QQ涉嫌间谍行为,非法扫描用户电脑数据！！！

QQ,你监视我，我也监视你！

参阅：QQ暗中间谍行为？？附上监视记录

重新申请了QQ，里面只有我自己。不存在跟任何其他人通讯。

除了弹出广告以外，什么操作也没做。死盯。

不一会儿，终于显形了：

我才启动你1秒钟，你就开始扫描我了？
我是从桌面启动你，不是从TC启动你的
(Total Commander)

Quote:

9:59:31.1445962 QQ.exe 3936 CreateFile E:\Program Files\TotalCmd SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1446909 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd SUCCESS 0: ., 1: .., 2: CABRK.DLL, 3: CGLPT9X.VXD, 4: CGLPTNT.SYS, 5: FRERES32.DLL, 6: HISTORY.TXT, 7: sfxhead.sfx, 8: SHARE_NT.EXE, 9: TCMADMIN.EXE, 10: TOTALCMD.EXE, 11: TOTALCMD.HLP, 12: TCUNZLIB.DLL, 13: UNACEV2.DLL, 14: UNRAR.DLL, 15: WC32TO16.EXE, 16: WCMICONS.DLL, 17: WCMICONS.INC, 18: WCMZIP32.DLL, 19: Readme.txt, 20: FAQ.txt, 21: Keyboard_chs.txt, 22: Keyboard_eng.TXT, 23: Totalcmd_eng.INC, 24: Totalcmd.inc, 25: UserApps_eng.bar, 26: UserApps.bar, 27: TCscheme.exe, 28: NoClose.pif, 29: NoClose.ini, 30: DEFAULT.BAR, 31: wcx_ftp.ini, 32: wincmd.ini, 33: uninst.exe, 34: fsplugin.ini, 35: LSPlugin.ini, 36: default.br2, 37: WINCMD.KEY, 38: ShellDetails.ini, 39: UserApps.br2, 40: Plugins, 41: Sounds, 42: Language, 43: Themes, 44: TOTALCMD.GID
9:59:31.1447920 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd NO MORE FILES
9:59:31.1448373 QQ.exe 3936 CloseFile E:\Program Files\TotalCmd SUCCESS
9:59:31.1456276 QQ.exe 3936 CreateFile E:\Program Files\TotalCmd\Plugins SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1458564 QQ.exe 3936 QueryDirectory   E:\Program Files\TotalCmd\Plugins SUCCESS 0: ., 1: .., 2: TCPPReadme.txt, 3: TCPPuninst.exe, 4: Wdx, 5: Wlx, 6: Wfx, 7: Wcx
9:59:31.1459408 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd\Plugins NO MORE FILES
9:59:31.1461584 QQ.exe 3936 CloseFile E:\Program Files\TotalCmd\Plugins SUCCESS
9:59:31.1464721 QQ.exe 3936 CreateFile E:\Program Files\TotalCmd\Plugins\Wlx SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1467568 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd\Plugins\Wlx SUCCESS 0: ., 1: .., 2: peviewer, 3: SWFView, 4: iclview, 5: xBaseView, 6: synplus, 7: OOoViewer, 8: gswlx, 9: fileinfo, 10: nfoviewer, 11: ieview, 12: mmedia, 13: office, 14: Imagine
9:59:31.1468641 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd\Plugins\Wlx NO MORE FILES
9:59:31.1469110 QQ.exe 3936 CloseFile E:\Program Files\TotalCmd\Plugins\Wlx SUCCESS
9:59:31.1473337 QQ.exe 3936 CreateFile E:\Program Files\TotalCmd\Plugins\Wlx\ieview SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Open For Backup, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:59:31.1474312 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd\Plugins\Wlx\ieview SUCCESS 0: ., 1: .., 2: ieview.wlx, 3: Ieview.ini, 4: readme_eng.txt, 5: positions.ini
9:59:31.1482176 QQ.exe 3936 QueryDirectory E:\Program Files\TotalCmd\Plugins\Wlx\ieview NO MORE FILES
9:59:31.1482696 QQ.exe 3936 CloseFile E:\Program Files\TotalCmd\Plugins\Wlx\ieview SUCCESS

