[CODE] 2008-09-10,11:10:09 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <360Safetray> [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-09-01 11:13 M:2008-09-01 11:12] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:14|(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)360安全中心, 2, 1, 1, 1003, C:2008-06-16 19:15 M:2008-06-16 19:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:2008-09-01 11:13 M:2008-09-01 11:13] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <> [] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载] <> [N/A, C:2008-03-17 17:27 M:2008-03-17 17:27] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载全部链接] <> [N/A, C:2007-01-16 17:34 M:2007-01-16 17:34] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-07-06 15:09 M:2008-06-13 09:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-07-06 15:09 M:2008-06-13 09:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:2004-08-04 08:52 M:2007-08-13 18:39|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:2004-08-04 08:52 M:2007-08-13 18:39|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130), C:2004-08-04 08:52 M:2007-08-13 18:39|(Verified)N/A, C:2004-08-04 08:48 M:2008-04-13 18:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-07-06 15:09 M:2008-07-10 21:15] ======================================== 启动项 ======================================== 计划任务 ======================================== 组件 Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-07-06 14:51 M:2004-06-06 14:13] [NvCpl DesktopContext Class] {A70C977A-BF00-412C-90B7-034C51DA2439} [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] [Play on my TV helper] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2007-10-04 17:14 M:2007-10-04 17:14] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2007-10-04 17:14 M:2007-10-04 17:14] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2007-10-04 17:14 M:2007-10-04 17:14] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-07-07 11:32 M:2008-06-01 19:48] [Shell Extensions for RealOne Player] {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [(Verified)RealNetworks, Inc., 1.0.1.2777, C:2008-07-07 11:35 M:2008-07-07 11:35] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-01 11:13 M:2008-09-01 11:12] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-06 15:09 M:2008-06-13 09:43] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-06 15:09 M:2008-06-13 09:43] [QQCycloneHelper Class] {B69F34DC-F0F9-42DC-9EDD-957187DA688D} [] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-06 15:09 M:2008-06-13 09:43] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-07-06 15:09 M:2008-06-13 09:43] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-06 15:09 M:2008-06-13 09:43] [QQCycloneHelper Class] {B69F34DC-F0F9-42DC-9EDD-957187DA688D} [] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-01 11:13 M:2008-09-01 11:12] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-07-07 11:32 M:2008-06-01 19:48] ======================================== 服务 [EQService / EQService][Stopped/Manual Start] [EQSecure, 2008, 8, 3, 24, C:2008-09-01 11:24 M:2008-09-01 11:24] [GrayPigeon / GrayPigeon][Running/Auto Start] [N/A, C:2008-09-10 10:32 M:2008-09-10 10:13] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [WatchData ccb V3.2 / WDMonitorCCB][Stopped/Auto Start] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0, C:2008-08-18 10:47 M:2008-06-07 09:27] [Contrl Center of Storm Media / ccosm][Running/Auto Start] [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-09-01 11:13 M:2008-09-01 11:12] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-09-01 11:13 M:2008-09-01 11:12] ======================================== 驱动 [000d419d / 000d419d][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\000d419d.sys> [] [21546 / 21546][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Drivers\21515.sys> [Driver, 3.0.0.1, C:2008-07-07 13:50 M:2008-07-07 13:50] [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [EQSysSecure / EQSysSecure][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EQSysSecure.sys> [EQSecure, 4.32, C:2008-09-01 11:25 M:2008-08-03 21:06] [fcdabus / fcdabus][Stopped/Boot Start] [] [Fserys / Fserys][Stopped/Manual Start] <\??