[CODE]

2006-11-16,02:46:17

SysLog Scanner 1.0.0.8.0721
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-01-20 11:08 M:2008-07-27 12:44]
    <51GG><F:\Guagua\51GG.exe>  [www.51.com, 1.1.5.265, C:2008-01-15 14:13 M:2008-01-15 14:13]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A, C:2006-11-27 02:30 M:2006-11-27 02:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]
    <{189F087F-4378-405F-85FA-37D955AD7A8C}><C:\WINDOWS\system32\mtewdh.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zgrjdx.dll>  []
    <{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><C:\WINDOWS\system32\zgxfdx.dll>  []
    <{011DB9B9-44B4-44D9-B17E-BC7608F2E549}><C:\WINDOWS\system32\cdwqfs.dll>  []
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&V使用Vagaa哇嘎下载]
    <><E:\qq外挂\Vagaa\Data\vg.htm>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder\Program\geturl.htm>  [N/A, C:2007-07-12 16:14 M:2007-02-28 14:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder\Program\getallurl.htm>  [N/A, C:2007-07-12 16:14 M:2007-02-10 14:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Program Files\QQ2007\AddEmotion.htm>  [N/A, C:2008-05-14 10:29 M:2008-05-14 10:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation, 3.0.0.4396, C:2008-01-20 10:30 M:2005-09-20 10:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:1980-01-01 00:00 M:2004-08-17 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:1980-01-01 00:00 M:2004-08-17 12:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:1980-01-01 00:00 M:2006-11-02 23:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}]
    <PPLive><F:\新建文件夹\PPLive\PPLive.exe>  [(Verified)N/A, C:2008-05-01 19:38 M:2007-03-16 13:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Client.exe]
    <><C:\WINDOWS\system32\windg.exe>  []


========================================
启动项

[彩虹QQ显IP]
    <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\彩虹QQ显IP.lnk --> "C:\Program Files\彩虹QQ\CaiHong.exe"  > [N/A, C:2006-11-18 16:20 M:2006-11-18 16:20]


========================================
计划任务



========================================
组件


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]
[MICROSOFT]
    {189F087F-4378-405F-85FA-37D955AD7A8C}  <C:\WINDOWS\system32\mtewdh.dll>  []
[MICROSOFT]
    {8C41B7F7-3168-400D-A702-0E7EFE0BA304}  <C:\WINDOWS\system32\sgdewg.dll>  []
[MICROSOFT]
    {45AADFAA-DD36-42AB-83AD-0521BBF58C24}  <C:\WINDOWS\system32\zgrjdx.dll>  []
[MICROSOFT]
    {6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}  <C:\WINDOWS\system32\zgxfdx.dll>  []
[MICROSOFT]
    {011DB9B9-44B4-44D9-B17E-BC7608F2E549}  <C:\WINDOWS\system32\cdwqfs.dll>  []
[]
    {E0F3526A-4165-4589-80CD-50B6FBAC3BDA}  <C:\WINDOWS\system32\adsntzt.dll>  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
[]
    {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}  <C:\WINDOWS\system32\cliconfgzx.dll>  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
[]
    {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}  <C:\WINDOWS\system32\certmgrkd.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
[]
    {76D44356-B494-443a-BEDC-AA68DE4255E6}  <C:\WINDOWS\system32\dispexcb.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
[]
    {D3112B69-A745-4805-874E-ABD480EA1299}  <C:\WINDOWS\system32\bootvidgj.dll>  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2006-11-07 01:29 M:2004-08-17 20:00]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-02-01 13:57 M:2006-12-04 18:43]
[Shell Extensions for RealOne Player]
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}  <C:\Program Files\Real\RealPlayer\rpshell.dll>  [RealNetworks, Inc., 1.0.1.2237, C:2007-02-01 14:08 M:2007-02-01 14:08]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.2.9, C:2007-07-12 16:14 M:2007-06-26 17:04]
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 11, C:2008-05-01 19:32 M:2008-08-01 10:32]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 3, 11, C:2007-07-12 16:14 M:2007-06-08 17:49]
[]
    {D47A61B8-0EAB-417F-8DF4-5C949982A2AF}  <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]

