[CODE] 2011-05-15,09:34:16 SysLog Scanner 3.1 - build 20100608 Arswp (http://www.arswp.com) Windows XP Home Edition Service Pack 2 (build 2600) ================================================================ 注册项 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [联想电脑公司, 2, 2, 0, 1] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)NVIDIA Corporation, 6.14.10.9131] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)NVIDIA Corporation, 6.14.10.9131] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] <"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [] <"C:\Program Files\Rising\RFB\SafetyBox.exe" -tray> [(Verified)Beijing Rising Information Technology Co., Ltd., 5.0.1.30] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] [(Verified)Microsoft Corporation, 6.00.7755 | (Verified)Microsoft Corporation, 5.1.2600.3592 (xpsp_sp2_qfe.090622-1503) | (Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)Microsoft Corporation, 6.1.1825.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [(Verified)ATI Technologies Inc., 6.14.10.4131] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components] <{44BBA842-CC51-11CF-AAFA-00AA00B6015B}> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)Microsoft Corporation, 7.00.6000.17055 (vista_gdr.100414-0533) | (Verified)N/A] <{5945c046-1e7d-11d1-bc44-00c04fd912be}> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)Microsoft Corporation, 7.00.6000.17055 (vista_gdr.100414-0533) | (Verified)N/A] <{6BF52A52-394A-11d3-B153-00C04F79FAA6}> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)Microsoft Corporation, 7.00.6000.17055 (vista_gdr.100414-0533) | (Verified)N/A] <{89B4C1CD-B018-4511-B0A1-5476DBF70820}> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] <{8b15971b-5355-4c82-8c07-7e181ea07608}> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | (Verified)Microsoft Corporation, 7.00.6000.17055 (vista_gdr.100414-0533) | (Verified)N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt] <上传到QQ网络硬盘> [] <导出到 Microsoft Excel(&x)> [] <导出到 Microsoft Office Excel(&X)> [] <添加到QQ自定义面板> [] <用QQ彩信发送该图片> [] ================================================================ 启动组 ================================================================ 任务计划 ================================================================ 组件 -------------------------------- ShellExecuteHook [ShlExecHack Class] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6] -------------------------------- Shell Extension [Display Panning CPL Extension] <{42071714-76d4-11d1-8b24-00a0c9068ff3}> [] [HyperTerminal Icon Ext] <{88895560-9AA2-1069-930E-00AA0030EBC8}> [(Verified)Hilgraeve, Inc., 5.1.2600.0] [NvCpl DesktopContext Class] <{A70C977A-BF00-412C-90B7-034C51DA2439}> [(Verified)NVIDIA Corporation, 6.14.10.9131] [任务栏和「开始」菜单] <{0DF44EAA-FF21-4412-828E-260A8728E7F1}> <> [] [Desktop Explorer] <{1CDB2949-8F65-4355-8456-263E7C208A5D}> [N/A] [WinRAR shell extension] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [RISING] <{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6] [Shell Extensions for RealOne Player] <{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}> [RealNetworks, Inc., 1.0.1.2263] [Fusion Cache] <{1D2680C9-0E2A-469d-B787-065558BC7D43}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [ShellLink for Application References] <{e82a2d71-5b2f-43a0-97b8-81be15854de8}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] [ShlExtObj] <{C2F78DA4-01C2-48C5-ACCC-9F65016BB7FB}> [Beijing Rising Information Technology Co., Ltd., 7, 0, 0, 3] -------------------------------- Protocols [Cor MIME Filter, CorFltr, CorFltr 1] <{1E66F26B-79EE-11D2-8710-00C04F79ED0D}> [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)] -------------------------------- Context Menu [RisingRavExt] <{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6] [SimpleShlExt] <{C2F78DA4-01C2-48C5-ACCC-9F65016BB7FB}> [Beijing Rising Information Technology Co., Ltd., 7, 0, 0, 3] [WinRAR] <{B41DB860-8EE4-11D2-9906-E49FADC173CA}> [N/A] [00nView] <{1E9B04FB-F9E5-4718-997B-B8DA88302A48}> [N/A] [NvCplDesktopContext] <{A70C977A-BF00-412C-90B7-034C51DA2439}> [(Verified)NVIDIA Corporation, 6.14.10.9131] -------------------------------- BrowserHelperObject [Thunder Browser Helper] <{2F364305-AA45-47B5-9F9D-39A8B94E7EF7}> [] [VnetCookie Class] <{4E83D567-4697-4F7B-B1F0-A513B01DB89A}> [Copyright 2004, 2005, 