[CODE] 2010-02-10,10:43:52 SysLog Scanner 3.0 - build 20091220 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) ================================================================ 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.10] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.27] <"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)Adobe Systems Incorporated, 9.3.0.148] <"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"> [(Verified)Adobe Systems Incorporated, 1.1.5.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [(Verified)ATI Technologies Inc., 6.14.10.4177] ================================================================ 启动组 ================================================================ 任务计划 [搜狗浏览器在线安装.job] <"C:\Program Files\SogouInput\4.3.0.3315\SeFastInstall.exe" /cetask /tasktimes03> [(Verified)Sogou.com, 1.4.0.0000] [SogouImeMgr.job] <"C:\PROGRA~1\SOGOUI~1\430~1.331\PinyinRepair.exe" /S> [(Verified)Sogou.com Inc., 4.3.0.3315] ================================================================ 组件 -------------------------------- Shell Extension [Display Panning CPL Extension] <{42071714-76d4-11d1-8b24-00a0c9068ff3}> [] [HyperTerminal Icon Ext] <{88895560-9AA2-1069-930E-00AA0030EBC8}> [(Verified)Hilgraeve, Inc., 5.1.2600.0] [任务栏和「开始」菜单] <{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> [] [Microsoft Agent Character Property Sheet Handler] <{143A62C8-C33B-11D1-84FE-00C04FA34A14}> [Microsoft Corporation, 2.00.0.2115] [WinRAR shell extension] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [RISING] <{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [ShellLink for Application References] <{e82a2d71-5b2f-43a0-97b8-81be15854de8}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [YouKuDesktop Shell Extension] <{20CE0080-7137-41E6-B545-2EAEEEAB6BC9}> [(Verified)www.youku.com, 1.2.7.1700] -------------------------------- ToolBar [迷你迅雷] <{35DAEE92-58E4-4A00-9B5C-DA5F3A21488B}> [(Verified)深圳市迅雷网络技术有限公司, 3,1,1,54] -------------------------------- Protocols [Cor MIME Filter, CorFltr, CorFltr 1] <{1E66F26B-79EE-11D2-8710-00C04F79ED0D}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [] <{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}> [酷狗, 5.2.4.4] -------------------------------- Context Menu [iku] <{20CE0080-7137-41E6-B545-2EAEEEAB6BC9}> [(Verified)www.youku.com, 1.2.7.1700] [RisingKaKaExt] <{356B11FA-929F-4eb7-8B26-D7E3184DDD16}> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [RisingRavExt] <{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}> [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [WinRAR] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] -------------------------------- ActiveX Extension [] <{01443AEB-0FD1-40FD-9C87-E93D1494C233}> <> [] [Adobe PDF Link Helper] <{18DF081C-E8AD-4283-A596-FA578C2EBDC3}> [(Verified)Adobe Systems Incorporated, 9.3.0.148] [InstallHelper Class] <{1DABF8D5-8430-4985-9B7F-A30E53D709B3}> [(Verified)Tencent, 8.13.4808.0] [HallToolkit Class] <{1E36C446-29F0-4773-A3FB-59C5501446EB}> [] [DownloadManagerUI Class] <{337F7561-7A70-44E4-BF60-BBC84412C2C2}> [(Verified)深圳市迅雷网络技术有限公司, 3,1,1,54] [WebI8001 Class] <{3F096DF9-E61A-40D2-96CA-E734019AB4B9}> [(Verified)TODO: <公司名>, 1.0.0.1] [MediaComm Class] <{7670648D-461B-42AF-BDFE-46D26AF5EFF2}> [] [CRichPicObj Object] <{87AF538B-F052-4A0B-BAE0-E686AD921119}> [(Verified)Tencent, 1, 24, 562, 0] [IE安全配置] <{8FF40C83-9F3A-449C-8874-4C867931D5EA}> [] [Invoke Class] <{921E8C8A-B756-407D-A1EF-37B41F47D798}> [] [OFrameObject Class] <{9701758C-4373-482E-B13C-776C048EC890}> [(Verified)深圳市迅雷网络技术有限公司, 2, 3, 5915, 263] [卡卡上网安全助手] <{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}> [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [VersionDetector Class] <{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B}> [(Verified)深圳市迅雷网络技术有限公司, 1, 1, 0, 29] [APlayer Control] <{A9322148-C691-4B9D-91FC-B9C461DBE9DD}> [(Verified)ShenZhen Thunder Networking Technologies, LTD, 2.0.0.226] [WebVGPlayer Class] <{AA899B43-24BD-4B6B-BBD0-45557D8D11E0}> [N/A] [QQPlayerCtrl Class] <{CD108273-D434-43E6-AA90-1469F97EB398}> [(Verified)Tencent, 3, 2, 165, 710] [Shockwave Flash Object] <{D27CDB6E-AE6D-11CF-96B8-444553540000}> [(Verified)Adobe Systems, Inc., 10,0,42,34] [KuAgent2 Class] <{D928E486-C465-4A64-976D-F3B24BBECC69}> [(Verified)www.youku.com, 1.6.0.0] [TimwpDll.TimwpCheck] <{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4}> [(Verified)Tencent, 1, 24, 562, 0] [ViewgoodIPMan Class] <{F1263FCF-83C7-4CD5-907A-C8B59D0039A9}> [Copyright 2007, 1, 0, 0, 1] [XPPlayer Class] <{F3E70CEA-956E-49CC-B444-73AFE593AD7F}> [(Verified)深圳市迅雷网络技术有限公司, 2, 1, 59150, 261] ================================================================ 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start] [] [System Restore Service / srservice][Stopped/Disabled] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\srsvc.dll"> [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <%SystemRoot%\system32\Ati2evxx.exe> [(Verified)ATI Technologies Inc., 6.14.10.4213] [Rav Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavMonD.