[CODE]

2008-10-04,19:25:43

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 3 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <FixCamera><C:\WINDOWS\FixCamera.exe>  [Copyright (C) 2005, 1, 0, 0, 3, C:2008-07-12 13:33 M:2005-12-06 13:08]
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe>  [版权所有 (C) 2005, 1, 1, 3, 1, C:2008-07-12 13:33 M:2005-11-04 15:05]
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  [Copyright 2002-2005, 1, 0, 2, 2, C:2008-07-12 13:33 M:2005-09-05 15:55]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|NVIDIA Corporation, 6.14.11.6375, C:2008-07-12 13:28 M:2007-10-04 17:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-07-12 13:28 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-07-12 13:28 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-07-12 13:31 M:2008-03-28 19:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:13 M:2008-04-13 19:13|(Verified)N/A, C:2008-04-13 18:57 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:13 M:2008-04-13 19:13|(Verified)N/A, C:2008-04-13 18:57 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><C:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-07-12 13:28 M:2008-04-28 11:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}]
    <PPLive><C:\Program Files\PPLive\PPLive.exe>  [(Verified)N/A, C:2008-07-12 13:28 M:2007-03-16 13:46]


========================================
启动项



========================================
计划任务



========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[Microsoft Agent Character Property Sheet Handler]
    {143A62C8-C33B-11D1-84FE-00C04FA34A14}  <C:\WINDOWS\msagent\agentpsh.dll>  []
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-07-12 13:28 M:2007-09-26 10:42]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-07-12 13:30 M:2007-10-04 17:14]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-07-12 13:30 M:2007-10-04 17:14]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-07-12 13:30 M:2007-10-04 17:14]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-12 13:28 M:2008-04-07 15:40]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-12 13:28 M:2008-04-29 14:42]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-12 13:28 M:2008-04-07 15:40]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-12 13:28 M:2008-04-29 14:42]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]

Context Menu
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-07-12 13:28 M:2007-09-26 10:42]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [NVIDIA Corporation, 6.14.11.6375, C:2008-07-12 13:28 M:2007-10-04 17:14]

[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
    <C:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-07-12 13:28 M:2008-03-11 14:33]
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
    <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">  [(Verified)Kingsoft Corporation, 2008,09,04,252, C:2008-09-04 16:18 M:2008-09-04 16:18]


========================================
驱动

[NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller / AtcL002][Stopped/Manual Start]
    <system32\DRIVERS\l251x86.sys>  [Atheros Communications, Inc., 2.5.6000.5 built by: WinDDK, C:2008-07-12 13:28 M:2007-08-17 20:01]
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
    <system32\DRIVERS\ASACPI.sys>  [1043, 2, 15, 37, C:2008-07-12 13:28 M:2004-08-13 10:56]
[nv / nv][Stopped/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [NVIDIA Corporation, 6.14.11.6375, C:2008-07-12 13:28 M:2007-10-04 17:14]
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
    <system32\DRIVERS\nvrd32.sys>  [NVIDIA Corporation, 10.3.0.16 built by: WinDDK, C:2008-03-28 10:43 M:2007-12-07 15:27]
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\SiWinAcc.sys>  [Silicon Image, Inc., 1.0.0.11, C:2008-01-23 17:20 M:2006-08-08 22:19]
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
    <system32\DRIVERS\snpstd3.sys>  [Copyright 2001-2004, 1, 2, 1, 1, C:2008-07-12 13:33 M:2005-11-07 18:38]
[TCP/IP Protocol Driver / Tcpip][Stopped/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-24 09:11 M:2008-04-24 09:11]
[viamraid / viamraid][Stopped/Boot Start]
    <system32\DRIVERS\viamraid.sys>  [VIA Technologies inc,.ltd, 5.1.6000.562, C:2008-01-23 17:20 M:2007-07-17 13:35]

[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
    <system32\drivers\es1371mp.sys>  [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-04-24 15:32 M:2001-08-17 04:19]
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-13 09:36 M:2008-04-13 09:36]
[Intel AHCI Controller / iaStor7][Running/Boot Start]
    <system32\drivers\iastor7.sys>  [(Verified)Intel Corporation, 7.8.0.1012, C:2008-01-23 17:20 M:2007-09-29 23:03]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
    <system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5506 built by: WinDDK, C:2008-07-12 13:28 M:2007-11-01 14:38]
[KAVBootC / KAVBootC][Stopped/Boot Start]
    <system32\Drivers\KAVBootC.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-10-04 18:59 M:2008-06-17 08:59]
[KAVSafe / KAVSafe][Stopped/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-10-04 18:59 M:2008-06-17 08:59]
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
    <system32\DRIVERS\pcntpci5.sys>  [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-04-24 15:32 M:2001-08-17 04:11]
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 20:00 M:2004-08-17 20:00]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-13 09:39 M:2008-04-13 09:39]


========================================
进程

[PID: 160 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]

[PID: 216 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:13 M:2008-04-13 19:13]

[PID: 240 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 284 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]

[PID: 296 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 440 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 496 / ]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 536 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 780 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53]

[PID: 840 / Administrator]   D:\Program Files\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-10-04 18:58 M:2008-08-15 22:25]
    D:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-10-04 18:58 M:2007-11-28 15:19]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost
    127.0.0.1 858656.com
    127.0.0.1 my123.com
    127.0.0.1 8749.com
    127.0.0.1 4199.com
    127.0.0.1 7379.com
    127.0.0.1 7255.com
    127.0.0.1 3448.com
    127.0.0.1 7939.com
    127.0.0.1 8009.com
    127.0.0.1 piaoxue.com
    127.0.0.1 kzdh.com
    127.0.0.1 about.blank.la
    127.0.0.1 6781.com
    127.0.0.1 7322.com
    127.0.0.1 9991.com


[/CODE]