[CODE] 2008-11-30,17:31:52 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 2 (build 2600) - Administrators ======================================== Registries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [Funshion Online Technologies Ltd., 1.5.1.10Beta, C:2008-10-30 17:55 M:2008-10-30 17:55] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-11-07 18:04 M:2008-11-07 18:04] [N/A, C:2008-11-30 14:35 M:2008-11-30 14:35] <; > [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] <; > [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] <; > [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] [N/A, C:2008-11-30 17:30 M:2008-11-30 17:30] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [N/A, C:2008-11-30 14:33 M:2008-11-30 17:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 18:05 M:2008-11-07 18:04] <{3FDEB171-8F86-0004-0001-69B8DB553683}> [N/A, C:2008-11-30 14:36 M:2008-11-30 16:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2007-10-27 14:39 M:2007-10-27 14:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2007-10-27 14:39 M:2007-10-27 14:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2007-12-18 14:14 M:2005-01-28 15:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-02 23:22 M:2008-08-12 17:41] ======================================== Startup Folders ======================================== Task ======================================== Components ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 18:05 M:2008-11-07 18:04] [] {3FDEB171-8F86-0004-0001-69B8DB553683} [N/A, C:2008-11-30 14:36 M:2008-11-30 16:04] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-12-18 13:47 M:2004-08-17 20:00] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-12-18 14:23 M:2007-09-21 17:03] [PicaView] {68f32140-2ca3-11d0-acc1-444553540000} [ACD Systems, Ltd., 2, 0, 0, 78, C:2005-10-06 10:17 M:2005-10-06 10:17] [Open and Close CDRom] {D00CCF25-F552-40D2-9114-6C1924BA8119} [] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 18:05 M:2008-11-07 18:04] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-27 14:39 M:2007-10-27 14:39] [Info cache] {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} [Polls, 2. 3, 0, 2, C:2008-12-11 10:07 M:2008-12-11 10:07] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 44, C:2007-10-27 14:39 M:2007-10-27 14:39] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-27 14:39 M:2007-10-27 14:39] [Info cache] {285AB8C6-FB22-4D17-8834-064E2BA0A6F0} [Polls, 2. 3, 0, 2, C:2008-12-11 10:07 M:2008-12-11 10:07] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2007-10-27 14:39 M:2007-10-27 14:39] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Xunlei Networking Technologies,LTD, 2, 1, 6, 81, C:2008-11-02 23:22 M:2008-11-13 10:54] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-11-02 23:22 M:2008-08-04 12:58] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-11-30 16:49 M:2008-08-04 12:58] [Pdg2 Control] {7F5E27CE-4A5C-11D3-9232-0000B48A05B2} [北京世纪超星信息技术发展有限责任公司, 4, 0, 0, 0, C:2007-04-06 18:05 M:2007-04-06 18:05] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 44, C:2007-10-27 14:39 M:2007-10-27 14:39] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5803, 60, C:2008-11-30 16:49 M:2008-08-04 12:58] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,115,0, C:2007-11-21 08:04 M:2007-11-21 08:04] [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-11-30 16:49 M:2008-08-04 12:58] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2008-11-30 16:49 M:2008-08-04 12:58] Context Menu [OCCDRoms] {D00CCF25-F552-40D2-9114-6C1924BA8119} [] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 18:05 M:2008-11-07 18:04] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-12-18 14:23 M:2007-09-21 17:03] ======================================== Services [3ware Controller Service / 3wareSrv][Stopped/Auto Start] <%SystemRoot%\System32\3wareSrv.exe> [N/A, C:2007-12-18 22:27 M:2006-02-26 23:21] [Contrl Center of Storm Media / ccosm][Stopped/Auto Start] [北京暴风网际科技有限公司, 3, 7, 11, 16, C:2007-11-16 17:07 M:2007-11-16 17:07] [Help and Support / helpsvc][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [Application Management / AppMgmt][Stopped/Manual Start] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\appmgmts.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [MS Media / Media][Running/Auto Start] <%SystemRoot%\System32\svchost.exe -k krnlsrvc --> "C:\WINDOWS\system32\TumvteD.