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] ================================================================ 驱动 [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [SATALink driver accelerator / SiFilter][Running/Boot Start] [Silicon Image, Inc., 1.0.0.11] [System Restore Filter Driver / sr][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sr.sys> [] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesDrvPt.sy> [] [WINIO / WINIO][Stopped/Manual Start] <\??\C:\Documents and Settings\Administrator\桌面\hknms.sys> [] [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys> [(Verified)360安全中心, 1, 0, 1, 1009] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.6300 built by: WinDDK] [ati2mtag / ati2mtag][Running/Manual Start] [(Verified)ATI Technologies Inc., 6.14.10.6891] [BREGDRV / BREGDRV][/Boot Start] <\??\C:\WINDOWS\system32\drivers\bregdrv.sys> [(Verified)360安全中心, 1.0.0.1010] [hookcont / hookcont][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 2] [hooksys / hooksys][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 28] [DDK PACKET Protocol / Packet][Stopped/Manual Start] [(Verified)360安全中心, 1, 0, 1, 1002] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)] [rsassist / rsassist][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 2] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 22. 0. 0.4] [RsProtect / RsProtect][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 5] [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.699.0717.2008 built by: WinDDK] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys> [(Verified)360安全中心, 2, 3, 0, 1011] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [(Verified)TENCENT, 1.11.3.3182] ================================================================ 活动进程 [PID: 672 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\Ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4177] [PID: 728 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 908 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4213] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2543] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 924 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1024 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1140 / SYSTEM] C:\Program Files\Rising\Rav\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] C:\Program Files\Rising\Rav\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] C:\Program Files\Rising\Rav\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] C:\Program Files\Rising\Rav\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.41] C:\Program Files\Rising\Rav\mondrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] C:\Program Files\Rising\Rav\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 46] C:\Program Files\Rising\Rav\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] C:\Program Files\Rising\Rav\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29] C:\Program Files\Rising\Rav\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] C:\Program Files\Rising\Rav\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] C:\Program Files\Rising\Rav\rsindent.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\Rav\taskplug.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] C:\Program Files\Rising\Rav\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7] C:\Program Files\Rising\Rav\cnt08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\Rav\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\Rising\Rav\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1] C:\Program Files\Rising\Rav\BACore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 35] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\bawhite.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\RSStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.22] C:\Program Files\Rising\Rav\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] C:\Program Files\Rising\Rav\NComm2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] C:\Program Files\Rising\Rav\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3] C:\Program Files\Rising\Rav\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] C:\Program Files\Rising\Rav\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 68] C:\Program Files\Rising\Rav\scantj.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\methodex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] C:\Program Files\Rising\Rav\pecompd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] C:\Program Files\Rising\Rav\heurex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15] C:\Program Files\Rising\Rav\extsfx.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] C:\Program Files\Rising\Rav\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\extole.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\extarch.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 8] C:\Program Files\Rising\Rav\extcomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] C:\Program Files\Rising\Rav\ScanRavT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] C:\Program Files\Rising\Rav\ScanBT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.19] C:\Program Files\Rising\Rav\ScanStub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\Program Files\Rising\Rav\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\SysMail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\Program Files\Rising\Rav\ur023.