[CODE]

2008-09-05,20:56:05

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI 控制面板\atiptaxx.exe">  [ATI Technologies, Inc., 6.14.10.5160, C:2008-06-29 13:42 M:2005-07-13 21:05]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe">  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-09-05 17:57 M:2008-09-05 17:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:2008-09-05 17:57 M:2008-09-05 17:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><D:\迅雷\Program\geturl.htm>  [N/A, C:2008-06-29 18:20 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><D:\迅雷\Program\getallurl.htm>  [N/A, C:2008-06-29 18:20 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\用flvcd下载本页的视频]
    <><C:\Program Files\flvcd\flvcd_link.htm>  [N/A, C:2008-08-10 22:55 M:2008-08-10 22:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [(Verified)ATI Technologies Inc., 6.14.10.4118, C:2005-07-14 12:32 M:2005-07-14 12:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\windows\system32\klogon.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02|(Verified)Microsoft Corporation, 7.00.6000.20861 (vista_ldr.080618-1506), C:2007-08-12 05:02 M:2008-06-23 23:37|(Verified)N/A, C:2007-08-12 05:02 M:2007-08-12 05:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02|(Verified)Microsoft Corporation, 7.00.6000.20861 (vista_ldr.080618-1506), C:2007-08-12 05:02 M:2008-06-23 23:37|(Verified)N/A, C:2007-08-12 05:02 M:2007-08-12 05:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><D:\迅雷\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-06-29 18:20 M:2008-07-10 21:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
    <Web 流量保护状态><C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]


========================================
启动项



========================================
计划任务



========================================
组件


IE Extension
[Web 流量保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-06-29 13:11 M:2007-08-12 05:02]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-06-29 17:44 M:2007-09-23 18:59]
[Web 流量保护状态]
    {85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]