ToolBar
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 11, C:2008-05-01 19:32 M:2008-08-01 10:32]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.2.9, C:2007-07-12 16:14 M:2007-06-26 17:04]
[QQToolbar]
    {29CF293A-1E7D-4069-9E11-E39698D0AF95}  <C:\Program Files\Tencent\QQToolbar\IEBar.dll>  [(Verified)TENCENT, 2, 1, 8, 11, C:2008-05-01 19:32 M:2008-08-01 10:32]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll>  [Thunder Networking Technologies,LTD, 5, 0, 3, 20, C:2007-07-12 16:14 M:2007-04-27 18:10]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 3, 11, C:2007-07-12 16:14 M:2007-06-08 17:49]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[]
    {D47A61B8-0EAB-417F-8DF4-5C949982A2AF}  <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]
[PlayerCtrl Class]
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}  <D:\Program Files\QQ2007\QzoneMusic.dll>  [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2007-05-20 16:38 M:2007-05-20 16:38]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2007-02-01 13:57 M:2006-12-04 18:43]


========================================
服务

[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwProxy.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-01-20 11:08 M:2006-11-19 01:39]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-01-20 11:08 M:2008-07-27 12:44]
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
    <%SystemRoot%\system32\svchost -k rpcss --> "C:\WINDOWS\system32\srpcss.dll">  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|N/A, C:2004-08-17 12:00 M:2005-07-26 12:39]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-01-20 11:07 M:2006-11-16 03:30]

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-01-20 11:07 M:2006-11-16 03:30]
[Stormser / Stormser][Stopped/Disabled]
    <C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe>  [暴风网际, 1, 0, 0, 11, C:2006-11-17 21:34 M:2008-06-20 12:35]


========================================
驱动

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [(Verified)Realtek Semiconductor Corp., 5.10.5870 built by: WinDDK, C:2008-01-20 10:29 M:2005-08-18 00:45]
[AliIde / AliIde][Running/Boot Start]
    <System32\DRIVERS\aliide.sys>  [(Verified)Acer Laboratories Inc., 1.20, C:2005-06-29 18:14 M:2005-06-16 08:58]
[CmdIde / CmdIde][Running/Boot Start]
    <System32\DRIVERS\cmdide.sys>  [(Verified)CMD Technology, Inc., 2.0.7 (XPClient.010817-1148), C:2004-04-12 20:37 M:2001-08-31 15:29]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-01-20 11:07 M:2006-11-16 03:30]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-01-20 11:07 M:2006-11-16 03:30]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-01-20 11:07 M:2006-11-16 03:30]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54, C:2008-01-20 11:07 M:2006-11-16 03:30]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rfw\HookUrl.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-01-20 11:08 M:2006-11-19 01:39]
[ialm / ialm][Running/Manual Start]
    <system32\DRIVERS\ialmnt5.sys>  [(Verified)Intel Corporation, 6.14.10.4396, C:2008-01-20 10:30 M:2005-09-20 11:00]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00]
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
    <system32\KeyCrypt.sys>  [ Tencent Technology (Shenzhen) Company Limited, 1, 0, 0, 6, C:2008-05-02 11:20 M:2007-07-26 00:07]
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
    <System32\DRIVERS\rfwbase.SYS>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2008-01-20 11:08 M:2006-11-19 01:38]
[RsFwDrv / RsFwDrv][Running/System Start]
    <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.34, C:2008-01-20 11:08 M:2006-11-19 01:39]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-01-20 11:07 M:2006-11-16 03:31]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    <system32\DRIVERS\RTL8139.SYS>  [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2008-01-20 10:21 M:2004-08-03 22:31]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [N/A, C:2004-08-17 12:00 M:2008-06-20 18:45]

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
    <system32\drivers\ac97intc.sys>  [(Verified)Intel Corporation, 5.10.3523 built by: WinDDK, C:2006-11-07 01:20 M:2001-08-17 12:20]
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
    <System32\DRIVERS\amdk8.sys>  [Advanced Micro Devices, 1.1.0 (srv03_sp1_rtm.050324-1447), C:2005-08-12 09:09 M:2005-05-21 20:43]
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
    <system32\DRIVERS\fetnd5.sys>  [(Verified)VIA Technologies, Inc.              , 2.66, C:2006-11-07 01:20 M:2001-08-17 12:13]
[npkcrypt / npkcrypt][Stopped/Auto Start]
    <\??\D:\Program Files\QQ2007\npkcrypt.sys>  []
[npkycryp / npkycryp][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkycryp.sys>  []
[nv / nv][Stopped/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2006-11-07 01:20 M:2004-08-03 22:29]
[rspp / rspp][Stopped/System Start]
    <\??\C:\WINDOWS\system32\Drivers\Rspp.sys>  [Beijing Rising Technology Co., Ltd, 23, 0, 0, 3, C:2006-11-16 01:04 M:2006-11-16 01:10]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-08-17 12:00 M:2007-11-13 18:25]
[TesSafe / TesSafe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\TesSafe.sys>  [TENCENT, 0, 0, 8, 2, C:2008-05-02 11:20 M:2006-11-16 14:11]


