[CODE]

2008-11-29,10:58:32

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Foxmail><"D:\Program Files\Tencent\Foxmail\Foxmail.exe" -min>  [Tencent Inc., 6.04.104.20, C:2006-07-19 10:08 M:2006-07-19 10:08]
    <金山清理专家实时保护><"e:\Program Files\Kingsoft Antispy\monitor\kastray.exe">  [(Verified)Kingsoft Corporation, 2008,11,14,88, C:2008-11-14 12:16 M:2008-11-14 12:16]
    <QQDownload><; "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [(Verified)Tencent Technology (Shenzhen) Company Limited, 1, 8, 219, 219, C:2007-07-18 16:19 M:2007-07-18 16:19]
    <updateMgr><; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9>  [(Verified)Adobe Systems Incorporated, 3.1.0.10, C:2006-03-30 16:45 M:2006-03-30 16:45]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <0 - HideHelper><; >  [N/A, ]
    <Alcmtr><; ALCMTR.EXE>  [N/A, ]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
    <nwiz><; nwiz.exe /install>  [N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
    <OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  []
    <RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-08-12 19:10 M:2008-08-12 21:01]
    <RTHDCPL><; RTHDCPL.EXE>  [N/A, ]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-08-12 19:11 M:2008-09-12 17:22]
    <stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    <WangWang><; "e:\Program Files\Alisoft\WangWang\WangWang.EXE">  [阿里巴巴软件(上海)有限公司, 5, 6, 0, 6, C:2008-03-05 15:09 M:2007-12-18 19:10]
    <WinampAgent><; "e:\Program Files\Winamp\winampa.exe">  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    <svt2><C:\DOCUME~1\hp\LOCALS~1\Temp\6578537>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <msnmsg><C:\Program Files\Messenger\msgmr.dll>  []
    <sysocmgr><C:\WINDOWS\sysocmgr.dll>  []
    <ThunderAdvise><C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll>  [Thunder Networking Technologies,LTD, 5, 0, 8, 74, C:2008-08-12 20:15 M:2008-08-12 20:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><E:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-07-07 21:22 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-07-07 21:22 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><C:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-05-14 10:29 M:2008-05-14 10:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2008-01-10 09:27 M:2005-01-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><e:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-07-07 21:22 M:2008-07-10 21:15]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Standard TCP/IP Port]
    <PrintMonitor: HP Standard TCP/IP Port><hptcpmon.dll>  [Hewlett Packard, 2.52.01.002, C:2008-04-28 10:15 M:2006-01-30 17:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\HPLJ1020LM]
    <PrintMonitor: HPLJ1020LM><ZLhp1020.DLL>  [(Verified)Zenographics, Inc., 5, 53, 3723, 0, C:2008-04-28 10:15 M:2006-01-30 17:00]


========================================
启动项



========================================
计划任务



========================================
组件


ShellServiceObjectDelayLoad
[]
    {DA191DE0-AA86-4ED0-4B87-293D48B2AE99}  <C:\Program Files\Messenger\msgmr.dll>  []
[]
    {DA1DE019-A6A8-ED40-4B87-248B2A93DE99}  <C:\WINDOWS\sysocmgr.dll>  []
[ThunderHlpObj Class]
    {97421D0D-E07F-40DF-8F07-99597B9585AD}  <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll>  [Thunder Networking Technologies,LTD, 5, 0, 8, 74, C:2008-08-12 20:15 M:2008-08-12 20:15]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-01-08 15:38 M:2004-06-06 14:13]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-01-08 15:56 M:2007-04-17 13:53]
[DllRegShlExt extension]
    {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}  <C:\WINDOWS\system32\TudouUpload.dll>  [www.Tudou.com, 1.1.0.0, C:2007-01-24 18:07 M:2007-01-24 18:07]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-12 19:11 M:2008-08-12 21:01]

Protocols
[]
    {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}  <C:\WINDOWS\system32\KuGoo3DownXControl.ocx>  [酷狗, 5.2.4.4, C:2008-05-09 08:09 M:2008-06-09 18:37]

