[CODE] 2008-10-11,19:02:53 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 2 (build 2600) - Administrators ======================================== 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <360Antiarp> [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-02-14 13:13 M:2008-04-11 20:45] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)360安全中心, 2, 1, 1, 1002, C:2008-06-11 22:48 M:2008-06-11 22:48] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-09-08 14:08 M:2008-09-11 22:14] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-09-08 17:06 M:2008-09-08 17:05] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-09-24 18:40 M:2008-07-28 15:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-09-24 18:40 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-04 08:52 M:2008-06-24 00:14|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-04 08:52 M:2008-06-24 00:14|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-04 08:52 M:2008-06-24 00:14|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor] [Microsoft Corporation, 11.3.1897.0, C:2008-02-05 12:35 M:2003-06-18 17:31] ======================================== 启动项 [QQ游戏启动加速程序] "D:\QQ游戏\Accel.exe" > [(Verified)深圳市腾讯计算机系统有限公司, 2, 0, 103, 5, C:2008-01-11 09:05 M:2008-01-11 09:05] [服务管理器] "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe" /n > [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-06 01:03] ======================================== 计划任务 ======================================== 组件 ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] Shell Extension [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2002-01-01 00:22 M:2004-06-06 14:13] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2002-01-01 00:38 M:2004-02-01 17:39] [EncryptFile] {D55189EB-2826-4834-8E59-582B05CA99CA} [] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] Protocols [] {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} [酷狗, 5.2.4.4, C:2008-06-09 16:24 M:2008-09-21 21:49] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-09-24 18:41 M:2008-06-13 09:43] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-09-24 18:41 M:2008-06-13 09:43] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-09-08 14:08 M:2008-09-08 14:08] [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-09-26 19:06 M:2008-09-26 19:06] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] ToolBar [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-09-26 19:06 M:2008-09-26 19:06] ActiveX Extension [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-09-26 19:06 M:2008-09-26 19:06] [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-09-24 18:41 M:2008-06-13 09:43] [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-09-26 19:06 M:2008-09-26 19:06] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-09-24 18:41 M:2008-06-13 09:43] [CJfchk Object] {632C6705-17AB-4407-9281-F60D0A7726BE} [] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Xunlei Networking Technologies,LTD, 2, 1, 6, 81, C:2008-09-08 14:40 M:2008-09-19 19:01] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-09-08 14:40 M:2008-09-19 19:01] [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-01-25 14:35 M:2008-03-11 14:33] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-09-24 18:41 M:2008-09-19 19:01] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 1, 1028, C:2008-07-16 22:00 M:2008-07-16 22:00] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-09-24 18:41 M:2008-06-13 09:43] [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Microsoft Corporation, 5.00.2916.0, C:2003-05-16 17:49 M:2003-05-16 17:49] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-09-08 14:08 M:2008-09-08 14:08] [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [(Verified)Google Inc., 4, 0, 1606, 6690, C:2008-09-26 19:06 M:2008-09-26 19:06] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5805, 77, C:2008-09-24 18:41 M:2008-09-19 19:01] [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [(Verified)Google Inc., 2, 0, 301, 7164, C:2008-09-26 19:06 M:2008-09-26 19:06] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [GGWebObj Class] {C7AA3061-C959-4D65-B029-DC6FA761FD16} [] [QQPlayerCtrl Class] {CD108273-D434-43E6-AA90-1469F97EB398} [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38] [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [AgControl Class] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [(Verified) Microsoft Corporation, 1.0.30109.0, C:2008-01-08 21:30 M:2008-01-08 21:30] [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38] [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [(Verified)腾讯科技(深圳)有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08] [TimwpDll.TimwpCheck] {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} [(Verified)TENCENT, 8,0,713,1791, C:2008-01-25 17:14 M:2008-01-25 17:14] [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Xunlei Networking Technologies,LTD, 2, 1, 5853, 212, C:2008-09-24 18:41 M:2008-09-19 19:01] Context Menu [EncryptFile] {D55189EB-2826-4834-8E59-582B05CA99CA} [] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2002-01-01 00:38 M:2004-02-01 17:39] ======================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"> [Copyright (c) 1998-2003 Macrovision Corp., 2.42.000, C:2008-04-03 12:30 M:2008-04-03 12:30] [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:44 M:2000-08-17 17:53] [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-06 01:50] [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:44 M:2000-08-06 01:50] [Contrl Center of Storm Media / ccosm][Running/Auto Start] [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-01-11 11:41 M:2008-03-11 14:33] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [(Verified)Google, 2.0.734.29932.beta, C:2008-09-26 19:06 M:2008-09-26 19:06] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-09-08 17:06 M:2008-09-08 17:05] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-09-08 17:06 M:2008-09-08 17:05] ======================================== 驱动 [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [sptd / sptd][Running/Boot Start] [N/A, C:2008-09-17 17:22 M:2008-09-17 17:22] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245), C:2004-08-04 07:14 M:2008-06-20 18:45] [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys> [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33] [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start] [(Verified)VIA Technologies, Inc. , 2.66, C:2002-01-01 00:18 M:2001-08-17 12:13] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2005-01-07 17:07] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-09-08 17:06 M:2008-09-08 17:05] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-09-08 17:06 M:2008-09-08 17:05] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-09-08 17:06 M:2008-09-08 17:05] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-09-08 17:06 