4, 6, 1] -------------------------------- ActiveX Extension [InstallHelper Class] <{1DABF8D5-8430-4985-9B7F-A30E53D709B3}> [(Verified)Tencent, 8.13.4822.0] [Thunder Browser Helper] <{2F364305-AA45-47B5-9F9D-39A8B94E7EF7}> [] [VnetCookie Class] <{4E83D567-4697-4F7B-B1F0-A513B01DB89A}> [Copyright 2004, 2005, 4, 6, 1] [Office Update Installation Engine] <{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}> [Microsoft Corporation, 12.0.4613.1006] [RealPlayer G2 Control] <{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}> [RealNetworks, Inc., 6.0.9.2343] [Shockwave Flash Object] <{D27CDB6E-AE6D-11CF-96B8-444553540000}> [(Verified)Adobe Systems, Inc., 10,2,159,1] [PlayerCtrl Class] <{E05BC2A3-9A46-4a32-80C9-023A473F5B23}> [(Verified)Tencent, 7.65.1346.826] ================================================================ 服务 [Application Management / AppMgmt][Stopped/Manual Start] <%SystemRoot%\system32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\appmgmts.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [SafetyBox Service / RsSafetyBoxMon][Running/Auto Start] <"C:\Program Files\Rising\RFB\rssmond.exe"> [Beijing Rising Information Technology Co., Ltd., 5, 0, 0, 0] [Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start] <%SystemRoot%\system32\Ati2evxx.exe> [(Verified)ATI Technologies Inc., 6.14.10.4131] [Contrl Center of Storm Media / ccosm][Running/Auto Start] [(Verified)北京暴风网际科技有限公司, 3, 10, 5, 4] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.10.9131] [Rsd Service / RsMgrSvc][Running/Auto Start] <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.29] [Rav Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\RAV\RavMonD.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14] [RFW Service / RsRFWMon][Running/Auto Start] <"C:\Program Files\Rising\RFW\RavMonD.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14] ================================================================ 驱动 [Rising TDI Base Driver / BaseTDI][Running/Auto Start] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5] [dump_wmimmc / dump_wmimmc][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys> [] [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [] [ExpScaner / ExpScaner][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\ExpScan.sys> [Copyright (C) 2004 Rising, 18, 0, 0, 2] [HookCont / HookCont][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys> [Rising, 19, 0, 0, 3] [HookReg / HookReg][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\HookReg.sys> [版权所有 (@) 2003, 18, 0, 0, 10] [kmsinput / kmsinput][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\kmsinput.sys> [N/A] [LenovoF / LenovoF][Running/Boot Start] [N/A] [LenovoR / LenovoR][Running/System Start] [N/A] [MEMSCAN / MEMSCAN][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys> [瑞星软件有限公司, 18, 0, 0, 7] [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys> [] [NPPTNT2 / NPPTNT2][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npptNT2.sys> [INCA Internet Co., Ltd., 2005, 1, 5, 1] [RsNTGDI / RsNTGDI][Running/Boot Start] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2] [RSPPSYS / RSPPSYS][Running/Auto Start] <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys> [Rising, 18. 0. 0. 3] [SVKP / SVKP][Running/Auto Start] <\??\C:\WINDOWS\system32\SVKP.sys> [AntiCracking, 4.00] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.6030 built by: WinDDK] [AliIde / AliIde][Running/Boot Start] [(Verified)Acer Laboratories Inc., 1.20] [AMD AGP Bus Filter Driver / amdagp][Running/Boot Start] [(Verified)Advanced Micro Devices, Inc., 5.00 (xpsp_sp2_rtm.040803-2158)] [asc / asc][Running/Boot Start] [(Verified)Advanced System Products, Inc., 2.9I-MS (XPClient.010817-1148)] [asc3550 / asc3550][Running/Boot Start] [(Verified)Advanced System Products, Inc., 3.1E-MS (XPClient.010817-1148)] [ati2mtag / ati2mtag][Stopped/Manual Start] [(Verified)ATI Technologies Inc., 6.14.10.6606] [AtpKrnl / AtpKrnl][Stopped/Manual Start] [(Verified)www.arswp.com, 3.00] [CmdIde / CmdIde][Running/Boot Start] [(Verified)CMD Technology, Inc., 2.0.7 (XPClient.010817-1148)] [dac2w2k / dac2w2k][Running/Boot Start] [(Verified)Mylex Corporation, 6.00-21 (XPClient.010817-1148)] [hooksys / hooksys][Running/System Start] <\??\C:\WINDOWS\system32\drivers\Hooksys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 37] [HookTdi / HookTdi][Running/System Start] <\??