[CODE]

2008-10-01,15:17:28

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 3 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc., 2, 0, 301, 1654, C:2008-08-29 15:50 M:2008-08-29 15:50]
    <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe>  [(Verified)PPStream Inc, 1, 0, 11, 139, C:2008-08-29 15:55 M:2008-08-07 15:31]
    <pupdate><"C:\Program Files\Poco2007\pupdate.exe" -p POCO>  [(Verified)广州数联软件技术有限公司, 1, 0, 0, 1, C:2007-11-01 19:38 M:2007-11-01 19:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <FlashGet><"C:\Program Files\FlashGet Network\Flashget\FlashGet.exe" /min>  [(Verified)FlashGet, 2, 19, 0, 1230, C:2008-09-04 20:50 M:2008-09-04 20:50]
    <jfproc><C:\Program Files\pipi\jfCacheMgr.exe>  [皮皮科技, 2, 3, 0, 0, C:2008-08-29 15:55 M:2008-07-17 11:00]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|NVIDIA Corporation, 6.14.11.6375, C:2008-08-29 15:24 M:2007-10-04 17:14]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-08-31 16:30 M:2008-08-31 16:34]
    <极速酷6><"C:\Program Files\酷6网\极速酷6\Ku6SpeedUpper.exe" /start>  [酷6网（北京）信息技术有限公司, 1.2.3.0, C:2008-07-22 16:57 M:2008-07-22 16:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-31 16:30 M:2008-08-31 16:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用快车(Flas&hGet)下载]
    <><C:\Program Files\FlashGet Network\Flashget\GetUrl.htm>  [N/A, C:2008-09-04 18:06 M:2008-09-04 18:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用快车(Flash&Get)下载全部链接]
    <><C:\Program Files\FlashGet Network\Flashget\GetAllUrl.htm>  [N/A, C:2008-09-04 18:06 M:2008-09-04 18:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用快车(FlashGet)下载该网页FLV]
    <><C:\Program Files\FlashGet Network\Flashget\FlvDetector.htm>  [N/A, C:2008-09-04 18:06 M:2008-09-04 18:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-08-29 15:24 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-08-29 15:24 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-08-29 15:28 M:2008-03-28 19:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:13 M:2008-04-13 19:13|(Verified)N/A, C:2008-04-13 18:57 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:13 M:2008-04-13 19:13|(Verified)N/A, C:2008-04-13 18:57 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><C:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-08-29 15:24 M:2008-04-28 11:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}]
    <PPLive><C:\Program Files\PPLive\PPLive.exe>  [(Verified)N/A, C:2008-08-29 15:24 M:2007-03-16 13:46]


========================================
启动项

[Adobe Reader Speed Launch]
    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"  > [Adobe Systems Incorporated, 7.0.5.2005092300, C:2005-09-23 22:05 M:2005-09-23 22:05]


========================================
计划任务

[SogouImeMgr.job]
    <C:\WINDOWS\tasks\SogouImeMgr.job --> "C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]


========================================
组件


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-31 16:30 M:2008-08-31 16:34]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[Microsoft Agent Character Property Sheet Handler]
    {143A62C8-C33B-11D1-84FE-00C04FA34A14}  <C:\WINDOWS\msagent\AgentPsh.dll>  [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-08-29 15:24 M:2007-09-26 10:42]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-08-29 15:27 M:2007-10-04 17:14]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-08-29 15:27 M:2007-10-04 17:14]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2008-08-29 15:27 M:2007-10-04 17:14]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-31 16:30 M:2008-08-31 16:34]

Protocols
[]
    {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}  <C:\WINDOWS\system32\KuGoo3DownXControl.ocx>  [酷狗, 5.2.4.4, C:2008-08-29 15:56 M:2008-09-22 14:27]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-29 15:24 M:2008-04-07 15:40]
[Adobe PDF Reader Link Helper]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}  <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll>  [(Verified)Adobe Systems Incorporated, 7.0.7.2006011200, C:2006-01-12 20:38 M:2006-01-12 20:38]
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-29 15:24 M:2008-04-29 14:42]
[Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-08-29 15:50 M:2008-08-29 15:50]