C、E盘读写了大量文件，大量注册表项，20秒钟后，你终于开始了你的网络数据处女行
9:59:52.9243551 QQ.exe 3936 UDP Send IBM-T43:4000 -> 219.133.60.25:8000 SUCCESS Length: 76
……

Quote:

9:59:52.9747783 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 219.133.60.25:8000 SUCCESS Length: 112
9:59:53.4906690 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 76
9:59:53.5042417 QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 76
9:59:53.5488116 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 96
9:59:53.5574294 QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.14.201:8000 SUCCESS Length: 112
9:59:53.5789847 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 132
9:59:53.6148879 QQ.exe 3936 UDP Send IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 76
9:59:53.6482879 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:53.6833259 QQ.exe 3936 UDP Receive IBM-T43:4001 -> 58.60.15.103:8000 SUCCESS Length: 96
9:59:53.6962666 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 644
9:59:53.7445108 QQ.exe 3936 UDP Send IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 76
9:59:53.7568291 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 304
9:59:53.7580466 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 358
9:59:53.8287832 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 384
9:59:53.8902829 QQ.exe 3936 UDP Receive IBM-T43:4002 -> reverse.gdsz.cncnet.net:8000 SUCCESS Length: 112
9:59:54.1793962 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 134
9:59:54.2249165 QQ.exe 3936 UDP Send IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 486
9:59:54.2312704 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 88
9:59:54.4483617 QQ.exe 3936 UDP Receive IBM-T43:4000 -> 119.147.15.232:8000 SUCCESS Length: 40

上面这些IP，我都查过了，深圳珠海的。上次那个陕西电信机房又是怎么回事？
其实QQ只有不到1%的动作是在进行网络通讯，其余时间不厌其烦的反复读写注册表许多项目，硬盘里面的文件。反复再反复

是不是想统计一下用各种浏览器的人群，为自己改进浏览器作基础？

Quote:

10:04:18.0957294 QQ.exe 3936 CreateFile E:\Program Files\opera10b\opera.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:18.0958258 QQ.exe 3936 ReadFile E:\Program Files\opera10b\opera.exe SUCCESS Offset: 0, Length: 1,024
10:04:18.1857640 QQ.exe 3936 QueryStandardInformationFile E:\Program Files\opera10b\opera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18.1857886 QQ.exe 3936 QueryStandardInformationFile E:\Program Files\opera10b\opera.exe SUCCESS AllocationSize: 835,584, EndOfFile: 832,808, NumberOfLinks: 1, DeletePending: False, Directory: False
10:04:18.1858165 QQ.exe 3936 ReadFile E:\Program Files\opera10b\opera.exe SUCCESS Offset: 827,392, Length: 28
10:04:18.1858464 QQ.exe 3936 ReadFile E:\Program Files\opera10b\opera.exe SUCCESS Offset: 827,392, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O

动我foobar,为什么？

Quote:

10:03:51.1510311 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_explorer.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1746559 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_panel_splitter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1823183 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_peakmeter.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.1938480 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_playlists_dropdown.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2028165 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_quicksearch.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2123858 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_tabs.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2229601 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_trackinfo_mod.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2311921 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\components\foo_uie_vis_channel_spectrum.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.2975508 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\foobar2000.exe SUCCESS Offset: 1,024, Length: 8,192, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.3610165 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\foobar2000.exe SUCCESS Offset: 25,600, Length: 16,384, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:51.3644588 QQ.exe 3936 ReadFile E:\Program Files\HA_FB_OY_Green_Asion_Fix\foobar2000.exe SUCCESS Offset: 95,232, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O

动我电驴？

Quote:

10:03:58.6175027 QQ.exe 3936 ReadFile E:\Program Files\emule0.49c-Xtreme7.2 SSE2 Optimized\antiLeech.dll SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6431934 QQ.exe 3936 ReadFile E:\Program Files\emule0.49c-Xtreme7.2 SSE2 Optimized\emule.exe SUCCESS Offset: 24,576, Length: 12,288, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6555276 QQ.exe 3936 ReadFile E:\Program Files\emule0.49c-Xtreme7.2 SSE2 Optimized\emule.exe SUCCESS Offset: 40,960, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:03:58.6600008 QQ.exe 3936 ReadFile E:\Program Files\emule0.49c-Xtreme7.2 SSE2 Optimized\emule.exe SUCCESS Offset: 253,952, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O