\C:\WINDOWS\system32\Fserys.sys> [] [RamDisk Drive Service / fsRamDsk][Stopped/Manual Start] [] [GMSIPCI / GMSIPCI][Stopped/Manual Start] <\??\D:\INSTALL\GMSIPCI.SYS> [] [Netgroup Packet Filter / NPF][Running/Manual Start] [Politecnico di Torino, 3, 0, 0, 18, C:2008-07-07 10:34 M:2005-10-28 15:10] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys> [] [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [] [QKeyServiceDisplay / QKeyService][Running/Boot Start] [ Tencent Technology (Shenzhen) Company Limited, 1, 0, 0, 9, C:2008-08-23 22:32 M:2008-07-01 18:20] [sptd / sptd][Running/Boot Start] [N/A, C:2008-09-08 19:27 M:2008-09-08 19:33] [swiby / swiby][Running/Boot Start] [N/A, C:2004-08-04 08:52 M:2008-04-13 19:13] [sysHostSvc / sysHostSvc][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\GuiHelp.sys> [Microsoft Corporation, 5, 1, 2467, 4, C:2008-07-06 22:41 M:2008-07-06 22:41] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2004-08-04 07:14 M:2008-06-20 19:51] [usb Card Device / ft2kEnum][Running/Manual Start] [(Verified)OEM Corporation, 2.4.3.403, C:2008-08-17 22:13 M:2008-08-17 22:13] [USB Chip Holder Service / GDBaseSmc][Running/Manual Start] [(Verified)OEM, 2.4.3.1110, C:2008-08-17 22:13 M:2008-08-17 22:13] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2008-04-13 09:36] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-09-01 11:13 M:2008-09-01 11:12] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-09-01 11:13 M:2008-09-01 11:12] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-09-01 11:13 M:2008-09-01 11:12] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-09-01 11:13 M:2008-09-01 21:36] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5567 built by: WinDDK, C:2008-07-06 15:02 M:2008-03-31 13:26] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 14:13 M:2004-06-06 14:13] [SmartCard Reader Device / Reader_Device][Running/Manual Start] [(Verified)OEM, 2.4.3.403, C:2008-08-17 22:13 M:2008-08-17 22:13] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-09-01 11:13 M:2008-09-01 11:12] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.686.0103.2008 built by: WinDDK, C:2008-07-06 15:00 M:2008-03-31 13:26] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys> [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 19:36 M:2007-11-13 18:25] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [(Verified)TENCENT, 0, 0, 8, 4, C:2008-09-06 09:01 M:2008-09-09 22:30] ======================================== 进程 [PID: 652 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 728 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:13] [PID: 752 / SYSTEM] \??\C:\WINDOWS\SYSTEM32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 796 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 808 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 968 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1048 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1144 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-09-01 11:13 M:2008-09-01 11:12] [PID: 1160 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1240 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1324 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1396 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-07-06 15:09 M:2008-06-23 19:46] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-07-06 15:09 M:2008-06-23 19:46] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-09-01 11:13 M:2008-09-01 21:37] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-09-01 11:13 M:2008-09-01 21:37] C:\PROGRAM FILES\RISING\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-09-01 11:13 M:2008-09-01 21:37] C:\PROGRAM FILES\RISING\RAV\scanpack.