.Resources.dll
2A0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2827.38662__90ba9c70f846762e\MOM.Implementation.DLL
2AC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2791.32434__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
2BC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
2C8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2791.32025__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
2D4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2827.38677__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
2DC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2827.38612__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
2E0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2827.38369__90ba9c70f846762e\CLI.Component.Runtime.DLL
2EC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2791.32008__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
2F4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2791.31996__90ba9c70f846762e\CLI.Foundation.Private.DLL
2FC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2791.32001__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
304: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
324: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2827.38367__90ba9c70f846762e\AEM.Server.DLL
32C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2791.31992__90ba9c70f846762e\NEWAEM.Foundation.DLL
334: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2827.38367__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
33C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2791.31987__90ba9c70f846762e\AEM.Foundation.DLL
354: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2791.32000__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
380: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
388: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2791.32015__90ba9c70f846762e\DEM.Graphics.DLL
390: File (R-D) C:\WINDOWS\system32\ATIDEMGX.dll
398: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
418: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
4D4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2791.32011__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
4E8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2827.38654__90ba9c70f846762e\CLI.Component.Systemtray.DLL
508: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
520: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
524: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2827.38369__90ba9c70f846762e\APM.Server.DLL
568: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2827.38377__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
570: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2791.32002__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
578: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.DLL
580: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2791.32016__90ba9c70f846762e\DEM.OS.I0602.DLL
588: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2791.32016__90ba9c70f846762e\DEM.OS.DLL
590: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2827.38370__90ba9c70f846762e\ATIDEMOS.DLL
5C8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
5F0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2827.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
684: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2827.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
688: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2791.32024__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
69C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2791.31999__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
70C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2827.38396__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
714: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
71C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2827.38597__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
724: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2791.32030__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
72C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2791.32026__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
734: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2827.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
73C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2791.32011__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
748: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
750: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
758: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2827.38639__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
760: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2791.32027__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
768: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2827.38453__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
770: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
7A0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2827.38625__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
7A4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2791.32015__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
7A8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2827.38563__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
7B0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
7B8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2791.32039__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
7BC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2827.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
7C4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2791.31995__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
7D4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2827.38584__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
7EC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2827.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
7F4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2791.32014__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
804: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2791.32004__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
808: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2827.38605__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
818: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2791.32006__90ba9c70f846762e\APM.Foundation.DLL
838: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2791.32029__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