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|@ Microsoft Corporation. All rights reserved., 5.1.2600.2180, C:2004-08-17 20:00 M:2004-08-17 20:00] [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-07 18:04 M:2008-11-07 18:04] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-07 18:05 M:2008-11-07 18:04] [Task Scheduler / Schedule][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\system32\schedsvc.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2007-12-18 13:48 M:2004-08-17 20:00] [Windows Image Acquisition (WIA) / stisvc][Running/Auto Start] <%SystemRoot%\system32\svchost.exe -k imgsvc --> "%SystemRoot%\system32\wiaservc.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2004-08-17 12:00 M:2006-12-20 02:17] [Windows Time / W32Time][Running/Auto Start] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\w32time.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] ======================================== Drivers [acpidisk / acpidisk][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\acpidisk.sys> [N/A, C:2008-11-30 16:07 M:2008-12-11 14:19] [aeaudio / aeaudio][Running/Manual Start] [Andrea Electronics Corporation, 4.0.1.14, C:2005-03-04 19:53 M:2005-03-04 19:53] [aliimz / aliimz][Stopped/Manual Start] [] [Promise driver accelerator / bb-run][Running/Boot Start] [Promise Technology, Inc., 1.0.1.2 built by: WinDDK, C:2007-12-18 22:27 M:2003-11-05 15:45] [C-Media PCI Audio Interface / cmuda3][Running/Manual Start] [C-Media Inc, 5.12.01.0046.5.1, C:2005-10-28 10:45 M:2005-10-28 10:45] [Promise Removable Disk Control Driver / dontgo][Running/Boot Start] [Promise Technology, Inc., 1.0.0.3 built by: WinDDK, C:2007-12-18 22:27 M:2006-02-26 23:21] [HBKernel32 Driver / HBKernel32][Stopped/Boot Start] [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] [NsPsDk00 / NsPsDk00][Running/Manual Start] <\??\C:\WINDOWS\system32\NsPass0.sys> [N/A, C:2008-11-30 14:33 M:2008-11-30 17:30] [NsPsDk01 / NsPsDk01][Running/Manual Start] <\??\C:\WINDOWS\system32\NsPass1.sys> [N/A, C:2008-11-30 14:33 M:2008-11-30 17:30] [NsPsDk02 / NsPsDk02][Running/Manual Start] <\??\C:\WINDOWS\system32\NsPass2.sys> [N/A, C:2008-11-30 14:33 M:2008-11-30 17:30] [NsPsDk03 / NsPsDk03][Running/Manual Start] <\??\C:\WINDOWS\system32\NsPass3.sys> [N/A, C:2008-11-30 14:33 M:2008-11-30 17:30] [NsPsDk04 / NsPsDk04][Stopped/Manual Start] <\??\C:\WINDOWS\system32\NsPass4.sys> [N/A, C:2008-11-30 14:33 M:2008-11-30 15:50] [NsRk1 / NsRk1][Running/Manual Start] <\??\C:\WINDOWS\system32\Nskhelper2.sys> [N/A, C:2008-11-30 17:02 M:2008-11-30 17:29] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] [NVIDIA Corporation, 10.1.0.12 built by: WinDDK, C:2007-12-18 22:27 M:2007-05-04 15:50] [rspp / rspp][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\Rspp.sys> [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8, C:2008-11-23 11:41 M:2008-11-30 15:24] [360 safe mon / SafeMon0][Running/System Start] <\??\C:\WINDOWS\system32\7b0f29d9.dat> [N/A, C:2008-11-30 14:34 M:2008-11-30 14:34] [SATALink External Device Filter / SiRemFil][Running/Boot Start] [Silicon Image, Inc., 1, 1, 6, 0, C:2007-12-18 22:27 M:2006-10-18 20:20] [smwdm / smwdm][Running/Manual Start] [C-Media Inc, 5.12.01.0049.1 (63), C:2005-05-12 14:21 M:2005-05-12 14:21] [System Restore Filter Driver / sr][Stopped/Disabled] [] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [N/A, C:2004-08-17 12:00 M:2008-06-20 18:45] [ViBus / ViBus][Stopped/Boot Start] [] [VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start] [VIA Technologies,Inc, 6.0.5728.160, C:2007-12-18 22:27 M:2006-10-19 00:39] [Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start] [(Verified)Dritek System Inc., 1, 2, 1, 420, C:2006-05-15 14:08 M:2006-05-15 14:08] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-11-07 18:05 M:2008-11-07 18:04] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2008-11-07 18:05 M:2008-11-07 18:04] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2008-11-07 18:05 M:2008-11-07 18:04] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-11-07 18:05 M:2008-11-07 18:04] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2008-11-01 10:59 M:2004-08-03 22:29] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-11-07 18:05 M:2008-11-07 18:04] [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.673.0712.2007 built by: WinDDK, C:2007-07-12 11:49 M:2007-07-12 11:49] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-08-17 12:00 M:2007-11-13 18:25] [WoptiHWDetect / WoptiHWDetect][Stopped/Manual Start] <\??