[CODE] 2009-11-23,10:20:25 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== Registries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"D:\Program Files\Rising\Rav\RsTray.exe" -system> [Beijing Rising Information Technology Co., Ltd., 22.0.0.10, C:2009-10-24 09:11 M:2009-10-24 08:25] <360Safebox><"D:\Program Files\360\360safebox\safeboxTray.exe" /r> [(Verified)360安全中心, 2, 5, 2, 1005, C:2009-04-29 21:40 M:2009-04-29 21:40] <360Safetray><"D:\Program Files\360\360Safe\safemon\360Tray.exe" /start> [(Verified)360安全中心, 6, 0, 1, 1107, C:2009-11-02 22:00 M:2009-11-02 22:00] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|NVIDIA Corporation, 6.14.11.7519, C:2009-08-13 09:21 M:2008-05-16 14:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <{1E796980-9CC5-11D1-A83F-00C04FC99D61}><> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <><> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00|Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2009-08-13 09:25 M:2008-04-14 20:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2009-08-13 09:25 M:2008-04-14 20:00] ======================================== Startup Folders ======================================== Task ======================================== Components Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [Windows Script Host 的 Shell extensions] {60254CA5-953B-11CF-8C96-00AA00B8708C} [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-09 18:53] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2009-08-13 09:25 M:2007-09-23 18:59] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2009-08-13 09:23 M:2008-05-16 14:01] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2009-08-13 09:23 M:2008-05-16 14:01] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2009-08-13 09:23 M:2008-05-16 14:01] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-08-13 09:44 M:2009-08-13 09:43] BrowserHelperObject [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 5, 0, 0, 1022, C:2009-01-15 23:36 M:2009-09-27 10:01] ActiveX Extension [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 2, 1007, C:2009-05-15 15:11 M:2009-08-06 10:31] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 5, 0, 0, 1022, C:2009-01-15 23:36 M:2009-09-27 10:01] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-08-13 09:44 M:2009-08-13 09:43] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2009-08-13 09:25 M:2007-09-23 18:59] ======================================== Services [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [NVIDIA Corporation, 6.14.11.7519, C:2009-08-13 09:21 M:2008-05-16 14:01] [Office Source Engine / ose][Stopped/Manual Start] <"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"> [Microsoft Corporation, 11.0.5525, C:2009-08-13 09:21 M:2003-07-28 12:28] [Rising RealTime Monitor / RsRavMon][Running/Auto Start] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 08:25] [Network Location Awareness (NLA) / Nla][Running/Manual Start] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\mswsock.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00|Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] ======================================== Drivers [abp470n5 / abp470n5][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\jllkn.sys> [] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Realtek Semiconductor Corp., 5.10.00.6270 built by: WinDDK, C:2009-08-13 09:23 M:2007-10-26 11:20] [CMB8100 / CMB8100][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CertClient.dat> [N/A, C:2009-08-13 10:10 M:2006-11-30 16:31] [CMBProtector / CMBProtector][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat> [N/A, C:2009-08-13 10:10 M:2007-01-18 14:28] [nv / nv][Running/Manual Start] [NVIDIA Corporation, 6.14.11.7519, C:2009-08-13 09:21 M:2008-05-16 14:01] [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Corporation, 1.00.02.06764, C:2009-08-13 09:21 M:2007-09-20 19:07] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [NVIDIA Corporation, 1.00.01.06764, C:2009-08-13 09:21 M:2007-09-20 19:07] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] [NVIDIA Corporation, 10.3.0.21 built by: WinDDK, C:2008-05-31 17:38 M:2008-01-25 20:01] [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [Silicon Image, Inc., 1.0.0.11, C:2008-01-23 17:20 M:2006-08-08 22:19] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-06-12 10:01 M:2008-07-09 07:44] [viamraid / viamraid][Stopped/Boot Start] [VIA Technologies inc,.ltd, 5.1.6000.574, C:2008-01-23 17:20 M:2008-01-22 14:02] [360SelfProtection / 360SelfProtection][Stopped/System Start] [(Verified)360安全中心, 1, 0, 0, 1016, C:2009-11-23 09:59 M:2009-10-30 06:41] [AMD Processor Driver / AmdK8][Running/System Start] [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-01-02 16:33 M:2006-07-01 22:43] [BFSDRV / BFSDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys> [(Verified)360安全中心, 1.0.0.1004, C:2009-11-23 09:59 M:2009-10-21 19:50] [BREGDRV / BREGDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\bregdrv.sys> [(Verified)360安全中心, 1.0.0.1016, C:2009-08-13 09:57 M:2009-09-22 11:40] [EfiSystemMon / EfiMon][Running/System Start] [(Verified)奇虎网, 1, 0, 0, 1004, C:2009-11-23 09:59 M:2009-08-06 22:29] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-06-23 13:45 M:2001-08-17 04:19] [hookcont / hookcont][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6, C:2009-08-13 09:44 M:2009-08-13 09:43] [HookPort / HookPort][Stopped/Boot Start] [(Verified)360安全中心, 1, 0, 0, 1006, C:2009-11-23 09:59 M:2009-10-16 20:21] [hooksys / hooksys][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 58, C:2009-08-13 09:44 M:2009-08-13 09:56] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-06-23 13:45 M:2001-08-17 04:11] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-04-14 20:00 M:2008-04-14 20:00] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-08-13 09:44 M:2009-08-13 09:43] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys> [(Verified)360安全中心, 2, 4, 0, 1006, C:2009-03-03 18:15 M:2009-08-06 22:29] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-14 20:00 M:2008-04-14 20:00] ======================================== Running Processes [PID: 624 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [PID: 