[CODE] 2008-07-31,14:06:28 SysLog Scanner 1.0.0.8.0721 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== 注册项 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-14 08:29 M:2008-07-29 08:36] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 08:29 M:2008-07-29 08:36] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}> [Beijing Rising Technology Co., Ltd., 4.0.0.9, C:2008-07-14 08:29 M:2008-07-14 08:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-07-14 08:13 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-07-14 08:13 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-07-14 08:13 M:2008-05-23 06:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-07-14 08:12 M:2008-02-26 11:01] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-04-14 12:00 M:2008-04-14 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-04-14 12:00 M:2008-04-14 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00|(Verified)N/A, C:2008-05-13 10:51 M:2005-01-28 15:25] ======================================== 启动项 ======================================== 计划任务 ======================================== 组件 ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 08:29 M:2008-07-29 08:36] [瑞星卡卡上网安全助手] {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A} [Beijing Rising Technology Co., Ltd., 4.0.0.9, C:2008-07-14 08:29 M:2008-07-14 08:29] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-05-13 10:28 M:2008-04-14 20:00] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-06-07 20:15 M:2007-05-30 08:28] [PicaView] {68f32140-2ca3-11d0-acc1-444553540000} [ACD Systems, Ltd., 2, 0, 0, 78, C:2008-07-14 08:13 M:2005-10-06 10:17] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 08:29 M:2008-07-29 08:36] [Ulead UDF Driver] {DBD8E168-244D-448C-9922-25508950D1DC} [(Verified)Ulead Systems, Inc., 1, 1, 1, 21, C:2007-03-03 13:48 M:2007-03-03 13:48] ActiveX Extension [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [(Verified)Copyright 2001, 2, 5, 1, 509, C:2007-04-19 18:43 M:2008-07-14 09:42] [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [(Verified)Apple Inc., 7.5 (861), C:2008-05-27 10:50 M:2008-05-27 10:50] [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [(Verified)阿里巴巴软件(上海)有限公司, 1, 0, 0, 5, C:2008-05-24 12:49 M:2008-03-18 12:14] [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [Copyright 2003, 1, 0, 0, 12, C:2005-07-25 15:51 M:2005-07-25 15:51] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 1, 1027, C:2008-04-09 17:07 M:2008-04-09 17:07] [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [Copyright 2003, 1, 0, 0, 5, C:2005-01-26 00:36 M:2005-01-26 00:36] [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2008-07-14 08:13 M:2006-10-18 23:05] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [TencentVmpCtl Class] {D9819BD5-422B-4281-8523-726466ED692B} [Viewpoint Corporation, 3, 3, 0, 37, C:2008-06-07 20:24 M:2005-11-12 04:13] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 08:29 M:2008-07-29 08:36] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2008-06-07 20:15 M:2007-05-30 08:28] ======================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] <%SystemRoot%\system32\Ati2evxx.exe> [(Verified)ATI Technologies Inc., 6.14.10.4190, C:2008-07-14 08:12 M:2008-02-26 11:00] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-07-14 08:27 M:2008-07-29 19:21] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-07-14 08:27 M:2008-07-25 18:02] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-14 08:29 M:2008-07-29 08:36] [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"> [Adobe Systems, 2.67.010, C:2008-07-24 10:05 M:2008-07-24 10:05] [Capture Device Service / Capture Device Service][Stopped/Disabled] <"C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"> [(Verified)InterVideo Inc., 1.0.0.1, C:2007-03-06 10:35 M:2007-03-06 10:35] [Contrl Center of Storm Media / ccosm][Stopped/Disabled] [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-07-14 08:13 M:2008-03-11 14:33] [Help and Support / helpsvc][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [HID Input Service / HidServ][Stopped/Auto Start] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Disabled] <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"> [Hewlett-Packard Company, 1.4.67.1, C:2006-01-20 11:20 M:2006-01-20 11:20] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-14 08:29 M:2008-07-29 08:36] [Ulead Burning Helper / UleadBurningHelper][Stopped/Disabled] [] ======================================== 驱动 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Realtek Semiconductor Corp., 5.10.00.6280 built by: WinDDK, C:2008-07-14 08:17 M:2008-01-24 16:36] [ati2mtag / ati2mtag][Running/Manual Start] [(Verified)ATI Technologies Inc., 6.14.10.6783, C:2008-07-14 08:12 M:2008-02-26 13:51] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-14 12:00 M:2008-04-14 12:00] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-07-14 08:29 M:2008-07-29 08:36] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-07-14 08:29 M:2008-07-29 08:36] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-07-14 08:29 M:2008-07-29 08:36] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54, C:2008-07-14 08:29 M:2008-07-29 08:36] [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-07-14 08:27 M:2008-07-29 19:21] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-04-14 12:00 M:2008-04-14 12:00] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2008-07-14 08:27 M:2008-07-29 19:21] [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] [Beijing Rising Technology Co., Ltd., 3, 0, 0, 28, C:2008-07-14 08:29 M:2008-07-14 08:29] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.34, C:2008-07-14 08:27 M:2008-07-29 19:21] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-07-14 08:29 M:2008-07-29 08:37] [Service for HDMI / RTHDMIAzAudService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.0.5413 built by: WinDDK, C:2008-07-14 08:12 M:2007-05-14 16:12] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2008-07-14 08:11 M:2008-04-13 09:35] [AmdK8 Compatible Device / AmdK8][Stopped/Manual Start] [Advanced Micro Devices, 1.3.1 (dnsrv(wmbla).060510-1126), C:2006-10-28 11:50 M:2006-05-10 17:27] [askd / askd][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\askd.ahc> [N/A, C:2008-07-16 17:22 M:2008-07-29 15:10] [Microsoft HID Class Driver / hidusb][Stopped/Manual Start] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:2006-10-28 11:50 M:2005-06-16 08:58] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-04-14 12:00 M:2008-04-14 12:00] [WINIO / WINIO][Stopped/Manual Start] <\??