[CODE]

2008-08-08,19:21:46

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:56 M:2005-09-20 10:32]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:57 M:2005-09-20 10:36]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp., 5, 1, 0, 48, C:2008-03-19 15:22 M:2005-11-11 14:07]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00|(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    <搜狐彩电网页版><D:\Program Files\sohutv_web\SysTrayIcon.exe "d:\Program Files\sohutv_web" "52748b0fc2d0a8e33bcdafea15e9cf59" "1.0.0.4" "">  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-03 14:20 M:2008-07-26 20:24]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  []
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  []
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <tsnp2std><C:\WINDOWS\tsnp2std.exe>  [Copyright (C) 2005, 1, 1, 6, 10, C:2008-07-31 11:58 M:2007-05-12 11:19]
    <ZSSnp211><C:\WINDOWS\ZSSnp211.exe>  [ZSMCSNAP, 3, 6, 818, 7, C:2008-03-25 14:42 M:2007-04-06 11:06]
    <Domino><C:\WINDOWS\Domino.exe>  [Copyright (C), 3, 6, 818, 7, C:2008-03-25 14:42 M:2006-08-18 16:58]
    <runeip><"D:\新建文件夹 (2)\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-08-04 18:55 M:2008-08-04 18:54]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-03 14:20 M:2008-07-28 15:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用iTudou下载节目]
    <><d:\My Documents\iTudou\iTudou_Link.HTM>  [N/A, C:2007-03-22 10:28 M:2007-03-22 10:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用影音传送带下载]
    <><C:\Program Files\Xi\NetTransport 2\NTAddLink.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用影音传送带下载全部链接]
    <><C:\Program Files\Xi\NetTransport 2\NTAddList.html>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用快车(Flas&hGet)下载]
    <><E:\FlashGet\ComDlls\Bholink.htm>  [N/A, C:2008-06-12 17:15 M:2008-06-12 17:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用快车(Flash&Get)下载全部链接]
    <><E:\FlashGet\ComDlls\Bhoall.htm>  [N/A, C:2008-06-12 17:15 M:2008-06-12 17:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><E:\Thunder\Program\geturl.htm>  [N/A, C:2007-12-10 14:17 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><E:\Thunder\Program\getallurl.htm>  [N/A, C:2007-12-10 14:17 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><E:\Program Files\QQ2005\AddEmotion.htm>  [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:57 M:2005-09-20 10:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00|(Verified)N/A, C:2004-08-08 04:00 M:2004-08-08 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00|(Verified)N/A, C:2006-01-11 03:32 M:2005-01-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><C:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-08-06 19:51 M:2008-07-10 21:15]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}]
    <浩方对战平台><D:\Platform\GameClient.exe>  [(Verified)上海浩方在线信息技术有限公司, 4.8.3.530, C:2008-07-23 20:41 M:2008-05-30 20:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
    <微软><http://www.microsoft.com/china/index.htm>  []


========================================
启动项

[彩虹QQ显IP]
    <C:\Documents and Settings\new\「开始」菜单\程序\启动\彩虹QQ显IP.lnk --> "E:\彩虹QQ\CaiHong.exe"  > [N/A, C:2008-07-10 16:11 M:2008-07-10 16:11]


========================================
计划任务



========================================
组件


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-03 14:20 M:2008-07-28 15:37]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2006-01-02 02:09 M:2004-08-08 12:00]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2006-01-11 03:20 M:2005-10-10 16:37]
[Tencent Browser Helper]
    {0C7C23EF-A848-485B-873C-0ED954731014}  <C:\Program Files\TENCENT\SSPlus\SAddr1.dll>  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]
[Tencent SearchHook]
    {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9}  <C:\Program Files\TENCENT\SSPlus\SAddr1.dll>  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]
[Tencent AddrDropTarget]
    {A57E074F-56D8-4A33-8112-AAC9693AA909}  <C:\Program Files\TENCENT\SSPlus\SAddr1.dll>  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]
[]
    {669751ED-D558-49AE-B01A-3B374CC7910E}  <C:\WINDOWS\system32\SSup.dll>  [(Verified)TENCENT, 5, 0, 4, 12, C:2008-03-22 13:43 M:2008-08-04 14:30]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-03 14:20 M:2008-07-28 15:37]
[DllRegShlExt extension]
    {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}  <C:\WINDOWS\system32\TudouUpload.dll>  [www.Tudou.com, 1.1.0.0, C:2007-01-24 18:07 M:2007-01-24 18:07]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <E:\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-17 10:00 M:2008-04-07 15:40]
[AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}  <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll>  [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56]
[Tencent Browser Helper]
    {0C7C23EF-A848-485B-873C-0ED954731014}  <C:\Program Files\TENCENT\SSPlus\SAddr1.dll>  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]
[FG2CatchUrl]
    {1F364306-AA45-47B5-9F9D-39A8B94E7EF1}  <E:\FlashGet\ComDlls\bhoCATCH.dll>  [(Verified)FlashGet, 2, 0, 2, 1011, C:2008-06-16 16:20 M:2008-06-16 16:20]
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 12, C:2008-03-22 13:44 M:2008-08-08 13:01]
[]
    {3D898C55-74CC-4B7C-B5F1-45913F123188}  <C:\WINDOWS\system32\IEFastBandV2.dll>  [Micosoft Corporation, 1.0.0.0, C:2008-07-05 09:39 M:2008-07-05 09:39]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <E:\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-17 10:00 M:2008-04-29 14:42]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\urlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-08-04 18:55 M:2008-08-04 18:55]
[urlmon Class]
    {FFFFEECE-FF18-8222-2FB0-2935B9EA0723}  <C:\WINDOWS\system32\1031\urlmon.dll>  []

