[CODE]

2008-10-03,17:26:51

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 3 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Realtek Semiconductor Corp., 2.1.2.9, C:2008-01-07 10:40 M:2007-03-21 14:49]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:31 M:2008-04-13 19:14|NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-04-27 17:22 M:2008-07-26 20:24]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-04-27 17:24 M:2008-07-25 18:25]
    <Alcmtr><; ALCMTR.EXE>  [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  []
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:31 M:2008-04-13 19:14|NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    <nwiz><; nwiz.exe /install>  [N/A, C:2007-02-06 19:39 M:2007-02-06 19:39]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  []
    <runeip><"G:\新建文件夹 (4)\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-07-21 21:45 M:2008-09-11 23:37]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31, C:2008-07-21 21:45 M:2008-09-25 00:26]

[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr>  [Microsoft Corporation, 6.0.5308.17 (winmain_idx01.060217-2200), C:2006-03-01 04:53 M:2006-03-01 04:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder\Program\geturl.htm>  [N/A, C:2007-02-28 14:59 M:2007-02-28 14:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder\Program\getallurl.htm>  [N/A, C:2007-02-10 14:41 M:2007-02-10 14:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\江汉地区便民 供求 招聘 出租 进入江汉百事通]
    <><C:\Program Files\3304\help.htm>  [N/A, C:2006-01-04 00:21 M:2006-01-04 00:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><D:\Tencent\AddEmotion.htm>  [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:31 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2002-01-03 05:30 M:2008-04-13 19:13|(Verified)N/A, C:2002-01-03 05:30 M:2004-08-17 20:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:31 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2002-01-03 05:30 M:2008-04-13 19:13|(Verified)N/A, C:2008-06-24 12:49 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:31 M:2008-04-13 19:14|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2002-01-03 05:30 M:2008-04-13 19:13|(Verified)N/A, C:2002-01-03 05:31 M:2008-04-13 18:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}]
    <浩方对战平台><F:\号方\新建文件夹\浩方对战平台\GameClient.exe>  [(Verified)上海浩方在线信息技术有限公司, 5.0.1.0, C:2008-09-12 09:58 M:2008-09-12 09:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}]
    <江汉伴侣><http://www.3304.cn>  []


========================================
启动项

[腾讯QQ]
    <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> "D:\Program Files\Tencent\QQ.exe"  > []


========================================
计划任务

[SogouImeMgr.job]
    <C:\WINDOWS\tasks\SogouImeMgr.job --> "D:\搜狗\SOGOUI~1\360~1.165\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]


========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2002-01-03 06:10 M:2007-05-30 08:28]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2007-02-06 19:39 M:2007-02-06 19:39]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2007-02-06 19:39 M:2007-02-06 19:39]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2007-02-06 19:39 M:2007-02-06 19:39]
[Shell Extensions for RealOne Player]
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}  <C:\Program Files\Real\RealPlayer\rpshell.dll>  [(Verified)RealNetworks, Inc., 1.0.2.44, C:2008-01-07 10:49 M:2008-07-28 19:15]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-27 17:22 M:2008-07-28 19:03]

ActiveX Extension
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\flash.ocx>  [(Verified)Macromedia, Inc., 6,0,79,0, C:2008-06-24 12:49 M:2006-12-30 19:36]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-27 17:22 M:2008-07-28 19:03]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2002-01-03 06:10 M:2007-05-30 08:28]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe">  [Macrovision Corporation, 10.50.125, C:2004-10-22 03:24 M:2004-10-22 03:24]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
[Stormser / Stormser][Stopped/Auto Start]
    <C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe>  []

[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
    <c:\program files\rising\rfw\rfwproxy.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-04-27 17:24 M:2008-07-30 13:22]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <c:\program files\rising\rfw\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-04-27 17:24 M:2008-07-25 18:25]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-04-27 17:22 M:2008-07-28 19:04]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-04-27 17:22 M:2008-07-28 19:03]