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 21:37] C:\PROGRAM FILES\RISING\RAV\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-09-01 11:13 M:2008-09-08 00:33] C:\PROGRAM FILES\RISING\RAV\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-09-01 11:13 M:2008-09-01 11:12] [PID: 1484 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1756 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-01 11:13 M:2008-09-01 11:12] [PID: 1988 / new] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:14] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] E:\Program Files\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\WINDOWS\system32\nvcpl.dll [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] C:\WINDOWS\system32\nvapi.dll [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] C:\WINDOWS\system32\nvshell.dll [N/A, C:2007-10-04 17:14 M:2007-10-04 17:14] [PID: 212 / SYSTEM] C:\Program Files\StormII\stormliv.exe [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33] C:\Program Files\StormII\MSVCP60.dll [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] [PID: 272 / SYSTEM] C:\pRogram Files\system32\svhost.exe [N/A, C:2008-09-10 10:32 M:2008-09-10 10:13] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] [PID: 520 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] C:\WINDOWS\system32\nvapi.dll [(Verified)NVIDIA Corporation, 6.14.11.6375, C:2007-10-04 17:14 M:2007-10-04 17:14] [PID: 584 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2004-08-04 08:52 M:2008-04-13 19:14] [PID: 1912 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2004-08-04 08:52 M:2008-04-13 19:13] C:\WINDOWS\System32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] [PID: 2420 / new] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-01 11:13 M:2008-09-01 11:12] [PID: 2460 / new] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-09-01 11:13 M:2008-09-01 21:36] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-07-06 15:09 M:2008-06-23 19:46] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-07-06 15:09 M:2008-06-23 19:46] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-09-01 11:13 M:2008-09-01 21:37] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-09-01 11:13 M:2008-09-01 11:12] C:\Program Files\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-09-01 11:13 M:2008-09-01 11:12] [PID: 2468 / new] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2004-08-04 08:52 M:2008-04-13 19:13] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] [PID: 3044 / new] C:\Program Files\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-09-10 10:32 M:2008-08-15 22:25] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] E:\Program Files\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-09-10 10:32 M:2007-11-28 15:19] [PID: 3232 / new] C:\Program Files\ChinaNet\VnetClient.exe [gdcn (C) 2007, 2008, 4, 17, 16, C:2008-08-07 16:24 M:2008-04-18 20:25] C:\Program Files\ChinaNet\Communicate.dll [GDCN, 2006, 2, 15, 1, C:2008-07-07 10:34 M:2007-05-08 17:05] C:\Program Files\ChinaNet\DialModule.dll [GDCN, 2007, 11, 30, 14, C:2008-07-07 10:34 M:2007-11-30 14:15] C:\Program Files\ChinaNet\MFC42.DLL [Microsoft Corporation, 6.00.8665.0, C:2008-07-07 10:34 M:2004-04-18 20:06] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] E:\Program Files\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\PROGRA~1\ChinaNet\CLIENT~1.DLL [Copyright 2004, 2004, 2, 28, 1, C:2008-07-07 10:34 M:2005-03-01 13:05] C:\PROGRA~1\ChinaNet\ADVERT~1.OCX [Copyright (C) 2005, 2007, 4, 20, 15, C:2008-07-07 10:34 M:2007-05-21 15:08] C:\PROGRA~1\ChinaNet\BDSearch.ocx [gdcn, 2007, 8, 3, 10, C:2008-07-07 