瑞星卡卡安全论坛

[code]2008-08-11,16:25:02
SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)
Windows XP Professional Service Pack 2 (build 2600) - Administrators

========================================
注册项
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPFW32.EXE" -startup>  [(Verified)Kingsoft Corporation, 2008,07,24,496, C:2007-12-24 17:08 M:2008-07-25 17:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Realtek Semiconductor Corp., 2.1.3.6, C:2008-07-09 10:23 M:2007-05-10 18:08]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp., 1.6.0.2, C:2008-07-09 10:23 M:2005-05-03 18:43]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)奇虎网, 4, 1, 8, 1004, C:2008-07-04 16:06 M:2008-07-04 16:06]
    <360Antiarp><C:\Program Files\360safe\antiarp\AntiArp.exe /start>  [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)360安全中心, 2, 1, 1, 1002, C:2008-06-11 22:48 M:2008-06-11 22:48]
    <KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup>  [(Verified)Kingsoft Corporation, 2008,08,06,538, C:2007-12-24 17:08 M:2008-08-07 08:18]
    <snp325><C:\WINDOWS\vsnp325.exe>  [Copyright 2002-2005, 1, 1, 5, 11, C:2008-07-09 13:45 M:2007-05-09 10:46]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52|(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><C:\WINDOWS\system32\XPSTYLE_ThemePackage\Logon\Logonui.exe>  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2008-07-19 11:31 M:2007-11-25 01:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-07-11 11:04 M:2008-06-13 09:55]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-07-11 11:04 M:2008-06-13 09:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52|(Verified)Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732), C:2004-08-03 16:52 M:2008-04-23 12:16|(Verified)N/A, C:2004-08-03 16:48 M:2004-08-03 16:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52|(Verified)Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732), C:2004-08-03 16:52 M:2008-04-23 12:16|(Verified)N/A, C:2004-08-03 16:48 M:2004-08-03 16:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52|(Verified)Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732), C:2004-08-03 16:52 M:2008-04-23 12:16|(Verified)N/A, C:2006-11-02 23:38 M:2006-11-02 23:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52|Microsoft Corporation, 1.1.4322.573, C:2003-02-20 19:09 M:2003-02-20 19:09]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\EPSON ME 1 32MonitorBP]
    <PrintMonitor: EPSON ME 1 32MonitorBP><E_FLB8WP.DLL>  [(Verified)SEIKO EPSON CORPORATION, 2, 4, 0, 0, C:2008-07-30 20:07 M:2006-12-08 11:34]