========================================
驱动

[EagleNT / EagleNT][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\EagleNT.sys>  []
[npkcrypt / npkcrypt][Running/Auto Start]
    <\??\E:\冒险岛\冒险岛online\npkcrypt.sys>  [INCA Internet Co., Ltd., 2006. 5. 3. 1, C:2008-01-28 10:30 M:2008-01-28 10:30]
[npkycryp / npkycryp][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npkycryp.sys>  []
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
    <system32\KeyCrypt.sys>  [ Tencent Technology (Shenzhen) Company Limited, 1, 0, 0, 9, C:2008-06-07 11:21 M:2008-06-07 11:18]
[rspp / rspp][Running/System Start]
    <\??\C:\WINDOWS\system32\Drivers\Rspp.sys>  [Beijing Rising Technology Co., Ltd, 23, 0, 0, 3, C:2008-06-30 16:29 M:2008-06-30 16:29]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2002-01-03 05:31 M:2008-06-20 19:51]

[AMD Processor Driver / AmdK8][Running/System Start]
    <system32\DRIVERS\AmdK8.sys>  [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2007-07-30 14:47 M:2006-12-01 03:22]
[ati2mtag / ati2mtag][Stopped/Manual Start]
    <system32\DRIVERS\ati2mtag.sys>  [(Verified)ATI Technologies Inc., 6.14.10.6462, C:2002-01-03 05:40 M:2004-08-16 16:24]
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
    <system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2005-01-07 17:07 M:2008-04-13 09:36]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-04-27 17:22 M:2008-07-28 19:03]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-04-27 17:22 M:2008-07-28 19:03]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-04-27 17:22 M:2008-07-28 19:03]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-04-27 17:22 M:2008-08-27 19:50]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rfw\HookUrl.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-04-27 17:24 M:2008-07-30 13:23]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
    <system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5391 built by: WinDDK, C:2008-01-07 10:40 M:2007-03-26 19:21]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2002-01-03 05:31 M:2004-08-17 20:00]
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
    <System32\DRIVERS\rfwbase.SYS>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2008-04-27 17:24 M:2008-07-30 13:22]
[RsFwDrv / RsFwDrv][Running/System Start]
    <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.34, C:2008-04-27 17:24 M:2008-07-30 13:22]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-04-27 17:22 M:2008-07-28 19:04]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2002-01-03 05:31 M:2007-11-13 18:25]
[TesSafe / TesSafe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\TesSafe.sys>  [(Verified)TENCENT, 0, 0, 8, 8, C:2008-05-17 16:50 M:2008-10-03 16:38]
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
    <system32\DRIVERS\yk51x86.sys>  [(Verified)Marvell, 8.61.2.3 built by: WinDDK, C:2008-01-07 10:43 M:2006-11-02 08:01]


========================================
进程

[PID: 636 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]

[PID: 696 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:30 M:2008-04-13 19:13]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 720 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 764 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 776 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2002-01-03 05:30 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 952 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 1020 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    C:\WINDOWS\system32\GameLink.dll  []
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 1108 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-04-27 17:22 M:2008-07-28 19:04]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 1124 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 1204 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 1228 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 1316 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-04-27 17:22 M:2008-07-26 20:25]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-04-27 17:22 M:2008-07-28 19:03]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-04-27 17:22 M:2008-08-20 17:21]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-09-26 20:16]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\WINDOWS\system32\GameLink.dll  []
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-04-27 17:22 M:2008-08-27 19:50]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 94, C:2008-04-27 17:22 M:2008-09-23 14:03]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-04-27 17:46 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 21, C:2008-04-27 17:46 M:2008-09-26 20:16]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-04-27 17:22 M:2008-09-02 19:49]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-04-27 17:46 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\extole.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-04-27 17:22 M:2008-07-28 19:04]

[PID: 1332 / SYSTEM]   c:\program files\rising\rfw\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-27 17:24 M:2008-07-30 13:22]
    c:\program files\rising\rfw\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2008-04-27 17:24 M:2008-07-30 13:22]
    c:\program files\rising\rfw\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\ijt_ctrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\unvdet.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2008-04-27 17:24 M:2008-07-30 13:22]
    c:\program files\rising\rfw\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-04-27 17:24 M:2008-07-30 13:22]

[PID: 1360 / SYSTEM]   c:\program files\rising\rfw\rfwproxy.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2008-04-27 17:24 M:2008-07-30 13:22]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-27 17:24 M:2008-07-30 13:22]
    c:\program files\rising\rfw\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-05-12 21:28 M:2008-07-30 13:22]
    C:\WINDOWS\system32\GameLink.dll  []
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\MonMid.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-04-27 17:24 M:2008-07-30 13:22]

