[CODE]

2009-03-31,17:22:46

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 3 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [(Verified)Tencent Technology (Shenzhen) Company Limited, 1, 9, 271, 271, C:2009-03-09 14:44 M:2009-03-09 14:44]
    <EPSON ME 1><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI8WP.EXE /FU "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_S5C8.tmp" /EF "HKCU">  [(Verified)SEIKO EPSON CORPORATION, 5.00, C:2008-03-27 10:03 M:2006-12-21 14:30|N/A, C:2008-03-27 10:08 M:2008-03-27 10:08]
    <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe>  [(Verified)PPStream Inc, 1, 0, 11, 171, C:2009-03-27 20:46 M:2008-12-11 18:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Realtek Semiconductor Corp., 2.2.5.2, C:2009-03-13 11:35 M:2008-11-17 16:08]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp., 1.6.0.2, C:2008-03-17 11:36 M:2008-03-17 11:36]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD, 1, 1, 4, 0, C:2008-07-22 13:53 M:2008-07-22 13:53]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 13:33]
    <Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc., 1, 0, 0, 1, C:2008-10-17 16:38 M:2008-10-17 16:38]
    <RFWTray><"C:\Program Files\Rising\RFW\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2008-03-19 17:03 M:2008-03-19 17:03]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2008-03-19 17:07 M:2008-03-19 17:06]
    <360Safebox><"C:\Program Files\360\360safebox\safeboxTray.exe" /r>  [(Verified)360安全中心, 2, 5, 2, 1004, C:2009-03-26 20:50 M:2009-03-26 20:50]
    <nwiz><nwiz.exe /install>  []
    <360Safetray><C:\Program Files\360\360Safe\safemon\360tray.exe /start>  [(Verified)360安全中心, 5, 0, 0, 1013, C:2009-02-20 16:43 M:2009-02-20 16:43]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2009-03-31 15:29 M:2009-03-31 15:28]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载]
    <><C:\Program Files\Tencent\QQDownload\geturl.htm>  [N/A, C:2008-11-21 15:47 M:2008-11-21 15:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载全部链接]
    <><C:\Program Files\Tencent\QQDownload\getAllurl.htm>  [N/A, C:2008-11-21 15:47 M:2008-11-21 15:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载本页视频]
    <><C:\Program Files\Tencent\QQDownload\geturlflv.htm>  [N/A, C:2008-09-27 18:34 M:2008-09-27 18:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|(Verified)Microsoft Corporation, 7.00.6000.16791 (vista_gdr.081217-1620), C:2008-04-14 20:00 M:2008-12-21 06:30|(Verified)N/A, C:2006-11-02 23:38 M:2006-11-02 23:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}]
    <浩方电竞平台><C:\Program Files\Holdfast\platform 5.0\gameclient.exe>  [(Verified)上海浩方在线信息技术有限公司, 5.2.1.319, C:2009-03-28 18:33 M:2009-03-19 15:23]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\EPSON ME 1 32MonitorBP]
    <PrintMonitor: EPSON ME 1 32MonitorBP><E_FLB8WP.DLL>  [(Verified)SEIKO EPSON CORPORATION, 2, 4, 0, 0, C:2008-03-27 10:03 M:2006-12-08 11:34]


========================================
启动项

[QQ游戏启动加速程序]
    <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> "C:\Program Files\腾讯游戏\QQGAME\Accel.exe"  > [(Verified)深圳市腾讯计算机系统有限公司, 2, 0, 103, 5, C:2009-01-06 15:55 M:2009-01-06 15:55]
[Adobe Gamma Loader]
    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe"  > [Adobe Systems, Inc., 1, 0, 0, 1, C:2009-03-13 16:06 M:2002-08-06 13:37]
[AutoCAD 启动加速器]
    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> "C:\Program Files\Common Files\Autodesk Shared\acstart17.exe"  > [(Verified)Autodesk, Inc, 17.0.54.0, C:2007-05-03 19:19 M:2007-05-03 19:19]
[EPSON Online Register]
    <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Online Register.lnk --> "C:\Program Files\EPSON\Online Register\Online Register.exe"  > [版权所有 (C) 2003, 1, 0, 0, 1, C:2008-03-27 10:19 M:2006-11-10 16:18]


