[CODE] 2008-12-05,13:24:02 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== Registries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-12-05 12:39 M:2008-12-05 12:39] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [N/A, C:2008-05-01 00:00 M:2008-05-01 00:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}] <番茄花园> [] ======================================== Startup Folders ======================================== Task ======================================== Components Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-07-09 17:02 M:2008-05-01 08:00] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-12-05 12:22 M:2007-09-23 18:59] [NvCpl DesktopContext Class] {A70C977A-BF00-412C-90B7-034C51DA2439} [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] [Play on my TV helper] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2008-12-05 12:21 M:2008-03-24 19:52] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2008-12-05 12:21 M:2008-03-24 19:52] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2008-12-05 12:21 M:2008-03-24 19:52] BrowserHelperObject [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-12-05 12:39 M:2008-12-05 12:39] ActiveX Extension [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-12-05 12:39 M:2008-12-05 12:39] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] Context Menu [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-12-05 12:22 M:2007-09-23 18:59] ======================================== Services [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] ======================================== Drivers [ahci8086 / ahci8086][Running/Boot Start] [ATI Technologies Inc., 2.5.1540.39 built by: WinDDK, C:2008-07-15 14:10 M:2008-07-07 15:08] [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] [Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-07-15 14:10 M:2006-07-01 22:43] [Microsoft HID Class Driver / hidusb][Stopped/System Start] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2008-07-15 14:10 M:2008-06-30 14:54] [nv / nv][Running/Manual Start] [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] [NVIDIA Corporation, 10.3.0.21 built by: WinDDK, C:2008-07-15 14:10 M:2008-07-11 16:03] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:1980-01-01 00:00 M:2008-06-20 11:51] [Microsoft USB Open Host Controller Miniport Driver / usbohci][Stopped/Boot Start] [] [C-Media WDM Audio Interface / cmuda][Running/Manual Start] [(Verified)C-Media Inc, 5.12.01.0048.2 (39g), C:2008-12-05 12:20 M:2005-04-18 21:30] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-07-09 17:00 M:2001-08-17 04:19] [VIA Rhine-Family Fast-Ethernet Adapter Driver Service / FET5X86V][Running/Manual Start] [(Verified)VIA Technologies, Inc. , 3.72.0.457, C:2008-12-05 12:20 M:2007-09-21 19:24] [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [(Verified)VIA Technologies, Inc. , 2.66, C:2008-12-05 12:20 M:2001-08-17 04:13] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-07-09 17:00 M:2001-08-17 04:11] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-05-01 00:00 M:2008-05-01 00:00] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-05-01 00:00 M:2008-05-01 00:00] [VIA AGP Filter / viaagp1][Running/Boot Start] [(Verified)VIA Technologies, Inc., 5.1.0.3442 built by: VIA, C:2008-12-05 12:20 M:2003-07-02 04:42] [videX32 / videX32][Running/Boot Start] [(Verified)VIA Technologies, Inc., 6.0.6000.182, C:2008-12-05 12:20 M:2007-09-21 17:49] ======================================== Running Processes [PID: 544 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 608 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 632 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:1980-01-01 00:00 M:2008-05-08 16:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\WgaLogon.dll [N/A, C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 676 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 688 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 844 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 924 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1016 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1072 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1188 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1376 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1604 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:1980-01-01 00:00 M:2008-05-15 20:33] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\Program Files\WinRAR\rarext.dll [N/A, C:2008-12-05 12:22 M:2007-09-23 18:59] [PID: 1832 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] C:\WINDOWS\system32\nvapi.dll [NVIDIA Corporation, 6.14.11.7474, C:2008-12-05 12:20 M:2008-03-24 19:52] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 576 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1476 / Administrator] C:\WINDOWS\system32\conime.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1596 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 2044 / Administrator] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.41, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-05 12:39 M:2008-12-05 12:39] [PID: 1632 / Administrator] C:\Program Files\Rising\AntiSpyware\knownsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.13, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 976 / Administrator] C:\Program Files\SogouInput\PinyinUp.exe [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-12-05 12:22 M:2008-06-06 00:00] C:\Program Files\SogouInput\HWSignature.dll [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-12-05 12:22 M:2008-06-06 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 2008 / Administrator] C:\WINDOWS\system32\NOTEPAD.EXE [(c) Florian Balmer 2004, 1, 1, 0, 8, C:2006-11-15 17:59 M:2006-11-15 17:59] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1688 / Administrator] D:\sreng2\SREngLdr.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-05 13:22 M:2008-10-19 15:54] [PID: 1744 / Administrator] D:\sreng2\SREca2ff7fd.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-05 13:22 M:2008-12-05 13:22] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\sreng2\Upload\3rdUpd.DLL [Smallfrogs Studio, 2, 1, 0, 15, C:2008-12-05 13:22 M:2007-06-24 18:46] [PID: 236 / Administrator] D:\stslog\SysLog-0804\SysLog.exe [N/A, C:2008-12-05 13:23 M:2008-08-04 21:19] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-05 12:39 M:2008-12-05 12:39] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] ======================================== File Link ======================================== Autorun E:\Autorun.inf open=autorun.exe [Tomato Garden, 5.1.2600.5512, C:2008-07-15 14:45 M:2008-07-15 14:45] ======================================== Winsock Providers ======================================== HOSTS 127.0.0.1 localhost [/CODE]