Protocols
[]
    {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}  <C:\WINDOWS\system32\KuGoo3DownXControl.ocx>  [酷狗, 5.2.4.4, C:2008-07-03 18:18 M:2008-07-25 17:51]
[IEProtocolHandler Class]
    {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}  <C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL>  [(Verified)Skype Technologies, 1, 0, 27, 2, C:2008-06-17 08:47 M:2008-06-17 08:47]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <D:\迅雷\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-06-29 18:20 M:2008-06-13 09:43]
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\迅雷\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-06-29 18:20 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\windows\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-09-05 17:57 M:2008-09-05 17:56]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <D:\迅雷\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-06-29 18:20 M:2008-06-13 09:43]
[Office Genuine Advantage Validation Tool]
    {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}  <C:\WINDOWS\system32\OGACheckControl.DLL>  [(Verified)N/A, C:2008-02-04 18:23 M:2008-02-04 18:23]
[GerneralPeerID Class]
    {0A47E819-F82E-4D5D-B806-6A9EA94D68CD}  <D:\迅雷\Components\InMedia\peerid.dll>  [Copyright 2007, 1, 0, 0, 1, C:2008-06-29 18:20 M:2008-06-11 16:11]
[CKAVWebScan Object]
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}  <C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll>  [Kaspersky Lab, 5.1.26.6, C:2007-01-07 14:01 M:2007-01-07 14:01]
[iTrusPTA Class]
    {1E0DFFCF-27FF-4574-849B-55007349FEDA}  <C:\WINDOWS\system32\aliedit\pta.dll>  [(Verified)Copyright 2001, 2, 5, 1, 509, C:2008-04-29 10:36 M:2008-04-29 10:36]
[PowerList Control]
    {20C2C286-BDE8-441B-B73D-AFA22D914DA5}  <C:\WINDOWS\DOWNLO~1\POWERL~1.OCX>  [(Verified)PPStream Inc., 3, 0, 0, 2017, C:2008-08-18 19:11 M:2008-08-18 19:11]
[KXHCM10 Control]
    {2E28242B-A689-11D4-80F2-0040266CBB8D}  <C:\WINDOWS\DOWNLO~1\kxhcm10.ocx>  [(Verified)Panasonic Communications Co., Ltd., 1, 2, 0, 52, C:2008-07-03 12:32 M:2008-07-03 12:32]
[RealPlayer RAM Download Handler]
    {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2008-09-01 20:13 M:2006-10-18 23:05]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <D:\迅雷\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-06-29 18:20 M:2008-06-13 09:43]
[IE2EMUrlTaker Class]
    {48618374-565F-4CA0-B8CD-6F496C997FAF}  <K:\电驴\eMule\IE2EM.dll>  []
[EditCtrl Class]
    {488A4255-3236-44B3-8F27-FA1AECAA8844}  <C:\WINDOWS\system32\aliedit\aliedit.dll>  [(Verified)Copyright 2007, 2, 1, 2, 1, C:2008-05-20 10:51 M:2008-05-20 10:51]
[IEVkbdBHO Class]
    {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
[KooPlayer Control]
    {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}  <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX>  [(Verified)Koos, 1, 0, 0, 90, C:2008-07-04 12:42 M:2008-07-04 12:42]
[PowerPlayer Control]
    {5EC7C511-CD0F-42E6-830C-1BD9882F3458}  <C:\WINDOWS\DOWNLO~1\POWERP~1.DLL>  [(Verified)PPStream Inc., 2,2,67,6833, C:2008-08-25 15:54 M:2008-08-25 15:54]
[CKAVReportCtrl Object]
    {6117669B-8C2D-41FA-A6D9-9E484B999CF0}  <C:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll>  [Kaspersky Lab, 5.1.26.6, C:2007-01-07 14:01 M:2007-01-07 14:01]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-06-29 18:20 M:2008-08-08 10:22]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-06-29 18:20 M:2008-08-08 10:22]
[StormPlayer Object]
    {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}  <D:\软件备份\mps.dll>  [北京暴风网际科技有限公司, 3, 8, 3, 27, C:2008-04-25 18:22 M:2008-04-25 18:22]
[Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 9.00.00.3354, C:2007-08-12 05:02 M:2007-04-30 02:22]
[WangWangObj Class]
    {6E213FC7-DD5A-4115-B7E6-D4C7838C361E}  <D:\Program Files\Alisoft\WangWang\WangWangX6.dll>  [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-07-01 11:33 M:2008-03-18 12:14]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <D:\迅雷\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-06-29 18:20 M:2008-06-11 16:11]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\迅雷\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-06-29 18:20 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\windows\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-09-05 17:57 M:2008-09-05 17:56]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.62.(780).dll>  [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5804, 62, C:2008-08-16 12:39 M:2008-08-08 10:22]
[AUDIO__MID Moniker Class]
    {CD3AFA74-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 9.00.00.3354, C:2007-08-12 05:02 M:2007-04-30 02:22]
[AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 9.00.00.3354, C:2007-08-12 05:02 M:2007-04-30 02:22]
[AUDIO__X_MS_WMA Moniker Class]
    {CD3AFA84-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 9.00.00.3354, C:2007-08-12 05:02 M:2007-04-30 02:22]
[VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127}  <C:\WINDOWS\system32\wmp.dll>  [Microsoft Corporation, 9.00.00.3354, C:2007-08-12 05:02 M:2007-04-30 02:22]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2008-09-01 20:13 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <D:\迅雷\Components\DownAndPlay\DapPlayer3.0.5712.71.780.dll>  [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-08-16 12:39 M:2008-08-08 10:22]
[QvodCtrl Class]
    {F3D0D36F-23F8-4682-A195-74C92B03D4AF}  <D:\Program Files\QvodPlayer\QvodInsert.dll>  []
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(780).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 5835, 191, C:2008-08-16 12:39 M:2008-08-08 10:22]

Context Menu
[Kaspersky Anti-Virus]
    {dd230880-495a-11d1-b064-008048ec2fc5}  <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-06-29 17:44 M:2007-09-23 18:59]