========================================
计划任务

[SogouImeMgr.job]
    <C:\WINDOWS\tasks\SogouImeMgr.job --> "C:\PROGRA~1\SOGOUI~1\400~1.209\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 4.0.0.2093, C:2009-02-04 15:40 M:2009-02-04 15:40]
[Google Software Updater.job]
    <C:\WINDOWS\tasks\Google Software Updater.job --> "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" scheduled_start > [(Verified)Google, 2.4.1536.6592.beta, C:2008-03-15 12:45 M:2008-03-27 09:13]


========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2009-02-01 09:37 M:2008-09-30 21:14]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 13:33]
[Autodesk DWF Preview]
    {6DEA92E9-8682-4b6a-97DE-354772FE5727}  <C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll>  [(Verified)Autodesk, 16.2.54.0, C:2005-03-05 04:14 M:2005-03-05 04:14]
[ShellLink for Application References]
    {e82a2d71-5b2f-43a0-97b8-81be15854de8}  <C:\WINDOWS\system32\dfshim.dll>  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28]
[Shell Icon Handler for Application References]
    {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}  <C:\WINDOWS\system32\dfshim.dll>  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28]
[AutoCAD 数字签名图标覆盖处理程序]
    {36A21736-36C2-4C11-8ACB-D4136F2B57BD}  <C:\WINDOWS\system32\AcSignIcon.dll>  [(Verified)Autodesk, 17.0.54.0, C:2006-04-21 16:00 M:2006-04-21 16:00]
[Autodesk Drawing Preview]
    {AC1DB655-4F9A-4c39-8AD2-A65324A4C446}  <C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll>  [(Verified)Autodesk, 17.0.54.0, C:2006-04-21 16:00 M:2006-04-21 16:00]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]

Protocols
[Cor MIME Filter, CorFltr, CorFltr 1]
    {1E66F26B-79EE-11D2-8710-00C04F79ED0D}  <mscoree.dll>  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200), C:2005-09-23 07:28 M:2005-09-23 07:28]

BrowserHelperObject
[QQCycloneHelper Class]
    {00000000-12C9-4305-82F9-43058F20E8D2}  <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll>  [(Verified)Tencent Technology (Shenzhen) Company Limited, 1, 9, 266, 266, C:2008-03-06 14:36 M:2008-03-06 14:36]
[ThunderAtOnce Class]
    {4359F288-5B59-4F71-858C-26C57141C99E}  <C:\Program Files\Thunder5\ComDlls\TDAtOnce_Now.dll>  []
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  []
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2009-03-31 15:29 M:2009-03-31 15:28]
[Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}  <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll>  [(Verified)N/A, C:2008-03-18 15:53 M:2008-03-18 14:58]
[Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}  <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll>  [(Verified)Google Inc., 5, 0, 926, 3450, C:2008-03-15 12:45 M:2008-03-15 12:45]
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360\360Safe\safemon\safemon.dll>  [(Verified)360.CN, 5, 0, 0, 1007, C:2009-02-13 23:40 M:2009-02-13 23:40]
[Google Dictionary Compression sdch]
    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}  <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll>  [(Verified)Google Inc., 1, 0, 610, 10250, C:2008-03-18 14:58 M:2008-03-18 14:58]
[EpsonToolBandKicker Class]
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}  <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll>  [SEIKO EPSON CORPORATION, 1, 0, 0, 0, C:2008-03-27 10:19 M:2004-02-10 14:08]

ToolBar
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  []
[&Google Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}  <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll>  [(Verified)N/A, C:2008-03-18 15:53 M:2008-03-18 14:58]
[EPSON Web-To-Page]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D}  <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll>  [SEIKO EPSON CORPORATION, 1, 0, 0, 0, C:2008-03-27 10:19 M:2004-02-10 14:08]