ToolBar
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 12, C:2008-03-22 13:44 M:2008-08-08 13:01]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <E:\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-17 10:00 M:2008-04-07 15:40]
[MMCPlayer Class]
    {05C1004E-2596-48E5-8E26-39362985EEB9}  <d:\Program Files\sohutv_web\MMCShell.dll>  [(Verified)Sohu.com Inc., 2, 1, 0, 3, C:2008-03-10 15:00 M:2008-03-10 15:00]
[AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}  <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll>  [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56]
[Web Browser Applet Control]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}  <C:\WINDOWS\system32\msjava.dll>  [Microsoft Corporation, 5.00.3810, C:2006-01-13 02:45 M:2003-02-28 18:26]
[Tencent Browser Helper]
    {0C7C23EF-A848-485B-873C-0ED954731014}  <C:\Program Files\TENCENT\SSPlus\SAddr1.dll>  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]
[iTrusPTA Class]
    {1E0DFFCF-27FF-4574-849B-55007349FEDA}  <C:\WINDOWS\system32\aliedit\pta.dll>  [(Verified)Copyright 2001, 2, 5, 1, 509, C:2007-04-19 18:43 M:2008-04-29 10:36]
[FG2CatchUrl]
    {1F364306-AA45-47B5-9F9D-39A8B94E7EF1}  <E:\FlashGet\ComDlls\bhoCATCH.dll>  [(Verified)FlashGet, 2, 0, 2, 1011, C:2008-06-16 16:20 M:2008-06-16 16:20]
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 12, C:2008-03-22 13:44 M:2008-08-08 13:01]
[GDGetTokenInfo Class]
    {3AA9CF07-DF20-48FF-98BE-DED276E40146}  <C:\WINDOWS\system32\GDREAD~1.DLL>  [Copyright 2007, 1, 0, 0, 2, C:2008-05-12 11:56 M:2007-09-12 22:02]
[]
    {3D898C55-74CC-4B7C-B5F1-45913F123188}  <C:\WINDOWS\system32\IEFastBandV2.dll>  [Micosoft Corporation, 1.0.0.0, C:2008-07-05 09:39 M:2008-07-05 09:39]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <E:\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-07-17 10:00 M:2008-05-26 11:09]
[EditCtrl Class]
    {488A4255-3236-44B3-8F27-FA1AECAA8844}  <C:\WINDOWS\system32\aliedit\aliedit.dll>  [(Verified)Copyright 2007, 2, 1, 2, 1, C:2007-04-19 18:46 M:2008-05-20 10:51]
[InfoSecNetSign Class]
    {5CB840B5-A94E-4AD9-B785-4866E3B04476}  <C:\WINDOWS\system32\ICBCNE~1.DLL>  [Infosec Technologies Co., Ltd., 1, 0, 0, 1, C:2008-05-12 11:56 M:2007-11-14 13:33]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-07-17 10:00 M:2008-08-04 12:58]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-07-17 10:00 M:2008-08-04 12:58]
[StormPlayer Object]
    {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}  <C:\Program Files\StormII\mps.dll>  [Biejing Baofeng Inc., 2, 7, 4, 30, C:2007-04-26 18:02 M:2007-04-26 18:02]
[WangWangObj Class]
    {6E213FC7-DD5A-4115-B7E6-D4C7838C361E}  <E:\Program Files\Alisoft\WangWang\WangWangX6.dll>  [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-07-19 13:12 M:2008-03-18 12:14]
[AxInputControl Class]
    {73E4740C-08EB-4133-896B-8D0A7C9EE3CD}  <C:\WINDOWS\system32\INPUTC~1.DLL>  [Copyright 2003, 1, 0, 0, 12, C:2008-05-12 11:56 M:2005-07-25 15:51]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-08-06 19:51 M:2008-08-04 12:58]
[DLoader Class]
    {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}  <C:\WINDOWS\Downloaded Program Files\downloader.dll>  [Sina Com, 1, 0, 0, 12, C:2008-05-09 17:11 M:2008-05-09 17:11]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <E:\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-17 10:00 M:2008-04-29 14:42]
[AxSubmitControl Class]
    {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}  <C:\WINDOWS\system32\SUBMIT~1.DLL>  [Copyright 2003, 1, 0, 0, 5, C:2008-05-12 11:56 M:2005-01-26 00:36]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\urlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-08-04 18:55 M:2008-08-04 18:55]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(263).dll>  [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5803, 60, C:2008-08-06 19:51 M:2008-08-04 12:58]
[Tencent Safety Online Base Module]
    {C09B522F-8AED-4E21-A65C-DC1AB652BAEE}  <C:\WINDOWS\system32\TSOBase\TSOBase.ocx>  [(Verified)Tencent Corporation, 2007, 4, 10, 12, C:2006-12-17 16:10 M:2006-12-17 16:10]
[WebActivater Control]
    {C661F36D-DF85-4EF4-83C7-E107B83D04B1}  <C:\WINDOWS\system32\3DShowVM.ocx>  [QQ, 1, 0, 200, 50, C:2006-03-13 14:00 M:2006-03-13 14:00]
[KooPlayer Control]
    {C728DAB8-FDF5-4CD7-89DD-879D25794C77}  <C:\WINDOWS\system32\CCTVKO~1.OCX>  [(Verified)Koos, 1, 0, 0, 88, C:2008-02-04 12:05 M:2008-02-04 12:12]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2008-07-17 11:32 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[PlayerCtrl Class]
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}  <E:\Program Files\QQ2005\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 162, 202, C:2008-05-15 09:37 M:2008-05-15 09:37]
[PasswordEditCtrl Class]
    {E787FD25-8D7C-4693-AE67-9406BC6E22DF}  <C:\WINDOWS\system32\qqedit\qqedit.dll>  [(Verified)腾讯科技（深圳）有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08]
[BoBoControl Class]
    {EC0978ED-24E3-403C-AB7A-060E388553E6}  <C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx>  [(Verified)广州易播信息科技有限公司, 3.11.1011.2, C:2008-08-03 17:38 M:2007-10-11 18:09]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.263.dll>  [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-08-06 19:51 M:2008-08-04 12:58]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(263).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 0, 181, C:2008-08-06 19:51 M:2008-08-04 12:58]
[FG2CatchUrl]
    {FB5DA724-162B-11D3-8B9B-AA70B4B0B525}  <E:\FlashGet\ComDlls\bhoCATCH.dll>  [(Verified)FlashGet, 2, 0, 2, 1011, C:2008-06-16 16:20 M:2008-06-16 16:20]
[urlmon Class]
    {FFFFEECE-FF18-8222-2FB0-2935B9EA0723}  <C:\WINDOWS\system32\1031\urlmon.dll>  []

