[CODE] 2008-08-04,11:18:52 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-13 23:33 M:2008-07-26 21:50] <360Safetray> [(Verified)奇虎网, 4, 1, 8, 1004, C:2008-07-04 16:06 M:2008-07-04 16:06] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)360安全中心, 2, 1, 1, 1003, C:2008-06-16 19:15 M:2008-06-16 19:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2, C:2008-07-12 14:11 M:2008-07-12 14:11] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 15:16 M:2008-07-28 16:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-01-23 04:35 M:2008-01-23 04:35] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-04-14 12:00 M:2008-04-14 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-04-14 12:00 M:2008-04-14 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-07-16 11:13 M:2005-01-28 15:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}] [(Verified)N/A, C:2008-08-03 12:42 M:2007-03-16 13:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E43571F-3477-4A6A-8505-19BB75A970D4}] <><> [] ======================================== 启动项 [腾讯QQ] "F:\qq\QQ.exe" > [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50] ======================================== 计划任务 ======================================== 组件 ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 15:16 M:2008-07-28 16:11] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-07-12 10:37 M:2008-04-14 20:00] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-07-29 03:01 M:2008-07-11 00:22] [ShellLink for Application References] {e82a2d71-5b2f-43a0-97b8-81be15854de8} [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28] [Shell Icon Handler for Application References] {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28] [Catalyst Context Menu extension] {5E2121EE-0300-11D4-8D3B-444553540000} [Copyright 2004, 2, 0, 0, 0, C:2008-01-08 08:15 M:2008-01-08 08:15] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 15:16 M:2008-07-28 16:11] Protocols [Cor MIME Filter, CorFltr, CorFltr 1] {1E66F26B-79EE-11D2-8710-00C04F79ED0D} [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300), C:2007-04-13 03:21 M:2007-04-13 03:21] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] ToolBar [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [Beijing Rising Technology Co., Ltd., 5.0.0.1, C:2008-07-12 14:11 M:2008-07-12 14:11] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [Beijing Rising Technology Co., Ltd., 5.0.0.1, C:2008-07-12 14:11 M:2008-07-12 14:11] [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 15:16 M:2008-07-28 16:11] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-07-29 03:01 M:2008-07-11 00:22] ======================================== 服务 [ATI Smart / ATI Smart][Stopped/Auto Start] [Copyright (C) 1998 - 2007 ATI Technologies Inc., 5.13.0027, C:2008-07-12 13:16 M:2008-01-22 14:42] [Contrl Center of Storm Media / ccosm][Running/Auto Start] [北京暴风网际科技有限公司, 3, 8, 6, 20, C:2008-03-11 14:33 M:2008-05-28 16:40] [Forceware Web Interface / ForcewareWebInterface][Running/Auto Start] <"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice> [Apache Software Foundation, 2.0.52, C:2007-05-15 09:53 M:2007-05-15 09:53] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [ForceWare IP service / nSvcIp][Running/Auto Start] [NVIDIA Corporation, 2, 2, 0, 464, C:2007-05-21 10:51 M:2007-05-21 10:51] [ForceWare user log service / nSvcLog][Running/Auto Start] [NVIDIA Corporation, 2, 2, 0, 464, C:2007-05-21 10:50 M:2007-05-21 10:50] [P4P Service / P4P Service][Running/Auto Start] [Sohu.com Inc., 2, 0, 0, 20, C:2006-08-03 11:04 M:2006-08-03 11:04] [Security Control / seictol][Stopped/Auto Start] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00] [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <%SystemRoot%\system32\Ati2evxx.exe> [(Verified)ATI Technologies Inc., 6.14.10.4188, C:2008-01-23 04:34 M:2008-01-23 04:34] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-13 23:33 M:2008-07-28 16:15] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-13 23:33 M:2008-07-28 16:11] ======================================== 驱动 [ATSpy / ATSpy][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ATSpy.sys> [] [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] [Beijing Rising Technology Co., Ltd., 3, 0, 0, 28, C:2008-07-12 14:11 M:2008-07-12 14:11] [sysHostSvc / sysHostSvc][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\GuiHelp.sys> [Microsoft Corporation, 5, 1, 2467, 4, C:2008-07-12 10:24 M:2008-07-12 10:24] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 12:00 M:2008-06-20 19:51] [ati2mtag / ati2mtag][Running/Manual Start] [(Verified)ATI Technologies Inc., 6.14.10.6764, C:2008-01-23 05:38 M:2008-01-23 05:38] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-14 12:00 M:2008-04-14 12:00] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-07-13 23:33 M:2008-07-28 16:14] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-07-13 23:33 M:2008-07-28 16:13] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-07-13 23:33 M:2008-07-28 16:13] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54, C:2008-07-13 23:33 M:2008-07-28 16:11] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5443 built by: WinDDK, C:2008-07-12 13:12 M:2007-07-10 09:56] [KAVBootC / KAVBootC][Running/Boot Start] [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-07-14 05:00 M:2008-06-17 08:59] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-07-14 05:00 M:2008-06-17 08:59] [ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start] [(Verified)1043, 2, 15, 37, C:2008-07-12 12:56 M:2004-08-12 18:56] [nvata / nvata][Running/Boot Start] [(Verified)NVIDIA Corporation, 5.10.2600.0692 built by: WinDDK, C:2008-07-12 12:57 M:2006-10-18 16:31] [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [(Verified)NVIDIA