10:34 M:2007-08-03 10:31] C:\PROGRA~1\ChinaNet\PageFram.ocx [Workgroup, 2008, 2, 28, 17, C:2008-07-07 10:34 M:2008-04-09 10:57] C:\PROGRA~1\ChinaNet\ACCOUN~1.OCX [Workgroup, 2008, 4, 17, 16, C:2008-07-07 10:34 M:2008-04-24 09:44] C:\PROGRA~1\ChinaNet\AccountMgr.dll [版权所有 (C) 2004, 2006, 11, 19, 14, C:2008-07-07 10:34 M:2007-01-29 17:36] C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\VNETPP~1.OCX [gdcn, 2008, 1, 7, 1, C:2008-08-07 16:24 M:2008-01-07 15:29] C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\vnetlist.ocx [Copyright (C) 2006, 1, 8, 0, 20, C:2008-08-07 16:24 M:2008-03-20 13:48] C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\uilib.dll [(Verified)Synacast, 1, 0, 0, 1, C:2008-08-07 16:24 M:2007-10-17 18:29] C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\common.dll [(Verified)版权所有 (C) 2006, 1, 0, 0, 1, C:2008-08-07 16:24 M:2006-12-30 13:49] C:\PROGRA~1\ChinaNet\IcosBar.ocx [Workgroup, 2007, 4, 29, 15, C:2008-07-07 10:34 M:2007-07-30 19:31] C:\PROGRA~1\ChinaNet\VnetSkin.ocx [GDDC, 2006, 9, 6, 15, C:2008-07-07 10:34 M:2006-09-06 15:19] C:\PROGRA~1\ChinaNet\DialogStyle.dll [版权所有 (C) 2004, 1, 0, 0, 1, C:2008-07-07 10:34 M:2004-06-25 17:37] C:\PROGRA~1\ChinaNet\Timer.ocx [Copyright (C) 2006, 2007, 5, 25, 11, C:2008-07-07 10:34 M:2007-06-08 18:01] C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX [Copyright (C) 2004, 2006, 4, 4, 1, C:2008-07-07 10:34 M:2006-07-03 18:01] C:\PROGRA~1\ChinaNet\sign.dll [0, 2004, 12, 1, 1, C:2008-07-07 10:34 M:2004-12-01 18:19] C:\Program Files\ChinaNet\NewMessage.dll [Copyright 2004, 2007, 6, 18, 18, C:2008-07-07 10:34 M:2007-07-30 19:32] C:\PROGRA~1\ChinaNet\PassCtrl.dll [GDCN, 2006, 3, 1, 16, C:2008-07-07 10:34 M:2006-03-01 17:47] C:\WINDOWS\system32\wpcap.dll [Politecnico di Torino, 3, 0, 0, 18, C:2008-07-07 10:34 M:2005-10-28 15:10] C:\WINDOWS\system32\pthreadVC.dll [N/A, C:2008-07-07 10:34 M:2005-10-28 15:10] C:\WINDOWS\system32\packet.dll [Politecnico di Torino, 3, 0, 0, 18, C:2008-07-07 10:34 M:2005-10-28 15:10] C:\PROGRA~1\ChinaNet\PlugPush.dll [Copyright 2004, 2006, 12, 20, 20, C:2008-07-07 10:34 M:2006-12-20 20:46] C:\PROGRA~1\ChinaNet\ALLINT~1.DLL [Copyright 2004, 2007, 4, 28, 18, C:2008-07-07 10:34 M:2007-07-30 19:23] C:\PROGRA~1\ChinaNet\VNETLO~1.OCX [Copyright (C) 2005, 2007, 6, 14, 17, C:2008-07-07 10:34 M:2007-07-30 19:41] C:\PROGRA~1\ChinaNet\StatNum.dll [Copyright 2004, 2006, 12, 9, 17, C:2008-07-07 10:34 M:2006-12-09 14:28] C:\PROGRA~1\ChinaNet\VNETON~1.OCX [GDCN, 1, 0, 0, 2, C:2008-07-07 10:34 M:2008-04-19 19:05] C:\Program Files\ChinaNet\AllFunctions.dll [GDCN, 2008, 4, 23, 10, C:2008-07-07 10:34 M:2008-05-26 17:23] C:\Program Files\ChinaNet\VnetOptLog.dll [ , 2007, 5, 11, 15, C:2008-07-07 10:34 M:2007-08-01 11:41] C:\PROGRA~1\ChinaNet\VNETSE~1.OCX [Copyright (C) 2006, 2007, 8, 8, 11, C:2008-07-07 10:34 M:2007-08-08 11:23] C:\PROGRA~1\ChinaNet\Weather.ocx [Microsoft, 2007, 3, 29, 15, C:2008-07-07 10:34 M:2007-03-29 15:56] C:\PROGRA~1\ChinaNet\VNETMI~1.OCX [Alex, 1, 0, 0, 1, C:2008-08-07 16:24 M:2008-04-23 11:42] C:\Program Files\ChinaNet\Base64.dll [N/A, C:2008-07-07 10:34 M:2005-08-04 14:09] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] C:\PROGRA~1\ChinaNet\zylcrypt.dll [Copyright 2003, 1, 0, 0, 1, C:2008-08-07 16:24 M:2007-03-01 18:17] [PID: 1108 / new] C:\Program Files\Rising\AntiSpyware\knownsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2008-09-01 11:13 M:2008-09-01 11:13] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-09-01 11:13 M:2008-09-01 11:13] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 25, C:2008-09-01 11:13 M:2008-09-01 11:13] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.34, C:2008-09-01 11:13 M:2008-09-10 10:54] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-01 11:13 M:2008-09-10 10:55] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 [/CODE]