========================================
启动项

========================================
计划任务

========================================
组件

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-07-09 10:11 M:2002-10-07 12:00]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-02 22:46 M:2008-05-02 22:46]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-02 22:46 M:2008-05-02 22:46]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-05-02 22:46 M:2008-05-02 22:46]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-07-09 10:38 M:2007-09-23 18:59]
[Fusion Cache]
    {1D2680C9-0E2A-469d-B787-065558BC7D43}  <C:\WINDOWS\system32\mscoree.dll>  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500), C:2006-12-22 12:28 M:2006-12-22 12:28]
[Autodesk Drawing Preview]
    {AC1DB655-4F9A-4c39-8AD2-A65324A4C446}  <C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll>  [(Verified)Autodesk, 16.2.54.0, C:2005-08-27 17:49 M:2005-08-27 17:49]
[AutoCAD 数字签名图标覆盖处理程序]
    {36A21736-36C2-4C11-8ACB-D4136F2B57BD}  <C:\WINDOWS\system32\AcSignIcon.dll>  [(Verified)Autodesk, 16.2.54.0, C:2005-08-27 17:49 M:2005-08-27 17:49]
[Autodesk DWF Preview]
    {6DEA92E9-8682-4b6a-97DE-354772FE5727}  <C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll>  [(Verified)Autodesk, 16.2.77.0, C:2005-08-27 17:49 M:2005-08-27 17:49]
Protocols
[Cor MIME Filter, CorFltr, CorFltr 1]
    {1E66F26B-79EE-11D2-8710-00C04F79ED0D}  <C:\WINDOWS\system32\mscoree.dll>  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500), C:2006-12-22 12:28 M:2006-12-22 12:28]
BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-28 00:22 M:2008-06-13 09:43]
[VnetCookie Class]
    {4E83D567-4697-4F7B-B1F0-A513B01DB89A}  <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL>  [Copyright 2004, 2005, 4, 6, 1, C:2008-08-07 09:11 M:2007-10-29 16:41]
[Kingsoft Trojan Webshield]
    {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333}  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL>  [(Verified)Kingsoft Corporation, 2007,08,16,41, C:2008-07-09 21:40 M:2007-11-11 02:31]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-11 11:04 M:2008-06-13 09:43]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
[kingsoft browser shield]
    {D963BE1A-6B35-47DB-B002-49FAE71D85CC}  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL>  [(Verified)Kingsoft Corporation, 2008,04,15,2, C:2008-07-10 18:38 M:2008-07-10 14:38]
ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-28 00:22 M:2008-06-13 09:43]
[Office Genuine Advantage Validation Tool]
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}  <C:\WINDOWS\system32\OGACheckControl.DLL>  [(Verified)N/A, C:2008-02-04 18:23 M:2008-02-04 18:23]
[IEBuddyExtControl Class]
    {3AECD3C1-7085-4731-96DC-47B6CF7EF749}  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddyExt.DLL>  [(Verified)Kingsoft Corporation, 2008,03,14,461, C:2008-07-09 21:40 M:2008-07-09 22:34]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-07-11 11:04 M:2008-06-13 09:43]
[VnetCookie Class]
    {4E83D567-4697-4F7B-B1F0-A513B01DB89A}  <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL>  [Copyright 2004, 2005, 4, 6, 1, C:2008-08-07 09:11 M:2007-10-29 16:41]
[Kingsoft Trojan Webshield]
    {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333}  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Antispy\IEBuddy.DLL>  [(Verified)Kingsoft Corporation, 2007,08,16,41, C:2008-07-09 21:40 M:2007-11-11 02:31]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-07-09 11:52 M:2008-08-04 12:58]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-07-09 11:52 M:2008-08-04 12:58]
[StormPlayer Object]
    {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}  <C:\Program Files\StormII\mps.dll>  [(Verified)北京暴风网际科技有限公司, 3, 8, 6, 23, C:2008-03-11 14:33 M:2008-07-02 15:44]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-07-11 11:04 M:2008-07-01 15:27]
[360SafeLive]
    {87515F61-A66C-4319-A0E0-D416CB8059E3}  <C:\Program Files\360safe\live.dll>  [(Verified)360.cn, 1, 0, 1, 1027, C:2008-04-09 17:07 M:2008-04-09 17:07]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-11 11:04 M:2008-06-13 09:43]
[XML DOM Document 4.0]
    {88D969C0-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:03 M:2007-05-08 15:03]
[XML HTTP 4.0]
    {88D969C5-F192-11D4-A65F-0040963251E5}  <C:\WINDOWS\system32\msxml4.dll>  [Microsoft Corporation, 4.20.9848.0, C:2007-05-08 15:03 M:2007-05-08 15:03]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(360).dll>  []
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
[CheckReader Class]
    {C9E75CAD-ACA5-4074-81CC-5448FCCFE987}  <C:\Program Files\Founder\Apabi Reader 3.0\Check.dll>  [(Verified)Copyright 2002, 1, 0, 0, 1, C:2008-07-09 20:19 M:2008-06-27 15:28]
[QQPlayerCtrl Class]
    {CD108273-D434-43E6-AA90-1469F97EB398}  <D:\Program Files\qq2008\QQMusic\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\Program Files\StormII\Codec\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[Macromedia Flash Factory Object]
    {D27CDB70-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[kingsoft browser shield]
    {D963BE1A-6B35-47DB-B002-49FAE71D85CC}  <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL>  [(Verified)Kingsoft Corporation, 2008,04,15,2, C:2008-07-10 18:38 M:2008-07-10 14:38]
[PlayerCtrl Class]
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}  <D:\Program Files\qq2008\QQMusic\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38]
[TimwpDll.TimwpCheck]
    {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}  <D:\PROGRA~1\qq2008\qq\Timwp.dll>  [(Verified)TENCENT, 8,0,775,1803, C:2008-07-02 17:49 M:2008-04-07 14:07]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.360.dll>  []
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(360).dll>  []
Context Menu
[EPPShellEx]
    {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}  <C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll>  [SEIKO EPSON CORPORATION, 1, 1, 0, 0, C:2008-07-30 20:10 M:2006-04-13 19:44]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-07-09 10:38 M:2007-09-23 18:59]
[金山毒霸2007]