ToolBar
[&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-08-29 15:50 M:2008-08-29 15:50]
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-29 15:24 M:2008-04-07 15:40]
[Adobe PDF Reader Link Helper]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}  <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll>  [(Verified)Adobe Systems Incorporated, 7.0.7.2006011200, C:2006-01-12 20:38 M:2006-01-12 20:38]
[GerneralPeerID Class]
    {0A47E819-F82E-4D5D-B806-6A9EA94D68CD}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll>  []
[IFlashGetNetscapeEx Class]
    {116BA71C-8187-4F15-9A1F-C9D6289155D1}  <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll>  [(Verified)FlashGet, 2, 3, 0, 1030, C:2008-09-04 20:50 M:2008-09-04 20:50]
[&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-08-29 15:50 M:2008-08-29 15:50]
[JetCarNetscape Class]
    {2974c985-8151-4de5-b23c-b875f0a8522f}  <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll>  [(Verified)FlashGet, 2, 3, 0, 1030, C:2008-09-04 20:50 M:2008-09-04 20:50]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-08-29 15:24 M:2007-12-10 14:17]
[PowerPlayer Control]
    {5EC7C511-CD0F-42E6-830C-1BD9882F3458}  <C:\PROGRA~1\PPStream\110~1.262\POWERP~1.DLL>  [(Verified)PPStream Inc., 2,2,83,8611, C:2008-09-24 04:08 M:2008-09-24 04:08]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 1, 0, 3, 37, C:2008-04-24 16:51 M:2008-04-23 18:43]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-04-24 16:51 M:2008-04-23 18:43]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll>  []
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-29 15:24 M:2008-04-29 14:42]
[Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-08-29 15:50 M:2008-08-29 15:50]
[DapCtrl COM Module]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5711.41.249.dll>  []
[Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}  <C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll>  [(Verified)Google Inc., 3, 1, 807, 1746, C:2008-09-06 15:40 M:2008-09-06 15:40]
[FlashGetBHO]
    {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0}  <C:\Documents and Settings\All Users\Application Data\FlashGetBHO\FlashGetBHO.dll>  [(Verified)FlashGet, 2, 3, 0, 1030, C:2008-09-04 20:50 M:2008-09-04 20:50]
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5711.70.249.dll>  []
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work>  [Thunder, 1.2.9.152, C:2008-04-24 16:51 M:2008-04-23 18:43]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-31 16:30 M:2008-08-31 16:34]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-08-29 15:24 M:2007-09-26 10:42]


========================================
服务

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [NVIDIA Corporation, 6.14.11.6375, C:2008-08-29 15:24 M:2007-10-04 17:14]

[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <D:\暴风影音\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[Google Updater Service / gusvc][Stopped/Manual Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">  [(Verified)Google, 2.0.734.29932.beta, C:2008-08-29 15:50 M:2008-08-29 15:50]
[Kingsoft Basic Service / kaccore][Running/Auto Start]
    <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">  [(Verified)Kingsoft Corporation, 2008,09,11,261, C:2008-08-31 15:59 M:2008-09-12 21:07]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-08-31 16:30 M:2008-08-31 16:34]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-08-31 16:30 M:2008-08-31 16:34]