Corporation, 1.00.03.06576, C:2008-07-12 12:57 M:2007-05-21 10:43] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [(Verified)NVIDIA Corporation, 1.00.03.06576, C:2008-07-12 12:57 M:2007-05-21 10:43] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-04-14 12:00 M:2008-04-14 12:00] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-07-13 23:33 M:2008-07-28 16:17] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys> [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-14 12:00 M:2008-04-14 12:00] ======================================== 进程 [PID: 596 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 664 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 696 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\Ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-01-23 04:35 M:2008-01-23 04:35] [PID: 740 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 752 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 916 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4188, C:2008-01-23 04:34 M:2008-01-23 04:34] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-01-23 04:35 M:2008-01-23 04:35] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2527, C:2008-01-23 04:35 M:2008-01-23 04:35] [PID: 936 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 992 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 1104 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-13 23:33 M:2008-07-28 16:15] [PID: 1120 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 1228 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 1288 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 1320 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-12 14:11 M:2008-07-12 14:11] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-07-13 23:33 M:2008-07-26 21:50] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-07-13 23:33 M:2008-07-28 16:13] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-07-13 23:33 M:2008-07-28 16:13] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-07-13 23:33 M:2008-07-28 16:13] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-07-13 23:33 M:2008-07-28 16:18] C:\PROGRAM FILES\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-07-13 23:33 M:2008-07-28 16:14] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-07-13 23:33 M:2008-07-28 16:19] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-07-13 23:33 M:2008-07-28 16:19] C:\PROGRAM FILES\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] C:\PROGRAM FILES\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-07-13 23:33 M:2008-07-28 16:14] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 84, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\scanpack.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\extole.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\PROGRAM FILES\RISING\RAV\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-13 23:33 M:2008-07-28 16:17] [PID: 1504 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:15] [PID: 1612 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4188, C:2008-01-23 04:34 M:2008-01-23 04:34] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-01-23 04:35 M:2008-01-23 04:35] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2527, C:2008-01-23 04:35 M:2008-01-23 04:35] C:\WINDOWS\system32\ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-01-23 04:35 M:2008-01-23 04:35] [PID: 1652 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll [Microsoft Corporation, 11.3.1897.0, C:2008-07-12 10:56 M:2003-06-18 17:31] [PID: 2020 / asus] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-07-13 22:06] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 15:16 M:2008-07-28 16:11] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Copyright 2004, 2, 0, 0, 0, C:2008-01-08 08:15 M:2008-01-08 08:15] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamCHS.dll [Advanced Micro Devices, Inc., 6.14.10.2001, C:2007-11-20 08:45 M:2007-11-20 08:45] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:15] f:\Program Files\WinRAR\rarext.dll [N/A, C:2008-07-29 03:01 M:2008-07-11 00:22] [PID: 160 / asus] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-13 23:33 M:2008-07-26 21:50] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-13 23:33 M:2008-07-28 16:15] [PID: 188 / asus] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.24, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-12 14:11 M:2008-07-12 14:11] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-13 23:33 M:2008-07-28 16:17] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-13 23:33 M:2008-07-28 16:15] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-13 23:33 M:2008-07-28 16:11] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-13 23:33 M:2008-07-26 21:50] C:\Program Files\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-07-13 23:33 M:2008-07-26 21:50] C:\Program Files\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-13 23:33 M:2008-07-28 16:15] [PID: 196 / asus] F:\360safe\safemon\360tray.exe [(Verified)奇虎网, 4, 1, 8, 1004, C:2008-07-04 16:06 M:2008-07-04 16:06] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] F:\360safe\safemon\SafeKrnl.dll [(Verified)奇虎网, 4, 2, 0, 1001, C:2008-06-13 20:16 M:2008-06-13 20:16] F:\360safe\AntiAdwa.dll [(Verified)360Safe.com, 4, 2, 0, 1001, C:2008-06-13 20:16 M:2008-06-13 20:16] F:\360safe\live.dll [(Verified)360.cn, 1, 0, 1, 1027, C:2008-04-09 17:07 M:2008-04-09 17:07] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 208 / asus] C:\Program Files\360Safebox\safeboxTray.exe [(Verified)360安全中心, 2, 1, 1, 1003, C:2008-06-16 19:15 M:2008-06-16 19:15] C:\Program Files\360Safebox\rptup.dll [(Verified)360Safe.com, 4, 1, 0, 1003, C:2008-04-09 17:07 