Context Menu
[DLLRegSvr]
    {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C}  <C:\WINDOWS\system32\TudouUpload.dll>  [www.Tudou.com, 1.1.0.0, C:2007-01-24 18:07 M:2007-01-24 18:07]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-03 14:20 M:2008-07-28 15:37]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2006-01-11 03:20 M:2005-10-10 16:37]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]

[BoBoTurbo / BoBoTurbo][Running/Auto Start]
    <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe>  [(Verified)广州易播信息科技有限公司, 1, 4, 1011, 2, C:2008-08-03 17:38 M:2007-10-11 18:06]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-03 14:20 M:2008-07-28 15:40]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-03 14:20 M:2008-07-28 15:38]
[Windows Network Media Service / UiPlayer][Running/Auto Start]
    <C:\Program Files\UitvDll\msrv.exe>  [(Verified)UiTV Corporation, 1, 0, 1, 4, C:2008-07-03 13:49 M:2008-07-01 11:56]


========================================
驱动

[a320raid / a320raid][Stopped/Boot Start]
    <System32\DRIVERS\a320raid.sys>  [Adaptec, Inc., v1.02.063, C:2004-09-28 19:42 M:2003-10-16 17:04]
[AAC / AAC][Stopped/Boot Start]
    <System32\DRIVERS\AAC.SYS>  [Adaptec, Inc., 4.1.0.7244, C:2005-05-11 19:50 M:2004-04-14 21:26]
[aar1210 / aar1210][Stopped/Boot Start]
    <System32\DRIVERS\aar1210.sys>  [Adaptec, Inc., v1.00.07, C:2004-04-15 19:54 M:2003-06-03 16:40]
[adpu320 / adpu320][Stopped/Boot Start]
    <System32\DRIVERS\adpu320.sys>  [Adaptec, Inc., 3.0.000.000 built by: WinDDK, C:2004-04-12 20:37 M:2003-09-04 17:52]
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
    <System32\DRIVERS\aec6210.sys>  [ACARD Technology Corp., 5.0.4.3, C:2004-04-12 20:37 M:1999-10-08 15:03]
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
    <System32\DRIVERS\aec6260.sys>  [ACARD Technology Corp., 1.1.4.12, C:2004-04-12 20:37 M:2000-01-11 10:27]
[aec6280 / aec6280][Stopped/Boot Start]
    <System32\DRIVERS\aec6280.sys>  [ACARD Technology Corp., 1, 0, 5, 4, C:2004-04-12 20:37 M:2002-05-31 18:42]
[AEC6290 / AEC6290][Stopped/Boot Start]
    <System32\DRIVERS\AEC6290.SYS>  [ACARD Technology Corp., 1, 0, 5, 4, C:2005-05-11 19:50 M:2002-06-01 14:42]
[AEC67160 / AEC67160][Stopped/Boot Start]
    <System32\DRIVERS\AEC67160.SYS>  [ACARD Technology Corp., 1.01, C:2005-05-11 19:50 M:2001-07-30 00:49]
[AEC671X / AEC671X][Stopped/Boot Start]
    <System32\DRIVERS\AEC671X.SYS>  [ACARD Technology Corp., 5.22, C:2005-05-11 19:50 M:2002-02-24 00:44]
[AEC6880 / AEC6880][Stopped/Boot Start]
    <System32\DRIVERS\AEC6880.SYS>  [ACARD Technology Corp., 2.10, C:2005-05-11 19:50 M:2003-08-24 00:14]
[AEC6890 / AEC6890][Stopped/Boot Start]
    <System32\DRIVERS\AEC6890.sys>  [ACARD Technology Corp., 2.10, C:2004-04-12 20:37 M:2003-08-23 12:14]
[aec68x5 / aec68x5][Stopped/Boot Start]
    <System32\DRIVERS\aec68x5.sys>  [ACARD Technology Corp., 1.053, C:2004-04-15 19:54 M:2003-07-18 15:14]
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [Realtek Semiconductor Corp., 5.10.00.5970 built by: WinDDK, C:2008-03-19 15:22 M:2005-11-22 14:44]
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
    <System32\DRIVERS\amdk8.sys>  [Microsoft Corporation, 6.0.5112.0 (winmain_beta1.050720-1600), C:2005-08-12 09:09 M:2005-07-21 11:08]
