[CODE]

2008-10-09,23:03:45

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising, 19, 0, 0, 16, C:2008-05-05 17:46 M:2008-05-05 17:45]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    <360Antiarp><C:\Program Files\360safe\antiarp\AntiArp.exe /start>  [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)奇虎网, 5, 0, 0, 1001, C:2008-04-24 16:44 M:2008-07-16 22:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><d:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2007-08-01 11:48 M:2008-04-30 15:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)N/A, C:2007-09-22 21:34 M:2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)N/A, C:2007-09-22 21:35 M:2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00|(Verified)N/A, C:2007-11-05 12:28 M:2005-01-28 15:25]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Master Monitor]
    <PrintMonitor: HP Master Monitor><HPBMMON.DLL>  [Hewlett-Packard, 10.00.16, C:2006-05-05 13:24 M:2002-08-20 06:50]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\HP Standard TCP/IP Port]
    <PrintMonitor: HP Standard TCP/IP Port><hptcpmon.dll>  [Hewlett Packard, 2.43.01.003, C:2007-11-05 13:55 M:2004-08-14 01:18]


========================================
启动项



========================================
计划任务

[SogouImeMgr.job]
    <C:\WINDOWS\tasks\SogouImeMgr.job --> "C:\PROGRA~1\SOGOUI~1\360~1.163\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 3.6.0.1637, C:2008-09-16 14:11 M:2008-09-16 14:11]


========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-11-05 10:32 M:2004-08-17 20:00]
[Microsoft Outlook Custom Icon Handler]
    {0006F045-0000-0000-C000-000000000046}  <C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL>  [Microsoft Corporation, 9.0.2416, C:1999-04-28 22:10 M:1999-04-28 22:10]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-11-05 13:33 M:2007-02-03 01:19]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7, C:2008-05-05 17:46 M:2008-05-05 17:45]

BrowserHelperObject
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\urlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-10-09 16:30 M:2008-10-09 16:29]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]

ActiveX Extension
[CibaCtrl Class]
    {8DE0FCD4-5EB5-11D3-AD25-00002100131B}  <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll>  [Copyright 1999, 1, 0, 0, 1, C:2008-02-25 16:05 M:2001-09-20 20:02]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\urlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-10-09 16:30 M:2008-10-09 16:29]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360safe\safemon\safemon.dll>  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]
[JoyoCtrl Class]
    {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8}  <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll>  [Copyright 1999, 1, 0, 0, 1, C:2008-02-25 16:05 M:2001-09-20 20:02]
[NTKO Office文档控件]
    {C9BC4DFF-4248-4A3C-8A49-63A7D317F404}  <C:\WINDOWS\Downloaded Program Files\OfficeControl.ocx>  [千航网络[NTKO SOFTWARE]Email: tanger@ntko.com, 2.5.0.2, C:2004-06-30 12:48 M:2004-06-30 12:48]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[NTKO 附件管理控件]
    {E8FD8E76-203A-48ED-9C39-481479080C34}  <C:\WINDOWS\Downloaded Program Files\ntkofman.ocx>  [千航网络[NTKO SOFTWARE][http://www.ntko.com][Email: tanger@ntko.com], 1, 0, 0, 8, C:2005-06-01 15:44 M:2005-06-01 15:44]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7, C:2008-05-05 17:46 M:2008-05-05 17:45]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-11-05 13:33 M:2007-02-03 01:19]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
    <C:\WINDOWS\system32\HPZipm12.exe>  [HP, 7, 0, 5, 0, C:2007-11-05 13:55 M:2003-10-22 10:19]
[RavService / RavService][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\RavService.exe" /service>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55, C:2008-05-05 17:46 M:2008-05-05 17:45]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:45]
[RsRavMon Service / RsRavMon][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\Ravmond.exe">  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41, C:2008-05-05 17:46 M:2008-05-05 17:50]
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Stopped/Auto Start]
    <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe>  [Analog Devices, Inc., 3, 2, 6, 0, C:2007-11-05 11:14 M:2002-09-20 16:50]