840: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2827.38404__90ba9c70f846762e\CLI.Component.Wizard.DLL
870: Section \BaseNamedObjects\NLS_CodePage_936_3_2_0_0
8A0: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2791.32039__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
8A8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2827.38654_zh-CHS_90ba9c70f846762e\CLI.Component.Systemtray.resources.DLL
8AC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2827.38384__90ba9c70f846762e\CLI.Component.Dashboard.DLL
8B4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2827.38410__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
8DC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2827.38418__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
8E4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.Windows.Forms.Resources.dll
8EC: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2827.38431__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
8F4: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2791.32007__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
8F8: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2791.32041__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
900: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
910: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2791.31999__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
918: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2791.32010__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
934: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2827.38390__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
940: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2791.32040__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
948: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2827.38683__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
964: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2827.38439__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
96C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2827.38397__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
974: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2827.38564__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
97C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2827.38537__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
984: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2827.38529__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
98C: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2827.38605__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
994: File (R-D) C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2827.38446__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
------------------------------------------------------------------------------
KHALMNPR.exe pid: 3204 AMD6000\jamin
C4: File (RW-) C:\Program Files\Logitech\SetPointP
5AC: Section \BaseNamedObjects\LogiBugShow
5B4: Section \BaseNamedObjects\LogiBugShow
5BC: Section \BaseNamedObjects\LogiBugShow
5C4: Section \BaseNamedObjects\LogiBugShow
5DC: Section \BaseNamedObjects\LogiBugShow
5E8: Section \BaseNamedObjects\LogiBugShow
5FC: File (RWD) C:\Documents and Settings\All Users\Application Data
610: Section \BaseNamedObjects\ShimSharedMemory
618: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
634: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
74C: Section \BaseNamedObjects\LD_KHAL_SharedGblMem
768: Section \BaseNamedObjects\LogiBugShow
76C: Section \BaseNamedObjects\LogiBugShow
7C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
MDM.EXE pid: 2216 AMD6000\jamin
C: File (RW-) C:\WINDOWS\system32
48: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
64: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
------------------------------------------------------------------------------
conime.exe pid: 2076 AMD6000\jamin
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
68: File (RW-) C:\WINDOWS\system32
6C: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
8C: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
94: Section \BaseNamedObjects\ShimSharedMemory
------------------------------------------------------------------------------
dllhost.exe pid: 2880 AMD6000\IWAM_AMD6000
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2A8: File (R--) C:\WINDOWS\system32\inetsrv\asp.dll
2C0: File (R--) C:\WINDOWS\system32\stdole2.tlb
324: Section \BaseNamedObjects\Microsoft_VS80_Publisher-2880
340: Section \BaseNamedObjects\ASP_PERFMON_MAIN_BLOCK
344: Section \BaseNamedObjects\ASP_PERFMON_BLOCK_3d14228d11d0fbe1c0005d99c119d94f
350: File (RWD) C:\Inetpub\wwwroot
458: File (R--) C:\WINDOWS\system32\inetsrv\asp.dll
------------------------------------------------------------------------------
dllhost.exe pid: 2512 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1A4: File (R--) C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8E773081-2D5E-4FF6-AC21-E6161F225B2E}.crmlog
258: File (RW-) C:\WINDOWS\system32\comsvcs.dll
294: File (R--) C:\WINDOWS\system32\stdole2.tlb
3B0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
------------------------------------------------------------------------------
msdtc.exe pid: 3548 NT AUTHORITY\NETWORK SERVICE
C: File (RW-) C:\WINDOWS\system32
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
208: File (R--) C:\WINDOWS\system32\MsDtc\MSDTC.LOG
------------------------------------------------------------------------------
firefox.exe pid: 1972 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
38: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
58: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
5C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
60: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
68: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
6C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
70: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
74: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
78: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
7C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
84: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
90: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D0: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
E8: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
148: File (---) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\parent.lock
14C: Section \BaseNamedObjects\ShimSharedMemory