[arc / arc][Stopped/Boot Start]
    <system32\drivers\arc.sys>  [Adaptec, Inc., 5.2.0.6586 (NT.050205-1730), C:2005-08-19 19:34 M:2005-07-21 09:31]
[EagleNT / EagleNT][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>  []
[elxstor / elxstor][Stopped/Boot Start]
    <system32\drivers\elxstor.sys>  [Emulex, 5-1.11M0 5/6/2005 WS2K3 32 bit (NT.050404-1245), C:2005-08-19 19:34 M:2005-07-21 09:31]
[FASTSX / FASTSX][Stopped/Boot Start]
    <System32\DRIVERS\FASTSX.SYS>  [Promise Technology, Inc.,  1.02.0000.9, C:2004-04-12 20:37 M:2003-06-30 13:00]
[fasttrak / fasttrak][Stopped/Boot Start]
    <System32\DRIVERS\fasttrak.sys>  [Promise Technology, Inc.,  2.00.0.34, C:2004-04-12 20:37 M:2003-04-25 16:20]
[fasttx2k / fasttx2k][Stopped/Boot Start]
    <System32\DRIVERS\fasttx2k.sys>  [Promise Technology, Inc.,  1.00.0.37, C:2004-04-12 20:37 M:2003-08-06 10:44]
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
    <System32\DRIVERS\fasttx2k2.sys>  [Promise Technology, Inc.,  1.00.0.23, C:2004-04-15 19:54 M:2003-01-31 09:18]
[HpCISSs / HpCISSs][Stopped/Boot Start]
    <system32\drivers\hpcisss.sys>  [Hewlett-Packard Company, 5.11.0.32 Build 2 (x86) (NT.050205-1730), C:2005-08-19 19:36 M:2005-07-21 09:31]
[Hpt366 / Hpt366][Stopped/Boot Start]
    <System32\DRIVERS\Hpt366.sys>  [Microsoft Corporation, 4.00, C:2004-04-12 20:37 M:2001-01-10 13:50]
[HPT371 / HPT371][Stopped/Boot Start]
    <System32\DRIVERS\HPT371.sys>  [HighPoint Technologies, Inc., v1.22, C:2004-04-12 20:37 M:2002-10-22 10:52]
[hpt374 / hpt374][Stopped/Boot Start]
    <System32\DRIVERS\hpt374.sys>  [HighPoint Technologies, Inc., v3.03, C:2004-04-12 20:37 M:2003-07-02 16:23]
[hpt3xx / hpt3xx][Stopped/Boot Start]
    <System32\DRIVERS\hpt3xx.sys>  [HighPoint Technologies, Inc., v2.351, C:2004-04-12 20:37 M:2004-01-05 09:10]
[hptmv / hptmv][Stopped/Boot Start]
    <System32\DRIVERS\hptmv.sys>  [HighPoint Technologies, Inc., v1.04, C:2004-04-15 19:54 M:2004-02-19 10:39]
[hptpro / hptpro][Stopped/Boot Start]
    <System32\DRIVERS\hptpro.sys>  [HighPoint Technologies, Inc., 1.23.12.10, C:2004-04-15 19:54 M:2003-01-27 15:12]
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
    <system32\drivers\iaStor.sys>  [Intel Corporation, 4.7.0.6815, C:2004-04-12 20:37 M:2004-12-17 15:11]
[iirsp / iirsp][Stopped/Boot Start]
    <system32\drivers\iirsp.sys>  [Intel Corp./ICP vortex GmbH, 5.4.22.0, C:2005-08-19 19:36 M:2005-07-21 09:31]
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
    <System32\DRIVERS\iteraid.sys>  [Integrated Technology Express, Inc., v1.6.1.8, C:2004-04-12 20:37 M:2004-02-25 16:46]
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
    <system32\drivers\lsi_sas.sys>  [LSI Logic, 1.20.19.95 (NT.050715-1210), C:2005-08-19 19:36 M:2005-07-21 09:31]
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
    <system32\drivers\lsi_scsi.sys>  [LSI Logic, 1.20.19.95 (NT.050715-1210), C:2005-08-19 19:36 M:2005-07-21 09:31]
[m5228 / m5228][Stopped/Boot Start]
    <System32\DRIVERS\m5228.sys>  [ALi Corporation., 5.024, C:2004-04-12 20:37 M:2003-09-01 19:53]
[m5281 / m5281][Stopped/Boot Start]
    <system32\drivers\m5281.sys>  [ALi Corporation, 5.024, C:2004-04-15 19:54 M:2003-09-03 11:18]