========================================
驱动

[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
    <System32\DRIVERS\BaseTDI.SYS>  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5, C:2007-11-05 11:45 M:2008-05-05 17:45]
[ExpScaner / ExpScaner][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\ExpScan.sys>  [Copyright (C) 2004 Rising, 18, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
[HookCont / HookCont][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys>  [Rising, 19, 0, 0, 4, C:2008-05-05 17:46 M:2008-05-05 17:45]
[HookReg / HookReg][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\HookReg.sys>  [版权所有 (@) 2003, 18, 0, 0, 10, C:2008-05-05 17:46 M:2008-05-05 17:45]
[HookSys / HookSys][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\HookSys.sys>  [Rising, 19, 0, 0, 7, C:2008-05-05 17:46 M:2008-05-05 17:45]
[MEMSCAN / MEMSCAN][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
    <system32\drivers\npf.sys>  [CACE Technologies, 3, 1, 0, 27, C:2008-05-04 16:41 M:2008-05-04 18:41]
[oe / oe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\oe.sys>  []
[Padus ASPI Shell / pfc][Running/Manual Start]
    <system32\drivers\pfc.sys>  [Padus, Inc., 2, 5, 0, 202, C:2007-11-05 13:09 M:2007-11-05 13:09]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
[RSPPSYS / RSPPSYS][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys>  [Rising, 18. 0. 0. 3, C:2008-05-05 17:46 M:2008-05-05 17:50]
[vx / vx][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\vx.sys>  []
[XNGAnti / XNGAnti][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys>  []

[360AntiArp / 360AntiArp][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys>  [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33]
[aeaudio / aeaudio][Running/Manual Start]
    <system32\drivers\aeaudio.sys>  [(Verified)Andrea Electronics Corporation, 3.0.2.32, C:2007-11-05 11:14 M:2003-03-13 17:34]
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Stopped/Manual Start]
    <system32\DRIVERS\b57xp32.sys>  [(Verified)Broadcom Corporation, 6.34.0.0 built by: WinDDK, C:2007-11-05 11:30 M:2003-02-17 13:22]
[ialm / ialm][Running/Manual Start]
    <system32\DRIVERS\ialmnt5.sys>  [(Verified)Intel Corporation, 6.14.10.4396, C:2005-09-20 11:00 M:2005-09-20 11:00]
[DDK PACKET Protocol / Packet][Running/Manual Start]
    <system32\DRIVERS\ProtoDrv.sys>  [(Verified)360安全中心, 1, 0, 1, 1001, C:2008-04-09 16:36 M:2008-04-09 16:36]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2007-09-22 21:29 M:2004-08-17 20:00]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
    <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys>  [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2007-09-22 21:32 M:2007-11-13 18:25]
[smwdm / smwdm][Running/Manual Start]
    <system32\drivers\smwdm.sys>  [(Verified)Analog Devices, Inc., 5.12.01.3620, C:2007-11-05 11:14 M:2003-05-27 17:05]


========================================
进程

[PID: 364 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]

[PID: 420 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]

[PID: 444 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 488 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 500 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 656 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 712 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 776 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:45]

[PID: 796 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\System32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 840 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 920 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 964 / SYSTEM]   C:\Program Files\Rising\Rav\Ravmond.exe   [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\BWList.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsCommX.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\rfwctrl.dll  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 12, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsPPsys.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\CfgDll.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsLog.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\HOOKSYS.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\Scanner.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\libload.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\VirusLib.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\regmon.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\psapi.dll  [Microsoft Corporation, 4.00, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\HookWeb.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\MemMon.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\expscan.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\mPorts.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\HookCont.dll  [Rising, 19, 0, 0, 0, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\SpamEng.dll  [Copyright (C) 2004, 18, 0, 0, 6, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\engine.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\PostTrt.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\UnExe.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ScanExec.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ScanEx.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 1, 7, C:2008-05-05 17:46 M:2008-06-17 16:45]
    C:\Program Files\Rising\Rav\ExtFile.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 38, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\NvFile.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ScanMac.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ScanSct.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26, C:2008-05-05 17:46 M:2008-05-12 17:40]
    C:\Program Files\Rising\Rav\ScanPack.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\RsVM.dll  [Copyright (C) 2006, 19, 0, 0, 23, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\Uroutine.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 66, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ExtOLE.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\Uscript.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ExtMail.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\ScanNet.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:50]

[PID: 1124 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2008-04-30 22:13 M:2005-06-11 07:53]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]
    C:\WINDOWS\system32\HPBMMON.DLL  [Hewlett-Packard, 10.00.16, C:2006-05-05 13:24 M:2002-08-20 06:50]
    C:\WINDOWS\system32\hpdomon.dll  [Hewlett-Packard, 03.42.00, C:2006-05-05 13:24 M:2000-03-23 19:25]
    C:\WINDOWS\system32\HPBHealr.dll  [N/A, C:2006-05-05 13:24 M:2001-07-31 18:17]
    C:\WINDOWS\system32\hptcpmon.dll  [Hewlett Packard, 2.43.01.003, C:2007-11-05 13:55 M:2004-08-14 01:18]
    C:\WINDOWS\system32\HPZJSN01.dll  [Hewlett Packard Company, 1, 0, 0, 3, C:2007-11-05 13:55 M:2004-08-14 01:18]
    C:\WINDOWS\system32\hpzjfw01.dll  [Hewlett-Packard, 4.02.009.0, C:2007-11-05 13:55 M:2004-08-14 01:18]
    C:\WINDOWS\system32\hptcpmib.dll  [Hewlett Packard, 2.41.01.021, C:2007-11-05 13:55 M:2004-08-14 01:18]
    C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp041.dll  [Hewlett-Packard Corporation, 60.041.41.00, C:2006-05-05 13:24 M:2004-04-16 03:43]
    C:\WINDOWS\system32\hppadt40.dll  [HP, 7, 0, 5, 0, C:2006-05-05 13:24 M:2003-07-22 18:44]
    C:\WINDOWS\system32\HPZidr12.dll  [HP, 7, 0, 5, 0, C:2007-11-05 13:55 M:2003-11-11 11:16]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL  [Microsoft Corporation, 5.2.3790.99 (srv03_qfe.031024-1644), C:2006-05-05 13:24 M:2003-11-04 15:00]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL  [Microsoft Corporation, 5.2.3790.99 (srv03_qfe.031024-1644), C:2006-05-05 13:24 M:2003-11-04 15:00]

