[CODE] 2008-10-26,08:55:15 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 2 (build 2600) - Administrators ======================================== ×¢²áÏî [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Google Inc., 2, 0, 301, 1654, C:2008-03-01 14:20 M:2008-03-01 14:20] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2007-10-30 21:46 M:2008-08-28 07:49] <"D:\ÈðÐÇ1\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2007-10-30 21:44 M:2008-07-26 15:00] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [InstallShield Software Corporation, 3, 10, 100, 1155, C:2004-07-27 16:50 M:2004-07-27 16:50] <"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation, 3, 10, 100, 1155, C:2004-07-27 16:50 M:2004-07-27 16:50] <9158CamMonitor> [] <"D:\QQÒ½Éú\QQ Ò½Éú 1.4Beta\DrRtp.exe"> [(Verified)Copyright Tencent 2008. All Rights Reserved, 2, 0, 14, 202, C:2008-10-25 17:27 M:2008-10-25 17:28] [±±¾©¼á¹û±ÈÌؿƼ¼ÓÐÏÞ¹«Ë¾, 1.0.0.1, C:2008-10-25 21:06 M:2008-10-25 21:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-30 21:46 M:2008-08-28 07:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ʹÓÃѸÀ×ÏÂÔØ] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\µ¼³öµ½ Microsoft Office Excel(&X)] <> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Intel Corporation, 3.0.0.4396, C:1980-01-01 00:00 M:2005-09-20 10:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PsNotify] [N/A, C:2008-10-25 21:06 M:2008-10-25 21:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-17 12:00 M:2008-06-24 00:57|(Verified)N/A, C:1980-01-01 00:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-17 12:00 M:2008-06-24 00:57|(Verified)N/A, C:1980-01-01 00:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506), C:2004-08-17 12:00 M:2008-06-24 00:57|(Verified)N/A, C:1980-01-01 00:00 M:2006-11-02 23:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <Æô¶¯Ñ¸À×5> [] ======================================== Æô¶¯Ïî ======================================== ¼Æ»®ÈÎÎñ ======================================== ×é¼þ ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-30 21:46 M:2008-08-28 07:49] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2006-11-07 01:29 M:2004-08-17 20:00] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-09-24 03:14 M:2007-09-21 16:56] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-30 21:46 M:2008-08-28 07:49] [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [] [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [(Verified)Google Inc., 4, 0, 1606, 23276, C:2008-08-28 07:51 M:2008-08-28 07:51] [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [(Verified)Google Inc., 2, 0, 301, 7164, C:2008-03-01 14:20 M:2008-03-01 14:20] ToolBar [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [(Verified)Google Inc., 4, 0, 1606, 23276, C:2008-08-28 07:51 M:2008-08-28 07:51] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [] [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [(Verified)Google Inc., 4, 0, 1606, 23276, C:2008-08-28 07:51 M:2008-08-28 07:51] [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [(Verified)Google Inc., 4, 0, 1606, 23276, C:2008-08-28 07:51 M:2008-08-28 07:51] [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [(Verified)Google Inc., 2, 0, 301, 7164, C:2008-03-01 14:20 M:2008-03-01 14:20] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-06-12 04:04 M:2007-06-12 04:04] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-30 21:46 M:2008-08-28 07:49] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-09-24 03:14 M:2007-09-21 16:56] ======================================== ·þÎñ [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [(Verified)Google, 2.0.734.29932.beta, C:2007-11-15 21:49 M:2007-11-15 21:49] [Kingsoft Basic Service / kaccore][Stopped/Manual Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [(Verified)Kingsoft Corporation, 2008,10,20,303, C:2008-10-21 13:22 M:2008-10-21 13:22] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2007-10-30 21:44 M:2008-07-30 14:04] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2007-10-30 21:44 M:2008-10-17 21:32] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2007-10-30 21:46 M:2008-08-28 07:49] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2007-10-30 21:46 M:2008-08-28 07:49] ======================================== Çý¶¯ [aeaudio / aeaudio][Running/Manual Start] [Andrea Electronics Corporation, 3.0.2.36, C:1980-01-01 00:00 M:2003-10-23 11:17] [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] [Advanced Micro Devices, 1.1.0 (srv03_sp1_rtm.050324-1447), C:2005-08-12 09:09 M:2005-05-21 20:43] [DLABOIOM / DLABOIOM][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLACDBHM / DLACDBHM][Running/System Start] [Sonic Solutions, 5.20.01a, C:2007-11-05 15:05 M:2005-08-25 12:16] [DLADResN / DLADResN][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLAIFS_M / DLAIFS_M][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLAOPIOM / DLAOPIOM][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLAPoolM / DLAPoolM][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLARTL_N / DLARTL_N][Running/System Start] [Sonic Solutions, 5.20.01a, C:2007-11-05 15:05 M:2005-08-25 12:16] [DLAUDFAM / DLAUDFAM][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DLAUDF_M / DLAUDF_M][Running/Auto Start] [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] [DRVMCDB / DRVMCDB][Running/Boot Start] [Sonic Solutions, 3.30.04a, C:2007-11-05 15:05 M:2005-09-12 03:30] [DRVNDDM / DRVNDDM][Running/Auto Start] [Sonic Solutions, 5.20.00a, C:2007-11-05 15:05 M:2005-08-12 05:20] [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\F:\ðÏÕµº\npkcrypt.sys> [] [npkcusb / npkcusb][Stopped/Manual Start] <\??