========================================
驱动

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [Realtek Semiconductor Corp., 5.10.00.6270 built by: WinDDK, C:2008-08-29 15:26 M:2007-10-26 11:20]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [NVIDIA Corporation, 6.14.11.6375, C:2008-08-29 15:24 M:2007-10-04 17:14]
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
    <system32\DRIVERS\NVENETFD.sys>  [NVIDIA Corporation, 1.00.02.06764, C:2008-08-29 15:24 M:2007-09-20 19:07]
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
    <system32\DRIVERS\nvnetbus.sys>  [NVIDIA Corporation, 1.00.01.06764, C:2008-08-29 15:24 M:2007-09-20 19:07]
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
    <system32\DRIVERS\nvrd32.sys>  [NVIDIA Corporation, 10.3.0.16 built by: WinDDK, C:2008-03-28 10:43 M:2007-12-07 15:27]
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
    <\SystemRoot\system32\DRIVERS\SiWinAcc.sys>  [Silicon Image, Inc., 1.0.0.11, C:2008-01-23 17:20 M:2006-08-08 22:19]
[viamraid / viamraid][Stopped/Boot Start]
    <system32\DRIVERS\viamraid.sys>  [VIA Technologies inc,.ltd, 5.1.6000.562, C:2008-01-23 17:20 M:2007-07-17 13:35]

[AMD Processor Driver / AmdK8][Running/System Start]
    <system32\DRIVERS\AmdK8.sys>  [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-04-29 18:11 M:2006-07-01 22:43]
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
    <system32\drivers\es1371mp.sys>  [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-04-24 15:32 M:2001-08-17 04:19]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-08-31 16:30 M:2008-08-31 16:34]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-08-31 16:30 M:2008-08-31 16:34]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-08-31 16:30 M:2008-08-31 16:34]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-08-31 16:30 M:2008-08-31 16:34]
[Intel AHCI Controller / iaStor7][Running/Boot Start]
    <system32\drivers\iastor7.sys>  [(Verified)Intel Corporation, 7.8.0.1012, C:2008-01-23 17:20 M:2007-09-29 23:03]
[KAVBootC / KAVBootC][Running/Boot Start]
    <system32\Drivers\KAVBootC.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-08-31 15:59 M:2008-07-11 10:59]
[KAVSafe / KAVSafe][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys>  [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-08-31 15:59 M:2008-07-11 10:59]
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
    <system32\DRIVERS\pcntpci5.sys>  [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-04-24 15:32 M:2001-08-17 04:11]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 20:00 M:2004-08-17 20:00]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-08-31 16:30 M:2008-08-31 16:35]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-13 09:39 M:2008-04-13 09:39]


========================================
进程

[PID: 588 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]

[PID: 652 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:13 M:2008-04-13 19:13]

[PID: 676 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 720 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]

[PID: 732 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 896 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 952 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1048 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1064 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\System32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1240 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1328 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1356 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-08-31 16:30 M:2008-08-31 16:28]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-10-05 15:39 M:2004-10-05 15:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 03:14 M:2003-03-19 03:14]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-08-31 16:30 M:2008-08-31 16:35]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-09-26 21:33]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-08-31 16:30 M:2008-08-31 16:35]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-08-31 16:30 M:2008-08-31 16:35]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-08-31 16:30 M:2008-08-31 16:35]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 94, C:2008-08-31 16:30 M:2008-09-23 17:08]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 21, C:2008-08-31 16:30 M:2008-09-26 21:33]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-08-31 16:30 M:2008-09-03 07:47]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-08-31 16:30 M:2008-08-31 16:34]

[PID: 1664 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1824 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll  [Adobe Systems, Inc., 7.0.0.0, C:2004-12-14 02:20 M:2004-12-14 02:20]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2008-08-29 15:24 M:2007-09-26 10:42]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53]
    C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-29 15:24 M:2008-04-07 15:40]
    C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-29 15:24 M:2008-04-29 14:42]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 19, C:2008-08-29 15:24 M:2008-04-23 18:43]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-08-29 15:24 M:2008-04-23 18:43]