[PID: 1600 / SYSTEM]   c:\program files\rising\rfw\rfwstub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-04-27 17:24 M:2008-07-30 13:22]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    c:\program files\rising\rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 1916 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 2012 / Administrator]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2002-01-03 05:30 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2002-01-03 06:10 M:2007-05-30 08:28]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]
    C:\WINDOWS\system32\nvcpl.dll  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    C:\WINDOWS\system32\nvapi.dll  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    C:\WINDOWS\system32\nvshell.dll  [N/A, C:2007-02-06 19:39 M:2007-02-06 19:39]

[PID: 196 / Administrator]   c:\program files\rising\rfw\RfwMain.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    c:\program files\rising\rfw\RsGuiLib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-04-27 17:24 M:2008-07-30 13:23]
    C:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RfwCtrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-27 17:24 M:2008-07-30 13:23]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-04-27 17:24 M:2008-07-30 13:22]

[PID: 252 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2002-01-03 05:31 M:2008-04-13 19:14]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 440 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    C:\WINDOWS\system32\nvapi.dll  [NVIDIA Corporation, 6.14.11.0085, C:2007-02-06 19:39 M:2007-02-06 19:39]

[PID: 916 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2002-01-03 05:31 M:2008-04-13 19:14]

[PID: 2192 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2002-01-03 05:30 M:2008-04-13 19:13]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 2248 / Administrator]   C:\PROGRAM FILES\RISING\RAV\RavMon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-04-27 17:22 M:2008-08-27 19:50]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2002-01-03 05:30 M:2007-07-11 17:25]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-04-27 17:22 M:2008-08-20 17:21]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\PROGRAM FILES\RISING\RAV\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-27 17:22 M:2008-07-26 20:24]
    C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-04-27 17:22 M:2008-07-26 20:24]
    C:\PROGRAM FILES\RISING\RAV\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-04-27 17:22 M:2008-07-28 19:04]

[PID: 2476 / Administrator]   C:\WINDOWS\RTHDCPL.EXE   [(Verified)Realtek Semiconductor Corp., 2.1.2.9, C:2008-01-07 10:40 M:2007-03-21 14:49]

[PID: 2544 / Administrator]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-04-27 17:22 M:2008-07-26 20:24]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-04-27 17:22 M:2008-07-28 19:04]