ActiveX Extension
[QQCycloneHelper Class]
    {00000000-12C9-4305-82F9-43058F20E8D2}  <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll>  [(Verified)Tencent Technology (Shenzhen) Company Limited, 1, 9, 266, 266, C:2008-03-06 14:36 M:2008-03-06 14:36]
[Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}  <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll>  [(Verified)N/A, C:2008-03-18 15:53 M:2008-03-18 14:58]
[&Google Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}  <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll>  [(Verified)N/A, C:2008-03-18 15:53 M:2008-03-18 14:58]
[ThunderAtOnce Class]
    {4359F288-5B59-4F71-858C-26C57141C99E}  <C:\Program Files\Thunder5\ComDlls\TDAtOnce_Now.dll>  []
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  []
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [ShenZhen Thunder Networking Technologies,LTD, 2, 1, 9, 102, C:2008-03-16 21:49 M:2009-03-17 19:20]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2009-02-01 09:39 M:2008-12-30 05:35]
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  []
[360SafeLive]
    {87515F61-A66C-4319-A0E0-D416CB8059E3}  <C:\Program Files\360\360Safe\live.dll>  [(Verified)360.cn, 1, 0, 1, 1030, C:2009-02-11 16:33 M:2009-02-11 16:33]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2009-03-31 15:29 M:2009-03-31 15:28]
[Tool Class]
    {A7F05EE4-0426-454F-8013-C41E3596E9E9}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  []
[Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7}  <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll>  [(Verified)N/A, C:2008-03-18 15:53 M:2008-03-18 14:58]
[Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}  <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll>  [(Verified)Google Inc., 5, 0, 926, 3450, C:2008-03-15 12:45 M:2008-03-15 12:45]
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\baidubar.dll>  []
[SafeMon Class]
    {B69F34DD-F0F9-42DC-9EDD-957187DA688D}  <C:\Program Files\360\360Safe\safemon\safemon.dll>  [(Verified)360.CN, 5, 0, 0, 1007, C:2009-02-13 23:40 M:2009-02-13 23:40]
[Google Dictionary Compression sdch]
    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}  <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll>  [(Verified)Google Inc., 1, 0, 610, 10250, C:2008-03-18 14:58 M:2008-03-18 14:58]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\FlDbg10a.ocx>  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:20 M:2008-10-05 11:20]
[PlayerCtrl Class]
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}  <D:\QQMusic\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 164, 203, C:2007-10-13 13:24 M:2007-10-13 13:24]
[EpsonToolBandKicker Class]
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}  <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll>  [SEIKO EPSON CORPORATION, 1, 0, 0, 0, C:2008-03-27 10:19 M:2004-02-10 14:08]
[EPSON Web-To-Page]
    {EE5D279F-081B-4404-994D-C6B60AAEBA6D}  <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll>  [SEIKO EPSON CORPORATION, 1, 0, 0, 0, C:2008-03-27 10:19 M:2004-02-10 14:08]

Context Menu
[Autodesk.DWF.ContextMenu]
    {6C18531F-CA85-45F7-8278-FF33CF0A5964}  <C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll>  [(Verified)Autodesk, Inc., 1.1.0.278, C:2009-03-13 16:17 M:2005-11-15 15:16]
[EPPShellEx]
    {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}  <C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll>  [SEIKO EPSON CORPORATION, 1, 1, 0, 0, C:2008-03-27 10:19 M:2006-04-13 19:44]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2009-02-01 09:37 M:2008-09-30 21:14]


========================================
服务

[Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
    <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe">  [Autodesk, 2.80.011, C:2009-03-13 16:07 M:2009-03-15 09:08]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
[mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit / mi-raysat_3dsMax2008_32][Running/Auto Start]
    <"D:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe">  [N/A, C:2007-09-24 17:05 M:2007-09-24 17:05]
[RaySat_3dsmax8 Server / mi-raysat_3dsmax8][Running/Auto Start]
    <"C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe">  [N/A, C:2005-09-21 14:13 M:2005-09-21 14:13]
[Marvell Yukon Service / yksvc][Running/Auto Start]
    <RUNDLL32.EXE ykx32mpcoinst,serviceStartProc>  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00]

[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <C:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[Google Software Updater / gusvc][Running/Auto Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe">  [(Verified)Google, 2.4.1536.6592.beta, C:2008-03-15 12:45 M:2008-03-27 09:13]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 08:33]
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\CCENTER.EXE>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:07 M:2008-03-19 17:06]
[Rising RavTask Manager / RavTask][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-03-19 17:07 M:2008-03-19 17:06]
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
    <C:\Program Files\Rising\RFW\CCENTER.EXE>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:03 M:2008-03-19 17:03]
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
    <C:\Program Files\Rising\RFW\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:03 M:2008-03-19 17:03]
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
    <"C:\Program Files\Rising\RFW\RavTask.exe" RfwTask>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-03-19 17:03 M:2008-03-19 17:03]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\RavMonD.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-03-19 17:07 M:2008-03-19 17:06]
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
    <C:\Program Files\Rising\Rav\ScanFrm.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-03-19 17:07 M:2008-03-19 17:06]