BrowserHelperObject
[ThunderHlpObj Class]
    {97421D0D-E07F-40DF-8F07-99597B9585AD}  <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll>  [Thunder Networking Technologies,LTD, 5, 0, 8, 74, C:2008-08-12 20:15 M:2008-08-12 20:15]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-07 21:22 M:2008-06-13 09:43]
[Adobe PDF Reader Link Helper]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}  <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll>  [(Verified)Adobe Systems Incorporated, 7.0.9.2006121800, C:2006-01-12 20:38 M:2006-12-18 04:16]
[iTrusPTA Class]
    {1E0DFFCF-27FF-4574-849B-55007349FEDA}  <C:\WINDOWS\system32\aliedit\pta.dll>  [(Verified)Copyright 2001, 2, 5, 1, 509, C:2008-04-29 10:36 M:2008-04-29 10:36]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <E:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-07-07 21:22 M:2008-06-13 09:43]
[EditCtrl Class]
    {488A4255-3236-44B3-8F27-FA1AECAA8844}  <C:\WINDOWS\system32\aliedit\aliedit.dll>  [(Verified)Copyright 2007, 2, 1, 2, 1, C:2008-05-02 18:32 M:2008-05-20 10:51]
[InfoSecNetSign Class]
    {62B938C4-4190-4F37-8CF0-A92B0A91CC77}  <C:\WINDOWS\DOWNLO~1\NetSign.dll>  [Infosec Technologies Co., Ltd., 1, 8, 21, 2, C:2003-09-19 11:46 M:2003-09-19 11:46]
[CCtInf Class]
    {6DBB2904-082D-4DB0-944A-21C22BA121F4}  <C:\WINDOWS\system32\BANKCE~1.DLL>  [Copyright 2006, 1, 0, 0, 3, C:2006-09-19 16:31 M:2006-09-19 16:31]
[WangWangObj Class]
    {6E213FC7-DD5A-4115-B7E6-D4C7838C361E}  <E:\Program Files\Alisoft\WangWang\WangWangX4.dll>  [阿里巴巴软件(上海)有限公司, 1, 0, 0, 1, C:2008-03-05 15:09 M:2007-09-10 12:36]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-07 21:22 M:2008-06-13 09:43]
[ThunderHlpObj Class]
    {97421D0D-E07F-40DF-8F07-99597B9585AD}  <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll>  [Thunder Networking Technologies,LTD, 5, 0, 8, 74, C:2008-08-12 20:15 M:2008-08-12 20:15]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-08-12 19:11 M:2008-08-12 20:13]
[RavOnline Class]
    {9FAFB576-6933-4CCC-AB3D-B988EC43D04E}  <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.16, C:2008-06-30 11:12 M:2008-06-30 11:12]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx>  [(Verified)Adobe Systems, Inc., 9,0,115,0, C:2007-11-21 08:04 M:2007-11-21 08:04]
[PasswordEditCtrl Class]
    {E787FD25-8D7C-4693-AE67-9406BC6E22DF}  <C:\WINDOWS\system32\qqedit\qqedit.dll>  [(Verified)腾讯科技（深圳）有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08]
[QvodCtrl Class]
    {F3D0D36F-23F8-4682-A195-74C92B03D4AF}  <C:\Program Files\QvodPlayer\QvodInsert.dll>  [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 55, C:2008-09-10 19:12 M:2008-09-12 12:34]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(462).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2008-08-15 10:40 M:2008-08-04 12:58]

Context Menu
[DLLRegSvr]
    {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}  <C:\WINDOWS\system32\TudouUpload.dll>  [www.Tudou.com, 1.1.0.0, C:2007-01-24 18:07 M:2007-01-24 18:07]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-12 19:11 M:2008-08-12 21:01]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-01-08 15:56 M:2007-04-17 13:53]


========================================
服务

[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
    <%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
[Qvod Terminal / Qvod Terminal][Stopped/Disabled]
    <e:\Program Files\QvodPlayer\QvodTerminal.exe>  [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53, C:2008-02-27 15:55 M:2008-02-27 15:55]
[Remote Procedure Call (RPC) / RpcSs][Stopped/Auto Start]
    <%SystemRoot%\system32\svchost -k rpcss --> "c:\windows\system32\rpcss.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
    <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">  [(Verified)Kingsoft Corporation, 2008,11,03,330, C:2008-11-03 08:49 M:2008-11-03 08:49]
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-08-12 19:10 M:2008-08-12 21:01]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-08-12 19:11 M:2008-08-12 21:01]


========================================
驱动

[b160485 / b160485][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\b160485.sys>  [N/A, C:2008-11-21 10:41 M:2008-11-21 10:41]
[CMB8100 / CMB8100][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\CertClient.dat>  [N/A, C:2008-07-21 13:48 M:2006-11-30 16:31]
[CMBProtector / CMBProtector][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat>  [N/A, C:2008-07-21 13:48 M:2007-01-18 14:28]
[de8296f / de8296f][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\de8296f.sys>  []
[fanii / fanii][Running/System Start]
    <system32\drivers\fanii.sys>  [Microsoft Corporation, 5.00.1639.6, C:2008-07-25 18:50 M:2008-07-22 16:33]
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
    <system32\drivers\HBKernel32.sys>  []
[reggi / reggi][Running/System Start]
    <system32\drivers\reggi.sys>  [Windows System Internal, 4.022, C:2008-07-25 18:50 M:2008-07-22 16:33]

[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2005-01-07 17:07]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-08-12 19:11 M:2008-08-12 21:01]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-08-12 19:11 M:2008-08-12 21:01]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-08-12 19:11 M:2008-08-12 21:01]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-08-12 19:11 M:2008-08-27 14:50]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    <system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5413 built by: WinDDK, C:2008-01-08 15:51 M:2007-05-10 18:28]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    <system32\DRIVERS\NVENETFD.sys>  [(Verified)NVIDIA Corporation, 1.00.03.06521, C:2008-01-08 15:49 M:2006-07-11 21:38]
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    <system32\DRIVERS\nvnetbus.sys>  [(Verified)NVIDIA Corporation, 1.00.03.06521, C:2008-01-08 15:49 M:2006-07-11 21:38]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 14:13 M:2004-06-06 14:13]
[PxHelp20 / PxHelp20][Running/Boot Start]
    <System32\Drivers\PxHelp20.sys>  [(Verified)Sonic Solutions, 3.00.56a, C:2008-06-03 20:36 M:2006-08-29 12:28]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-08-12 19:11 M:2008-08-12 21:02]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 19:36 M:2007-11-13 18:25]


