[CODE] 2008-11-28,11:05:15 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] [广州众达天网技术有限公司, 3.0.0.1015, C:2008-11-07 16:35 M:2008-07-06 13:37] [Copyright (C) 2006, 1, 0, 5, 1026, C:2007-04-26 10:25 M:2007-04-26 10:25] [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 16:22] <"d:\software\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-07 16:33 M:2008-11-07 16:33] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-11-07 18:13 M:2008-07-28 15:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-11-07 18:13 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)N/A, C:2008-05-01 00:00 M:2008-05-01 00:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)N/A, C:2008-05-01 00:00 M:2008-05-01 00:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)N/A, C:2006-11-02 23:38 M:2006-11-02 23:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [(Verified)Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-07 18:13 M:2008-10-16 18:18] ======================================== 启动项 ======================================== 计划任务 ======================================== 组件 ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-11-07 15:56 M:2008-05-01 08:00] [NvCpl DesktopContext Class] {A70C977A-BF00-412C-90B7-034C51DA2439} [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] [Play on my TV helper] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2008-06-05 08:51 M:2007-05-22 22:35] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2008-06-05 08:51 M:2007-05-22 22:35] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2008-06-05 08:51 M:2007-05-22 22:35] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] [Anti-Spyware Toolkit] {B62954A8-2446-4AEA-A2EE-489863352A21} [超级巡警, 1.5.5.13, C:2008-04-02 19:05 M:2008-04-02 19:05] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-11-07 17:39 M:2007-09-23 18:59] [Synaptics Control Panel] {2F603045-309F-11CF-9774-0020AFD0CFF6} [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 16:03] [EncryptFile] {D55189EB-2826-4834-8E59-582B05CA99CA} [] Protocols [NyfFilter Class] {C4BA8816-8761-4164-8E33-56F3024A09E4} [Wjj Software, 1, 0, 0, 11, C:2008-11-07 18:20 M:2006-04-30 09:41] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-07 18:14 M:2008-09-06 10:36] [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-07 18:14 M:2008-09-19 16:44] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-07 16:33 M:2008-11-07 16:33] [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} [超级巡警, 1, 0, 3, 4, C:2008-11-07 17:29 M:2008-11-07 17:29] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-07 18:14 M:2008-09-06 10:36] [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56] [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [Copyright 2004, 1, 2, 0, 3, C:2008-11-09 04:14 M:2007-09-14 15:54] [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [(Verified)Copyright 2001, 2, 5, 1, 509, C:2008-07-14 09:42 M:2008-07-14 09:42] [GDCCBCtrl Class] {478AB5EE-5C92-41C3-8339-CFC5BA639733} [G&D, 1.0.0.1, C:2007-04-09 10:21 M:2007-04-09 10:21] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 6, 0, 4, 42, C:2008-11-07 18:14 M:2008-09-23 10:40] [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [(Verified)Copyright 2008, 2, 1, 2, 1, C:2008-07-14 09:42 M:2008-07-14 09:42] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Xunlei Networking Technologies,LTD, 2, 1, 8, 90, C:2008-11-07 18:14 M:2008-10-16 18:17] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [(Verified)Thunder Networking Technologies,LTD, 3, 1, 6, 81, C:2008-11-21 19:08 M:2008-11-10 10:28] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-07 18:14 M:2008-09-19 16:44] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-07 16:33 M:2008-11-07 16:33] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5807, 94, C:2008-11-07 18:14 M:2008-10-16 17:13] [SecAddons Class] {AF69627B-8489-41C2-971A-B927DF7A5B0F} [超级巡警, 1, 0, 3, 4, C:2008-11-07 17:29 M:2008-11-07 17:29] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [(Verified)腾讯科技(深圳)有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [(Verified)Xunlei Networking Technologies,LTD, 2, 1, 5871, 223, C:2008-11-07 18:14 M:2008-10-13 18:29] Context Menu [Anti-Spyware Toolkit] {B62954A8-2446-4AEA-A2EE-489863352A21} [超级巡警, 1.5.5.13, C:2008-04-02 19:05 M:2008-04-02 19:05] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-11-07 17:39 M:2007-09-23 18:59] ======================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PlugServerD / PlugServer][Running/Auto Start] [GDChina, 1, 1, 0, 2, C:2008-11-07 18:11 M:2007-03-30 15:22] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"d:\software\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-07 16:31 M:2008-11-07 17:10] ======================================== 驱动 [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys> [] [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [] [RF / RF][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\RF.ahc> [N/A, C:2008-11-20 19:08 M:2008-11-27 19:44] [SKNFW / SKNFW][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys> [N/A, C:2008-11-07 16:35 M:2007-12-17 10:14] [SkyProcs / SkyProcs][Running/Manual Start] <\??\D:\software\FIREWALL\SkyProcs.sys> [N/A, C:2008-11-07 16:35 M:2006-03-28 15:17] [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] [(Verified)Broadcom Corporation, 10.26.0.0 built by: WinDDK, C:2008-11-07 16:19 M:2007-02-16 15:46] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-05-01 00:00 M:2008-05-01 00:00] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5391 built by: WinDDK, C:2008-11-07 16:18 M:2007-03-26 19:21] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-05-01 00:00 M:2008-05-01 00:00] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-11-07 16:31 M:2008-11-07 17:11] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-05-01 00:00 M:2008-05-01 00:00] [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 15:40] ======================================== 进程 [PID: 436 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 672 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 700 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 744 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 756 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 900 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 980 