[CODE]

2008-09-29,20:43:56

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <nwiz><nwiz.exe /install>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp., 5, 1, 0, 58, C:2000-11-16 19:44 M:2006-11-17 05:42]
    <VMSnap5><C:\WINDOWS\VMSnap5.EXE>  [Vimicro, 4, 2, 1124, 6, C:2000-11-17 20:30 M:2006-06-28 17:39]
    <Domino><C:\WINDOWS\Domino.EXE>  [Vimicro, 4, 2, 1124, 6, C:2000-11-17 20:30 M:2006-06-28 17:54]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-04-20 19:51 M:2008-07-26 20:34]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-04-20 19:57 M:2008-07-25 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
    <nmzy_df><C:\WINDOWS\system\zyndle080928.exe>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-20 19:51 M:2008-07-28 15:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载]
    <><C:\Program Files\Tencent\QQDownload\geturl.htm>  [N/A, C:2008-03-17 17:27 M:2008-03-17 17:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&使用超级旋风下载全部链接]
    <><C:\Program Files\Tencent\QQDownload\getAllurl.htm>  [N/A, C:2007-01-16 17:34 M:2007-01-16 17:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-08-22 14:21 M:2008-07-28 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-08-22 14:21 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><C:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-05-14 10:29 M:2008-05-14 10:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><C:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-08-22 14:21 M:2008-08-12 17:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}]
    <浩方对战平台><C:\Program Files\Holdfast\Platform\GameClient.exe>  [(Verified)上海浩方在线信息技术有限公司, 4.8.3.530, C:2008-05-30 20:20 M:2008-05-30 20:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{95B3F550-91C4-4627-BCC4-521288C52977}]
    <PPLive><C:\Program Files\PPLive\PPLive.exe>  [(Verified)N/A, C:2008-08-09 09:03 M:2007-03-16 13:46]


========================================
启动项

[QQ游戏启动加速程序]
    <C:\Documents and Settings\ZYS-S\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> "C:\Program Files\Tencent\QQGame\Accel.exe"  > [(Verified)深圳市腾讯计算机系统有限公司, 2, 0, 103, 5, C:2008-03-18 18:09 M:2008-03-18 18:09]


========================================
计划任务



========================================
组件


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-20 19:51 M:2008-07-28 15:26]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2000-11-16 19:00 M:2004-06-06 14:13]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2000-11-16 19:17 M:2006-12-05 08:19]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[EncryptFile]
    {D55189EB-2826-4834-8E59-582B05CA99CA}  <C:\PROGRA~1\Wopti\WOPTIE~1.DLL>  [(Verified)共软网络, 1.0.8.103, C:2008-04-17 19:03 M:2008-01-03 13:51]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-20 19:51 M:2008-07-28 15:26]

Protocols
[]
    {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}  <C:\WINDOWS\system32\KuGoo3DownXControl.ocx>  [酷狗, 5.0.0.0, C:2008-04-21 16:53 M:2008-02-01 13:15]
[Microsoft Infotech Storage Protocol for IE 4.0]
    {0A9007C0-4076-11D3-8789-0000F8105754}  <C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL>  [Microsoft Corporation, 05.02.9336.01, C:2000-04-19 18:47 M:2000-04-19 18:47]

BrowserHelperObject
[QQCycloneHelper Class]
    {00000000-12C9-4305-82F9-43058F20E8D2}  <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll>  [(Verified)腾讯公司, 1, 1, 0, 5, C:2008-07-01 12:09 M:2008-07-01 12:09]
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-22 14:22 M:2008-06-13 09:43]
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\BaiduBar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-22 14:22 M:2008-06-13 09:43]
[Download_Bho Class]
    {A986E409-30CC-4185-89BB-AB212C104524}  <C:\Program Files\PPLiveVA\DownloaderManager.dll>  [(Verified)Copyright (C) 2008 Synacast Coperation., 1.0.0.5, C:2008-08-09 09:04 M:2008-08-11 17:15]
[Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1019, 5266, C:2008-08-02 06:42 M:2008-08-02 06:42]

ToolBar
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\BaiduBar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1019, 5266, C:2008-08-02 06:42 M:2008-08-02 06:42]