\E:\按键精灵\hknms.sys> [] [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Stopped/Manual Start] [VM, 4.2.1010.41, C:2008-06-07 22:22 M:2004-12-23 11:21] ======================================== 进程 [PID: 464 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] [PID: 528 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 560 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 12:00 M:2008-05-14 09:33] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-30 00:17] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\WINDOWS\system32\Ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-07-14 08:12 M:2008-02-26 11:01] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 604 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 616 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 768 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4190, C:2008-07-14 08:12 M:2008-02-26 11:00] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-07-14 08:12 M:2008-02-26 11:01] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2530, C:2008-07-14 08:12 M:2008-02-26 11:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 788 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 836 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 912 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] [PID: 928 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\System32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-30 00:17] [PID: 996 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1052 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1088 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-30 00:17] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\PROGRAM FILES\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 84, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\scanpack.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\PROGRAM FILES\RISING\RAV\posttrt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\extole.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-14 08:29 M:2008-07-29 08:37] [PID: 1104 / SYSTEM] C:\Program Files\Rising\Rfw\rfwsrv.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\Program Files\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\Rfwdrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\ijt_ctrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\unvdet.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-30 00:17] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\mPorts.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-07-14 08:27 M:2008-07-29 19:21] [PID: 1128 / SYSTEM] C:\Program Files\Rising\Rfw\rfwProxy.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\Program Files\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\urlrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\MonMid.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] [PID: 1244 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4190, C:2008-07-14 08:12 M:2008-02-26 11:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\WINDOWS\system32\Ati2edxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-07-14 08:12 M:2008-02-26 11:01] C:\WINDOWS\system32\atipdlxx.dll [(Verified)ATI Technologies, Inc., 6, 14, 10, 2530, C:2008-07-14 08:12 M:2008-02-26 11:02] C:\WINDOWS\system32\ati2evxx.dll [(Verified)ATI Technologies Inc., 6.14.10.4176, C:2008-07-14 08:12 M:2008-02-26 11:01] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1508 / SYSTEM] C:\Program Files\Rising\Rfw\rfwstub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\Program Files\Rising\Rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1696 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1796 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-25 10:35] C:\Program Files\WinRAR\rarext.dll [N/A, C:2008-06-07 20:15 M:2007-05-30 08:28] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\shlhook.dll [Beijing Rising Technology Co., Ltd., 4.0.0.9, C:2008-07-14 08:29 M:2008-07-14 08:29] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-25 10:35] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] [PID: 1860 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\sfc_os.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-30 00:17] [PID: 1972 / Administrator] C:\Program Files\Rising\Rfw\RfwMain.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\Program Files\Rising\Rfw\RsGuiLib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RfwCtrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\Program Files\Rising\Rfw\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-14 08:27 M:2008-07-29 19:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-07-14 08:27 M:2008-07-29 19:21] [PID: 364 / Administrator] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] [PID: 428 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] [PID: 1032 / Administrator] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.24, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-07-14 08:29 M:2008-07-29 08:37] C:\Program Files\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-14 08:29 M:2008-07-29 08:36] [PID: 144 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] [PID: 1412 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-04-14 12:00 M:2008-04-14 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] [PID: 328 / LOCAL SERVICE] C:\WINDOWS\system32\wdfmgr.exe [(Verified)Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act), C:2005-01-28 01:36 M:2005-01-28 01:36] [PID: 976 / Administrator] C:\Program Files\Internet Explorer\iexplore.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-13 10:29 M:2008-04-14 20:00] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-25 10:35] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-25 10:35] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] C:\WINDOWS\system32\freeime.ime [极点五笔工作室, 6.2.950, C:2008-06-07 20:28 M:2007-12-28 21:13] C:\WINDOWS\system32\SOGOUPY.IME [(Verified)Sogou.com Inc., 3.3.0.0, C:2008-04-29 17:01 M:2008-04-29 17:01] [PID: 3652 / Administrator] C:\Program Files\Rising\Rav\RsAgent.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-07-14 08:27 M:2008-07-14 08:26] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2008-06-07 20:17 M:2008-06-07 20:17] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-07-14 08:29 M:2008-07-29 08:36] C:\WINDOWS\msagent\AgentMPx.dll [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:55 M:1998-09-15 17:55] [PID: 120 / Administrator] C:\WINDOWS\msagent\AgentSvr.exe [Microsoft Corporation, 2.00.0.2202, C:1998-10-02 13:00 M:1998-10-02 13:00] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] C:\WINDOWS\msagent\AgentDP2.dll [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:51 M:1998-09-15 17:51] [PID: 2488 / Administrator] E:\新版arswp\A r S w p.exe [A,r,S,w,p.com, 2, 8, 0, 723, C:2008-07-31 13:44 M:2008-07-24 10:20] C:\Program Files\Rising\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\Program Files\Rising\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-07-14 08:27 M:2008-07-25 18:02] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-04-14 12:00 M:2008-04-23 01:53] E:\新版arswp\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-07-31 13:44 M:2007-11-28 15:19] ======================================== 文件关联 ======================================== AutoRun.INF ======================================== Winsock提供者 ======================================== HOSTS 127.0.0.1 localhost [/CODE]