\C:\WINDOWS\system32\drivers\HookTdi.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.17] [HyperVM / HyperVM][Running/System Start] <\??\C:\WINDOWS\system32\drivers\hvm.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4] [mraid35x / mraid35x][Running/Boot Start] [(Verified)American Megatrends Inc., 6.19 (XPClient.010817-1148)] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.9131] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148)] [ql1080 / ql1080][Running/Boot Start] [(Verified)QLogic Corporation, 3.04] [ql12160 / ql12160][Running/Boot Start] [(Verified)QLogic Corporation, 7.13.02 (W64)] [ql1280 / ql1280][Running/Boot Start] [(Verified)QLogic Corporation, 7.13.01 (W2K)] [rfwaf / rfwaf][Running/Auto Start] <\??\C:\Program Files\Rising\RFW\rfwaf.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 7] [Rising RfwARP Driver / RFWARP][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.1] [Rising RfwNdis Driver / RFWNDIS][Running/Manual Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.4] [rfwtdi / rfwtdi][Running/Auto Start] <\??\C:\Program Files\Rising\RFW\rfwtdi.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.8] [rsfwdrv / rsfwdrv][Running/Auto Start] <\??\C:\Program Files\Rising\RFW\rsfwdrv.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.24] [rsktdi / rsktdi][Running/System Start] <\??\C:\WINDOWS\system32\drivers\rsktdi.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [RsProtect5 Service / RsProtect5][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\RSPROTECT.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 5, 0, 0, 7] [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.621.0304.2005 built by: WinDDK] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086] [SIS AGP Bus Filter / sisagp][Running/Boot Start] [(Verified)Silicon Integrated Systems Corporation, 5.12.01.2010 (xpsp_sp2_rtm.040803-2158)] [Sparrow / Sparrow][Running/Boot Start] [(Verified)Adaptec, Inc., v2.0a (ReleaseBinaries.001205-1804)] [symc810 / symc810][Running/Boot Start] [(Verified)Symbios Logic Inc., 5.1.2409.1 (ReleaseBinaries.001205-1804)] [symc8xx / symc8xx][Running/Boot Start] [(Verified)LSI Logic, 5.1.2409.1 (ReleaseBinaries.001205-1804)] [sym_hi / sym_hi][Running/Boot Start] [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027)] [sym_u3 / sym_u3][Running/Boot Start] [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027)] [ultra / ultra][Running/Boot Start] [(Verified)Promise Technology, Inc., 1.43 (第 0603 版)] ================================================================ 活动进程 [PID: 784 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] C:\WINDOWS\system32\Ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4131] [PID: 1204 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 1220 / SYSTEM] C:\Program Files\Rising\RSD\RsMgrSvc.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.29] C:\Program Files\Rising\RSD\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RSD\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [PID: 1248 / SYSTEM] C:\Program Files\Rising\RAV\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14] C:\Program Files\Rising\RAV\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16] C:\Program Files\Rising\RAV\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RAV\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.12] C:\Program Files\Rising\RAV\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RAV\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.3] C:\Program Files\Rising\RAV\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RAV\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.23] C:\Program Files\Rising\RAV\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.12] C:\Program Files\Rising\RAV\mondrvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] C:\Program Files\Rising\RAV\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 61] C:\Program Files\Rising\RAV\PSAPI.DLL [Microsoft Corporation, 4.00] C:\Program Files\Rising\RAV\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RAV\taskplug.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RAV\mondrvm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] C:\Program Files\Rising\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 32] C:\Program Files\Rising\RAV\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 33] C:\Program Files\Rising\RAV\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 55] C:\Program Files\Rising\RAV\rsindent.