动我金山词霸

Quote:

10:04:10.1319991 QQ.exe 3936 CreateFile E:\Program Files\PowerWord Lite\CBEBand.DLL SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:10.1325997 QQ.exe 3936 CloseFile E:\Program Files\PowerWord Lite\CBEBand.DLL SUCCESS

赛门铁克你也动？

Quote:

10:04:12.9233569 QQ.exe 3936 CreateFile C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:12.9234561 QQ.exe 3936 ReadFile C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe SUCCESS Offset: 0, Length: 1,024

IBM自带软件你也想看看？

Quote:

10:04:16.7362021 QQ.exe 3936 CreateFile C:\Documents and Settings\All Users\桌面\Access IBM.lnk SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:16.7366393 QQ.exe 3936 ReadFile C:\Documents and Settings\All Users\桌面\Access IBM.lnk SUCCESS Offset: 0, Length: 1,712
10:04:16.7366832 QQ.exe 3936 ReadFile C:\Documents and Settings\All Users\桌面\Access IBM.lnk SUCCESS Offset: 0, Length: 1,712, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
10:04:16.7528291 QQ.exe 3936 QueryInformationVolume C:\Documents and Settings\All Users\桌面\Access IBM.lnk SUCCESS VolumeCreationTime: 2006-2-22 6:33:19, VolumeSerialNumber: F4D2-6761, SupportsObjects: True, VolumeLabel:
10:04:16.7528618 QQ.exe 3936 QueryAllInformationFile C:\Documents and Settings\All Users\桌面\Access IBM.lnk BUFFER OVERFLOW CreationTime: 2006-2-21 23:40:28, LastAccessTime: 2009-9-19 20:30:00, LastWriteTime: 2006-2-21 23:40:28, ChangeTime: 2006-2-21 23:40:28, FileAttributes: A, AllocationSize: 4,096, EndOfFile: 1,712, NumberOfLinks: 1, DeletePending: False, Directory: False, IndexNumber: 0x100000000592d, EaSize: 0, Access: Generic Read, Position: 1,712, Mode: Synchronous IO Non-Alert, AlignmentRequirement: Word

我自己安装的游戏，你也想看看？

Quote:

10:04:17.8062510 QQ.exe 3936 CreateFile E:\Program Files\BoontyGames\Kotori Chicks n Cats SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:17.8063172 QQ.exe 3936 QueryDirectory E:\Program Files\BoontyGames\Kotori Chicks n Cats\Kotori.exe SUCCESS Filter: Kotori.exe, 1: Kotori.exe
10:04:17.8064538 QQ.exe 3936 CloseFile E:\Program Files\BoontyGames\Kotori Chicks n Cats SUCCESS
10:04:17.8070961 QQ.exe 3936 QueryOpen E:\Program Files\BoontyGames\Kotori Chicks n Cats\Kotori.exe FAST IO DISALLOWED

OpenOffice，哪点招惹你了？

Quote:

10:04:17.8226958 QQ.exe 3936 CreateFile E:\Program Files\OpenOfficePortable SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
10:04:17.8227603 QQ.exe 3936 QueryDirectory   E:\Program Files\OpenOfficePortable\OpenOfficePortable.exe SUCCESS Filter: OpenOfficePortable.exe, 1: OpenOfficePortable.exe
10:04:17.8228866 QQ.exe 3936 CloseFile E:\Program Files\OpenOfficePortable SUCCESS
10:04:17.8232255 QQ.exe 3936 QueryOpen E:\Program Files\OpenOfficePortable\OpenOfficePortable.exe FAST IO DISALLOWED
10:04:17.8233163 QQ.exe 3936 CreateFile E:\Program Files\OpenOfficePortable\OpenOfficePortable.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
10:04:17.8237155 QQ.exe 3936 QueryBasicInformationFile E:\Program Files\OpenOfficePortable\OpenOfficePortable.exe SUCCESS CreationTime: 2009-9-13 0:11:06, LastAccessTime: 2009-9-19 0:00:00, LastWriteTime: 2009-6-26 10:32:14, ChangeTime: 1601-1-1 8:00:00, FileAttributes: A
10:04:17.8237331 QQ.exe 3936 CloseFile E:\Program Files\OpenOfficePortable\OpenOfficePortable.exe SUCCESS