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [PID: 1156 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1224 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1268 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4213] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2543] C:\WINDOWS\system32\ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4177] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1364 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1552 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1724 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1768 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [(Verified)Adobe Systems, Inc., 9.3.0.148] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS [N/A] C:\Program Files\WinRAR\rarext.dll [N/A] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\WINDOWS\system32\KakaExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\WINDOWS\system32\YouKuDesktopShell.dll [(Verified)www.youku.com, 1.2.7.1700] C:\WINDOWS\system32\SOGOUPY.IME [(Verified)Sogou.com Inc., 4.3.0.3315] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1780 / SYSTEM] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [(Verified)Microsoft Corporation, 7.00.9466] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll [Microsoft Corporation, 7.00.9466] [PID: 1884 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 692 / Administrator] C:\Program Files\Rising\Rav\RsTray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.10] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\Rav\comserv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.15] C:\Program Files\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.3] C:\Program Files\Rising\Rav\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] C:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\Program Files\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7] C:\Program Files\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] C:\Program Files\Rising\Rav\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7] C:\Program Files\Rising\Rav\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.74] C:\Program Files\Rising\Rav\RavITray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] C:\Program Files\Rising\Rav\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\scanleak.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] C:\Program Files\Rising\Rav\ravppops.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] C:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [PID: 776 / Administrator] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.27] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\Program Files\Rising\AntiSpyware\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.44] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [PID: 1188 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2712 / Administrator] C:\Program Files\Rising\Rav\RsMain.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\Rav\rspalmgr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.24] C:\Program Files\Rising\Rav\RSXML.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\RsGuiLib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] C:\Program Files\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] C:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\Program Files\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.7] C:\Program Files\Rising\Rav\ravppops.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] C:\Program Files\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\Rav\ravpsafe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.31] C:\Program Files\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] C:\Program Files\Rising\Rav\pubcfg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.57] C:\Program Files\Rising\Rav\rsscanbd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.0] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\ravxpage.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54] C:\Program Files\Rising\Rav\ravxmons.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16] C:\Program Files\Rising\Rav\ravptool.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.15] C:\Program Files\Rising\Rav\log2file.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.15] C:\Program Files\Rising\Rav\htmllib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 2980 / Administrator] C:\Program Files\Rising\Rav\RsAgent.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6] C:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.4] C:\WINDOWS\msagent\AgentMPx.dll [Microsoft Corporation, 2.00.0.2115] [PID: 2936 / Administrator] C:\WINDOWS\msagent\AgentSvr.exe [Microsoft Corporation, 2.00.0.2202] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\msagent\AgentDP2.dll [Microsoft Corporation, 2.00.0.2115] [PID: 980 / Administrator] C:\Program Files\arswp3\ArSwp3.exe [(Verified)Windows 清理助手, 3.0.14.0130] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx [(Verified)Adobe Systems, Inc., 10,0,42,34] ================================================================ 文件关联 ================================================================ Autorun.Inf ================================================================ Winsock提供者 ================================================================ 隐藏进程 ================================================================ 可疑文件 ================================================================ HOSTS [/CODE]