ActiveX Extension
[QQCycloneHelper Class]
    {00000000-12C9-4305-82F9-43058F20E8D2}  <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll>  [(Verified)腾讯公司, 1, 1, 0, 5, C:2008-07-01 12:09 M:2008-07-01 12:09]
[Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1019, 5266, C:2008-08-02 06:42 M:2008-08-02 06:42]
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-22 14:22 M:2008-06-13 09:43]
[InstallHelper Class]
    {1DABF8D5-8430-4985-9B7F-A30E53D709B3}  <C:\Program Files\Tencent\QQLive\QQLiveInstaller.dll>  [Copyright (C) 2005 - 2007 TENCENT Inc. All Rights Reserved. 腾讯公司 版权所有 (C) 2005 - 2007, 6.10.3612.6, C:2008-01-07 17:34 M:2008-01-07 17:34]
[&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1019, 5266, C:2008-08-02 06:42 M:2008-08-02 06:42]
[PhotoDraw Class]
    {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD}  <C:\Program Files\Tencent\Qzone\QQPhotoDraw.dll>  [(Verified)TENCENT, 1, 6, 108, 130, C:2007-08-25 10:03 M:2007-08-25 10:03]
[RealPlayer RAM Download Handler]
    {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-08-22 14:22 M:2008-06-13 09:43]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-08-22 14:22 M:2008-08-18 19:31]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-08-22 14:22 M:2008-08-18 19:31]
[AxInputControl Class]
    {73E4740C-08EB-4133-896B-8D0A7C9EE3CD}  <C:\WINDOWS\system32\INPUTC~1.DLL>  [Copyright 2003, 1, 0, 0, 12, C:2008-05-19 23:18 M:2005-07-25 15:51]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-08-22 14:22 M:2008-08-18 19:31]
[BandIE Class]
    {77FEF28E-EB96-44FF-B511-3185DEA48697}  <C:\PROGRA~1\baidu\bar\BaiduBar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-22 14:22 M:2008-06-13 09:43]
[TTPlayer ActiveX Control]
    {89AE5F82-410A-4040-9387-68D1144EFD03}  <C:\Program Files\TTPlayer\ttpctrl.dll>  [Alen Soft, 2.0.0.0, C:2008-07-03 11:25 M:2008-07-03 11:25]
[AxSubmitControl Class]
    {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2}  <C:\WINDOWS\system32\SUBMIT~1.DLL>  [Copyright 2003, 1, 0, 0, 5, C:2008-05-19 23:18 M:2005-01-26 00:36]
[LiveMediaOcx Control]
    {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A}  <C:\PROGRA~1\Tencent\QQLive\QQLive.ocx>  [Tencent, 6.10.3612.6, C:2008-01-07 17:29 M:2008-01-07 17:29]
[Tool Class]
    {A7F05EE4-0426-454F-8013-C41E3596E9E9}  <C:\PROGRA~1\baidu\bar\BaiduBar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Download_Bho Class]
    {A986E409-30CC-4185-89BB-AB212C104524}  <C:\Program Files\PPLiveVA\DownloaderManager.dll>  [(Verified)Copyright (C) 2008 Synacast Coperation., 1.0.0.5, C:2008-08-09 09:04 M:2008-08-11 17:15]
[Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7}  <c:\program files\google\googletoolbar1.dll>  [(Verified)Google Inc., 4, 0, 1019, 5266, C:2008-08-02 06:42 M:2008-08-02 06:42]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.63.(59).dll>  [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5804, 63, C:2008-08-22 14:22 M:2008-08-18 19:31]
[百度工具栏]
    {B580CF65-E151-49C3-B73F-70B13FCA8E86}  <C:\PROGRA~1\baidu\bar\BaiduBar.dll>  [(Verified)Baidu.com, Inc., 2, 0, 2, 179, C:2007-12-12 15:49 M:2008-07-28 10:02]
[Tencent Safety Online Base Module]
    {C09B522F-8AED-4E21-A65C-DC1AB652BAEE}  <C:\WINDOWS\system32\TSOBase\TSOBase.ocx>  [(Verified)Tencent Corporation, 2007, 4, 10, 12, C:2006-12-17 16:10 M:2006-12-17 16:10]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\WINDOWS\system32\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx>  [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32]
[KUpdateObj2 Class]
    {D82303B7-A754-4DCB-8AFC-8CF99435AACE}  <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll>  [(Verified)Kingsoft Corporation, 2008,05,04,77, C:2008-05-04 14:53 M:2008-05-04 14:53]
[PasswordEditCtrl Class]
    {E787FD25-8D7C-4693-AE67-9406BC6E22DF}  <C:\WINDOWS\system32\qqedit\qqedit.dll>  [(Verified)腾讯科技（深圳）有限公司, 1, 1, 0, 5, C:2008-01-07 17:08 M:2008-01-07 17:08]
[BoBoControl Class]
    {EC0978ED-24E3-403C-AB7A-060E388553E6}  <C:\WINDOWS\Downloaded Program Files\BoBo_ActiveX_V3.ocx>  [(Verified)广州易播信息科技有限公司, 3.11.1011.2, C:2008-04-17 23:02 M:2008-04-17 23:02]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(59).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 5835, 191, C:2008-08-22 14:22 M:2008-08-18 19:31]

