[CODE] 2009-01-20,15:15:01 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-24 19:05 M:2008-11-24 19:04] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|NVIDIA Corporation, 6.14.11.7519, C:2008-11-24 18:55 M:2008-05-16 14:01] [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2009-01-20 15:11 M:2009-01-20 14:53] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] <"C:\Program Files\Rising\Rav\Update\Setup.exe" /FIRST /ONCE> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.47, C:2009-01-20 15:09 M:2009-01-20 14:56] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <{1E796980-9CC5-11D1-A83F-00C04FC99D61}><> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-11-24 18:59 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-11-24 18:59 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)N/A, C:2008-04-14 20:00 M:2008-04-14 20:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)N/A, C:2008-04-14 20:00 M:2008-04-14 20:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}] [(Verified)N/A, C:2008-11-24 18:59 M:2007-03-16 13:46] ======================================== 启动项 [E05183] "C:\WINDOWS\system32\92F54A\E05183.EXE" > [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] ======================================== 计划任务 ======================================== 组件 ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [Windows Script Host 的 Shell extensions] {60254CA5-953B-11CF-8C96-00AA00B8708C} [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-11-24 18:59 M:2007-09-23 18:59] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2008-11-24 18:57 M:2008-05-16 14:01] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2008-11-24 18:57 M:2008-05-16 14:01] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2008-11-24 18:57 M:2008-05-16 14:01] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] Protocols [Microsoft HTML About Pluggable Protocol] {3050F406-98B5-11CF-BB82-00AA00BDCE0B} <%SystemRoot%\system32\mshtml.dll> [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] [Microsoft HTML Javascript Pluggable Protocol] {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} <%SystemRoot%\system32\mshtml.dll> [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] [Microsoft HTML Mailto Pluggable Protocol] {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} <%SystemRoot%\system32\mshtml.dll> [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] [Microsoft HTML Resource Pluggable Protocol] {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} <%SystemRoot%\system32\mshtml.dll> [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] [Microsoft HTML Resource Pluggable Protocol] {76E67A63-06E9-11D2-A840-006008059382} <%SystemRoot%\system32\mshtml.dll> [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-24 18:59 M:2008-04-07 15:40] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-24 18:59 M:2008-04-29 14:42] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-24 19:05 M:2008-11-24 19:04] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-24 18:59 M:2008-04-07 15:40] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-11-24 18:59 M:2008-05-26 11:09] [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [(Verified)Copyright 2007, 2, 1, 2, 1, C:2008-05-20 10:51 M:2008-05-20 10:51] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Copyright XunLei 2007, 2, 1, 0, 64, C:2008-06-23 18:46 M:2008-06-11 16:11] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-06-23 18:46 M:2008-06-11 16:11] [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} [Copyright 2006, 1, 0, 0, 3, C:2006-09-19 16:31 M:2006-09-19 16:31] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-24 18:59 M:2008-04-29 14:42] [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-24 19:05 M:2008-11-24 19:04] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5802, 54, C:2008-11-24 18:56 M:2008-06-11 16:11] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-11-24 18:59 M:2008-06-11 16:11] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [Thunder, 2, 0, 0, 166, C:2008-11-24 18:56 M:2008-06-11 16:11] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-11-24 18:59 M:2007-09-23 18:59] ======================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [NVIDIA Corporation, 6.14.11.7519, C:2008-11-24 18:55 M:2008-05-16 14:01] [Network Location Awareness (NLA) / Nla][Running/Manual Start] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mswsock.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00|Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [Rising Process Communication Center / RsCCenter][/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-01-20 15:10 M:2009-01-20 15:07] [Rising RealTime Monitor / RsRavMon][/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-24 19:04 M:2008-11-24 19:04] ======================================== 驱动 [AFD / AFD][Running/System Start] <\SystemRoot\System32\drivers\afd.sys> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-20 19:40] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [] [nv / nv][Running/Manual Start] [NVIDIA Corporation, 6.14.11.7519, C:2008-11-24 18:55 M:2008-05-16 14:01] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] [NVIDIA Corporation, 10.3.0.21 built by: WinDDK, C:2008-05-31 17:38 M:2008-01-25 20:01] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [Realtek Semiconductor Corporation , 5.686.0103.2008 built by: WinDDK, C:2008-11-24 18:56 M:2008-01-03 22:10] [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [Silicon Image, Inc., 1.0.0.11, C:2008-01-23 17:20 M:2006-08-08 22:19] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-06-12 10:01 M:2008-07-09 07:44] [viamraid / viamraid][Stopped/Boot Start] [VIA Technologies inc,.ltd, 5.1.6000.574, C:2008-01-23 17:20 M:2008-01-22 14:02] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-06-23 13:45 M:2001-08-17 04:19] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-14 20:00 M:2008-04-14 20:00] [HookCont / HookCont][/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6, C:2009-01-20 15:12 M:2009-01-20 15:06] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 47, C:2009-01-20 15:11 M:2009-01-20 14:53] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5506 built by: WinDDK, C:2008-11-24 18:55 M:2007-11-01 14:38] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-06-23 13:45 M:2001-08-17 04:11] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-04-14 20:00 M:2008-04-14 20:00] [RsNTGDI / RsNTGDI][/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-01-20 15:11 M:2009-01-20 14:56] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-14 20:00 M:2008-04-14 20:00] ======================================== 进程 [PID: 660 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [PID: 720 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [PID: 