2A0: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\permissions.sqlite
2E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
2EC: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
2F0: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\downloads.sqlite
2F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
2F8: File (RW-) C:\DOCUME~1\jamin\APPLIC~1\Mozilla\Firefox\Profiles\CZ61MI~1.DEF\cert8.db
2FC: File (RW-) C:\DOCUME~1\jamin\APPLIC~1\Mozilla\Firefox\Profiles\CZ61MI~1.DEF\key3.db
300: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
338: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\extensions.sqlite
37C: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\customtoken.00000
388: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/control.bin
398: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin
39C: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\cookies.sqlite
3A0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bin
3A4: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\cookies.sqlite-wal
3A8: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\cookies.sqlite-shm
3B0: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\content-prefs.sqlite
3B4: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite-wal
3D0: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\_CACHE_MAP_
3D8: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\urlclassifier3.sqlite
3DC: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\_CACHE_001_
3E0: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\_CACHE_002_
3E4: File (RW-) C:\Documents and Settings\jamin\Local Settings\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\Cache\_CACHE_003_
3E8: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite
3EC: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite-shm
414: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
444: Section \BaseNamedObjects\AtlDebugAllocator_FileMappingNameStatic3_7b4
450: Section \BaseNamedObjects\DfSharedHeap60C0C1
460: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\webappsstore.sqlite
464: Section \BaseNamedObjects\GPY2SETTINGS
468: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\chromeappsstore.sqlite
484: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/google.proverb.00000
4A4: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000
4B0: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000
4E0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/google.ancient_poetry.00000
4EC: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000
4F0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/control_optional.bin
4F4: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/index.00000
4F8: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/english.00000
4FC: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/hudong.place_name.00000
500: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000
510: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000
524: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite
528: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite-wal
54C: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
564: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
568: File (RWD) C:\Documents and Settings\jamin\Application Data\Microsoft\SystemCertificates\My
5D4: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
5E4: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\signons.sqlite
614: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
66C: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite-wal
A80: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000
AB0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
AB8: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\userdict.00000
ABC: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00004
AE4: Section \BaseNamedObjects\c:_progra~1_google_google~1_go4069~1.exe_GPY_SANDBOX_IPC_SHAREDMEM
B10: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000
B54: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/bihua.00000
B60: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
B78: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/component.00000
BB0: Section \BaseNamedObjects\SENS Information Cache
BB4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BD8: File (R--) C:\WINDOWS\Fonts\simsun.ttc
BDC: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Skins\teachers_day_1.gskin
BE8: File (RW-) C:\Program Files\Mozilla Firefox
BF4: File (R--) C:\WINDOWS\Fonts\arialbd.ttf
BF8: File (R--) C:\WINDOWS\Fonts\arial.ttf
C28: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C2C: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\formhistory.sqlite
C38: Section \BaseNamedObjects\GooglePinyinDashboardIPCMem
C98: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/model.00000
C9C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
CA4: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\cache.00000
CC8: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/sysdict.00004
CE4: File (R--) C:\WINDOWS\Fonts\micross.ttf
D0C: Section \BaseNamedObjects\MSCTF.Shared.SFM.MLO
D10: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\custom_shuangpin_dict.00000
D20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D30: Section \BaseNamedObjects\UrlZonesSM_jamin
D50: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000
D60: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\control.bin
D64: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000
D70: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\skin_resources.dat
D90: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
DA8: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/sysbitmap.00000
DB0: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000
DB8: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
DD4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E00: Section \BaseNamedObjects\WDMAUD_Callbacks
E18: Section \BaseNamedObjects\mmGlobalPnpInfo
E38: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
E7C: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\search.sqlite
E80: File (RW-) C:\Documents and Settings\jamin\Application Data\Mozilla\Firefox\Profiles\cz61mi22.default\places.sqlite
------------------------------------------------------------------------------
plugin-container.exe pid: 2724 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
1C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
24: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
28: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
2C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