M:2008-04-09 17:07] C:\Program Files\360Safebox\safeboxapi.dll [(Verified)360安全中心, 2, 0, 0, 1002, C:2008-04-09 18:31 M:2008-04-09 18:31] C:\Program Files\360Safebox\liveupdate.dll [(Verified)360安全中心, 1, 2, 0, 1010, C:2008-05-27 18:01 M:2008-05-27 18:01] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [PID: 2004 / SYSTEM] F:\wenjian\stormliv.exe [北京暴风网际科技有限公司, 3, 8, 6, 20, C:2008-03-11 14:33 M:2008-05-28 16:40] F:\wenjian\MSVCP60.dll [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 1164 / SYSTEM] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [Apache Software Foundation, 2.0.52, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapr.dll [Apache Software Foundation, 0.0.0.0, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libaprutil.dll [Apache Software Foundation, 0.0.0.0, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libapriconv.dll [Apache Software Foundation, 0.0.0.0, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libhttpd.dll [Apache Software Foundation, 2.0.52, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_access.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_actions.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_alias.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so [N/A, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\nv_common.dll [NVIDIA, 2, 2, 0, 464, C:2007-05-21 10:48 M:2007-05-21 10:48] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_cgi.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_env.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_expires.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_headers.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_include.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_log_config.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_mime.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_negotiation.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_rewrite.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_setenvif.so [Apache Software Foundation, 2.0.49, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_ssl.so [Apache Software Foundation, 2.0.47, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll [N/A, C:2007-05-15 09:53 M:2007-05-15 09:53] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll [N/A, C:2007-05-15 09:53 M:2007-05-15 09:53] [PID: 1676 / SYSTEM] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [NVIDIA Corporation, 2, 2, 0, 464, C:2007-05-21 10:50 M:2007-05-21 10:50] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll [NVIDIA, 2, 2, 0, 464, C:2007-05-21 10:48 M:2007-05-21 10:48] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\NMI.dll [NVIDIA Corporation, 2, 2, 0, 464, C:2007-05-21 10:48 M:2007-05-21 10:48] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\MSVCP60.dll [Microsoft Corporation, 6.02.3104.0, C:2007-05-15 09:53 M:2007-05-15 09:53] [PID: 536 / SYSTEM] C:\Program Files\Common Files\Sogou PXP\p2psvr.exe [Sohu.com Inc., 2, 0, 0, 20, C:2006-08-03 11:04 M:2006-08-03 11:04] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] C:\Program Files\P4P\p4pipc.dll [Sohu.com Inc., 1, 0, 0, 11, C:2006-06-06 14:11 M:2006-06-06 14:11] [PID: 2240 / LOCAL SERVICE] C:\WINDOWS\system32\wdfmgr.exe [(Verified)Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act), C:2005-01-28 01:36 M:2005-01-28 01:36] [PID: 3056 / SYSTEM] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [NVIDIA Corporation, 2, 2, 0, 464, C:2007-05-21 10:51 M:2007-05-21 10:51] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll [NVIDIA, 2, 2, 0, 464, C:2007-05-21 10:48 M:2007-05-21 10:48] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common_firewall.dll [NVIDIA, 2, 2, 0, 464, C:2007-05-21 10:49 M:2007-05-21 10:49] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 2368 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [PID: 2292 / asus] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-12 10:38 M:2008-04-14 20:00] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-13 23:33 M:2008-07-28 16:14] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] C:\WINDOWS\system32\mscoree.dll [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300), C:2007-04-13 03:21 M:2007-04-13 03:21] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300), C:2007-04-13 03:21 M:2007-04-13 03:21] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54] [PID: 2892 / asus] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [PID: 620 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 3820 / asus] C:\WINDOWS\system32\taskmgr.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [PID: 3840 / asus] F:\qq\TXPlatform.exe [(Verified)Tencent, 1, 5, 225, 0, C:2008-05-20 17:53 M:2008-05-20 17:53] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [PID: 2228 / asus] F:\Program Files\arswp\arswp.exe [(Verified)ArSwp.com, 2, 8, 0, 728, C:2008-07-29 22:36 M:2008-07-29 22:36] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] F:\Program Files\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19] [PID: 4076 / asus] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-12 10:38 M:2008-04-14 20:00] F:\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\WINDOWS\system32\ESPI11.dll [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-13 23:33 M:2008-07-28 16:14] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 MSAFD Tcpip [TCP/IP] [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] MSAFD Tcpip [UDP/IP] [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] MSAFD Tcpip [RAW/IP] [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] RSVP UDP Service Provider [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] RSVP TCP Service Provider [DYWT, 1, 1, 0, 0, C:2008-08-03 17:09 M:2008-08-03 17:09] [/CODE]