[PID: 1204 / SYSTEM]   C:\Program Files\Rising\Rav\RavStub.exe   [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\RsCommX.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]

[PID: 1384 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:29 M:2004-08-17 20:00]
    C:\WINDOWS\System32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 1440 / SYSTEM]   C:\Program Files\Rising\Rav\RavService.exe   [Beijing Rising Technology Co., Ltd., 19, 0, 0, 55, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\DLCenter.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsCommX.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]

[PID: 1436 / lshan]   C:\Program Files\Rising\Rav\RavTray.exe   [Rising, 19, 0, 0, 16, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RavUILib.dll  [All Rights Reserved, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RavTray936.dll  [Rising, 19, 0, 0, 16, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsCommx.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\BDEngine.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\libload.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\BDEX.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\BDLib.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:50]

[PID: 880 / lshan]   C:\Program Files\Rising\Rav\RavTask.exe   [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\CfgDll.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsCommX.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]

[PID: 3768 / lshan]   C:\Program Files\Rising\Rav\Ravmon.exe   [Beijing Rising Technology Co., Ltd., 19, 0, 0, 48, C:2008-05-05 17:46 M:2008-05-05 17:50]
    C:\Program Files\Rising\Rav\RsGuiLib.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\BWList.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\CfgDll.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsCommX.dll  [rising, 18, 0, 0, 1, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RsXML.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\PngDll.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]

[PID: 3816 / lshan]   C:\Program Files\360safe\antiarp\AntiArp.exe   [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 3244 / lshan]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:34 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]

[PID: 468 / lshan]   C:\WINDOWS\system32\taskmgr.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2007-09-22 21:33 M:2004-08-17 20:00]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]

[PID: 684 / lshan]   C:\Documents and Settings\lshan\桌面\autorun防御者08-10-9\arvmon.exe   [任软工作室, 2.3.2.160, C:2008-10-09 18:18 M:2008-08-04 01:14]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]
    C:\Documents and Settings\lshan\桌面\autorun防御者08-10-9\Vdata.dll  [任软工作室, 2, 3, 0, 116, C:2008-10-09 18:18 M:2008-10-09 02:57]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]

[PID: 2876 / lshan]   C:\WINDOWS\explorer.exe   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2007-09-22 21:29 M:2007-06-13 21:21]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2007-11-05 13:33 M:2007-02-03 01:19]
    C:\WINDOWS\system32\RavExt.dll  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5, C:2008-05-05 17:46 M:2008-05-05 17:45]
    C:\WINDOWS\system32\igfxpph.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2005-09-20 10:35 M:2005-09-20 10:35]
    C:\WINDOWS\system32\hccutils.DLL  [(Verified)Intel Corporation, 3.0.0.4396, C:2005-09-20 10:31 M:2005-09-20 10:31]
    C:\WINDOWS\system32\igfxres.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2007-11-05 11:29 M:2005-09-20 10:36]
    C:\WINDOWS\system32\igfxress.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2005-09-20 10:35 M:2005-09-20 10:35]
    C:\WINDOWS\system32\igfxsrvc.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2005-09-20 10:32 M:2005-09-20 10:32]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]

[PID: 3876 / lshan]   C:\Documents and Settings\lshan\桌面\windows清理助手08-10-9\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-10-09 16:29 M:2008-08-15 22:25]
    C:\Program Files\360safe\safemon\safemon.dll  [(Verified)360.CN, 4, 2, 0, 1005, C:2008-08-24 17:20 M:2008-07-10 17:42]
    C:\Documents and Settings\lshan\桌面\windows清理助手08-10-9\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-10-09 16:29 M:2007-11-28 15:19]
    C:\WINDOWS\system32\SYNCOR11.DLL  [SoundMAX, 1.2.3, C:2007-11-05 11:14 M:2002-11-06 20:00]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost



[/CODE]