========================================
服务

[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe">  [Copyright (c) 1998-2003 Macrovision Corp., 2.43.000, C:2008-07-29 07:10 M:2008-07-29 07:10]
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
    <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe">  [Macrovision Europe Ltd., 11.03.005, C:2008-08-06 12:17 M:2007-08-07 17:55]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
[Remote Access Connection Application Program Interface / Rasapi][Stopped/Auto Start]
    <C:\Program Files\Common Files\Wincba\Sevcha.exe>  []

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
    <%SystemRoot%\system32\Ati2evxx.exe>  [(Verified)ATI Technologies Inc., 6.14.10.4118, C:2005-07-14 12:31 M:2005-07-14 12:31]
[Kaspersky Anti-Virus / AVP][Running/Auto Start]
    <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r>  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:20 M:2008-07-29 20:20]
[Capture Device Service / Capture Device Service][Running/Auto Start]
    <"C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe">  [(Verified)InterVideo Inc., 1.0.0.1, C:2007-03-06 10:35 M:2007-03-06 10:35]
[Contrl Center of Storm Media / ccosm][Stopped/Manual Start]
    <D:\软件备份\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[DU Meter Service / DUMeterSvc][Stopped/Manual Start]
    <D:\网速检测\DUMeter\hbp_dumeter4fix_tg\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService>  [(Verified)Hagel Technologies Ltd, 4.0 Build R3009, C:2008-07-26 20:53 M:2007-10-15 15:19]
[Kingsoft Basic Service / kaccore][Running/Auto Start]
    <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">  [(Verified)Kingsoft Corporation, 2008,09,04,252, C:2008-09-05 20:02 M:2008-09-05 20:08]


========================================
驱动

[npkcrypt / npkcrypt][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkcrypt.sys>  []
[npkycryp / npkycryp][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkycryp.sys>  []
[sptd / sptd][Running/Boot Start]
    <System32\Drivers\sptd.sys>  [N/A, C:2008-08-24 23:58 M:2008-08-24 23:58]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_qfe.080620-1259), C:2007-08-12 05:02 M:2008-06-20 18:44]