[PID: 1928 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-13 19:14 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 188 / SYSTEM]   D:\暴风影音\stormliv.exe   [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
    D:\暴风影音\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 240 / SYSTEM]   C:\Program Files\Kingsoft\KAC\Service\kaccore.exe   [(Verified)Kingsoft Corporation, 2008,09,11,261, C:2008-08-31 15:59 M:2008-09-12 21:07]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\Kingsoft\KAC\Service\corehelper.dll  [(Verified)Kingsoft Corporation, 2008,09,17,269, C:2008-08-31 15:59 M:2008-09-24 22:41]

[PID: 324 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [NVIDIA Corporation, 6.14.11.6375, C:2008-08-29 15:24 M:2007-10-04 17:14]
    C:\WINDOWS\system32\nvapi.dll  [NVIDIA Corporation, 6.14.11.6375, C:2008-08-29 15:24 M:2007-10-04 17:14]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1904 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-13 19:13 M:2008-04-13 19:13]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 2012 / Administrator]   C:\PROGRAM FILES\RISING\RAV\RavMon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-08-31 16:30 M:2008-08-31 16:28]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-10-05 15:39 M:2004-10-05 15:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 03:14 M:2003-03-19 03:14]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\PROGRAM FILES\RISING\RAV\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-08-31 16:30 M:2008-08-31 16:34]

[PID: 1844 / Administrator]   C:\Program Files\FlashGet Network\Flashget\FlashGet.exe   [(Verified)FlashGet, 2, 19, 0, 1230, C:2008-09-04 20:50 M:2008-09-04 20:50]
    C:\Program Files\FlashGet Network\Flashget\storage.dll  [FLASHGET, 2, 0, 0, 1003, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\dbghelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\FlashGet Network\Flashget\BugReport.dll  [版权所有 (C) 2008, 1, 1, 0, 1001, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\zlib.dll  [(C) 1995-2002 Jean-loup Gailly & Mark Adler, 1.1.4.0, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\UpdateHelper.dll  [1, 1, 0, 1001, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\ComHelper\ComHelper.dll  [FLASHGET, 1, 0, 0, 1002, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\SearchTop\SearchTop.dll  [FLASHGET, 1, 0, 0, 1002, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\Security\Security.dll  [ FlashGet, 1, 0, 0, 1006, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\SnapShot\SnapShot.dll  [ FlashGet, 1, 0, 0, 1027, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\SoBar\SoBar.dll  [FLASHGET, 1, 0, 0, 1003, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\garage\garage.dll  [N/A, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\modules\SnapShot\SamplerCli.dll  [ , 1, 0, 0, 1002, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\ADFileHelper.dll  [版权所有 (C) 2008, 1, 0, 0, 1, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\explorerbar.dll  [Ingo A. Kubbilun, 1, 0, 0, 1, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2spwrap.dll  [FLASHGET, 1, 0, 1, 1008, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2spmgr.dll  [FLASHGET, 1, 9, 11, 25, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2snetio.dll  [FLASHGET, 1, 0, 0, 7925, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\hashgen.dll  [FLASHGET, 1, 0, 0, 1, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2sprot.dll  [FLASHGET, 1, 9, 11, 18, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2pprot.dll  [FLASHGET, 1, 8, 11, 17, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\p2pcore.dll  [版权所有 (C) 2008, 2, 0, 0, 1083, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\adns.dll  [(C) 2008, 1, 0, 0, 2, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\core_stat.dll  [N/A, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\btwrap.dll  [FLASHGET, 1, 0, 1, 1007, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\Program Files\FlashGet Network\Flashget\btcore.dll  [FLASHGET, 2, 2, 0, 44, C:2008-09-04 18:06 M:2008-09-04 18:06]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53]
    C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-31 16:30 M:2008-08-31 16:34]