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

======================================
服务

[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
    <%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe>  [Microsoft Corporation, 1.1.4322.2032, C:2004-07-15 01:49 M:2004-07-15 01:49]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <C:\Program Files\StormII\stormliv.exe /asservice>  [北京暴风网际科技有限公司, 3, 8, 6, 20, C:2008-03-11 14:33 M:2008-05-28 16:40]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
    <"C:\Program Files\Founder\Emergency Center\Hotkey.exe" /Service>  [N/A, C:2008-07-21 20:10 M:2007-03-09 16:47]

[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe">  [(Verified)Autodesk, 2.66.000, C:2008-07-11 14:17 M:2008-07-11 14:17]
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
    <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE>  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-02 23:15 M:2008-07-09 22:31]
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
    <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE">  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-24 17:07 M:2008-07-09 22:31]
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
    <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE">  [(Verified)Kingsoft Corporation, 2008,07,03,444, C:2007-12-09 19:56 M:2008-07-17 20:25]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]


========================================
驱动

[Softlumos Multi-Platform / Mulsys][Running/Boot Start]
    <System32\DRIVERS\Mulsys.SYS>  [Softlumos Corporation, 1.3.2006.5.16, C:2008-07-21 20:10 M:2007-01-11 17:02]
[Netgroup Packet Filter / NPF][Running/Manual Start]
    <system32\drivers\npf.sys>  [Politecnico di Torino, 3, 0, 0, 18, C:2008-07-09 10:33 M:2007-10-29 16:42]
[PauseDrv / PauseDrv][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys>  [N/A, C:2008-07-21 20:10 M:2007-01-11 17:02]
[USB PC Camera (SNPSTD325) / SNP325][Stopped/Manual Start]
    <system32\DRIVERS\snp325.sys>  [Sonix Co. Ltd., 1, 5, 4, 13, C:2008-07-09 13:45 M:2007-05-07 18:38]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245), C:2004-08-03 15:14 M:2008-06-20 18:45]

[360AntiArp / 360AntiArp][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys>  [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33]
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2005-01-07 17:07]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    <system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5413 built by: WinDDK, C:2008-07-09 10:23 M:2007-05-10 18:28]
[KAVBase / KAVBase][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys>  [(Verified)Kingsoft Corporation, 2008,06,24,4, C:2008-07-09 21:40 M:2008-07-10 14:38]
[KAVBootC / KAVBootC][Running/Boot Start]
    <system32\Drivers\KAVBootC.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-07-09 21:40 M:2008-07-10 14:37]
[KAVSafe / KAVSafe][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-07-09 14:15 M:2008-07-09 14:20]
[KNetWch / KNetWch][Running/System Start]
    <\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS>  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-26 16:53 M:2008-07-09 22:31]
[KWatch3 / KWatch3][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS>  [(Verified)Kingsoft Corporation, 2008,07,11,10, C:2008-07-09 21:40 M:2008-07-17 20:25]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
[DDK PACKET Protocol / Packet][Running/Manual Start]
    <system32\DRIVERS\ProtoDrv.sys>  [(Verified)360安全中心, 1, 0, 1, 1001, C:2008-04-09 16:36 M:2008-04-09 16:36]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2002-10-07 04:00 M:2002-10-07 04:00]
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
    <system32\DRIVERS\Rtnicxp.sys>  [(Verified)Realtek Semiconductor Corporation                          , 5.673.0712.2007 built by: WinDDK, C:2008-07-09 10:24 M:2007-07-12 11:49]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
    <system32\DRIVERS\RTL8139.SYS>  [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2008-07-09 10:08 M:2004-08-03 22:31]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
    <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys>  [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 03:36 M:2007-11-13 18:25]
[videX32 / videX32][Running/Boot Start]
    <system32\DRIVERS\videX32.sys>  [(Verified)VIA Technologies, Inc., 5.1.3790.140, C:2008-07-09 10:21 M:2006-02-23 11:38]
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
    <system32\DRIVERS\xfilt.sys>  [(Verified)VIA Technologies,Inc, 5.1.3790.140, C:2008-07-09 10:21 M:2006-02-23 11:39]


========================================
进程

[PID: 652 / SYSTEM]  \SystemRoot\System32\smss.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]

[PID: 704 / SYSTEM]  \??\C:\WINDOWS\system32\csrss.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]

[PID: 728 / SYSTEM]  \??\C:\WINDOWS\system32\winlogon.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]

[PID: 772 / SYSTEM]  C:\WINDOWS\system32\services.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]