========================================
进程

[PID: 452 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]

[PID: 512 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 536 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2006-09-24 16:42]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 580 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 592 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 728 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 796 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    c:\windows\system32\srpcss.dll  [N/A, C:2004-08-17 12:00 M:2005-07-26 12:39]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 864 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 880 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 936 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 1004 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 1120 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-01-20 11:07 M:2008-01-20 11:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 84, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-05-01 18:53 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19, C:2008-05-01 18:53 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\uroutine.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-05-01 18:53 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-01-20 11:07 M:2006-11-16 03:31]
    C:\PROGRAM FILES\RISING\RAV\extole.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-01-20 11:07 M:2006-11-16 03:31]

[PID: 1132 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-01-20 11:08 M:2008-07-27 12:44]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-01-20 11:07 M:2008-01-20 11:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2008-01-20 11:08 M:2008-07-27 12:44]
    C:\Program Files\Rising\Rfw\ijt_ctrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2008-01-20 11:08 M:2008-07-27 12:44]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\unvdet.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-01-20 11:08 M:2006-11-19 01:39]

[PID: 1196 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwProxy.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-01-20 11:07 M:2008-01-20 11:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-05-13 22:40 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\MonMid.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 1460 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\browselc.dll  [Microsoft Corporation, 6.00.2600.0000, C:1980-01-01 00:00 M:2001-09-29 14:39]
    C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.2.9, C:2007-07-12 16:14 M:2007-06-26 17:04]
    C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 3, 11, C:2007-07-12 16:14 M:2007-06-08 17:49]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-01-20 11:07 M:2006-11-16 03:30]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2007-02-01 13:57 M:2006-12-04 18:43]

[PID: 1484 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwstub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 1824 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]

[PID: 1876 / Administrator]   C:\Program Files\Rising\Rfw\RfwMain.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-01-20 11:08 M:2008-07-27 12:44]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-01-20 11:07 M:2008-01-20 11:06]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\RsGuiLib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RfwCtrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\Program Files\Rising\Rfw\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-01-20 11:08 M:2006-11-19 01:39]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-01-20 11:08 M:2006-11-19 01:39]

[PID: 2252 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]

[PID: 2692 / Administrator]   C:\WINDOWS\system32\conime.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]

[PID: 2992 / Administrator]   D:\Program Files\QQ2007\TXPlatform.exe   [(Verified)Tencent, 1, 0, 170, 0, C:2007-11-18 09:53 M:2007-11-18 09:53]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    D:\Program Files\QQ2007\WSOCK32.DLL  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]

[PID: 3408 / Administrator]   C:\Program Files\Thunder\Program\Thunder5.exe   [Thunder Networking Technologies,LTD, 5, 6, 8, 327, C:2007-07-12 16:14 M:2007-06-27 18:56]
    C:\Program Files\Thunder\Program\ThunderEx.dll  [版权所有 (C) 2006, 1, 1, 5, 10, C:2007-07-12 16:14 M:2007-06-27 19:19]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    D:\Program Files\QQ2007\WSOCK32.DLL  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    C:\Program Files\Thunder\Program\TaskManager.dll  [Thunder Networking Technologies,LTD, 1, 1, 2, 26, C:2007-07-12 16:14 M:2007-06-25 12:40]
    C:\Program Files\Thunder\Program\download_interface.dll  [Thunder Networking Technologies,LTD, 2, 16, 2, 108, C:2007-07-12 16:14 M:2007-06-27 10:21]
    C:\Program Files\Thunder\Program\stlport_vc646.dll  [STLport Consulting, Inc., 4.6.2003.1031, C:2007-07-12 16:14 M:2007-06-27 10:21]
    C:\Program Files\Thunder\Program\asyn_dns.dll  [Thunder Networking Technologies,LTD, 2, 16, 2, 108, C:2007-07-12 16:14 M:2007-06-27 10:21]
    C:\Program Files\Thunder\Program\iTargetAD.dll  [N/A, C:2007-07-12 16:14 M:2007-05-21 16:18]
    C:\Program Files\Thunder\Program\BHOStub.dll  [Thunder Networking Technologies,LTD, 1, 1, 0, 8, C:2007-07-12 16:14 M:2007-06-27 10:21]
    C:\Program Files\Thunder\Components\Security\ThunderSafe.dll  [深圳市迅雷网络技术有限公司, 1, 0, 3, 18, C:2007-07-12 16:14 M:2007-06-25 12:40]
    C:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll  [Thunder Networking Technologies,LTD, 1, 0, 4, 15, C:2007-07-12 16:14 M:2007-06-25 12:40]
    C:\Program Files\Thunder\Program\XLNet.Dll  [Thunder Networking Technologies,LTD, 1, 2, 1, 9, C:2007-07-12 16:14 M:2007-06-25 12:40]
    C:\Program Files\Thunder\Plugins\BhoAdv\bho_adv.dll  [深圳市迅雷网络技术有限公司, 1.0.1.0, C:2007-07-12 16:14 M:2007-01-25 16:38]
    C:\Program Files\Thunder\Program\FloatBar.dll  [Giganology Inc., 1, 0, 0, 2, C:2007-07-12 16:14 M:2007-06-27 10:21]

