2009-12-07,18:37:28 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows 2000 Advanced Server Service Pack 4 (build 2195) - Administrators ======================================== 注册项 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:13 M:2005-03-21 15:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|NVIDIA Corporation, 6.14.10.9128, C:2006-05-18 23:35 M:2006-05-18 23:35] <; RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|NVIDIA Corporation, 6.14.10.9128, C:2006-05-18 23:35 M:2006-05-18 23:35] <"e:\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.10, C:2009-12-03 23:49 M:2009-12-03 23:35] [HKEY_CURRENT_USER\Control Panel\Desktop] <(无)> [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] [Microsoft Corporation, 5.00.1671.1, C:2002-08-20 21:45 M:2002-08-20 21:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <{E0E899AB-F487-11D5-8D29-0050BA6940E3}><> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2009-11-16 18:08 M:2009-11-16 18:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2009-11-16 18:08 M:2009-11-16 18:08] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加为广告拦截图片] <> [N/A, C:2009-04-23 14:15 M:2009-04-23 14:15] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|(Verified)Microsoft Corporation, 6.00.2800.1106, C:2002-08-29 09:32 M:2002-08-29 09:32|(Verified)N/A, C:2000-01-10 04:00 M:2000-01-10 04:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}] [(Verified)Microsoft Corporation, 5.00.2195.6662, C:2007-05-05 23:37 M:2003-06-19 12:05|N/A, |(Verified)Microsoft Corporation, 5.131.2195.6601, C:2007-05-05 23:36 M:2003-06-19 12:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2009-11-27 18:16 M:2009-11-27 18:16] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor] [Microsoft Corporation, 11.3.1897.0, C:2007-05-06 03:52 M:2003-06-18 17:31] ======================================== 启动项 ======================================== 计划任务 ======================================== 组件 Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.00.2195.6684, C:2007-05-05 23:36 M:2003-06-19 12:05] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2006-05-18 23:35 M:2006-05-18 23:35] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2006-05-18 23:35 M:2006-05-18 23:35] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2006-05-18 23:35 M:2006-05-18 23:35] [iSQL*Plus Servers] {B4579AA5-E3A0-49A1-AC0B-5112AFBD215B} [Oracle Corporation, 9.2.0.1.29, C:2002-04-27 00:29 M:2002-04-27 00:29] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-05-06 03:21 M:2007-01-17 20:27] [EditPlus Context Menu Handler] {63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} [N/A, C:2007-05-06 06:05 M:2002-02-11 02:11] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-12-03 23:49 M:2009-12-03 23:33] BrowserHelperObject [HaoKanBar BrowserHelper] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} [北京千兆时代科技有限公司, 3.5.1.1669, C:2009-09-27 16:08 M:2009-09-27 16:08] ToolBar [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} [北京千兆时代科技有限公司, 3.5.1.1669, C:2009-09-27 16:08 M:2009-09-27 16:08] ActiveX Extension [HallToolkit Class] {1E36C446-29F0-4773-A3FB-59C5501446EB} [(Verified)深圳市迅雷网络技术有限公司, 1.0.0.1, C:2009-11-16 18:10 M:2009-11-16 18:10] [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)深圳市迅雷网络技术有限公司, 5,9,11,1168, C:2009-11-28 16:58 M:2009-11-16 18:09] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [(Verified)深圳市迅雷网络技术有限公司, 3, 1, 7, 83, C:2009-11-16 18:11 M:2009-11-16 18:11] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)Copyright 2008, 1, 0, 0, 1003, C:2009-10-21 22:05 M:2009-10-21 22:05] [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} [(Verified)深圳市迅雷网络技术有限公司, 2, 3, 5910, 237, C:2009-11-28 16:58 M:2009-11-16 18:09] [VersionDetector Class] {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} [(Verified)深圳市迅雷网络技术有限公司, 1, 1, 0, 29, C:2009-11-28 16:58 M:2009-11-16 18:09] [APlayer Control] {A9322148-C691-4B9D-91FC-B9C461DBE9DD} [(Verified)ShenZhen Thunder Networking Technologies, LTD, 1.0.0.100, C:2009-11-28 16:58 M:2009-11-16 18:09] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [(Verified)深圳市迅雷网络技术有限公司, 2, 3, 5910, 237, C:2009-11-28 16:58 M:2009-11-16 18:09] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [(Verified)深圳市迅雷网络技术有限公司, 2, 1, 59050, 255, C:2009-11-28 16:58 M:2009-11-16 18:09] Context Menu [EditPlus] {63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} [N/A, C:2007-05-06 06:05 M:2002-02-11 02:11] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-12-03 