========================================
进程

[PID: 580 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 652 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 676 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 720 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 732 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 956 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1076 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1116 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1548 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1536 / hp]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-04 08:52 M:2007-06-13 21:21]
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll  [Adobe Systems, Inc., 7.0.0.0, C:2004-12-14 02:20 M:2004-12-14 02:20]
    C:\WINDOWS\system32\nvcpl.dll  [(Verified)NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.10.9148, C:2008-01-08 15:49 M:2006-08-16 15:35]
    C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll  [Thunder Networking Technologies,LTD, 5, 0, 8, 74, C:2008-08-12 20:15 M:2008-08-12 20:15]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
    C:\WINDOWS\system32\nvshell.dll  [N/A, C:2008-01-08 15:49 M:2006-08-16 15:35]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2008-01-08 15:56 M:2007-04-17 13:53]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-12 19:11 M:2008-08-12 21:01]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-12 19:10 M:2008-08-12 21:01]
    C:\WINDOWS\system32\TudouUpload.dll  [www.Tudou.com, 1.1.0.0, C:2007-01-24 18:07 M:2007-01-24 18:07]

[PID: 1716 / hp]   D:\Program Files\Tencent\Foxmail\Foxmail.exe   [Tencent Inc., 6.04.104.20, C:2006-07-19 10:08 M:2006-07-19 10:08]
    D:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll  [(Verified)N/A, C:2005-03-14 15:24 M:2008-03-06 16:37]
    D:\Program Files\Tencent\Foxmail\pcre.dll  [N/A, C:2005-01-04 14:50 M:2005-01-04 14:50]
    D:\Program Files\Tencent\Foxmail\3rdParty\addons\AD\MsgAPI.dll  [Tencent inc., 1.0.0.0, C:2006-06-23 17:32 M:2006-06-23 17:32]
    D:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll  [CNNIC, 1, 0, 0, 3, C:2004-03-22 21:03 M:2004-03-22 21:03]
    D:\Program Files\Tencent\Foxmail\3rdParty\cmplugin.dll  [N/A, C:2003-10-10 10:13 M:2003-10-10 10:13]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]

[PID: 1724 / hp]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1732 / hp]   C:\Program Files\MSN Messenger\msnmsgr.exe   [(Verified)Microsoft Corporation, 8.1.0178.00, C:2007-01-19 12:55 M:2007-01-19 12:55]
    C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 596 / hp]   C:\Program Files\XDict\XDICT.EXE   [Kingsoft Co, Ltd., 9, 0, 0, 0, C:2008-01-11 17:04 M:2005-08-05 03:55]
    C:\Program Files\XDict\AccountActivate.dll  [N/A, C:2008-01-11 17:04 M:2005-07-26 19:31]
    C:\Program Files\XDict\DicMngr.dll  [Kingsoft, 2, 0, 0, 0, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\doshow.dll  [N/A, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\ITextOut.dll  [Kingsoft, 1, 1, 0, 0, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\KPic10.dll  [N/A, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\ijl11.dll  [Intel Corporation, 1.1.2, C:2008-01-11 17:04 M:1999-08-18 17:54]
    C:\Program Files\XDict\NormGrab.DLL  [Kingsoft Co, Ltd., 6, 0, 0, 0, C:2008-01-11 17:04 M:2005-08-03 01:23]
    C:\Program Files\XDict\toTTSEngine50.dll  [Kingsoft Corporation, 1, 0, 0, 1, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\xfile.dll  [N/A, C:2008-01-11 17:04 M:2005-07-31 05:54]
    C:\Program Files\XDict\DBCore10.dll  [Kingsoft  Corp., 1, 0, 0, 0, C:2008-01-11 17:04 M:2005-07-31 05:53]
    C:\Program Files\XDict\XdictGrb.dll  [Kingsoft Co, Ltd., 9, 0, 0, 0, C:2008-01-11 17:04 M:2005-08-03 01:23]
    C:\WINDOWS\system32\UNISPIM6.IME  [北京紫光华宇软件股份有限公司, 6.1.0.6223, C:2008-02-18 09:12 M:2008-01-29 22:52]
    C:\Program Files\XDict\KAVPassport.DLL  [Kingsoft Corporation, 2005, 4, 7, 25, C:2008-01-11 17:04 M:2005-08-26 09:02]

[PID: 1648 / hp]   E:\Program Files\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-29 10:40 M:2008-11-15 11:58]
    E:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-11-29 10:40 M:2007-11-28 15:19]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]