[MegaIDE / MegaIDE][Stopped/Boot Start]
    <System32\DRIVERS\MegaIDE.sys>  [LSI Logic Corporation., 4.1.0709.2003, C:2005-05-11 19:50 M:2003-07-09 16:03]
[megasas / megasas][Stopped/Boot Start]
    <system32\drivers\megasas.sys>  [LSI Logic Corporation, 1.1.0.32 (NT.050205-1730), C:2005-08-19 19:36 M:2005-07-21 09:31]
[mraid2k / mraid2k][Stopped/Boot Start]
    <System32\DRIVERS\mraid2k.sys>  [American Megatrends, Inc., 5.20, C:2004-04-12 20:37 M:2000-11-10 00:00]
[nfrd960 / nfrd960][Stopped/Boot Start]
    <system32\drivers\nfrd960.sys>  [IBM Corporation, 7.10.53 (NT.050205-1730), C:2005-08-19 19:37 M:2005-07-21 09:31]
[npkcrypt / npkcrypt][Stopped/Auto Start]
    <\??\C:\Program Files\QQ2005\npkcrypt.sys>  []
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
    <System32\DRIVERS\NVATABUS.SYS>  [NVIDIA Corporation, 5.10.2600.0507 built by: WinDDK, C:2004-04-12 20:37 M:2005-01-20 08:45]
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
    <system32\DRIVERS\nvraid.sys>  [NVIDIA Corporation, 5.10.2600.0507 built by: WinDDK, C:2005-09-02 10:15 M:2005-01-20 08:45]
[PNP649R / PNP649R][Stopped/Boot Start]
    <System32\DRIVERS\PNP649R.SYS>  [CMD Technology, Inc., 1, 0, 0, 0, C:2005-05-11 19:50 M:2001-06-12 03:39]
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
    <System32\DRIVERS\pnp680.sys>  [Silicon Image, Inc., 1, 0, 0, 12, C:2004-04-12 20:37 M:2002-03-15 17:09]
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
    <System32\DRIVERS\pnp680r.sys>  [Silicon Image, Inc, 1, 0, 1, 7, C:2004-04-12 20:37 M:2002-05-31 16:35]
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
    <\SystemRoot\System32\drivers\prodrv06.sys>  [Protection Technology, 6.29, C:2003-10-10 21:06 M:2003-10-10 21:06]
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
    <System32\drivers\prohlp02.sys>  [Protection Technology, 2.29, C:2003-10-10 22:06 M:2003-10-10 22:06]
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
    <System32\drivers\prosync1.sys>  [Protection Technology, 1.5, C:2003-09-06 20:22 M:2003-09-06 20:22]
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
    <system32\drivers\ql2300.sys>  [QLogic Corporation, 9.0.0.7 (w32), C:2005-08-19 19:37 M:2005-07-21 09:32]
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
    <System32\DRIVERS\RAIDSRC.SYS>  [Intel/ICP, 5.3.15, C:2005-05-11 19:50 M:2003-12-17 22:26]
[S150SX8 / S150SX8][Stopped/Boot Start]
    <System32\DRIVERS\S150SX8.SYS>  [Promise Technology, Inc.,  1.00.0.51, C:2005-05-11 19:50 M:2004-07-23 17:11]
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
    <System32\drivers\sfhlp01.sys>  [Protection Technology, 1.4, C:2003-09-06 20:27 M:2003-09-06 20:27]
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
    <System32\DRIVERS\SI3112.sys>  [Silicon Image, Inc., 1, 1, 0, 52, C:2004-04-15 19:54 M:2003-09-04 12:45]
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
    <system32\drivers\SI3112r.sys>  [Silicon Image, Inc, 1, 0, 0, 40, C:2004-04-15 19:54 M:2003-09-22 13:46]
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
    <System32\DRIVERS\SI3114.sys>  [Silicon Image, Inc., 1, 2, 0, 5, C:2004-04-15 19:54 M:2003-09-03 12:05]
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