M:2008-09-08 18:27] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.5366 built by: WinDDK, C:2002-01-01 00:35 M:2007-02-03 18:57] [ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start] [(Verified)1043, 2, 15, 37, C:2002-01-01 00:33 M:2004-08-15 00:00] [DDK PACKET Protocol / Packet][Running/Manual Start] [(Verified)360安全中心, 1, 0, 1, 1001, C:2008-04-09 16:36 M:2008-04-09 16:36] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 14:13 M:2004-06-06 14:13] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-09-08 17:06 M:2008-09-08 17:05] [S3GIGP / S3GIGP][Running/Manual Start] [(Verified)S3 Graphics Co., Ltd., 6.14.10.0071-15.13.15.05, C:2002-01-01 00:33 M:2006-09-12 02:43] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys> [(Verified)360安全中心, 2, 2, 1, 1001, C:2008-06-06 18:31 M:2008-06-06 18:31] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 19:36 M:2007-11-13 18:25] ======================================== 进程 [PID: 656 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 728 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 752 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 796 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 808 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 964 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 1056 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 1152 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 1168 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 1248 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 1364 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 1404 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-09-08 14:40 M:2008-06-23 19:46] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-09-08 14:40 M:2008-06-23 19:46] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-27 20:05] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-09-08 17:06 M:2008-09-08 18:27] C:\PROGRAM FILES\RISING\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 94, C:2008-09-08 17:06 M:2008-09-23 17:44] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\scanpack.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-09-08 17:06 M:2008-10-09 15:49] C:\PROGRAM FILES\RISING\RAV\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-09-08 17:06 M:2008-09-08 18:27] C:\PROGRAM FILES\RISING\RAV\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-10-09 15:49] C:\PROGRAM FILES\RISING\RAV\extole.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 1672 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-04 08:52 M:2005-06-11 07:53] C:\WINDOWS\system32\mdimon.dll [Microsoft Corporation, 11.3.1897.0, C:2008-02-05 12:35 M:2003-06-18 17:31] C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll [Microsoft Corporation, 11.3.1897.0, C:2008-02-05 12:35 M:2003-06-18 17:31] [PID: 1788 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 588 / SYSTEM] C:\Program Files\StormII\stormliv.exe [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-01-11 11:41 M:2008-03-11 14:33] C:\Program Files\StormII\MSVCP60.dll [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] [PID: 1236 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] [PID: 1276 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] C:\WINDOWS\System32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] [PID: 3556 / SKY] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-04 08:52 M:2007-06-13 21:21] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-09-24 18:41 M:2008-06-13 09:43] C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-09-24 18:41 M:2008-06-13 09:43] C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-09-24 18:41 M:2008-09-19 19:01] C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-09-24 18:41 M:2008-09-19 19:01] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\WinRAR\rarext.dll [N/A, C:2002-01-01 00:38 M:2004-02-01 17:39] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\杀毒软件\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\WINDOWS\system32\msdmo.dll [(Verified)N/A, C:2004-08-04 08:52 M:2004-08-04 08:52] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 3516 / SKY] C:\Program Files\杀毒软件\360safe\AntiArp\AntiArp.exe [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-02-14 13:13 M:2008-04-11 20:45] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 3880 / SKY] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-09-08 14:08 M:2008-09-11 22:14] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-09-08 14:08 M:2008-09-28 20:28] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.39, C:2008-09-08 14:08 M:2008-09-18 12:35] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-10-07 12:25 M:2008-10-07 12:25] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 640 / SKY] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 1472 / SKY] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] [PID: 612 / SKY] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-06 01:03] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-06 01:51] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-06 01:51] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-17 17:56] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-17 17:54] C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL [Microsoft Corporation, 2000.080.0194.00, C:2008-03-01 14:45 M:2000-08-17 17:55] [PID: 3396 / SKY] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-09-08 17:06 M:2008-09-08 18:27] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-09-08 14:40 M:2008-06-23 19:46] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-09-08 14:40 M:2008-06-23 19:46] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-09-08 17:06 M:2008-09-08 17:05] C:\Program Files\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-09-08 17:06 M:2008-09-08 17:05] [PID: 2596 / SKY] D:\QQ\TXPlatform.exe [(Verified)Tencent, 1, 0, 170, 0, C:2007-11-18 09:53 M:2007-11-18 09:53] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-09-08 14:08 M:2008-09-28 20:28] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\杀毒软件\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] [PID: 3584 / SKY] C:\Program Files\杀毒软件\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-08-15 22:25 M:2008-08-15 22:25] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-09-08 14:08 M:2008-09-24 14:32] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-09-08 14:08 M:2008-09-28 20:28] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-08 14:08 M:2008-09-08 14:08] C:\Program Files\杀毒软件\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1005, C:2008-07-10 17:42 M:2008-07-10 17:42] C:\Program Files\杀毒软件\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-09-08 17:06 M:2008-09-08 17:05] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 ======================================== HOSTS 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn 127.0.0.1 gxgxy.net 127.0.0.1 c0mo.com [/CODE]