\F:\ðÏÕµº\npkcusb.sys> [] [PxHelp20 / PxHelp20][Running/Boot Start] [Sonic Solutions, 2.03.27a, C:2005-01-26 02:03 M:2005-01-26 02:03] [QKeyServiceDisplay / QKeyService][Running/Boot Start] [ Tencent Technology (Shenzhen) Company Limited, 1, 0, 0, 6, C:2007-11-02 14:05 M:2007-07-25 16:07] [smwdm / smwdm][Running/Manual Start] [Analog Devices, Inc., PRE-RELEASE, C:1980-01-01 00:00 M:2003-10-30 09:49] [SWW / SWW][Stopped/Manual Start] <\??\F:\±ù·â\sww060\SWW.sys> [] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [TENCENT, 0, 0, 3, 6, C:2007-10-30 21:47 M:2007-10-30 21:47] [TVICHW32 / TVICHW32][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS> [EnTech Taiwan, 1.0, C:2008-02-29 21:26 M:2008-02-29 21:27] [9158cap, WDM Video Capture / 9158CAP][Running/Auto Start] [(Verified)www.9158.com, 1.000, C:2008-04-04 18:06 M:2007-12-03 10:23] [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] [(Verified)Intel Corporation, 5.10.3523 built by: WinDDK, C:2006-11-07 01:20 M:2001-08-17 12:20] [AliIde / AliIde][Running/Boot Start] [(Verified)Acer Laboratories Inc., 1.20, C:2005-06-29 18:14 M:2005-06-16 08:58] [CmdIde / CmdIde][Running/Boot Start] [(Verified)CMD Technology, Inc., 2.0.7 (XPClient.010817-1148), C:2004-04-12 20:37 M:2001-08-31 15:29] [Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start] [(Verified)Intel Corporation, 8.0.43.0 built by: WinDDK, C:1980-01-01 00:00 M:2007-03-14 10:30] [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [(Verified)VIA Technologies, Inc. , 2.66, C:2006-11-07 01:20 M:2001-08-17 12:13] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2007-10-30 21:46 M:2008-08-28 07:49] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2007-10-30 21:46 M:2008-10-25 20:56] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2007-10-30 21:46 M:2008-08-28 07:49] [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2007-10-30 21:46 M:2008-08-28 07:49] [HookUrl / HookUrl][Running/Auto Start] <\??\D:\ÈðÐÇ1\Rising\Rfw\HookUrl.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.13, C:2007-10-31 09:43 M:2008-10-22 16:25] [ialm / ialm][Running/Manual Start] [(Verified)Intel Corporation, 6.14.10.4396, C:1980-01-01 00:00 M:2005-09-20 11:00] [KAVBootC / KAVBootC][Running/Boot Start] [(Verified)Kingsoft Corporation, 2008,04,28,85, C:2008-10-25 20:49 M:2008-06-17 08:59] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2008,04,28,65, C:2008-10-25 20:49 M:2008-06-17 08:59] [Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start] [(Verified)Macronix International Co., Ltd. , 2.12 (XPClient.010817-1148), C:2008-05-03 21:59 M:2001-08-17 13:49] [nv / nv][Stopped/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2006-11-07 01:20 M:2004-08-03 22:29] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [(Verified)Beijing Rising Technology Co., Ltd., 7.0.0.8, C:2007-10-31 09:43 M:2007-10-31 09:39] [RsFwDrv / RsFwDrv][Running/System Start] <\??\D:\ÈðÐÇ1\Rising\Rfw\RsFwDrv.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.35, C:2007-10-31 09:43 M:2008-10-22 16:25] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2007-10-30 21:46 M:2008-08-28 07:51] [Secdrv / Secdrv][Running/Auto Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-08-17 12:00 M:2007-11-13 18:25] [TSKSP / TSKSP][Running/Manual Start] <\??\D:\QQÒ½Éú\QQ Ò½Éú 1.4Beta\TSKSP.sys> [(Verified)Tencent, 2008, 9, 27, 17, C:2008-10-25 17:27 M:2008-10-25 17:27] ======================================== ½ø³Ì [PID: 596 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [PID: 668 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 692 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2006-09-24 16:42] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] C:\WINDOWS\system32\PsNotify.dll [N/A, C:2008-10-25 21:06 M:2008-10-25 21:06] C:\WINDOWS\system32\ChNormal.dll [N/A, C:2008-10-25 21:06 M:2008-10-25 21:06] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 736 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 748 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 920 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 988 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 1076 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2007-10-30 21:46 M:2008-08-28 07:49] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] [PID: 1092 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 1132 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 1232 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 1344 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-10-30 21:46 M:2007-10-30 21:45] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2007-10-30 21:46 M:2008-08-28 07:52] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-10-25 20:56] C:\Program Files\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2007-10-30 21:46 M:2008-08-28 07:52] C:\PROGRAM FILES\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2007-10-30 21:46 M:2008-08-28 07:52] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2007-10-30 21:46 M:2008-08-28 07:52] C:\PROGRAM FILES\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] C:\PROGRAM FILES\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 96, C:2007-10-30 21:46 M:2008-10-25 20:56] C:\PROGRAM FILES\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2007-10-30 21:46 M:2008-08-28 07:50] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\PROGRAM FILES\RISING\RAV\scanpack.