========================================
驱动

[BdGuard / BdGuard][Running/Disabled]
    <system32\drivers\BDGuard.SYS>  []
[EagleNT / EagleNT][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>  []
[hptpro / hptpro][Stopped/Boot Start]
    <system32\DRIVERS\hptpro.sys>  [HighPoint Technologies, Inc., 1.23.12.10, C:2002-12-10 11:54 M:2002-12-10 11:54]
[System Restore Filter Driver / Sr][Stopped/Disabled]
    <system32\DRIVERS\sr.sys>  []
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-20 19:51]
[WINIO / WINIO][Stopped/Manual Start]
    <\??\C:\Program Files\DriveTheLife\winio.sys>  []

[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
    <system32\DRIVERS\amdagp.sys>  [(Verified)Advanced Micro Devices, Inc., 5.00 (xpsp.080413-2111), C:2008-04-13 11:36 M:2008-04-13 11:36]
[AMD Processor Driver / AmdK8][Running/System Start]
    <system32\DRIVERS\AmdK8.sys>  [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2009-03-13 11:37 M:2006-07-01 22:43]
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
    <system32\DRIVERS\AmdLLD.sys>  [(Verified)AMD, Inc., 1.0.1.0, C:2009-03-13 11:37 M:2007-06-29 14:47]
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
    <system32\drivers\es1371mp.sys>  [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2009-02-01 04:44 M:2001-08-17 04:19]
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-14 20:00 M:2008-04-14 20:00]
[hookcont / hookcont][Running/System Start]
    <system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6, C:2008-03-19 17:07 M:2008-03-19 17:06]
[hooksys / hooksys][Running/System Start]
    <system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 53, C:2008-03-19 17:07 M:2009-03-30 12:36]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    <system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5745 built by: WinDDK, C:2009-03-13 11:35 M:2008-11-25 16:37]
[nv / nv][Running/System Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 08:33]
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
    <system32\DRIVERS\pcntpci5.sys>  [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2009-02-01 04:44 M:2001-08-17 04:11]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-04-14 20:00 M:2008-04-14 20:00]
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
    <system32\DRIVERS\rfwbase.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.2, C:2008-03-19 17:03 M:2008-03-19 17:03]
[rfwtdi / rfwtdi][Running/Auto Start]
    <\??\C:\Program Files\Rising\RFW\rfwtdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.4, C:2008-03-19 17:03 M:2008-03-19 17:03]
[rsfwdrv / rsfwdrv][Running/System Start]
    <\??\C:\Program Files\Rising\RFW\rsfwdrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.46, C:2008-03-19 17:03 M:2008-03-19 17:03]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:07 M:2008-03-19 17:06]
[RsProtect / RsProtect][Running/System Start]
    <system32\drivers\RsPtect.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10, C:2008-03-19 17:07 M:2008-03-24 11:31]
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
    <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys>  [(Verified)360安全中心, 2, 3, 0, 1010, C:2009-03-03 18:15 M:2009-03-03 18:15]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-14 20:00 M:2008-04-14 20:00]
[SATALink driver accelerator / SiFilter][Running/Boot Start]
    <system32\DRIVERS\SiWinAcc.sys>  [(Verified)Silicon Image, Inc., 1.0.0.11, C:2007-05-25 09:41 M:2007-05-25 09:41]
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
    <system32\DRIVERS\SiRemFil.sys>  [(Verified)Silicon Image, Inc., 1, 1, 7, 0, C:2007-05-25 09:40 M:2007-05-25 09:40]
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
    <system32\DRIVERS\sisagp.sys>  [(Verified)Silicon Integrated Systems Corporation, 5.12.01.2010 (xpsp.080413-2111), C:2008-04-13 11:36 M:2008-04-13 11:36]
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
    <system32\DRIVERS\yk51x86.sys>  [(Verified)Marvell, 10.64.9.3 built by: WinDDK, C:2009-03-13 11:35 M:2008-09-19 16:04]


========================================
进程

[PID: 852 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]

[PID: 916 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]

[PID: 940 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-08 20:42 M:2008-06-08 20:42]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 984 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]