Context Menu
[EncryptFile]
    {D55189EB-2826-4834-8E59-582B05CA99CA}  <C:\PROGRA~1\Wopti\WOPTIE~1.DLL>  [(Verified)共软网络, 1.0.8.103, C:2008-04-17 19:03 M:2008-01-03 13:51]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-20 19:51 M:2008-07-28 15:26]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2000-11-16 19:17 M:2006-12-05 08:19]


========================================
服务

[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe /asservice>  [北京暴风网际科技有限公司, 3, 8, 6, 20, C:2008-03-11 14:33 M:2008-05-28 16:40]
[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
    <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe">  [Nokia., 6, 81, 60, 0, C:2006-06-05 13:59 M:2006-06-05 13:59]
[Stormser / Stormser][Running/Auto Start]
    <C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe>  [暴风网际, 1, 0, 0, 11, C:2008-07-11 11:02 M:2008-06-20 12:35]

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwProxy.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-04-20 19:57 M:2008-07-29 16:30]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <C:\Program Files\Rising\Rfw\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-04-20 19:57 M:2008-07-25 15:46]
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
    <"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini">  [(Verified)CACE Technologies, 4.0.0.1040, C:2007-11-07 04:22 M:2007-11-07 04:22]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-04-20 19:51 M:2008-07-28 15:26]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-04-20 19:51 M:2008-07-28 15:26]


========================================
驱动

[npkcrypt / npkcrypt][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkcrypt.sys>  []
[npkycryp / npkycryp][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkycryp.sys>  []
[sysHostSvc / sysHostSvc][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\GuiHelp.sys>  [Microsoft Corporation, 5, 1, 2467, 4, C:2000-11-16 18:48 M:2000-11-16 18:48]
[TesSafe / TesSafe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\TesSafe.sys>  [TENCENT, 0, 0, 6, 8, C:2008-07-11 17:03 M:2008-07-26 09:57]
[Delux USB PC Camera (VC0305) / ZSMC0305][Running/Manual Start]
    <System32\Drivers\usbVM305.sys>  [Vimicro Corporation, 3, 6, 727, 63, C:2000-11-17 20:30 M:2006-08-10 12:32]

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [(Verified)Realtek Semiconductor Corp., 5.10.00.6230 built by: WinDDK, C:2000-11-17 20:01 M:2007-03-08 14:34]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-04-20 19:51 M:2008-07-28 15:26]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-04-20 19:51 M:2008-07-28 15:26]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-04-20 19:51 M:2008-07-28 15:26]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-04-20 19:51 M:2008-08-27 17:09]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rfw\HookUrl.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-04-20 19:57 M:2008-07-29 16:30]
[KAVBootC / KAVBootC][Running/Boot Start]
    <system32\Drivers\KAVBootC.sys>  [(Verified)Kingsoft Corporation, 2008,02,21,80, C:2008-06-01 21:56 M:2008-06-01 21:55]
[KAVSafe / KAVSafe][Stopped/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys>  [(Verified)Kingsoft Corporation, 2007,12,26,53, C:2008-04-16 19:22 M:2008-01-17 16:30]
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
    <system32\drivers\nmwcdc.sys>  [(Verified)Nokia, 6.80.5.0, C:2008-08-21 15:29 M:2006-05-29 08:26]
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
    <system32\drivers\nmwcdcm.sys>  [(Verified)Nokia, 6.80.5.0, C:2008-08-21 15:29 M:2006-05-29 08:26]
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
    <system32\drivers\nmwcd.sys>  [(Verified)Nokia, 6.80.5.0, C:2008-08-21 15:29 M:2006-05-29 08:26]
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
    <system32\drivers\npf.sys>  [(Verified)CACE Technologies, 4.0.0.1040, C:2007-11-07 04:22 M:2007-11-07 04:22]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 06:13 M:2004-06-06 06:13]
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
    <System32\DRIVERS\rfwbase.SYS>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2008-04-20 19:57 M:2008-07-29 16:30]
[RsFwDrv / RsFwDrv][Running/System Start]
    <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.34, C:2008-04-20 19:57 M:2008-07-29 16:30]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-04-20 19:51 M:2008-07-28 15:26]
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
    <system32\DRIVERS\RTL8139.SYS>  [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2000-11-16 18:56 M:2004-08-03 22:31]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 11:36 M:2007-11-13 18:25]


========================================
进程

[PID: 504 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]

[PID: 576 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 600 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 644 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 656 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 816 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 864 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 904 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 920 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 992 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1024 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1056 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-04-20 19:51 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\ijt_ctrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\unvdet.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2008-04-20 19:57 M:2008-08-02 14:04]
    C:\Program Files\Rising\Rfw\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-04-20 19:57 M:2008-07-29 16:30]

[PID: 1064 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-04-20 19:51 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-04-20 19:51 M:2008-07-26 20:34]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-04-20 19:51 M:2008-08-20 15:57]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-09-26 16:27]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-04-20 19:51 M:2008-08-27 17:09]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 94, C:2008-04-20 19:51 M:2008-09-23 16:17]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 21, C:2008-04-20 19:51 M:2008-09-26 16:27]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\uroutine.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\extole.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-04-20 19:51 M:2008-09-02 18:00]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-04-20 19:51 M:2008-07-28 15:26]