23:49 M:2009-12-03 23:33] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-05-06 03:21 M:2007-01-17 20:27] ======================================== 服务 [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"> [Copyright (c) 1998-2003 Macrovision Corp., 2.42.000, C:2007-05-06 04:41 M:2007-05-06 04:41] [Microsoft Search / MSSEARCH][Stopped/Manual Start] <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"> [Microsoft Corporation, 9.107.8320.9, C:2008-06-23 17:21 M:2004-10-13 06:10] [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] [Microsoft Corporation, 2000.080.2039.00, C:2007-05-06 04:22 M:2005-05-04 00:19] [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] [Microsoft Corporation, 2000.080.2039.00, C:2007-05-06 04:29 M:2005-05-03 22:50] [NVIDIA Display Driver Service / NVSvc][Stopped/Manual Start] <%SystemRoot%\System32\nvsvc32.exe> [NVIDIA Corporation, 6.14.10.9128, C:2006-05-18 23:35 M:2006-05-18 23:35] [OracleMTSRecoveryService / OracleMTSRecoveryService][Stopped/Manual Start] [Oracle Corporation, 9.2.0.1.0, C:2002-04-30 15:23 M:2002-04-30 15:23] [OracleOraHome92Agent / OracleOraHome92Agent][Stopped/Manual Start] [Oracle Corporation, 9.2.0.0.0, C:2002-04-26 17:29 M:2002-04-26 17:29] [OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start] [N/A, C:2002-04-26 19:34 M:2002-04-26 19:34] [OracleOraHome92HTTPServer / OracleOraHome92HTTPServer][Stopped/Manual Start] <"E:\oracle\ora92\Apache\Apache\apache.exe" --ntservice> [N/A, C:2002-04-18 22:02 M:2002-04-18 22:02] [OracleOraHome92PagingServer / OracleOraHome92PagingServer][Stopped/Manual Start] [] [OracleOraHome92SNMPPeerEncapsulator / OracleOraHome92SNMPPeerEncapsulator][Stopped/Manual Start] [N/A, C:2002-02-13 08:23 M:2002-02-13 08:23] [OracleOraHome92SNMPPeerMasterAgent / OracleOraHome92SNMPPeerMasterAgent][Stopped/Manual Start] [N/A, C:2002-02-13 08:23 M:2002-02-13 08:23] [OracleOraHome92TNSListener / OracleOraHome92TNSListener][Stopped/Manual Start] [N/A, ] [OracleServiceORA9I / OracleServiceORA9I][Stopped/Manual Start] [Oracle Corporation, 9.2.0.1.0 Production , C:2002-05-14 09:25 M:2002-05-14 09:25] [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] [Microsoft Corporation, 2000.080.2039.00, C:2007-05-06 04:21 M:2005-05-03 21:42] [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] <%SystemRoot%\System32\dmadmin.exe /com> [(Verified)VERITAS Software Corp., 2195.6624.297.3, C:2007-05-05 23:36 M:2003-06-19 12:05] [Rav Service / RsRavMon][Running/Auto Start] <"e:\Rising\Rav\RavMonD.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:33] [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "C:\WINNT\system32\mspmsnsv.dll"> [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00|Microsoft Corporation, 9.0.1.56, C:2007-05-05 23:56 M:2002-11-26 19:03] [主动防御 / ZhuDongFangYu][Stopped/Manual Start] <"E:\360\360Safe\deepscan\zhudongfangyu.exe"> [(Verified)360安全中心, 1, 0, 0, 1010, C:2009-10-25 12:36 M:2009-10-25 12:36] ======================================== 驱动 [C-Media PCI Audio Driver (WDM) / cmpci][Stopped/Manual Start] [C-Media Inc, 5.12.01.0632, C:2007-05-05 23:29 M:2001-12-10 16:25] [WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start] [Guangdong Data Communications Network Co.Ltd., 1.00.1000.384, C:2009-12-03 12:11 M:2009-12-03 12:11] [Netgroup Packet Filter / NPF][Stopped/Manual Start] [Politecnico di Torino, 3, 0, 0, 18, C:2009-11-24 12:38 M:2005-10-28 15:10] [nv / nv][Running/Manual Start] [NVIDIA Corporation, 6.14.10.9128, C:2006-05-18 23:35 M:2006-05-18 23:35] [PxHelp20 / PxHelp20][Running/Boot Start] [Sonic Solutions, 2.03.32a, C:2007-05-06 05:16 M:2006-07-27 10:05] [360SelfProtection / 360SelfProtection][Running/System Start] [(Verified)360安全中心, 1, 0, 0, 1016, C:2009-11-24 18:30 M:2009-10-30 06:41] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.6230 built by: WinDDK, C:2009-12-03 18:02 M:2007-03-08 14:34] [BFSDRV / BFSDRV][Running/System Start] <\??\C:\WINNT\system32\drivers\bfsdrv.sys> [(Verified)360安全中心, 1.0.0.1004, C:2009-11-24 18:30 M:2009-10-21 19:50] [BREGDRV / BREGDRV][Running/System Start] <\??