688 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] [PID: 712 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 756 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316), C:2008-04-14 20:00 M:2009-02-09 19:14] [PID: 768 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 916 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 964 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1004 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\System32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 1084 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] c:\windows\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1124 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1136 / SYSTEM] D:\Program Files\Rising\Rav\RavMonD.exe [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16, C:2009-10-24 09:11 M:2009-10-24 09:09] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] D:\Program Files\Rising\Rav\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9, C:2009-10-24 09:11 M:2009-10-24 08:25] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] D:\Program Files\Rising\Rav\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.40, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\mondrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 41, C:2009-10-24 09:11 M:2009-10-24 08:32] D:\Program Files\Rising\Rav\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9, C:2009-10-24 09:11 M:2009-10-24 08:32] D:\Program Files\Rising\Rav\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\rsindent.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\taskplug.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 8, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\cnt08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.17, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\NComm2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3, C:2009-10-24 09:11 M:2009-10-24 08:26] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1448 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\Program Files\FreeLaunchBar\flb.dll [TrueSoft, 1.0.0.0, C:2009-08-13 09:25 M:2004-10-22 06:46] C:\WINDOWS\system32\nvshell.dll [N/A, C:2009-08-13 09:23 M:2008-05-16 14:01] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-13 18:53 M:2008-04-13 18:53] C:\Program Files\WinRAR\rarext.dll [N/A, C:2009-08-13 09:25 M:2007-09-23 18:59] [PID: 1512 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1592 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation, 6.14.11.7519, C:2009-08-13 09:21 M:2008-05-16 14:01] C:\WINDOWS\system32\nvapi.dll [NVIDIA Corporation, 6.14.11.7519, C:2009-08-13 09:21 M:2008-05-16 14:01] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 1848 / Administrator] D:\Program Files\Rising\Rav\RsTray.exe [Beijing Rising Information Technology Co., Ltd., 22.0.0.10, C:2009-10-24 09:11 M:2009-10-24 08:25] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] D:\Program Files\Rising\Rav\comserv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.15, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-10-24 09:11 M:2009-10-24 09:09] D:\Program Files\Rising\Rav\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.6, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21, C:2009-10-24 09:11 M:2009-10-24 08:33] D:\Program Files\Rising\Rav\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.67, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\RavITray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\scanleak.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-10-24 09:11 M:2009-10-24 08:30] D:\Program Files\Rising\Rav\ravppops.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 20, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-10-24 09:11 M:2009-10-24 08:25] D:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-10-24 09:11 M:2009-10-24 08:26] D:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-10-24 09:11 M:2009-08-13 09:43] D:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3, C:2009-10-24 09:11 M:2009-10-24 08:26] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 1936 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 20:00 M:2008-04-14 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] [PID: 3904 / Administrator] C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE [Smallfrogs Studio, 2.7.0.1210, C:2009-11-23 10:19 M:2008-10-19 15:54] [PID: 3948 / Administrator] C:\Documents and Settings\Administrator\桌面\sreng2\SREcec25149.EXE [Smallfrogs Studio, 2.7.0.1210, C:2009-11-23 10:19 M:2009-11-23 10:19] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL [Smallfrogs Studio, 2, 1, 0, 15, C:2009-11-23 10:19 M:2007-06-24 18:46] C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] C:\WINDOWS\system32\DNSAPI.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] [PID: 4068 / Administrator] C:\Documents and Settings\Administrator\桌面\SysLog-0804\SysLog.exe [N/A, C:2009-11-23 10:19 M:2008-08-04 21:19] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-06-12 10:01 M:2008-06-12 10:01] C:\WINDOWS\system32\mswsock.dll [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] ======================================== File Link [.vbs] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-08 19:24] [.js] <%SystemRoot%\System32\WScript.exe "%1" %*> [Microsoft Corporation, 5.7.0.18066, C:2008-04-14 20:00 M:2008-05-08 19:24] ======================================== Autorun G:\Autorun.inf open=autorun.exe [Linasoft, 5.1.0.341, C:2008-07-11 12:59 M:2008-07-11 12:59] ======================================== Winsock Providers MSAFD Tcpip [TCP/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD Tcpip [UDP/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD Tcpip [RAW/IP] <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BC79931-AC48-47EE-94EA-AF9CF211E872}] SEQPACKET 0 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{5BC79931-AC48-47EE-94EA-AF9CF211E872}] DATAGRAM 0 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2 <%SystemRoot%\system32\mswsock.dll> [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-04-14 20:00 M:2008-06-21 01:46] ======================================== HOSTS 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com [/CODE]