30: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
34: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
3C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
40: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
44: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
48: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
4C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
50: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989
88: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
BC: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
E0: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
100: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
114: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
128: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1B4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
1C8: Section \BaseNamedObjects\ShimSharedMemory
240: Section \BaseNamedObjects\mmGlobalPnpInfo
268: Section \BaseNamedObjects\WDMAUD_Callbacks
2C8: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
2D0: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
354: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
37C: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
390: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
398: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
3AC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
3C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
3D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
3E4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
3F4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
400: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
414: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
428: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
43C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
478: Section \BaseNamedObjects\SENS Information Cache
4E4: Section \BaseNamedObjects\UrlZonesSM_jamin
514: Section \BaseNamedObjects\MSCTF.Shared.SFM.AIH
550: File (RW-) C:\Program Files\Mozilla Firefox
------------------------------------------------------------------------------
wps.exe pid: 3040 AMD6000\jamin
10: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
20: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
58: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
94: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
D0: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
EC: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
F4: Section \BaseNamedObjects\ShimSharedMemory
140: Section \BaseNamedObjects\qipc_sharedmemory_wpsstarupobject6dd47ab2a816abd6278dcb24137008a39cb62e42
148: File (RW-) C:\Documents and Settings\jamin\Local Settings\Temporary Internet Files\Content.IE5\index.dat
150: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_Temporary Internet Files_Content.IE5_index.dat_5931008
158: File (RW-) C:\Documents and Settings\jamin\Cookies\index.dat
160: File (RW-) C:\Documents and Settings\jamin\Local Settings\History\History.IE5\index.dat
164: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Local Settings_History_History.IE5_index.dat_180224
170: Section \BaseNamedObjects\C:_Documents and Settings_jamin_Cookies_index.dat_65536
184: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
248: Section \BaseNamedObjects\SENS Information Cache
284: File (RW-) C:\Documents and Settings\All Users\Application Data\kingsoft\Office6\ksoapp.cfg
290: Section \BaseNamedObjects\GooglePinyinDashboardIPCMem
298: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
2A0: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\parabutton\paraformatentry.png
2B8: File (R--) C:\WINDOWS\Fonts\tahoma.ttf
390: File (RW-) C:\Program Files\Kingsoft\WPS Office Personal\office6\cfgs\kso.cfg
394: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\tablebutton\move.ico
4E0: Section \BaseNamedObjects\RotHintTable
4F0: File (R--) C:\Documents and Settings\jamin\桌面\windows.doc
4F8: File (R--) C:\WINDOWS\Fonts\micross.ttf
578: Section \BaseNamedObjects\DfSharedHeap665BA6
584: File (R--) C:\Documents and Settings\jamin\Application Data\Kingsoft\Office6\templates\Normal.wpt
588: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
58C: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\tablebutton\colAdd.ico
590: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\tablebutton\rowAdd.ico
594: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\tablebutton\resize.ico
598: File (R--) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\parabutton\paraformatentry_over.png
5C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
5C8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
5CC: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
5D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
5D4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43
5E8: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
670: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
680: File (RW-) C:\Program Files\Kingsoft\WPS Office Personal\office6\2052\resource\autoshape\dgres.rpk
684: Section \BaseNamedObjects\DfRoot000665BA6
688: File (RWD) C:\DOCUME~1\jamin\LOCALS~1\Temp\~DF6892.tmp
68C: Section \BaseNamedObjects\DFMap0-6711458
690: File (RWD) C:\DOCUME~1\jamin\LOCALS~1\Temp\~DF68A4.tmp
694: Section \BaseNamedObjects\DFMap0-6711476
6D8: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysbitmap.00000
6EC: Section \BaseNamedObjects\MSCTF.Shared.SFM.IIP
724: Section \BaseNamedObjects\GPY2SETTINGS
72C: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\cache.00000
734: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\index.00000
754: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\control_optional.bin
758: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\stock_shuangpin_dict.00000
75C: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/control.bin
760: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\google.proverb.00000
764: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/control_optional.bin
76C: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/english.00000
770: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/sysdict.00004
780: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\component.00000
788: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/index.00000
7A0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/google.ancient_poetry.00000
7A4: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\hudong.place_name.00000
7B0: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\model.00000