\C:\WINNT\system32\drivers\bregdrv.sys> [(Verified)360安全中心, 1.0.0.1016, C:2009-11-24 17:50 M:2009-09-22 11:40] [dmboot / dmboot][Stopped/Disabled] [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-19 12:05] [Logical Disk Manager Driver / dmio][Running/Boot Start] [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-19 12:05] [dmload / dmload][Running/Boot Start] [(Verified)VERITAS Software Corp., 2195.6655.297.3, C:2001-05-04 04:05 M:2003-06-19 12:05] [EfiSystemMon / EfiMon][Running/System Start] [(Verified)奇虎网, 1, 0, 0, 1004, C:2009-08-06 22:29 M:2009-08-06 22:29] [hookcont / hookcont][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:46] [HookPort / HookPort][Running/Boot Start] [(Verified)360安全中心, 1, 0, 0, 1006, C:2009-11-24 18:30 M:2009-10-16 20:21] [hooksys / hooksys][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 23, C:2009-12-03 23:49 M:2009-12-03 23:35] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10, C:2001-05-04 04:05 M:2003-06-19 12:05] [Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start] <\??\C:\WINNT\system32\drivers\qutmdrv.sys> [(Verified)360安全中心, 1.0.0.1003, C:2009-11-24 18:30 M:2009-10-20 11:06] [rsassist / rsassist][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:33] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:36] [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.366.0818.1999, C:2007-05-05 22:46 M:1999-09-24 19:17] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINNT\system32\Drivers\safeboxkrnl.sys> [(Verified)360安全中心, 2, 4, 0, 1006, C:2009-08-06 22:29 M:2009-08-06 22:29] ======================================== 进程 [PID: 172 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.00.2195.6601, C:2001-05-04 04:05 M:2003-06-19 12:05] [PID: 200 / SYSTEM] \??\C:\WINNT\system32\csrss.exe [(Verified)Microsoft Corporation, 5.00.2195.6601, C:2007-05-05 23:36 M:2003-06-19 12:05] [PID: 196 / SYSTEM] \??\C:\WINNT\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.00.2195.6997, C:2005-06-03 05:01 M:2005-06-03 05:01] [PID: 264 / SYSTEM] C:\WINNT\system32\services.exe [(Verified)Microsoft Corporation, 5.00.2195.7035, C:2001-05-04 04:05 M:2005-06-03 05:00] [PID: 276 / SYSTEM] C:\WINNT\system32\lsass.exe [(Verified)Microsoft Corporation, 5.00.2195.7011, C:2001-05-04 04:05 M:2005-06-03 05:00] [PID: 444 / SYSTEM] C:\WINNT\system32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00] [PID: 468 / SYSTEM] C:\WINNT\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.00.2195.7059, C:2007-05-05 22:45 M:2005-07-11 21:59] C:\WINNT\system32\mdimon.dll [Microsoft Corporation, 11.3.1897.0, C:2007-05-06 03:52 M:2003-06-18 17:31] C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll [Microsoft Corporation, 11.3.1897.0, C:2007-05-06 03:52 M:2003-06-18 17:31] [PID: 496 / SYSTEM] C:\WINNT\System32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00] [PID: 516 / SYSTEM] e:\Rising\Rav\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.41, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\mondrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 45, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2009-12-03 23:49 M:2009-12-03 23:45] e:\Rising\Rav\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\rsindent.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-12-03 23:49 M:2009-12-03 23:24] e:\Rising\Rav\taskplug.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\cnt08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-12-03 23:49 M:2009-12-03 23:24] e:\Rising\Rav\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-12-03 23:49 M:2009-12-03 23:25] e:\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-12-03 23:49 M:2009-12-03 23:25] e:\Rising\Rav\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\BACore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 31, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\bawhite.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:35] e:\Rising\Rav\RSStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-12-03 23:49 M:2009-12-03 23:37] e:\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.17, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\NComm2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:46] e:\Rising\Rav\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 49, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\scantj.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\methodex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\pecompd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\heurex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 13, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\ur025.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\ScanRavT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\ScanBT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.18, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\ScanStub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-12-03 23:49 M:2009-12-03 23:33] e:\Rising\Rav\extsfx.