[ati2mtag / ati2mtag][Running/Manual Start]
    <system32\DRIVERS\ati2mtag.sys>  [(Verified)ATI Technologies Inc., 6.14.10.6561, C:2005-07-14 12:37 M:2005-07-14 12:37]
[Conexant AMC Audio / CAMCAUD][Running/Manual Start]
    <system32\drivers\camc6aud.sys>  [(Verified)Conexant Systems Inc., 6.14.10.0535, C:2005-02-18 15:41 M:2005-02-18 15:41]
[CAMCHALA / CAMCHALA][Running/Manual Start]
    <system32\drivers\camc6hal.sys>  [(Verified)Conexant Systems Inc., 6.14.10.0535, C:2005-02-18 15:42 M:2005-02-18 15:42]
[HSFHWATI / HSFHWATI][Running/Manual Start]
    <system32\DRIVERS\HSFHWATI.sys>  [(Verified)Conexant Systems, Inc., 7.20.00 built by: WinDDK, C:2008-06-29 13:40 M:2004-12-15 15:18]
[HSF_DP / HSF_DP][Running/Manual Start]
    <system32\DRIVERS\HSF_DP.sys>  [(Verified)Conexant Systems, Inc., 7.20.00 built by: WinDDK, C:2008-06-29 13:40 M:2004-12-15 15:18]
[KAVBootC / KAVBootC][Running/Boot Start]
    <system32\Drivers\KAVBootC.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-09-05 19:59 M:2008-06-17 08:59]
[KAVSafe / KAVSafe][Running/Auto Start]
    <\??\C:\windows\system32\Drivers\KAVSafe.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-09-05 19:59 M:2008-06-17 08:59]
[Kl1 / kl1][Running/Boot Start]
    <system32\drivers\kl1.sys>  [(Verified)Kaspersky Lab, 6.2.35.0, C:2008-07-21 18:34 M:2008-07-21 18:34]
[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
    <system32\drivers\klbg.sys>  [(Verified)Kaspersky Lab, 8.0.6.2, C:2008-01-29 18:29 M:2008-01-29 18:29]
[Kaspersky Lab Driver / KLIF][Running/System Start]
    <system32\DRIVERS\klif.sys>  [(Verified)Kaspersky Lab, 8.1.0.100, C:2008-09-04 21:35 M:2008-09-04 21:35]
[mdmxsdk / mdmxsdk][Running/Auto Start]
    <system32\DRIVERS\mdmxsdk.sys>  [(Verified)Conexant, 1.0.2.006, C:2008-06-29 13:40 M:2004-03-17 11:04]
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
    <system32\drivers\NPF.sys>  [(Verified)CACE Technologies, 4.0.0.755, C:2007-01-26 01:31 M:2007-01-26 01:31]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2007-08-12 05:02 M:2007-08-12 05:02]
[PxHelp20 / PxHelp20][Running/Boot Start]
    <system32\DRIVERS\PxHelp20.sys>  [(Verified)Sonic Solutions, 3.00.56a, C:2008-07-29 07:10 M:2007-03-08 07:51]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    <system32\DRIVERS\RTL8139.SYS>  [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2008-06-29 13:09 M:2004-08-03 22:31]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2007-08-12 05:02 M:2007-11-13 18:25]
[winachsf / winachsf][Running/Manual Start]
    <system32\DRIVERS\HSF_CNXT.sys>  [(Verified)Conexant Systems, Inc., 7.20.00 built by: WinDDK, C:2008-06-29 13:40 M:2004-12-15 15:18]


========================================
进程

[PID: 472 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]

[PID: 528 / SYSTEM]   \??\C:\windows\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]

[PID: 556 / SYSTEM]   \??\C:\windows\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\windows\system32\Ati2evxx.dll  [(Verified)ATI Technologies Inc., 6.14.10.4118, C:2005-07-14 12:32 M:2005-07-14 12:32]
    C:\windows\system32\klogon.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:21 M:2008-07-29 20:21]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]

[PID: 600 / SYSTEM]   C:\windows\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]

[PID: 612 / SYSTEM]   C:\windows\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 768 / SYSTEM]   C:\windows\system32\Ati2evxx.exe   [(Verified)ATI Technologies Inc., 6.14.10.4118, C:2005-07-14 12:31 M:2005-07-14 12:31]
    C:\windows\system32\Ati2edxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2497, C:2005-07-14 12:32 M:2005-07-14 12:32]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]

[PID: 788 / SYSTEM]   C:\windows\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]

[PID: 860 / NETWORK SERVICE]   C:\windows\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 964 / SYSTEM]   C:\windows\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 1152 / LOCAL SERVICE]   C:\windows\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 1248 / SYSTEM]   C:\windows\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]

[PID: 1380 / SYSTEM]   C:\windows\system32\Ati2evxx.exe   [(Verified)ATI Technologies Inc., 6.14.10.4118, C:2005-07-14 12:31 M:2005-07-14 12:31]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\windows\system32\Ati2edxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2497, C:2005-07-14 12:32 M:2005-07-14 12:32]

[PID: 1496 / Administrator]   C:\windows\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2007-08-12 05:02 M:2007-06-13 21:21]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    D:\迅雷\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-06-29 18:20 M:2008-06-13 09:43]
    D:\迅雷\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-06-29 18:20 M:2008-06-13 09:43]
    D:\迅雷\Components\ResWorker\DsBho_01.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-07-23 21:23 M:2008-08-08 10:22]
    D:\迅雷\Components\ResWorker\DataProcessor_01.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-07-23 21:23 M:2008-08-08 10:22]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2008-06-29 17:44 M:2007-09-23 18:59]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll  [(Verified)Kaspersky Lab, 8.0.0.454, C:2008-07-29 20:22 M:2008-07-29 20:22]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-07-29 20:08 M:2008-07-29 20:08]