[PID: 784 / SYSTEM]  C:\WINDOWS\system32\lsass.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 940 / SYSTEM]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 1040 / NETWORK SERVICE]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 1160 / SYSTEM]  C:\WINDOWS\System32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 1252 / NETWORK SERVICE]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 1320 / LOCAL SERVICE]  C:\WINDOWS\system32\svchost.exe  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2004-08-03 16:52]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]

[PID: 1620 / SYSTEM]  C:\WINDOWS\system32\spoolsv.exe  [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-03 16:52 M:2005-06-11 07:53]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\WINDOWS\system32\E_FLB8WP.DLL  [(Verified)SEIKO EPSON CORPORATION, 2, 4, 0, 0, C:2008-07-30 20:07 M:2006-12-08 11:34]

[PID: 1768 / huanglu]  C:\WINDOWS\Explorer.EXE  [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-03 16:52 M:2007-06-13 21:21]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\WINDOWS\system32\AcSignIcon.dll  [(Verified)Autodesk, 16.2.54.0, C:2005-08-27 17:49 M:2005-08-27 17:49]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-02 23:15 M:2008-07-09 22:32]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll  [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2007-12-02 23:15 M:2008-07-10 14:38]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:25 M:2006-12-02 00:25]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:08 M:2006-12-02 00:08]
    C:\Program Files\Founder\Emergency Center\SBHotkey.dll  [N/A, C:2008-07-21 20:10 M:2007-01-29 13:49]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
    C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll  [(Verified)Autodesk, 16.2.54.0, C:2005-08-27 17:49 M:2005-08-27 17:49]
    C:\WINDOWS\system32\nvcpl.dll  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)NVIDIA Corporation, 6.14.11.7516, C:2008-05-02 22:46 M:2008-05-02 22:46]
    C:\WINDOWS\system32\nvshell.dll  [N/A, C:2008-05-02 22:46 M:2008-05-02 22:46]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2008-07-09 10:38 M:2007-09-23 18:59]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL  [(Verified)Kingsoft Corporation, 2008,05,07,373, C:2007-12-02 23:15 M:2008-07-10 14:37]
    C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll  [SEIKO EPSON CORPORATION, 1, 1, 0, 0, C:2008-07-30 20:10 M:2006-04-13 19:44]
    C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-28 00:22 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-11 11:04 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-08-06 12:22 M:2008-08-04 12:58]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-08-06 12:22 M:2008-08-04 12:58]

[PID: 1952 / huanglu]  C:\WINDOWS\RTHDCPL.EXE  [(Verified)Realtek Semiconductor Corp., 2.1.3.6, C:2008-07-09 10:23 M:2007-05-10 18:08]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-02 23:15 M:2008-07-09 22:32]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll  [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2007-12-02 23:15 M:2008-07-10 14:38]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:25 M:2006-12-02 00:25]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:08 M:2006-12-02 00:08]
    C:\Program Files\Founder\Emergency Center\SBHotkey.dll  [N/A, C:2008-07-21 20:10 M:2007-01-29 13:49]

[PID: 1980 / huanglu]  C:\Program Files\360safe\antiarp\AntiArp.exe  [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-02 23:15 M:2008-07-09 22:32]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll  [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2007-12-02 23:15 M:2008-07-10 14:38]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:25 M:2006-12-02 00:25]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:08 M:2006-12-02 00:08]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\Founder\Emergency Center\SBHotkey.dll  [N/A, C:2008-07-21 20:10 M:2007-01-29 13:49]

[PID: 2020 / huanglu]  C:\WINDOWS\vsnp325.exe  [Copyright 2002-2005, 1, 1, 5, 11, C:2008-07-09 13:45 M:2007-05-09 10:46]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-03 16:52 M:2008-08-10 23:26]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-03 17:31 M:2008-07-01 18:23]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL  [(Verified)Kingsoft Corporation, 2008,04,02,5, C:2007-12-02 23:15 M:2008-07-09 22:32]
    C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll  [(Verified)Kingsoft Corporation, 2008,04,22,364, C:2007-12-02 23:15 M:2008-07-10 14:38]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:25 M:2006-12-02 00:25]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL  [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:08 M:2006-12-02 00:08]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 1, 5, 1002, C:2008-04-09 17:02 M:2008-05-27 18:20]
    C:\Program Files\Founder\Emergency Center\SBHotkey.dll  [N/A, C:2008-07-21 20:10 M:2007-01-29 13:49]

请按照版规上传Sreng日志并以附件形式上传，谢谢！