[PID: 996 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1168 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1252 / ]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1388 / SYSTEM]   C:\Program Files\Rising\Rav\CCENTER.EXE   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\combase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\cnt09.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\cnt08.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1408 / SYSTEM]   C:\Program Files\Rising\RFW\CCENTER.EXE   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\combase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\cnt09.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1416 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1552 / ]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1696 / ]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1740 / SYSTEM]   C:\Program Files\Rising\RFW\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\combase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\Program Files\Rising\RFW\MonBase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\MonComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rfwrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rfwsrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.80, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.0, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rfwdrvc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.3, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.5, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rsnetsvr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.18, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rfwproxy.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.18, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\proccomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1784 / SYSTEM]   C:\Program Files\Rising\Rav\RavMonD.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\combase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\Program Files\Rising\Rav\moncomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\MonBase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Rslog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.34, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\mondrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\defmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31, C:2008-03-19 17:07 M:2008-03-27 09:50]
    C:\Program Files\Rising\Rav\moncom08.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\FileMon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\MailMon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\proccomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.18, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\rsnetsvr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\BACore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22, C:2008-03-19 17:07 M:2009-03-30 12:36]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-08 20:42 M:2008-06-08 20:42]
    C:\Program Files\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\RSStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\ScanAdd.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.33, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\Program Files\Rising\Rav\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 17:07 M:2008-03-19 17:06]

[PID: 1856 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\WINDOWS\system32\sfc_os.dll  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-08 20:42 M:2008-06-08 20:42]
    C:\WINDOWS\system32\E_FLB8WP.DLL  [(Verified)SEIKO EPSON CORPORATION, 2, 4, 0, 0, C:2008-03-27 10:03 M:2006-12-08 11:34]

[PID: 1944 / SYSTEM]   C:\Program Files\Rising\Rav\rsnetsvr.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.12, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\ProcComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 368 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\AcSignIcon.dll  [(Verified)Autodesk, 17.0.54.0, C:2006-04-21 16:00 M:2006-04-21 16:00]

[PID: 412 / Administrator]   C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.921\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2009-03-31 17:08 M:2008-11-15 11:58]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\WINDOWS\system32\AcSignIcon.dll  [(Verified)Autodesk, 17.0.54.0, C:2006-04-21 16:00 M:2006-04-21 16:00]
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.921\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2009-03-31 17:08 M:2007-11-28 15:19]

[PID: 1716 / SYSTEM]   C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe   [Autodesk, 2.80.011, C:2009-03-13 16:07 M:2009-03-15 09:08]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]

[PID: 1780 / SYSTEM]   C:\Program Files\StormII\stormliv.exe   [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
    C:\Program Files\StormII\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1116 / SYSTEM]   C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe   [(Verified)Google, 2.4.1536.6592.beta, C:2008-03-15 12:45 M:2008-03-27 09:13]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 272 / SYSTEM]   D:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe   [N/A, C:2007-09-24 17:05 M:2007-09-24 17:05]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]

[PID: 620 / SYSTEM]   C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe   [N/A, C:2005-09-21 14:13 M:2005-09-21 14:13]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]

[PID: 812 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 08:33]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)NVIDIA Corporation, 6.14.11.7824, C:2009-03-13 11:35 M:2008-10-07 08:33]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 832 / SYSTEM]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\rsconf.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.18, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\proccomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\Program Files\Rising\Rav\rsstub.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\Program Files\Rising\Rav\rstask.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36, C:2008-03-19 17:07 M:2008-03-19 17:06]

[PID: 872 / SYSTEM]   C:\Program Files\Rising\RFW\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\rsconf.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.18, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\Program Files\Rising\RFW\proccomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\Program Files\Rising\RFW\rsstub.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:03 M:2008-03-19 17:03]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\Program Files\Rising\RFW\rstask.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36, C:2008-03-19 17:03 M:2008-03-19 17:03]

[PID: 1000 / SYSTEM]   C:\Program Files\Rising\Rav\ScanFrm.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-03-16 21:49 M:2009-02-21 14:39]
    C:\Program Files\Rising\Rav\combase.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\moncomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\scansrvp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\proccomm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\ScanSrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.9, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\Program Files\Rising\Rav\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-03-19 17:07 M:2008-03-19 17:06]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]

[PID: 1196 / SYSTEM]   C:\WINDOWS\system32\RUNDLL32.EXE   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-08 20:42 M:2009-02-01 09:28]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-03-31 15:29 M:2009-03-31 15:28]
    C:\WINDOWS\system32\ykx32mpcoinst.dll  [(Verified)Marvell, 10.10.5.3, C:2009-03-13 11:35 M:2008-09-19 16:04]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]