\C:\Program Files\Wopti\WoptiHWDetect.sys> [(Verified)SSN, 1.2.7.829, C:2008-11-30 15:29 M:2007-10-23 11:07] ======================================== Running Processes [PID: 556 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [PID: 640 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [PID: 664 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2006-09-24 16:42] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\winlib .dll [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-07 18:05 M:2008-11-07 18:04] [PID: 708 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 720 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 872 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] c:\WINDOWS\system32\wtx187b9.dll [N/A, C:2008-11-30 17:30 M:2008-11-30 17:30] [PID: 952 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] [PID: 1064 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] c:\windows\system32\w32time.dll [N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] [PID: 1116 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 1228 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 1492 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 1596 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311), C:2004-08-17 12:00 M:2007-06-13 21:10] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] C:\WINDOWS\system32\wddati.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-27 15:08] C:\WINDOWS\system32\appwinproc.dll [N/A, C:2008-11-30 14:32 M:2008-11-30 17:30] c:\WINDOWS\system32\wtx187b9.dll [N/A, C:2008-11-30 17:30 M:2008-11-30 17:30] C:\WINDOWS\system32\sysmxd3.dll [N/A, C:2008-11-30 14:36 M:2008-11-30 16:04] C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-27 14:39 M:2007-10-27 14:39] C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 44, C:2007-10-27 14:39 M:2007-10-27 14:39] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 18:05 M:2008-11-07 18:04] [PID: 1896 / Administrator] C:\WINDOWS\system32\System.exe [N/A, C:2008-11-30 14:35 M:2008-11-30 14:35] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] [PID: 1908 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 316 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] [PID: 432 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] c:\windows\system32\tumvted.dll [@ Microsoft Corporation. All rights reserved., 5.1.2600.2180, C:2004-08-17 20:00 M:2004-08-17 20:00] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] [PID: 480 / LOCAL SERVICE] C:\WINDOWS\system32\wdfmgr.exe [(Verified)Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act), C:2005-01-28 01:36 M:2005-01-28 01:36] [PID: 1892 / Administrator] C:\WINDOWS\system32\craoek.exe [N/A, C:2008-11-30 15:57 M:2008-11-30 17:30] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] [PID: 1672 / Administrator] C:\Program Files\Thunder\Program\Thunder5.exe [Thunder Networking Technologies,LTD, 5.7.5.421, C:2007-12-04 09:59 M:2007-12-04 09:59] C:\Program Files\Thunder\Program\ThunderEx.dll [版权所有 (C) 2006, 1, 2, 2, 18, C:2007-12-04 09:49 M:2007-12-04 09:49] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\Program Files\Thunder\Program\TaskManager.dll [Thunder Networking Technologies,LTD, 1, 3, 0, 52, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\download_interface.dll [Thunder Networking Technologies,LTD, 2, 20, 2, 200, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\stlport_vc646.dll [STLport Consulting, Inc., 4.6.2003.1031, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\asyn_dns.dll [Thunder Networking Technologies,LTD, 2, 20, 2, 200, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\streammedialib.dll [Copyright 2007, 1, 3, 2, 100, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\al.dll [Copyright 2007, 1, 0, 1, 2, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\bd.dll [Thunder Networking Technologies,LTD, 1, 0, 2, 3, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] C:\Program Files\Thunder\Program\XLNet.Dll [Thunder Networking Technologies,LTD, 1, 3, 2, 16, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\iTargetAD.dll [N/A, C:2007-10-26 20:53 M:2007-10-26 20:53] C:\Program Files\Thunder\Program\BHOStub.dll [Thunder Networking Technologies,LTD, 1, 1, 0, 8, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll [Copyright 2007, 1, 0, 8, 26, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\InMedia\iEmbedShell.dll [ , 1, 0, 2, 25, C:2008-11-22 09:20 M:2008-11-10 10:11] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 03:14 M:2003-03-19 03:14] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-10-05 15:39 M:2004-10-05 15:39] C:\Program Files\Thunder\Components\InMedia\iEmbed19.dll [Thunder Networking Technologies,LTD, 3, 4, 10, 116, C:2008-11-22 09:20 M:2008-11-07 16:42] C:\Program Files\Thunder\Program\ATL71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\InMedia\XLIPC.DLL [Thunder Networking Technologies,LTD, 1, 0, 0, 2, C:2008-11-22 09:20 M:2008-11-07 01:58] C:\Program Files\Thunder\Components\Community\XLCommunity.dll [Thunder Networking Technologies,LTD, 1, 4, 2, 0, C:2007-12-04 09:59 M:2007-12-04 09:59] C:\Program Files\Thunder\Program\XLCommunityEx.dll [N/A, C:2007-12-04 09:58 M:2007-12-04 09:58] C:\Program Files\Thunder\Program\RegisterDll.dll [Thunder Networking Technologies,LTD, 2, 16, 5, 63, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\MSVCIRT.dll [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\Search\XLSearch.dll [Thunder Networking Technologies,LTD, 1, 1, 6, 20, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Program\LiveUpdate.dll [Thunder Networking Technologies,LTD, 1, 2, 1, 20, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Plugins\GouGouTop\GouGouTop.dll [Thunder Networking Technologies,LTD, 1, 0, 2, 4, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Plugins\BhoAdv\bho_adv.dll [深圳市迅雷网络技术有限公司, 1.0.1.0, C:2007-10-27 14:39 M:2007-10-27 14:39] C:\Program Files\Thunder\Plugins\KanKanTop\KanKanTop.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 4, C:2008-11-02 23:22 M:2008-03-11 13:59] C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll [Thunder Networking Technologies,LTD, 1, 0, 4, 16, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\Tips\TipsClient.dll [Thunder Networking Technologies,LTD, 2, 2, 9, 97, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll [深圳市迅雷网络技术有限公司, 1, 3, 1, 4, C:2007-12-03 21:42 M:2007-12-03 21:42] C:\Program Files\Thunder\Components\Tips\XLIPC.DLL [Thunder Networking Technologies,LTD, 1, 0, 0, 2, C:2007-12-03 21:42 M:2007-12-03 21:42] [PID: 1356 / SYSTEM] C:\WINDOWS\system32\wuauclt.exe [(Verified)Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158), C:2007-12-18 13:49 M:2004-08-17 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] [PID: 1524 / Administrator] C:\Program Files\WinRAR\WinRAR.exe [N/A, C:2007-12-18 14:23 M:2007-09-22 03:49] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 1272 / Administrator] C:\Program Files\WinRAR\WinRAR.exe [N/A, C:2007-12-18 14:23 M:2007-09-22 03:49] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 1716 / Administrator] D:\迅雷下载\SREngLdr.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-11-30 17:15 M:2008-10-19 15:54] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] [PID: 1752 / Administrator] D:\迅雷下载\SREa2239101.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-11-30 17:22 M:2008-11-30 17:31] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] D:\迅雷下载\Upload\3rdUpd.DLL [Smallfrogs Studio, 2, 1, 0, 15, C:2008-11-30 17:15 M:2007-06-24 18:46] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-07 18:05 M:2008-11-07 18:04] [PID: 2240 / Administrator] D:\迅雷下载\SysLog-0804\SysLog.exe [N/A, C:2008-11-30 17:22 M:2008-08-04 21:19] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] [PID: 2392 / Administrator] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-12-18 13:48 M:2004-08-17 20:00] C:\WINDOWS\system32\HBQQSG.dll [N/A, C:2008-11-30 14:35 M:2008-11-30 17:16] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-12-18 13:55] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-27 15:08] C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.16, C:2007-10-27 14:39 M:2007-10-27 14:39] C:\WINDOWS\Wisb\pbhealth.dll [Polls, 2. 3, 0, 2, C:2008-12-11 10:07 M:2008-12-11 10:07] C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 44, C:2007-10-27 14:39 M:2007-10-27 14:39] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-07 18:05 M:2008-11-07 18:04] C:\WINDOWS\system32\mapi32.dll [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx [(Verified)Adobe Systems, Inc., 9,0,115,0, C:2007-11-21 08:04 M:2007-11-21 08:04] ======================================== File Link ======================================== Autorun C:\Autorun.inf shell\open\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] shell\explore\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] D:\Autorun.inf shell\open\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] shell\explore\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] E:\Autorun.inf shell\open\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] shell\explore\command=rundll32 system.dll,explore [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2008-11-30 14:32 M:2008-11-30 17:32] ======================================== Winsock Providers MSAPI Tcpip [TCP/IP] [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] MSAPI Tcpip [UDP/IP] [N/A, C:2007-12-18 13:50 M:2008-11-30 17:16] [/CODE]