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.1.0] C:\Program Files\Rising\RAV\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RAV\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8] C:\Program Files\Rising\RAV\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] C:\Program Files\Rising\RAV\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\hookTdi.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9] C:\Program Files\Rising\RAV\BACore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 57] C:\Program Files\Rising\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] C:\Program Files\Rising\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] C:\Program Files\Rising\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RAV\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.12] C:\Program Files\Rising\RAV\bawhite.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] C:\Program Files\Rising\RAV\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.31] C:\Program Files\Rising\RAV\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68] C:\Program Files\Rising\RAV\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17] C:\Program Files\Rising\RAV\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 28] C:\Program Files\Rising\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] C:\Program Files\Rising\RAV\engext.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16] C:\Program Files\Rising\RAV\vmicore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17] C:\Program Files\Rising\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2] C:\Program Files\Rising\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] C:\Program Files\Rising\RAV\scantj.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9] C:\Program Files\Rising\RAV\extsfx.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] C:\Program Files\Rising\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] C:\Program Files\Rising\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0] C:\Program Files\Rising\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] C:\Program Files\Rising\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RAV\extole.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0] [PID: 1272 / SYSTEM] C:\Program Files\Rising\RFW\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14] C:\Program Files\Rising\RFW\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16] C:\Program Files\Rising\RFW\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RFW\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RFW\MonComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.3] C:\Program Files\Rising\RFW\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RFW\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.7] C:\Program Files\Rising\RFW\rfwrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Rising\RFW\rfwsrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.90] C:\Program Files\Rising\RFW\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\mPorts.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.7] C:\Program Files\Rising\RFW\rfwdrvc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.36] C:\Program Files\Rising\RFW\fishweb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26] C:\Program Files\Rising\RFW\rsindent.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.1.0] C:\Program Files\Rising\RFW\taskplug.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RFW\rfwPgDef.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RFW\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RFW\Rfwdrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.7] C:\Program Files\Rising\RFW\RfwArp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 25.0.0.1] C:\Program Files\Rising\RFW\urlrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RFW\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] C:\Program Files\Rising\RFW\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RFW\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] C:\Program Files\Rising\RFW\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] C:\Program Files\Rising\RFW\rfwproxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 73] C:\Program Files\Rising\RFW\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\fwfish.