    <System32\DRIVERS\SI3114R.sys>  [Silicon Image, Inc, 1, 0, 0, 1, C:2004-04-15 19:54 M:2003-09-22 13:46]
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
    <System32\DRIVERS\SI3124.sys>  [Silicon Image, Inc., 1, 0, 0, 7, C:2004-04-15 19:54 M:2003-12-12 13:45]
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
    <System32\DRIVERS\SI3124R.sys>  [Silicon Image, Inc, 1, 0, 0, 2, C:2004-04-15 19:54 M:2004-02-03 16:17]
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
    <System32\DRIVERS\SiWinAcc.sys>  [Silicon Image, Inc., 1.0.0.8, C:2004-04-12 20:37 M:2003-10-15 10:28]
[SISIDE / SISIDE][Stopped/Boot Start]
    <System32\DRIVERS\SISIDE.SYS>  [Silicon Integrated Systems Corp., 2.04.00.00 built by: WinDDK, C:2004-04-12 20:37 M:2003-03-25 17:50]
[SiSRaid / SiSRaid][Stopped/Boot Start]
    <System32\DRIVERS\SiSRaid.sys>  [Silicon Integrated Systems, 5.1.1039.1050 built by: WinDDK, C:2004-04-12 20:37 M:2003-12-09 15:43]
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
    <System32\DRIVERS\SiSRaid1.sys>  [Silicon Integrated Systems, 5.1.1039.1050 built by: WinDDK, C:2004-04-15 19:54 M:2003-12-09 15:50]
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
    <System32\DRIVERS\SISRAIDS.SYS>  [Silicon Integrated Systems Corp, 2.01.00, C:2005-05-11 19:50 M:2004-07-29 19:50]
[sptd / sptd][Running/Boot Start]
    <System32\Drivers\sptd.sys>  [N/A, C:2008-08-04 18:47 M:2008-08-04 18:47]
[sptrak / sptrak][Stopped/Boot Start]
    <System32\DRIVERS\sptrak.sys>  [Promise Technology, Inc., 1.10 Build 41, C:2004-04-15 19:54 M:2002-11-26 15:48]
[SYMMPI / SYMMPI][Stopped/Boot Start]
    <System32\DRIVERS\SYMMPI.SYS>  [LSI Logic, 1.10.00.00 built by: WinDDK, C:2005-05-11 19:50 M:2004-04-13 02:45]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245), C:2004-08-08 04:00 M:2008-06-20 18:45]
[UlSata / UlSata][Stopped/Boot Start]
    <System32\DRIVERS\ulsata.sys>  [Promise Technology, Inc.,  1.00.0.27, C:2004-04-12 20:37 M:2003-06-12 10:47]
[ULSATAS / ULSATAS][Stopped/Boot Start]
    <System32\DRIVERS\ULSATAS.SYS>  [Promise Technology, Inc.,  1.00.0.25, C:2005-05-11 19:50 M:2004-06-18 22:42]
[viamraid / viamraid][Stopped/Boot Start]
    <system32\DRIVERS\viamraid.sys>  [VIA Technologies inc,.ltd, 5.1.2600.310, C:2004-10-28 20:10 M:2004-05-18 16:55]
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
    <System32\DRIVERS\viapdsk.sys>  [VIA Technologies, Inc., 5.1.2600.104, C:2004-04-12 20:37 M:2003-10-31 11:22]
[viaraid / viaraid][Stopped/Boot Start]
    <System32\DRIVERS\viaraid.sys>  [VIA Technologies inc,.ltd, 5.1.2600.210, C:2004-04-12 20:37 M:2003-10-31 11:20]
[viasraid / viasraid][Stopped/Boot Start]
    <system32\drivers\viasraid.sys>  [VIA Technologies inc,.ltd, 5.1.2600.220, C:2004-04-15 19:54 M:2003-10-31 11:22]
[vmscsi / vmscsi][Stopped/Boot Start]
    <system32\drivers\vmscsi.sys>  [VMware, Inc., 1, 2, 0, 0, C:2004-04-12 20:37 M:2004-01-31 15:13]
[vvftav / vvftav][Running/Manual Start]
    <system32\drivers\vvftav.sys>  [Vimicro Corporation, 5.0.0.0, C:2008-07-31 13:25 M:2007-08-31 10:00]
[USB PC Camera Service ZSMC30x / ZSMC30x][Running/Manual Start]
    <System32\Drivers\ZS211.sys>  [ZSMC.Corporation, 211, 0, 0, 0, C:2008-03-25 14:42 M:2007-08-03 10:27]

