[CODE]

2008-12-30,11:32:31

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
Registries

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <EssSpkPhone><essspk1.exe -c>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw), 1.58, C:2008-11-28 21:34 M:2003-04-06 17:39]
    <RavTask><"E:\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.20, C:2008-12-30 11:29 M:2008-12-30 11:27]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.17, C:2008-12-30 11:29 M:2008-12-30 11:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><e:\Thunder\Program\geturl.htm>  [N/A, C:2008-11-28 21:21 M:2008-07-28 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><e:\Thunder\Program\getallurl.htm>  [N/A, C:2008-11-28 21:21 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><C:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2007-10-11 15:11 M:2007-10-11 15:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2007-10-17 00:34 M:2005-01-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><e:\Thunder\Thunder.exe>  [(Verified)Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-28 21:21 M:2008-11-12 14:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}]
    <浩方电竞平台><e:\Holdfast\gameclient.exe>  [(Verified)上海浩方在线信息技术有限公司, 5.1.1.0, C:2008-12-29 02:20 M:2008-11-20 20:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kregex.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessSafe.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <><ntsd -d>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]


========================================
Startup Folders



========================================
Task

[SogouImeMgr.job]
    <C:\WINDOWS\tasks\SogouImeMgr.job --> "C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]


========================================
Components


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.17, C:2008-12-30 11:29 M:2008-12-30 11:26]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-09-15 12:13 M:2004-08-17 20:00]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-10-17 04:03 M:2007-09-23 18:59]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.17, C:2008-12-30 11:29 M:2008-12-30 11:26]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <e:\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <e:\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <e:\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <e:\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 6, 0, 5, 47, C:2008-11-28 21:21 M:2008-11-07 17:13]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Xunlei Networking Technologies,LTD, 2, 1, 9, 100, C:2008-11-28 21:21 M:2008-11-12 14:29]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <E:\Thunder\Components\InMedia\MediaAddin18.dll>  [(Verified)Thunder Networking Technologies,LTD, 3, 1, 6, 81, C:2008-11-28 21:21 M:2008-11-25 11:16]
[360SafeLive]
    {87515F61-A66C-4319-A0E0-D416CB8059E3}  <D:\Backup\我的文档\360safe\live.dll>  []
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <e:\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.2.5807.96.(388).dll>  [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 2, 5807, 96, C:2008-11-28 21:21 M:2008-11-03 21:47]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx>  [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-06-12 04:04 M:2007-06-12 04:04]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5871.228.(388).dll>  [(Verified)Xunlei Networking Technologies,LTD, 2, 1, 5871, 228, C:2008-11-28 21:21 M:2008-11-07 17:17]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.17, C:2008-12-30 11:29 M:2008-12-30 11:26]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-10-17 04:03 M:2007-09-23 18:59]


========================================
Services

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwProxy.exe>  []
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwsrv.exe>  []

[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
    <"E:\Rav\CCenter.exe">  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.28, C:2008-12-30 11:29 M:2008-12-30 11:27]


========================================
Drivers

[Mouse HID Driver / MouHid][Stopped/System Start]
    <system32\drivers\MouHid.sys>  []
[NsRk1 / NsRk1][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\Nskhelper2.sys>  [N/A, C:2008-12-30 05:42 M:2008-12-30 06:25]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254), C:2004-08-17 12:00 M:2006-04-20 19:51]
[ViBus / ViBus][Stopped/Manual Start]
    <system32\drivers\ViBus.sys>  [VIA Technologies, Inc., 6.0.6000.212, C:2007-10-20 08:17 M:2007-03-26 21:26]

[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
    <system32\drivers\cmaudio.sys>  [(Verified)C-Media Inc, 5.12.01.0643, C:2008-11-28 21:34 M:2003-04-06 17:39]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2008-11-26 16:54 M:2004-08-03 22:29]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00]
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
    <system32\DRIVERS\sisagp.sys>  [(Verified)Silicon Integrated Systems Corporation, 5.12.01.2010 (xpsp_sp2_rtm.040803-2158), C:2008-11-26 16:54 M:2004-08-03 23:07]
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
    <system32\DRIVERS\sisnic.sys>  [(Verified)SiS Corporation, 1.16.00.05 built by: WinDDK, C:2008-11-26 16:54 M:2004-08-03 22:31]