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1020 / SYSTEM] d:\software\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-07 16:31 M:2008-11-07 17:10] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1036 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1116 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1152 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1352 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] C:\WINDOWS\system32\nvapi.dll [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1368 / SYSTEM] C:\Program Files\StarSec\PlugServer.exe [GDChina, 1, 1, 0, 2, C:2008-11-07 18:11 M:2007-03-30 15:22] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] C:\Program Files\StarSec\plugins\plugstarkey220.dll [GDChina, 1, 1, 0, 1, C:2008-11-07 18:11 M:2007-04-11 19:45] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1400 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1816 / dxjnet] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] D:\software\Acrobat 7.0\ActiveX\PDFShell.dll [Adobe Systems, Inc., 7.0.0.0, C:2004-12-14 02:20 M:2004-12-14 02:20] C:\WINDOWS\system32\nvcpl.dll [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\nvapi.dll [(Verified)NVIDIA Corporation, 6.14.11.0134, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\nvshell.dll [N/A, C:2008-06-05 08:51 M:2007-05-22 22:35] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] d:\software\WinRAR\rarext.dll [N/A, C:2008-11-07 17:39 M:2007-09-23 18:59] D:\software\ast\AstShellEx.dll [超级巡警, 1.5.5.13, C:2008-04-02 19:05 M:2008-04-02 19:05] D:\software\ast\MFC80.DLL [Microsoft Corporation, 8.00.50727.762, C:2006-12-02 00:26 M:2006-12-02 00:26] D:\software\ast\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2007-09-27 20:47 M:2007-09-27 20:47] D:\software\ast\MSVCP80.dll [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:03 M:2006-12-01 22:03] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-11-07 16:31 M:2008-11-07 16:30] D:\software\Acrobat 7.0\ActiveX\AcroIEHelper.dll [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56] d:\software\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-07 18:14 M:2008-09-19 16:44] d:\software\Thunder\Components\ResWorker\DsBho_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-07 18:14 M:2008-10-16 18:17] d:\software\Thunder\Components\ResWorker\DataProcessor_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-07 18:14 M:2008-10-16 18:17] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1952 / dxjnet] C:\Program Files\StarSec\ssMgr_ccb.exe [Copyright (C) 2006, 1, 0, 5, 1026, C:2007-04-26 10:25 M:2007-04-26 10:25] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SSP11_CCB.dll [GDChina, 1, 0, 0, 2, C:2007-04-17 10:02 M:2007-04-17 10:02] [PID: 1960 / dxjnet] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 16:22] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SynCOM.dll [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 15:53] C:\WINDOWS\system32\SynTPAPI.dll [(Verified)Synaptics, Inc., 8.3.8 16Jun06, C:2008-11-13 11:08 M:2006-06-16 15:54] [PID: 1968 / dxjnet] D:\software\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-07 16:33 M:2008-11-07 16:33] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] D:\software\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-11-07 16:33 M:2008-11-07 16:33] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\software\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.41, C:2008-11-07 16:33 M:2008-11-07 17:02] D:\software\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-11-07 16:33 M:2008-11-07 16:33] d:\software\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-07 16:31 M:2008-11-07 17:10] D:\software\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-07 16:33 M:2008-11-07 16:33] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-07 16:31 M:2008-11-07 17:10] [PID: 504 / dxjnet] C:\WINDOWS\system32\taskmgr.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] d:\software\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-07 16:33 M:2008-11-07 16:33] d:\software\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-07 16:33 M:2008-11-07 16:33] [PID: 1804 / dxjnet] C:\Program Files\Internet Explorer\IEXPLORE.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-11-07 15:57 M:2008-05-01 08:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] d:\software\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-07 16:33 M:2008-11-07 16:33] d:\software\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-07 16:33 M:2008-11-07 16:33] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] d:\software\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-07 18:14 M:2008-09-06 10:36] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-11-07 16:31 M:2008-11-07 16:30] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-11-07 16:31 M:2008-11-07 16:30] D:\software\Acrobat 7.0\ActiveX\AcroIEHelper.dll [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56] d:\software\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-07 18:14 M:2008-09-19 16:44] d:\software\Thunder\Components\ResWorker\DsBho_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-07 18:14 M:2008-10-16 18:17] d:\software\Thunder\Components\ResWorker\DataProcessor_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-07 18:14 M:2008-10-16 18:17] C:\WINDOWS\system32\UrlFilter.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-07 16:33 M:2008-11-07 16:33] d:\software\AntiSpyware\UrlRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-11-07 16:33 M:2008-11-07 16:33] D:\software\ast\SecAddons.dll [超级巡警, 1, 0, 3, 4, C:2008-11-07 17:29 M:2008-11-07 17:29] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [PID: 2084 / dxjnet] D:\software\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-15 11:58 M:2008-11-15 11:58] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-07 16:33 M:2008-11-07 17:02] d:\software\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-07 16:33 M:2008-11-07 16:33] d:\software\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-07 16:33 M:2008-11-07 16:33] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\software\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 ======================================== HOSTS 127.0.0.1 localhost 10.50.10.1 shanghai_srv01 [/CODE]