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
    <system32\drivers\ac97intc.sys>  [(Verified)Intel Corporation, 5.10.3523 built by: WinDDK, C:2006-01-02 02:04 M:2001-08-17 12:20]
[AliIde / AliIde][Running/Boot Start]
    <System32\DRIVERS\aliide.sys>  [(Verified)Acer Laboratories Inc., 1.20, C:2005-06-29 18:14 M:2005-06-16 08:58]
[asc / asc][Stopped/Boot Start]
    <System32\DRIVERS\asc.sys>  [(Verified)Advanced System Products, Inc., 2.9I-MS (XPClient.010817-1148), C:2004-04-15 19:54 M:2001-08-17 13:52]
[asc3550 / asc3550][Stopped/Boot Start]
    <System32\DRIVERS\asc3550.sys>  [(Verified)Advanced System Products, Inc., 3.1E-MS (XPClient.010817-1148), C:2004-04-12 20:37 M:2001-08-17 13:51]
[CmdIde / CmdIde][Running/Boot Start]
    <System32\DRIVERS\cmdide.sys>  [(Verified)CMD Technology, Inc., 2.0.7 (XPClient.010817-1148), C:2004-04-12 20:37 M:2001-08-31 15:29]
[dac2w2k / dac2w2k][Stopped/Boot Start]
    <System32\DRIVERS\dac2w2k.sys>  [(Verified)Mylex Corporation, 6.00-21 (XPClient.010817-1148), C:2004-04-12 20:37 M:2001-08-17 13:52]
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
    <system32\DRIVERS\fetnd5.sys>  [(Verified)VIA Technologies, Inc.              , 2.66, C:2006-01-02 02:04 M:2001-08-17 12:13]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-07-03 14:20 M:2008-07-28 15:39]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-07-03 14:20 M:2008-07-28 15:39]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-07-03 14:20 M:2008-07-28 15:39]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54, C:2008-07-03 14:20 M:2008-07-28 15:38]
[ialm / ialm][Running/Manual Start]
    <system32\DRIVERS\ialmnt5.sys>  [(Verified)Intel Corporation, 6.14.10.4396, C:2006-01-11 02:57 M:2005-09-20 11:00]
[mraid35x / mraid35x][Stopped/Boot Start]
    <System32\DRIVERS\mraid35x.sys>  [(Verified)American Megatrends Inc., 6.19 (XPClient.010817-1148), C:2004-04-15 19:54 M:2001-08-17 13:52]
[nv / nv][Stopped/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2006-01-02 02:04 M:2004-08-03 22:29]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-08 04:00 M:2004-08-08 04:00]
[ql1080 / ql1080][Stopped/Boot Start]
    <System32\DRIVERS\ql1080.sys>  [(Verified)QLogic Corporation, 3.04, C:2004-04-12 20:37 M:2001-08-17 13:52]
[ql12160 / ql12160][Stopped/Boot Start]
    <System32\DRIVERS\ql12160.sys>  [(Verified)QLogic Corporation, 7.13.02 (W64), C:2004-04-15 19:54 M:2001-08-17 13:52]
[ql1280 / ql1280][Stopped/Boot Start]
    <System32\DRIVERS\ql1280.sys>  [(Verified)QLogic Corporation, 7.13.01 (W2K), C:2004-04-15 19:54 M:2001-08-17 13:52]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-07-03 14:20 M:2008-07-28 15:42]
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
    <system32\DRIVERS\Rtnicxp.sys>  [(Verified)Realtek Semiconductor Corporation                           , 5,635,0923,2005 built by: WinDDK, C:2006-01-11 02:57 M:2005-09-30 11:11]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-08-08 04:00 M:2007-11-13 18:25]
[Sparrow / Sparrow][Stopped/Boot Start]
    <System32\DRIVERS\sparrow.sys>  [(Verified)Adaptec, Inc., v2.0a (ReleaseBinaries.001205-1804), C:2004-04-12 20:37 M:2001-08-17 14:07]
[symc810 / symc810][Stopped/Boot Start]
    <System32\DRIVERS\symc810.sys>  [(Verified)Symbios Logic Inc., 5.1.2409.1 (ReleaseBinaries.001205-1804), C:2004-04-12 20:37 M:2001-08-17 14:07]
[symc8xx / symc8xx][Stopped/Boot Start]
    <System32\DRIVERS\symc8xx.sys>  [(Verified)LSI Logic, 5.1.2409.1 (ReleaseBinaries.001205-1804), C:2004-04-12 20:37 M:2001-08-17 14:07]
[sym_hi / sym_hi][Stopped/Boot Start]
    <System32\DRIVERS\sym_hi.sys>  [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2004-04-15 19:54 M:2001-08-17 14:07]
[sym_u3 / sym_u3][Stopped/Boot Start]
    <System32\DRIVERS\sym_u3.sys>  [(Verified)LSI Logic, 5.1.2462.0 (Lab01_N.010309-0027), C:2004-04-15 19:54 M:2001-08-17 14:07]
[TesSafe / TesSafe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\TesSafe.sys>  [(Verified)TENCENT, 0, 0, 8, 2, C:2008-07-22 20:42 M:2008-07-30 19:29]
[TSKSP / TSKSP][Stopped/Manual Start]
    <\??\D:\QQ医生 1.6Beta\TSKSP.sys>  [(Verified)Tencent, 2008, 6, 4, 10, C:2008-06-06 17:10 M:2008-06-06 17:10]
[ultra / ultra][Stopped/Boot Start]
    <System32\DRIVERS\ultra.sys>  [(Verified)Promise Technology, Inc.,  1.43 (第 0603 版), C:2004-04-12 20:37 M:2001-08-17 13:52]