7B8: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\userdict.00000
7C4: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\bihua.00000
7C8: Section \BaseNamedObjects\c:_progra~1_google_google~1_go4069~1.exe_GPY_SANDBOX_IPC_SHAREDMEM
7D0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/hudong.place_name.00000
7D8: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/sysbitmap.00000
7E4: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/control.bin
7E8: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Dictionaries\google.ancient_poetry.00000
7EC: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\skin_resources.dat
7F0: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\customtoken.00000
7F8: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/bihua.00000
7FC: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\custom_shuangpin_dict.00000
804: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\control.bin
82C: File (R--) C:\WINDOWS\Fonts\arial.ttf
830: File (R--) C:\WINDOWS\Fonts\simsun.ttc
838: File (R--) C:\WINDOWS\Fonts\arialbd.ttf
844: File (RW-) C:\Documents and Settings\jamin\Application Data\Google\Google Pinyin 2\Skins\teachers_day_1.gskin
848: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/jamin/Application Data/Google/Google Pinyin 2/Dictionaries/google.proverb.00000
84C: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/model.00000
850: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\english.00000
8C4: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
8D0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
924: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
930: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
934: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\control.bin
94C: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
99C: File (---) \Dfs
9AC: File (RW-) C:\Documents and Settings\jamin\桌面
9B0: Section \BaseNamedObjects\MAPPINGC:/Documents and Settings/All Users/Application Data/Google/Google Pinyin 2/component.00000
9B4: File (RW-) C:\Documents and Settings\All Users\Application Data\Google\Google Pinyin 2\sysdict.00004
------------------------------------------------------------------------------
cmd.exe pid: 3720 AMD6000\jamin
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: Section \BaseNamedObjects\ShimSharedMemory
8C: File (R--) C:\handle.log
94: File (RW-) C:\SysinternalsSuite
------------------------------------------------------------------------------
svchost.exe pid: 2164 NT AUTHORITY\SYSTEM
C: File (RW-) C:\WINDOWS\system32
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
B8: File (RW-) C:\WINDOWS\Sti_Trace.log
170: File (RW-) C:\WINDOWS\wiaservc.log
1D0: File (RW-) C:\WINDOWS\Sti_Trace.log
1D8: File (RW-) C:\WINDOWS\wiadebug.log
------------------------------------------------------------------------------
TextPad.exe pid: 164 AMD6000\jamin
54: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
58: Section \BaseNamedObjects\TextPad4
5C: Section \BaseNamedObjects\ShimSharedMemory
6C: Section \BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-682003330-838170752-2147090535-1003
84: Section \BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-682003330-838170752-2147090535-1003SFM.DefaultS-1-5-21-682003330-838170752-2147090535-1003
A0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
F0: Section \BaseNamedObjects\MSCTF.Shared.SFM.EAH
10C: Section \BaseNamedObjects\MSCTF.Shared.SFM.EII
124: File (RWD) C:\Documents and Settings\jamin\My Documents
13C: File (RW-) C:\
------------------------------------------------------------------------------
handle.exe pid: 884 AMD6000\jamin
8C: File (R--) C:\handle.log
94: File (RW-) C:\SysinternalsSuite
7C0: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
C:\SysinternalsSuite>handle.exe -p cmd.exe
Handle v3.46
Copyright (C) 1997-2011 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
cmd.exe pid: 3720 AMD6000\jamin
64: File (RW-) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_659
5b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83
88: Section \BaseNamedObjects\ShimSharedMemory
94: File (RW-) C:\SysinternalsSuite
C:\SysinternalsSuite>
互斥的概念很重要,在任何时候只有一个线程可以访问某一个特定的资源。对于SMP来说,需要进行内存的共享以及高IRQL的同步。
0: kd> !qlocks
*** ERROR: Module load completed but symbols could not be loaded for LiveKdD.SYS
Key: O = Owner, 1-n = Wait order, blank = not owned/waiting, C = Corrupt
Processor Number
Lock Name 0 1
KE - Dispatcher
MM - Expansion
MM - PFN O
MM - System Space
CC - Vacb
CC - Master
EX - NonPagedPool
IO - Cancel
EX - WorkQueue
IO - Vpb
IO - Database
IO - Completion
NTFS - Struct
AFD - WorkQueue
CC - Bcb
MM - NonPagedPool
0: kd>
0: kd> !process
PROCESS 8055d0c0 SessionId: none Cid: 0000 Peb: 00000000 ParentCid: 0000
DirBase: 00722000 ObjectTable: e1001ea8 HandleCount: 788.
Image: Idle
VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 1. Locked 0.
DeviceMap 00000000
Token e1002af0
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 10:08:08.656
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (7, 50, 450) (28KB, 200KB, 1800KB)
PeakWorkingSetSize 0
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 0
MemoryPriority BACKGROUND
BasePriority 0
CommitCharge 0
THREAD 8055ce60 Cid 0000.0000 Teb: 00000000 Win32Thread: 00000000 RUNN
ING on processor 0
THREAD ba33ae20 Cid 0000.0000 Teb: 00000000 Win32Thread: 00000000 RUNN
ING on processor 1
0: kd> !thread
THREAD 8055ce60 Cid 0000.0000 Teb: 00000000 Win32Thread: 00000000 RUNNING on p
rocessor 0
Not impersonating
Owning Process 0 Image: <Unknown>
Attached Process 8055d0c0 Image: Idle
Wait Start TickCount 1261530 Ticks: 19195 (0:00:04:59.921)
Context Switch Count 11464317
UserTime 00:00:00.000
KernelTime 05:08:04.937
Stack Init 80552700 Current 8055244c Base 80552700 Limit 8054f700 Call 0
Priority 16 BasePriority 0 PriorityDecrement 0 DecrementCount 0
*** ERROR: Module load completed but symbols could not be loaded for avipbb.sys
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
a2be7c5c 86ba8cd0 87a40900 87a40a40 00000000 LiveKdD+0x32fd
a2be7c84 805367fd e3536d70 0000001f 86bf4da8 0x86ba8cd0
a2be7d1c a6d94a64 a2be7d64 8052c00e ba68f3a4 nt!ExReleaseResourceLite+0x8d (FPO:
[Non-Fpo])
a2be7d50 8054261c 0000077c 00000000 00000000 avipbb+0x7a64
a2be7d50 7c92e4f4 0000077c 00000000 00000000 nt!KiFastCallEntry+0xfc (FPO: [0,0]
TrapFrame @ a2be7d64)
0012efec 00000000 00000000 00000000 00000000 0x7c92e4f4 |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-5-20 11:07:12
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