744 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 788 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [PID: 800 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 964 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 1032 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1168 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\System32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 1248 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1328 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1420 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 10:42 M:2003-02-21 10:42] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-11-24 19:04 M:2008-11-24 19:04] [PID: 1836 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\FreeLaunchBar\flb.dll [TrueSoft, 1.0.0.0, C:2008-11-24 18:59 M:2004-10-22 06:46] C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-24 18:59 M:2008-04-07 15:40] C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-24 18:59 M:2008-04-29 14:42] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53] C:\Program Files\WinRAR\rarext.dll [N/A, C:2008-11-24 18:59 M:2007-09-23 18:59] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\nvshell.dll [N/A, C:2008-11-24 18:57 M:2008-05-16 14:01] [PID: 1852 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 764 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation, 6.14.11.7519, C:2008-11-24 18:55 M:2008-05-16 14:01] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\nvapi.dll [NVIDIA Corporation, 6.14.11.7519, C:2008-11-24 18:55 M:2008-05-16 14:01] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 1680 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 232 / Administrator] C:\WINDOWS\system32\92F54A\E05183.EXE [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\92F54A\krnln.fnr [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\92F54A\com.run [版权所有 (C) 2004, 1, 0, 0, 1, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\92F54A\shell.fne [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\92F54A\dp1.fne [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\92F54A\eAPI.fne [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53] C:\WINDOWS\system32\mshtml.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\92F54A\internet.fne [版权所有 (C) 2002, 1, 0, 0, 1, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\system32\92F54A\RegEx.fnr [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\92F54A\spec.fne [N/A, C:2008-11-24 19:02 M:2008-11-24 19:02] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\vbscript.dll [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] C:\WINDOWS\system32\jscript.dll [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] [PID: 352 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] [PID: 1348 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\System32\MSWSOCK.DLL [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\System32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] [PID: 440 / Administrator] D:\Program Files\Tencent\QQ\TXPlatform.exe [(Verified)Tencent, 1, 5, 225, 0, C:2008-05-20 17:53 M:2008-05-20 17:53] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] D:\Program Files\Tencent\QQ\TXPFProxy.dll [(Verified)N/A, C:2008-04-10 10:15 M:2008-04-10 10:15] [PID: 2172 / Administrator] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-11-24 18:56 M:2008-04-14 20:00] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-24 18:59 M:2008-04-07 15:40] C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-24 18:59 M:2008-04-29 14:42] C:\WINDOWS\system32\UrlFilter.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\UrlRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\mshtml.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\WINDOWS\system32\vbscript.dll [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] C:\WINDOWS\system32\jscript.dll [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] C:\WINDOWS\system32\WINWB86.IME [Microsoft Corporation, 4.00.950, C:2008-06-23 18:10 M:2000-06-08 17:00] C:\WINDOWS\system32\SOGOUPY.IME [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-06-06 00:00 M:2008-06-06 00:00] C:\Program Files\SogouInput\Plugin\SgImeWord.dll [(Verified)Sogou.com Inc., 3.5.0.0, C:2008-11-24 18:59 M:2008-06-06 00:00] [PID: 2156 / Administrator] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-11-24 19:05 M:2009-01-20 14:55] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.42, C:2008-11-24 19:05 M:2009-01-20 14:54] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2008-11-24 19:05 M:2009-01-20 14:54] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-24 19:04 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-24 19:04 M:2008-11-24 19:04] [PID: 2824 / Administrator] E:\新建文件夹\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2009-01-20 15:08 M:2008-11-15 11:58] C:\WINDOWS\system32\WININET.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-24 19:05 M:2008-11-24 19:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53] C:\WINDOWS\system32\mshtml.dll [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430), C:2008-06-12 10:00 M:2008-06-12 10:00] E:\新建文件夹\arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2009-01-20 15:08 M:2007-11-28 15:19] C:\WINDOWS\system32\jscript.dll [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] ======================================== 文件关联 [.vbs] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-08 19:24] [.js] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-08 19:24] ======================================== AutoRun.INF ======================================== Winsock提供者 MSAFD Tcpip [TCP/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD Tcpip [UDP/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD Tcpip [RAW/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{C28F27FC-E5A6-4D4B-853B-A6FA17B00DC5}] SEQPACKET 3 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{C28F27FC-E5A6-4D4B-853B-A6FA17B00DC5}] DATAGRAM 3 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A8C55D9-46F6-4EE2-85AD-72EA07EA2C06}] SEQPACKET 0 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A8C55D9-46F6-4EE2-85AD-72EA07EA2C06}] DATAGRAM 0 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C390CBE-ADAE-4717-9223-9258654A4AB4}] SEQPACKET 4 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C390CBE-ADAE-4717-9223-9258654A4AB4}] DATAGRAM 4 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C90343C-A89B-4F7F-A5C0-B60D8E110D18}] SEQPACKET 5 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C90343C-A89B-4F7F-A5C0-B60D8E110D18}] DATAGRAM 5 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] ======================================== HOSTS 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com [/CODE]