========================================
进程

[PID: 504 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]

[PID: 568 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]

[PID: 592 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 636 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 648 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 796 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 864 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 928 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 956 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 996 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1044 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1188 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 15:01 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-07-03 14:20 M:2008-07-26 20:26]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-07-03 14:20 M:2008-07-28 15:39]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-07-03 14:20 M:2008-07-28 15:39]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-07-03 14:20 M:2008-07-28 15:39]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-07-03 14:20 M:2008-07-28 15:43]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-07-03 14:20 M:2008-07-28 15:39]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-07-03 14:20 M:2008-07-28 15:44]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-07-03 14:20 M:2008-07-28 15:44]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-07-03 14:20 M:2008-07-28 15:39]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87, C:2008-07-03 14:20 M:2008-08-05 16:05]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\uroutine.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-03 14:20 M:2008-07-28 15:41]

[PID: 1340 / new]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-08 04:00 M:2007-06-13 21:21]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-03 14:20 M:2008-07-28 15:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll  [Adobe Systems, Inc., 7.0.0.0, C:2004-12-14 02:20 M:2004-12-14 02:20]
    E:\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-07-17 10:00 M:2008-04-07 15:40]
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll  [(Verified)Adobe Systems Incorporated, 7.0.0.2004121400, C:2004-12-14 01:56 M:2004-12-14 01:56]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\IEFastBandV2.dll  [Micosoft Corporation, 1.0.0.0, C:2008-07-05 09:39 M:2008-07-05 09:39]
    E:\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-07-17 10:00 M:2008-04-29 14:42]
    E:\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-07-08 19:51 M:2008-07-08 19:51]
    E:\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-07-08 19:51 M:2008-07-08 19:51]
    C:\Program Files\TENCENT\SSPlus\SAddr1.dll  [(Verified)Tencent, 5, 0, 7, 12, C:2008-07-29 16:41 M:2008-07-15 11:06]

[PID: 1508 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-08 04:00 M:2005-06-11 07:53]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1636 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1796 / SYSTEM]   C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe   [(Verified)广州易播信息科技有限公司, 1, 4, 1011, 2, C:2008-08-03 17:38 M:2007-10-11 18:06]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1968 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 2032 / SYSTEM]   C:\Program Files\UitvDll\msrv.exe   [(Verified)UiTV Corporation, 1, 0, 1, 4, C:2008-07-03 13:49 M:2008-07-01 11:56]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\UitvDll\UiPlay.dll  [(Verified)UiTV Corporation, 3.0.5.2, C:2008-07-03 13:49 M:2008-08-06 12:38]

[PID: 260 / LOCAL SERVICE]   C:\WINDOWS\system32\wdfmgr.exe   [(Verified)Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act), C:2005-01-28 01:36 M:2005-01-28 01:36]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]

[PID: 1300 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\System32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]

[PID: 2164 / new]   C:\WINDOWS\system32\hkcmd.exe   [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:56 M:2005-09-20 10:32]
    C:\WINDOWS\system32\hccutils.DLL  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:56 M:2005-09-20 10:31]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\igfxsrvc.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:57 M:2005-09-20 10:32]
    C:\WINDOWS\system32\igfxres.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2003-03-19 14:52 M:2005-09-20 10:36]

[PID: 2176 / new]   C:\WINDOWS\system32\igfxpers.exe   [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:57 M:2005-09-20 10:36]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\igfxsrvc.dll  [(Verified)Intel Corporation, 3.0.0.4396, C:2006-01-11 02:57 M:2005-09-20 10:32]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]

[PID: 2192 / new]   C:\WINDOWS\SOUNDMAN.EXE   [Realtek Semiconductor Corp., 5, 1, 0, 48, C:2008-03-19 15:22 M:2005-11-11 14:07]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 2232 / new]   C:\WINDOWS\system32\Rundll32.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]

[PID: 2292 / new]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-03 14:20 M:2008-07-26 20:24]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 2344 / new]   C:\Program Files\Rising\Rav\Ravmon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.24, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 15:01 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-03 14:20 M:2008-07-28 15:41]
    C:\Program Files\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-03 14:20 M:2008-07-28 15:38]
    C:\Program Files\Rising\Rav\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-03 14:20 M:2008-07-26 20:24]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rav\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-07-03 14:20 M:2008-07-26 20:24]
    C:\Program Files\Rising\Rav\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-03 14:20 M:2008-07-28 15:41]

[PID: 2368 / new]   C:\WINDOWS\ZSSnp211.exe   [ZSMCSNAP, 3, 6, 818, 7, C:2008-03-25 14:42 M:2007-04-06 11:06]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-08 04:00 M:2004-08-08 04:00]
    C:\WINDOWS\system32\ZS211Prp.Ax  [ZSMC, 3, 6, 703, 15, C:2008-03-25 14:42 M:2007-09-20 16:08]

[PID: 2392 / new]   C:\WINDOWS\Domino.exe   [Copyright (C), 3, 6, 818, 7, C:2008-03-25 14:42 M:2006-08-18 16:58]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-08 04:00 M:2004-08-08 04:00]

[PID: 2440 / new]   D:\新建文件夹 (2)\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-08-04 18:55 M:2008-08-04 18:54]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-08-04 18:55 M:2008-08-04 18:55]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    D:\新建文件夹 (2)\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-24 09:14 M:2008-08-04 18:55]
    D:\新建文件夹 (2)\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-07-24 09:14 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-07-24 09:14 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-04 18:55 M:2008-08-04 18:55]
    D:\新建文件夹 (2)\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.24, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.32, C:2008-08-04 18:55 M:2008-08-04 18:55]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-03 14:20 M:2008-07-28 15:40]

[PID: 2820 / new]   C:\WINDOWS\system32\igfxbers.exe   [Micosoft Corporation, 1.0.0.0, C:2008-07-05 09:39 M:2008-07-05 09:39]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.24, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-04 18:55 M:2008-08-04 18:55]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]

[PID: 3836 / new]   d:\My Documents\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 0, 728, C:2008-07-29 22:36 M:2008-07-29 22:36]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.24, C:2008-08-04 18:55 M:2008-08-04 18:54]
    D:\新建文件夹 (2)\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-04 18:55 M:2008-08-04 18:55]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll  [(Verified)TENCENT, 5, 0, 4, 11, C:2008-07-29 16:41 M:2008-07-09 10:33]
    d:\My Documents\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]