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\posttrt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\ur019.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:34] e:\Rising\Rav\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2009-12-03 23:49 M:2009-12-03 23:34] [PID: 540 / SYSTEM] C:\WINNT\System32\WBEM\WinMgmt.exe [(Verified)Microsoft Corporation, 1.50.1085.0100, C:2007-05-05 23:37 M:2003-06-19 12:05] [PID: 896 / SYSTEM] C:\WINNT\System32\inetsrv\inetinfo.exe [(Verified)Microsoft Corporation, 5.00.0984, C:2007-05-05 23:37 M:2003-06-19 12:05] E:\oracle\ora92\bin\ociw32.dll [Oracle Corporation, 9.2.0.1.0, C:2002-04-28 11:08 M:2002-04-28 11:08] [PID: 864 / SYSTEM] C:\WINNT\System32\msdtc.exe [(Verified)Microsoft Corporation, 1999.9.3421.3, C:2007-05-05 22:54 M:2000-01-10 12:00] E:\oracle\ora92\bin\ociw32.dll [Oracle Corporation, 9.2.0.1.0, C:2002-04-28 11:08 M:2002-04-28 11:08] [PID: 1356 / SYSTEM] C:\WINNT\System32\svchost.exe [(Verified)Microsoft Corporation, 5.00.2134.1, C:2000-01-10 04:00 M:2000-01-10 04:00] [PID: 1592 / SYSTEM] C:\WINNT\system32\dllhost.exe [(Verified)Microsoft Corporation, 5.00.2195.6692, C:2007-05-05 23:36 M:2003-06-19 12:05] E:\oracle\ora92\bin\ociw32.dll [Oracle Corporation, 9.2.0.1.0, C:2002-04-28 11:08 M:2002-04-28 11:08] [PID: 1516 / Administrator] E:\Rising\Rav\RsTray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.10, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\comserv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.15, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-12-03 23:49 M:2009-12-03 23:24] E:\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-12-03 23:49 M:2009-12-03 23:24] C:\WINNT\system32\MSCTF.dll [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:12 M:2005-03-21 15:12] E:\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:46] E:\Rising\Rav\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21, C:2009-12-03 23:49 M:2009-12-03 23:36] E:\Rising\Rav\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.72, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\RavITray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-12-03 23:49 M:2009-12-03 23:36] E:\Rising\Rav\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\scanleak.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2009-12-03 23:49 M:2009-12-03 23:35] E:\Rising\Rav\ravppops.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21, C:2009-12-03 23:49 M:2009-12-03 23:36] E:\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-12-03 23:49 M:2009-12-03 23:24] E:\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4, C:2009-12-03 23:49 M:2009-12-03 23:33] [PID: 872 / Administrator] C:\WINNT\system32\ctfmon.exe [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:13 M:2005-03-21 15:13] C:\WINNT\system32\MSCTF.dll [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:12 M:2005-03-21 15:12] C:\WINNT\system32\MSUTB.dll [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:12 M:2005-03-21 15:12] C:\WINNT\mui\fallback\0804\msutb.dll.mui [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N, C:2001-02-20 15:31 M:2001-02-20 15:31] [PID: 1900 / Administrator] E:\ArSwp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2009-11-23 18:53 M:2008-11-15 11:58] C:\WINNT\system32\MSVCP60.dll [Microsoft Corporation, 6.00.8972.0, C:2000-08-29 10:19 M:2000-08-29 10:19] C:\WINNT\system32\MSCTF.dll [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:12 M:2005-03-21 15:12] E:\ArSwp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2009-11-23 18:53 M:2007-11-28 15:19] [PID: 568 / Administrator] C:\WINNT\Explorer.exe [(Verified)Microsoft Corporation, 5.00.3700.6690, C:2007-05-05 23:37 M:2003-06-19 12:05] C:\WINNT\system32\MSCTF.dll [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N, C:2005-03-21 15:12 M:2005-03-21 15:12] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [(Verified)Adobe Systems, Inc., 9.0.0.2008061100, C:2008-06-11 22:49 M:2008-06-11 22:49] C:\WINNT\system32\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2006-12-01 22:54 M:2006-12-01 22:54] E:\WinRAR\rarext.dll [N/A, C:2007-05-06 03:21 M:2007-01-17 20:27] C:\WINNT\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1, C:2009-12-03 23:49 M:2009-12-03 23:33] E:\EditPlus 2\eppshell.dll [N/A, C:2007-05-06 06:05 M:2002-02-11 02:11] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 ======================================== HOSTS 127.0.0.1 localhost