[PID: 2636 / Administrator]   G:\新建文件夹 (4)\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-07-21 21:45 M:2008-09-11 23:37]
    G:\新建文件夹 (4)\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-07-21 21:45 M:2008-08-02 18:08]
    G:\新建文件夹 (4)\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-07-21 21:45 M:2008-07-26 13:19]
    G:\新建文件夹 (4)\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-07-21 21:45 M:2008-07-21 21:45]
    G:\新建文件夹 (4)\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-07-21 21:45 M:2008-07-21 21:45]
    G:\新建文件夹 (4)\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-07-21 21:45 M:2008-07-26 13:18]
    G:\新建文件夹 (4)\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-07-21 21:45 M:2008-09-02 19:48]
    G:\新建文件夹 (4)\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-07-21 21:45 M:2008-07-26 13:19]
    G:\新建文件夹 (4)\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-07-21 21:45 M:2008-09-28 13:23]
    G:\新建文件夹 (4)\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-07-21 21:45 M:2008-07-26 13:19]
    G:\新建文件夹 (4)\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.39, C:2008-07-21 21:45 M:2008-09-18 13:10]
    G:\新建文件夹 (4)\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-07-21 21:45 M:2008-07-26 13:19]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-04-27 17:22 M:2008-07-28 19:04]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 2680 / Administrator]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2002-01-03 05:30 M:2008-04-13 19:13]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 4008 / Administrator]   D:\Tencent\QQ.exe   [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQBaseClassInDll.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQHelperDll.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\BasicCtrlDll.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    D:\Tencent\QQAPI.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\LoginCtrl.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\LoginCtrlRes.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQRes.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQMainFrame.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQPlugin.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\UnReadMsgMgr.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\QQAllInOne.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\SCCore.dll  [(Verified)TENCENT, 1, 6, 0, 2, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\CameraDll.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\CQQApplication.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-08-05 16:07 M:2007-08-05 16:07]
    D:\Tencent\FlashAvatarDll.dll  [(Verified)版权所有 (C) 2008, 1, 0, 0, 1, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\NewSkin.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\MailSummary.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQSpace.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    C:\WINDOWS\system32\GameLink.dll  []
    C:\WINDOWS\system32\Macromed\Flash\flash.ocx  [(Verified)Macromedia, Inc., 6,0,79,0, C:2008-06-24 12:49 M:2006-12-30 19:36]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2002-01-03 05:30 M:2008-04-13 19:13]
    D:\Tencent\OEMApplication.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQAvatar.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-24 11:12 M:2007-07-24 11:12]
    D:\Tencent\QQKnowledgeSearch.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQGroupMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQPet.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QRingMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\UserDefinedHead.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\QQConfigPlugin.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\QQSysMsgMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-08-05 22:18 M:2007-08-05 22:18]
    D:\Tencent\QQCustomFace.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\LongConnection.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:53 M:2007-07-01 08:53]
    D:\Tencent\ImageOle.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\PhoneAPI.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\DialerAllinOne.dll  [(Verified)tencent, 1, 4, 0, 0, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQLiveQMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\PersonalDesktop.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:53 M:2007-07-01 08:53]
    D:\Tencent\BQQApplication.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]
    D:\Tencent\QQMagicFace.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\CommercesMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]
    D:\Tencent\QQAddr.dll  [(Verified)深圳市腾讯计算机系统有限公司, 5, 0, 101, 330, C:2007-07-01 08:53 M:2007-07-01 08:53]
    D:\Tencent\QQSceneMng.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Tencent\GroupConnection.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:52 M:2007-07-01 08:52]
    D:\Tencent\AddrSearch.dll  [(Verified)腾讯科技（深圳）有限公司, 2, 2, 1, 16, C:2007-07-01 08:49 M:2008-09-03 12:47]
    D:\Tencent\QQFileTransfer.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:53 M:2007-07-01 08:53]
    D:\Tencent\QQSettingCtrl.dll  [(Verified)TENCENT, , C:2007-07-01 08:51 M:2007-07-01 08:51]
    D:\Program Files\QQGame\GamePublic.dll  [(Verified)N/A, C:2008-03-18 18:12 M:2008-03-18 18:12]
    D:\Program Files\QQGame\Common\Utility.dll  [(Verified)N/A, C:2008-03-18 17:53 M:2008-03-18 17:53]
    D:\Program Files\QQGame\Factory.dll  [(Verified)N/A, C:2008-03-18 18:11 M:2008-03-18 18:11]
    D:\Program Files\QQGame\Logic\UIStyle.dll  [(Verified)N/A, C:2008-03-18 17:57 M:2008-03-18 17:57]
    D:\Program Files\QQGame\ProtHand\QQProt.dll  [(Verified)N/A, C:2008-03-18 17:51 M:2008-03-18 17:51]
    D:\Program Files\QQGame\Socket\NetMod.dll  [(Verified)N/A, C:2008-03-18 18:00 M:2008-03-18 18:00]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-27 17:22 M:2008-07-28 19:03]
    D:\Tencent\qqgroupdisk.dll  [(Verified)深圳腾讯科技, 2, 6, 106, 90, C:2008-02-28 14:21 M:2008-02-28 14:21]

[PID: 1560 / Administrator]   D:\Tencent\TXPlatform.exe   [(Verified)Tencent, 1, 5, 225, 0, C:2008-05-20 17:53 M:2008-05-20 17:53]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]

[PID: 184 / Administrator]   G:\新建文件夹 (4)\knownsvr.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2008-07-21 21:45 M:2008-07-26 13:19]
    G:\新建文件夹 (4)\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-07-21 21:45 M:2008-07-26 13:19]
    G:\新建文件夹 (4)\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-07-21 21:45 M:2008-09-28 13:23]
    G:\新建文件夹 (4)\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-07-21 21:45 M:2008-09-02 19:48]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-27 17:22 M:2008-07-28 19:03]
    C:\WINDOWS\system32\GameLink.dll  []

[PID: 3944 / Administrator]   F:\助手\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-08-15 22:25 M:2008-08-15 22:25]
    c:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-04-27 17:24 M:2008-07-25 18:25]
    c:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-04-27 17:24 M:2008-07-25 18:25]
    F:\助手\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-04-27 17:22 M:2008-07-28 19:03]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]