========================================
Running Processes

[PID: 404 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]

[PID: 516 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]

[PID: 540 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 584 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 596 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 732 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 804 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 868 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 928 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1000 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1272 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-17 12:00 M:2007-06-13 21:21]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]
    e:\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01]
    e:\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44]
    e:\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-28 21:21 M:2008-11-12 14:29]
    e:\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-28 21:21 M:2008-11-12 14:29]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-16 16:38]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Technology Co., Ltd., 20.0.0.17, C:2008-12-30 11:29 M:2008-12-30 11:26]

[PID: 1324 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1892 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1980 / Administrator]   C:\WINDOWS\system32\conime.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 244 / Administrator]   C:\WINDOWS\Mixer.exe   [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw), 1.58, C:2008-11-28 21:34 M:2003-04-06 17:39]
    C:\WINDOWS\System32\cmnprop.dll  [(Verified)C-Media Corporation, 5.00.2195.12, C:2008-11-28 21:34 M:2003-04-06 17:39]

[PID: 252 / Administrator]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1476 / Administrator]   E:\重要文件\Rav2008.exe   [Beijing Rising Technology Co., Ltd., 20.21.1., C:2007-12-03 10:38 M:2007-12-03 10:38]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]

[PID: 1880 / Administrator]   C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\Setup.exe   [Beijing Rising Technology Co., Ltd., 20.0.0.84, C:2008-12-30 11:26 M:2008-12-30 11:27]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\RsCommx.dll  [rising, 18, 0, 0, 3, C:2008-12-30 11:27 M:2008-12-30 11:27]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\ProcCom.dll  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19, C:2008-12-30 11:27 M:2008-12-30 11:27]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\RsCommX2.dll  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19, C:2008-12-30 11:27 M:2008-12-30 11:27]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\Setup.dll  [Beijing Rising Technology Co., Ltd., 20.0.0.28, C:2008-12-30 11:26 M:2008-12-30 11:27]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavTmp\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16, C:2008-12-30 11:26 M:2008-12-30 11:26]

[PID: 1836 / Administrator]   E:\Maxthon2\Maxthon.exe   [(Verified)Maxthon International ltd., 2, 1, 5, 1250, C:2008-11-25 11:09 M:2008-11-25 11:09]
    E:\Maxthon2\mxpp.dll  [(Verified)Maxthon International ltd., 1, 0, 0, 241, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\MxSk.dll  [(Verified)Maxthon, 1, 0, 0, 413, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\MxProxy2.dll  [(Verified)Maxthon International ltd., 1, 0, 0, 4106, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\MxExt.dll  [(Verified)N/A, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\MxUI.dll  [Maxthon International, 3, 3, 0, 9, C:2008-07-31 14:44 M:2008-07-31 14:44]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36]
    E:\Maxthon2\mxtool.dll  [(Verified)Copyright 2005, 1, 0, 0, 1, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\maxzlib.dll  [(Verified)(C) 1995-2004 Jean-loup Gailly & Mark Adler, 1.2.3, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll  [(Verified)Maxthon, 1,0,2,1267, C:2008-11-12 10:59 M:2008-11-12 10:59]
    E:\Maxthon2\mxdb.dll  [(Verified)Max, 3, 5, 3, 125, C:2008-11-19 11:09 M:2008-11-19 11:09]
    E:\Maxthon2\Modules\MxHistory\MxHistory.dll  [(Verified)Maxthon International ltd., 1, 0, 0, 302, C:2008-11-12 10:59 M:2008-11-12 10:59]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-16 16:38]
    C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx  [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-06-12 04:04 M:2007-06-12 04:04]
    e:\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44]
    e:\Thunder\ComDlls\ThunderAgent_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 6, 0, 5, 47, C:2008-11-28 21:21 M:2008-11-07 17:13]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01]

[PID: 2692 / Administrator]   C:\Documents and Settings\Administrator\桌面\SysLog-0804\SysLog.exe   [N/A, C:2008-12-30 11:32 M:2008-08-04 21:19]


========================================
File Link



========================================
Autorun



========================================
Winsock Providers



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]