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4] C:\Program Files\Rising\RFW\fwcomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] C:\Program Files\Rising\RFW\fwfs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] C:\Program Files\Rising\RFW\fwvirlib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] C:\Program Files\Rising\RFW\fwlibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RFW\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] C:\Program Files\Rising\RFW\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\urllib.dll [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [PID: 1924 / lenovo] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] C:\WINDOWS\system32\nvcpl.dll [(Verified)NVIDIA Corporation, 6.14.10.9131] C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.10.9131] C:\WINDOWS\system32\nvshell.dll [N/A] [PID: 292 / lenovo] C:\Program Files\Lenovo\功能键盘\HotKeyB.exe [联想电脑公司, 2, 2, 0, 1] C:\Program Files\Lenovo\功能键盘\kbddrv.dll [N/A] C:\Program Files\Lenovo\功能键盘\MFC42.DLL [Microsoft Corporation, 6.00.8665.0] [PID: 308 / lenovo] C:\WINDOWS\system32\RunDLL32.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] C:\WINDOWS\system32\NvMCTray.dll [(Verified)NVIDIA Corporation, 6.14.10.9131] C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.10.9131] [PID: 372 / SYSTEM] C:\Program Files\StormII\stormliv.exe [(Verified)北京暴风网际科技有限公司, 3, 10, 5, 4] C:\Program Files\StormII\bfoptdll.dll [北京暴风网际科技有限公司, 3, 8, 7, 16] C:\Program Files\StormII\box\BoxLog.dll [(Verified)北京暴风网际科技有限公司, 3, 9, 6, 27] [PID: 416 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.10.9131] [PID: 748 / lenovo] C:\Program Files\Rising\RFW\RSTRAY.EXE [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.11] C:\Program Files\Rising\RFW\comserv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.13] C:\Program Files\Rising\RFW\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RFW\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RFW\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RFW\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\RFW\rfwrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22.0.0.1] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\Program Files\Rising\RFW\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RFW\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.7] C:\Program Files\Rising\RFW\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.11] C:\Program Files\Rising\RFW\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.12] C:\Program Files\Rising\RFW\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.6] C:\Program Files\Rising\RFW\rfwtray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 63] C:\Program Files\Rising\RFW\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.7] C:\Program Files\Rising\RFW\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RAV\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.10] [PID: 844 / lenovo] C:\Program Files\Rising\RAV\RSTRAY.EXE [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.11] C:\Program Files\Rising\RAV\comserv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.13] C:\Program Files\Rising\RAV\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RAV\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.1] C:\Program Files\Rising\RAV\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.2] C:\Program Files\Rising\RAV\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] C:\Program Files\Rising\RAV\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.10] C:\Program Files\Rising\RAV\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.11] C:\Program Files\Rising\RAV\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.4] C:\Program Files\Rising\RAV\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.7] C:\Program Files\Rising\RAV\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10] C:\Program Files\Rising\RAV\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.94] C:\Program Files\Rising\RAV\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.6] C:\Program Files\Rising\RAV\UsbServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RAV\ScanTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.54] C:\Program Files\Rising\RAV\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] C:\Program Files\Rising\RAV\dfw.