[PID: 1092 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwProxy.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-04-20 19:51 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-05-17 17:17 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\MonMid.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-04-20 19:57 M:2008-07-29 16:30]

[PID: 1320 / SYSTEM]   C:\Program Files\Rising\Rfw\rfwstub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-04-20 19:57 M:2008-08-02 14:04]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1528 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1664 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-04 00:52 M:2005-06-11 07:53]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1748 / SYSTEM]   C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe   [北京暴风网际科技有限公司, 3, 8, 6, 20, C:2008-03-11 14:33 M:2008-05-28 16:40]
    C:\Program Files\Ringz Studio\Storm Codec\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1796 / SYSTEM]   C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE   [(Verified)Microsoft Corporation, 7.00.9466, C:2003-06-19 23:25 M:2003-06-19 23:25]
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll  [Microsoft Corporation, 7.00.9466, C:2002-01-29 15:06 M:2002-01-29 15:06]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1808 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1892 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1924 / SYSTEM]   C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe   [暴风网际, 1, 0, 0, 11, C:2008-07-11 11:02 M:2008-06-20 12:35]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 824 / ZYS-S]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-04 00:52 M:2007-06-13 21:21]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-08-22 14:22 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-08-22 14:22 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-08-22 14:22 M:2008-08-18 19:31]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-08-22 14:22 M:2008-08-18 19:31]

[PID: 944 / ZYS-S]   C:\Program Files\Rising\Rfw\RfwMain.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-04-20 19:51 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\Program Files\Rising\Rfw\RsGuiLib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-04-20 19:57 M:2008-08-02 14:05]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RfwCtrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-04-20 19:57 M:2008-07-29 16:30]
    C:\Program Files\Rising\Rfw\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-20 19:57 M:2008-08-02 14:05]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-20 19:57 M:2008-07-29 16:30]

[PID: 1116 / ZYS-S]   C:\PROGRAM FILES\RISING\RAV\RavMon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-04-20 19:51 M:2008-08-27 17:09]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-04-20 19:51 M:2007-05-29 17:59]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2003-02-21 04:42]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-04-20 19:51 M:2008-08-20 15:57]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\PROGRAM FILES\RISING\RAV\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-20 19:51 M:2008-07-26 20:34]
    C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-04-20 19:51 M:2008-07-26 20:34]
    C:\PROGRAM FILES\RISING\RAV\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 4092 / ZYS-S]   C:\WINDOWS\system32\RUNDLL32.EXE   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\WINDOWS\system32\NvMcTray.dll  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]

[PID: 172 / ZYS-S]   C:\WINDOWS\SOUNDMAN.EXE   [(Verified)Realtek Semiconductor Corp., 5, 1, 0, 58, C:2000-11-16 19:44 M:2006-11-17 05:42]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 1040 / ZYS-S]   C:\WINDOWS\VMSnap5.EXE   [Vimicro, 4, 2, 1124, 6, C:2000-11-17 20:30 M:2006-06-28 17:39]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\WINDOWS\system32\VM305Prp.Ax  [Vimicro, 3.6.407. 13, C:2000-11-17 20:30 M:2006-07-14 18:23]

[PID: 220 / ZYS-S]   C:\WINDOWS\Domino.EXE   [Vimicro, 4, 2, 1124, 6, C:2000-11-17 20:30 M:2006-06-28 17:54]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-04 00:52 M:2004-08-04 00:52]

[PID: 1404 / ZYS-S]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-04-20 19:51 M:2008-07-26 20:34]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-20 19:51 M:2008-07-28 15:26]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-20 19:51 M:2008-07-28 15:26]

[PID: 268 / ZYS-S]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 380 / ZYS-S]   C:\Program Files\Messenger\msmsgs.exe   [(Verified)Microsoft Corporation, 4.7.3000, C:2000-11-16 19:00 M:2004-08-04 01:03]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]

[PID: 2448 / ZYS-S]   C:\Documents and Settings\ZYS-S\桌面\外挂\arswp\arswp2-v2.80924\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-09-29 20:22 M:2008-08-15 22:25]
    C:\Program Files\Rising\Rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Program Files\Rising\Rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-20 19:57 M:2008-07-25 15:46]
    C:\Documents and Settings\ZYS-S\桌面\外挂\arswp\arswp2-v2.80924\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-09-29 20:22 M:2007-11-28 15:19]


========================================
文件关联

[.hlp] <winhlp32.exe %1> [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1601-01-01 08:00 M:1601-01-01 08:00]


========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost
    202.103.67.180 auto.search.msn.com


[/CODE]