[PID: 200 / SYSTEM]   C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe   [(Verified)InterVideo Inc., 1.0.0.1, C:2007-03-06 10:35 M:2007-03-06 10:35]
    C:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL  [Microsoft Corporation, 8.00.50727.42, C:2005-09-22 23:49 M:2005-09-22 23:49]
    C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.42, C:2005-09-22 23:48 M:2005-09-22 23:48]
    C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.42, C:2005-09-22 23:48 M:2005-09-22 23:48]
    C:\windows\system32\msdmo.dll  [(Verified)N/A, C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]

[PID: 240 / SYSTEM]   C:\Program Files\Kingsoft\KAC\Service\kaccore.exe   [(Verified)Kingsoft Corporation, 2008,09,04,252, C:2008-09-05 20:02 M:2008-09-05 20:08]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\Program Files\Kingsoft\KAC\Service\corehelper.dll  [(Verified)Kingsoft Corporation, 2008,09,04,252, C:2008-09-05 20:02 M:2008-09-05 20:08]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 952 / Administrator]   C:\Program Files\SogouInput\ImeUtil.exe   [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:21 M:2008-06-20 19:21]

[PID: 1408 / SYSTEM]   C:\WINDOWS\system32\wbem\wmiprvse.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2008-06-29 13:11 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]

[PID: 1612 / LOCAL SERVICE]   C:\windows\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]

[PID: 948 / Administrator]   C:\Program Files\ATI Technologies\ATI 控制面板\atiptaxx.exe   [ATI Technologies, Inc., 6.14.10.5160, C:2008-06-29 13:42 M:2005-07-13 21:05]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\Program Files\ATI Technologies\ATI 控制面板\atipdsxx.dll  [ATI Technologies, Inc., 6.14.10.5160, C:2008-06-29 13:42 M:2005-07-13 21:05]
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI 控制面板\ATRPUIXX.CHS  [ATI Technologies, Inc., 6.14.10.5160, C:2008-06-29 13:42 M:2005-07-13 21:05]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\ATI Technologies\ATI 控制面板\atipdxxx.dll  [ATI Technologies, Inc., 6.14.10.5160, C:2008-06-29 13:42 M:2005-07-13 21:05]

[PID: 1888 / Administrator]   C:\Program Files\Rising\AntiSpyware\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\Program Files\Rising\AntiSpyware\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\Rising\AntiSpyware\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.34, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-05 17:57 M:2008-09-05 17:56]
    C:\Program Files\Rising\AntiSpyware\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.33, C:2008-09-05 17:57 M:2008-09-05 17:56]

[PID: 1792 / Administrator]   C:\windows\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-08-12 05:02 M:2007-08-12 05:02]
    C:\windows\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]

[PID: 2484 / Administrator]   G:\清理\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-09-05 20:46 M:2008-08-15 22:25]
    C:\windows\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526), C:2007-08-12 05:02 M:2006-08-09 20:58]
    C:\windows\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-20 19:22 M:2008-06-20 19:22]
    G:\清理\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-09-05 20:46 M:2007-11-28 15:19]
    C:\WINDOWS\system32\xunyount.dll  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者

xunyou over MSAFD Tcpip [TCP/IP]
    <C:\WINDOWS\system32\xunyount.dll>  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]
xunyou over MSAFD Tcpip [UDP/IP]
    <C:\WINDOWS\system32\xunyount.dll>  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]
xunyou over MSAFD Tcpip [RAW/IP]
    <C:\WINDOWS\system32\xunyount.dll>  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]
xunyou
    <C:\WINDOWS\system32\xunyount.dll>  [N/A, C:2008-07-02 20:34 M:2008-06-28 10:36]


[/CODE]