[PID: 572 / Administrator]   C:\Program Files\pipi\jfCacheMgr.exe   [皮皮科技, 2, 3, 0, 0, C:2008-08-29 15:55 M:2008-07-17 11:00]
    C:\Program Files\pipi\libdb43.dll  [Sleepycat Software, 4.3.27, C:2008-08-29 15:55 M:2005-02-24 14:29]
    C:\Program Files\pipi\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-08-29 15:55 M:2003-02-21 20:42]
    C:\Program Files\pipi\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-08-29 15:55 M:2003-03-19 12:14]
    C:\Program Files\pipi\KmBugslayerUtil.dll  [MSJ Bugslayer Column and the book "Debugging Microsoft Windows Applications", 3.0.000, C:2008-08-29 15:55 M:2005-10-11 15:08]
    C:\Program Files\pipi\dbghelp.dll  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920), C:2008-08-29 15:55 M:2002-10-07 20:00]
    C:\Program Files\pipi\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-08-29 15:55 M:2003-03-19 13:19]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\pipi\plugins\KmRelay.dll  [N/A, C:2008-08-29 15:55 M:2005-04-19 13:57]
    C:\Program Files\pipi\plugins\KmTransmit.dll  [皮皮科技, 4, 3, 0, 2, C:2008-08-29 15:55 M:2008-07-14 10:32]

[PID: 284 / Administrator]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-08-31 16:30 M:2008-08-31 16:34]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 612 / Administrator]   C:\Program Files\酷6网\极速酷6\Ku6SpeedUpper.exe   [酷6网（北京）信息技术有限公司, 1.2.3.0, C:2008-07-22 16:57 M:2008-07-22 16:57]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-31 16:30 M:2008-08-31 16:34]

[PID: 608 / Administrator]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-13 19:13 M:2008-04-13 19:13]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 1264 / Administrator]   C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   [(Verified)Google Inc., 2, 0, 301, 1654, C:2008-08-29 15:50 M:2008-08-29 15:50]
    C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\gtn.dll  [(Verified)Google Inc., 3, 1, 807, 1746, C:2008-09-06 15:40 M:2008-09-06 15:40]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll  [(Verified)Google Inc., 3, 1, 807, 1746, C:2008-09-06 15:40 M:2008-09-06 15:40]

[PID: 992 / Administrator]   C:\Program Files\PPStream\ppsap.exe   [(Verified)PPStream Inc, 1, 0, 11, 139, C:2008-08-29 15:55 M:2008-08-07 15:31]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\Program Files\PPStream\vodnet.dll  [(Verified)PPStream Inc., 1, 0, 11, 139, C:2008-08-04 16:37 M:2008-08-04 16:37]
    C:\Program Files\PPStream\vodres.dll  [(Verified)PPStream Inc., 1, 0, 11, 139, C:2008-08-04 16:37 M:2008-08-04 16:37]
    C:\Program Files\PPStream\ppssg.dll  [(Verified)PPStream Inc., 1, 0, 11, 139, C:2008-08-04 16:37 M:2008-08-04 16:37]
    C:\Program Files\PPStream\1.1.0.2621\fds.dll  [(Verified)PPStream Inc., 1, 0, 0, 82, C:2008-09-24 04:07 M:2008-09-24 04:07]

[PID: 3832 / SYSTEM]   C:\WINDOWS\system32\wbem\wmiprvse.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-04-24 15:33 M:2008-04-13 19:14]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]

[PID: 2692 / Administrator]   D:\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-09-29 20:59 M:2008-08-15 22:25]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-24 09:11 M:2008-04-24 09:11]
    C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53]
    D:\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-09-29 20:59 M:2007-11-28 15:19]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost
    127.0.0.1 858656.com
    127.0.0.1 my123.com
    127.0.0.1 8749.com
    127.0.0.1 4199.com
    127.0.0.1 7379.com
    127.0.0.1 7255.com
    127.0.0.1 3448.com
    127.0.0.1 7939.com
    127.0.0.1 8009.com
    127.0.0.1 piaoxue.com
    127.0.0.1 kzdh.com
    127.0.0.1 about.blank.la
    127.0.0.1 6781.com
    127.0.0.1 7322.com
    127.0.0.1 9991.com


[/CODE]