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.66] C:\Program Files\Rising\RAV\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.30] C:\Program Files\Rising\RAV\GCompt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.51] C:\Program Files\Rising\RAV\Isol.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.14] C:\Program Files\Rising\RAV\rsstore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.12] C:\Program Files\Rising\RAV\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.10] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] [PID: 3560 / lenovo] C:\Program Files\ChinaNet\VnetClient.exe [版权所有 (C) 2004, 2005, 11, 14, 1] C:\Program Files\ChinaNet\Communicate.dll [0, 2005, 3, 3, 1] C:\Program Files\ChinaNet\DialModule.dll [GDCN, 2005, 11, 15, 1] C:\Program Files\ChinaNet\MFC42.DLL [Microsoft Corporation, 6.00.8665.0] C:\PROGRA~1\ChinaNet\CLIENT~1.DLL [Copyright 2004, 2004, 2, 28, 1] C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX [Copyright (C) 2004, 2005, 7, 27, 1] C:\PROGRA~1\ChinaNet\sign.dll [0, 2004, 12, 1, 1] C:\PROGRA~1\ChinaNet\PostPlug.dll [Copyright 2004, 2004, 12, 16, 2] C:\PROGRA~1\ChinaNet\ADVERT~1.OCX [Copyright (C) 2005, 2005, 10, 13, 1] C:\PROGRA~1\ChinaNet\VnetBs.ocx [Copyright (C) 2004, 2004, 11, 18, 1] C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL [Copyright 2004, 2005, 11, 14, 1] C:\PROGRA~1\ChinaNet\AccountMgr.dll [版权所有 (C) 2004, 2005, 11, 14, 17] C:\PROGRA~1\ChinaNet\VnetSkin.ocx [GDDC, 2005, 11, 14, 1] C:\PROGRA~1\ChinaNet\DialogStyle.dll [版权所有 (C) 2004, 1, 0, 0, 1] C:\PROGRA~1\ChinaNet\Timer.ocx [Copyright (C) 2004, 2005, 10, 9, 14] C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX [Copyright (C) 2004, 2005, 2, 24, 1] C:\PROGRA~1\ChinaNet\NEWMES~1.DLL [Copyright 2004, 2005, 8, 26, 1] C:\PROGRA~1\ChinaNet\PassCtrl.dll [Copyright 2004, 1, 0, 0, 1] C:\WINDOWS\system32\wpcap.dll [Politecnico di Torino, 3, 0, 0, 18] C:\WINDOWS\system32\pthreadVC.dll [N/A] C:\WINDOWS\system32\packet.dll [Politecnico di Torino, 3, 0, 0, 18] C:\PROGRA~1\ChinaNet\PlugPush.dll [Copyright 2004, 2004, 12, 21, 1] C:\PROGRA~1\ChinaNet\ALLINT~1.DLL [Copyright 2004, 2004, 11, 23, 1] C:\PROGRA~1\ChinaNet\VNetLog.ocx [Copyright (C) 2005, 2005, 10, 9, 1] C:\PROGRA~1\ChinaNet\StatNum.dll [Copyright 2004, 2004, 11, 18, 1] C:\PROGRA~1\ChinaNet\VNETON~1.OCX [Copyright (C) 2004, 2005, 3, 2, 1] C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL [GDCN, 2005, 10, 9, 1] C:\PROGRA~1\ChinaNet\VnetOptLog.dll [版权所有 (C) 2004, 2005, 9, 13, 9] C:\Program Files\Rising\RAV\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.10] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\PROGRA~1\ChinaNet\DlgSkin.ocx [Copyright (C) 2004, 2005, 11, 14, 1] C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx [(Verified)Adobe Systems, Inc., 10,2,159,1] [PID: 2092 / lenovo] D:\清理助手\arswp3\ArSwp3.exe [(Verified)Windows 清理助手, 3.1.4.1212] C:\Program Files\Rising\RAV\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23.0.0.10] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4] C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx [(Verified)Adobe Systems, Inc., 10,2,159,1] ================================================================ 文件关联 [.scr] <"%1" /S> [N/A] [.dat] <"C:\Program Files\StormII\Storm.exe" /play "%1"> [(Verified)北京暴风网际科技有限公司, 3, 9, 11, 28] [.avi] <"C:\Program Files\StormII\Storm.exe" /play "%1"> [(Verified)北京暴风网际科技有限公司, 3, 9, 11, 28] [.ram] <"C:\Program Files\StormII\Storm.exe" /play "%1"> [(Verified)北京暴风网际科技有限公司, 3, 9, 11, 28] [.rtf] <"C:\Program Files\Microsoft Office\WinWord.exe" "%1"> [Microsoft Corporation, 11.0.6568] [.mod] <"C:\Program Files\StormII\Storm.exe" /play "%1"> [(Verified)北京暴风网际科技有限公司, 3, 9, 11, 28] ================================================================ Autorun.Inf ================================================================ Winsock提供者 ================================================================ 隐藏进程 [PID: 668] C:\Program Files\Rising\RFB\rssmond.exe [Beijing Rising Information Technology Co., Ltd., 5, 0, 0, 0] [PID: 364] C:\Program Files\Rising\RFB\SafetyBox.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 5.0.1.30] ================================================================ 可疑文件 ================================================================ HOSTS 127.0.0.1 localhost [/CODE]