[PID: 2732 / Administrator]   C:\Program Files\Mozilla Firefox\firefox.exe   [Mozilla Corporation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\js3250.dll  [Netscape Communications Corporation, 4.0, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Mozilla Firefox\nspr4.dll  [Netscape Communications Corporation, 4.6.3, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Mozilla Firefox\xpcom_core.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Mozilla Firefox\plc4.dll  [Netscape Communications Corporation, 4.6.3, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Mozilla Firefox\plds4.dll  [Netscape Communications Corporation, 4.6.3, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Mozilla Firefox\smime3.dll  [Mozilla Foundation, 3.11.3 Basic ECC, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\nss3.dll  [Mozilla Foundation, 3.11.3 Basic ECC, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\softokn3.dll  [Mozilla Foundation, 3.11.3 Basic ECC, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\ssl3.dll  [Mozilla Foundation, 3.11.3 Basic ECC, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\xpcom_compat.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    C:\Program Files\Mozilla Firefox\components\myspell.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\components\jar50.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cwmovyn3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll  [N/A, C:2006-11-21 19:46 M:2007-05-25 16:52]
    C:\Program Files\Mozilla Firefox\xpcom.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:04]
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cwmovyn3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll  [N/A, C:2006-11-21 19:46 M:2007-05-25 16:52]
    C:\Program Files\Mozilla Firefox\freebl3.dll  [Mozilla Foundation, 3.11.3 Basic ECC, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\nssckbi.dll  [Mozilla Foundation, 1.62, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\components\spellchk.dll  [Mozilla Foundation, 1.8.1: 2006101023, C:2009-04-02 16:41 M:2006-10-11 16:05]
    C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll  [(Verified)N/A, C:2008-05-12 23:17 M:2008-03-24 20:21]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-01-20 11:07 M:2006-11-16 03:30]

[PID: 3452 / Administrator]   F:\新建文件夹\新版arswp\A r S w p.exe   [A,r,S,w,p.com, 2, 8, 0, 723, C:2006-11-16 02:45 M:2008-07-24 10:20]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-01-20 11:08 M:2008-07-27 12:43]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37]
    C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys  [N/A, C:2006-11-19 01:49 M:2006-11-19 01:49]
    D:\Program Files\QQ2007\svhuvs.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\loanoltrd.dll  [N/A, C:2004-08-17 12:00 M:2008-02-20 14:50]
    C:\WINDOWS\system32\bootvidgj.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\dispexcb.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\certmgrkd.dll  [N/A, C:2006-11-19 01:45 M:2006-11-19 01:45]
    C:\WINDOWS\system32\cliconfgzx.dll  [N/A, C:2006-11-19 01:44 M:2006-11-19 01:44]
    C:\WINDOWS\system32\adsntzt.dll  [N/A, C:2006-11-19 01:42 M:2006-11-19 01:42]
    C:\WINDOWS\system32\GOOGLEPINYIN.IME  [Google Inc., C:2008-01-07 18:14 M:2008-01-07 18:14]
    F:\新建文件夹\新版arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2006-11-16 02:45 M:2007-11-28 15:19]
    C:\PROGRAM FILES\RISING\RAV\ur023.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-05-01 18:53 M:2006-11-16 03:31]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



[/CODE]