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

用什么软件监视？ProcessMonitor？
tm2009也是也这样，我都用tm的，有点慌。

Quote:
12:26:37.2296574 PM TM.exe 2732 CloseFile C:\Program Files\Movie Maker\moviemk.exe SUCCESS
12:26:37.2298610 PM TM.exe 2732 CreateFile C:\dvbdream\dvbdream.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
12:26:37.2298920 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 0, Length: 1,024
12:26:37.2299222 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2423235 PM TM.exe 2732 CreateFile C:\dvbdream\dvbdream.exe SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
12:26:37.2429459 PM TM.exe 2732 CloseFile C:\dvbdream\dvbdream.exe SUCCESS
12:26:37.2435206 PM TM.exe 2732 CreateFile C:\dvbdream\dvbdream.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
12:26:37.2435887 PM TM.exe 2732 CloseFile C:\dvbdream\dvbdream.exe SUCCESS
12:26:37.2436390 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 1,929,216, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2525698 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 3,555,328, Length: 6,144, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2549357 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 0, Length: 64
12:26:37.2549564 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 256, Length: 248
12:26:37.2549636 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 504, Length: 360
12:26:37.2550525 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 1,024, Length: 32,768
12:26:37.2551103 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 1,767,936, Length: 32,768
12:26:37.2551293 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 1,765,376, Length: 36,864, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2556450 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 3,557,376, Length: 4,096
12:26:37.2560752 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 542,416, Length: 32
12:26:37.2560850 PM TM.exe 2732 ReadFile C:\dvbdream\dvbdream.exe SUCCESS Offset: 540,672, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2603937 PM TM.exe 2732 CloseFile C:\dvbdream\dvbdream.exe SUCCESS
12:26:37.2605937 PM TM.exe 2732 CreateFile F:\emulXt\emule.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
12:26:37.2606233 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 0, Length: 1,024
12:26:37.2606543 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2728151 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe END OF FILE Offset: 6,402,048, Length: 28
12:26:37.2731134 PM TM.exe 2732 CreateFile F:\emulXt\emule.exe SUCCESS Desired Access: Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
12:26:37.2737736 PM TM.exe 2732 CloseFile F:\emulXt\emule.exe SUCCESS
12:26:37.2810910 PM TM.exe 2732 CreateFile F:\emulXt\emule.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
12:26:37.2811985 PM TM.exe 2732 CloseFile F:\emulXt\emule.exe SUCCESS
12:26:37.2819576 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 4,112,384, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2900567 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 4,153,344, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2914649 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 6,066,176, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.2997696 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 0, Length: 64
12:26:37.2997978 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 280, Length: 248
12:26:37.2998124 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 528, Length: 200
12:26:37.2999043 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 4,096, Length: 32,768
12:26:37.3000468 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 3,346,432, Length: 32,768
12:26:37.3000685 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 3,346,432, Length: 32,768, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.3084241 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 6,397,952, Length: 4,096
12:26:37.3084414 PM TM.exe 2732 ReadFile F:\emulXt\emule.exe SUCCESS Offset: 6,397,952, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
12:26:37.3147936 PM TM.exe 2732 CloseFile F:\emulXt\emule.exe SUCCESS
12:26:37.3150417 PM TM.exe 2732 CreateFile C:\Program Files\HashCalc\HashCalc.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: RHSAN, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
12:26:37.3150760 PM TM.exe 2732 ReadFile C:\Program Files\HashCalc\HashCalc.exe SUCCESS Offset: 0, Length: 1,024

posted on 2009-09-22 10:26 Moise 阅读(319) 评论(0) 编辑收藏引用网摘

只有注册用户登录后才能发表评论。

网站导航: IT新闻博客园 BlogJava 博客生活 IT博客网 C++博客程序员招聘

开心快跑

QQ涉嫌间谍行为,非法扫描用户电脑数据！！！

QQ,你监视我，我也监视你！

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

Quote:

My Links

Blog Stats

News

留言簿(1)

随笔档案

相册

去购物吧!

搜索

积分与排名

最新评论

阅读排行榜

评论排行榜