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-02-28 11:36 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-02-28 11:36 M:2008-10-25 20:56] C:\PROGRAM FILES\RISING\RAV\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-02-28 11:36 M:2008-10-25 20:56] C:\PROGRAM FILES\RISING\RAV\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2007-10-30 21:46 M:2008-10-25 20:56] C:\PROGRAM FILES\RISING\RAV\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\PROGRAM FILES\RISING\RAV\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2007-10-30 21:46 M:2008-08-28 07:50] [PID: 1376 / SYSTEM] d:\ÈðÐÇ1\rising\rfw\rfwsrv.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2007-10-30 21:44 M:2008-10-17 21:32] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-10-30 21:46 M:2007-10-30 21:45] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] D:\ÈðÐÇ1\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-30 21:44 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2007-10-30 21:44 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\Rfwdrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2007-10-30 21:44 M:2008-07-26 15:00] d:\ÈðÐÇ1\rising\rfw\ijt_ctrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2007-10-31 09:43 M:2008-07-26 15:00] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\unvdet.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2007-10-31 09:43 M:2008-07-30 14:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\mPorts.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2007-10-30 21:44 M:2008-07-30 14:04] [PID: 1580 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 1900 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-17 12:00 M:2007-06-13 21:21] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll [ppstream.com, 1.0.0.2, C:2007-11-15 19:43 M:2007-09-12 16:43] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2600.0000, C:1980-01-01 00:00 M:2001-09-29 14:39] [PID: 1944 / SYSTEM] d:\ÈðÐÇ1\rising\rfw\rfwstub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2007-10-31 09:43 M:2008-07-30 14:04] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] d:\ÈðÐÇ1\rising\rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-31 09:43 M:2008-07-30 14:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 2032 / SYSTEM] d:\ÈðÐÇ1\rising\rfw\rfwproxy.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2007-10-30 21:44 M:2008-07-30 14:04] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-10-30 21:46 M:2007-10-30 21:45] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] D:\ÈðÐÇ1\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-30 21:44 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\urlrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-05-19 20:15 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\MonMid.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2007-10-31 09:43 M:2008-07-30 14:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 200 / Administrator] d:\ÈðÐÇ1\rising\rfw\RfwMain.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2007-10-30 21:44 M:2008-07-26 15:00] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-10-30 21:46 M:2007-10-30 21:45] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] d:\ÈðÐÇ1\rising\rfw\RsGuiLib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2007-10-30 21:44 M:2008-07-30 14:04] D:\ÈðÐÇ1\Rising\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RfwCtrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-30 21:44 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-10-31 09:43 M:2008-07-30 14:04] d:\ÈðÐÇ1\rising\rfw\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2007-10-30 21:44 M:2008-07-30 14:04] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-30 21:44 M:2008-07-30 14:04] [PID: 324 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 2124 / Administrator] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] [PID: 2148 / Administrator] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] C:\WINDOWS\system32\DLAAPI_W.DLL [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] C:\WINDOWS\System32\DLA\DLACResW.dll [Sonic Solutions, 5.20.08a, C:2007-11-05 15:05 M:2005-09-08 05:20] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] C:\WINDOWS\system32\VxBlock.dll [Sonic Solutions, 1.00.64a, C:2005-08-12 01:00 M:2005-08-12 01:00] [PID: 2200 / Administrator] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-10-30 21:46 M:2007-10-30 21:45] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2004-04-05 10:31 M:2004-04-05 10:31] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] C:\Program Files\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2007-10-30 21:46 M:2008-08-28 07:50] C:\Program Files\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-10-30 21:46 M:2008-08-28 07:49] [PID: 2528 / Administrator] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [InstallShield Software Corporation, 3, 10, 100, 1155, C:2004-07-27 16:50 M:2004-07-27 16:50] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 2892 / Administrator] C:\WINDOWS\system32\shadow\PowerRemind.exe [±±¾©¼á¹û±ÈÌؿƼ¼ÓÐÏÞ¹«Ë¾, 1.0.0.1, C:2008-10-25 21:06 M:2008-10-25 21:06] C:\WINDOWS\system32\shadow\pDeskTop.dll [N/A, C:2008-10-25 21:06 M:2008-10-25 21:06] C:\WINDOWS\system32\shadow\ActivRes.dll [N/A, C:2008-10-25 21:06 M:2008-10-25 21:06] C:\WINDOWS\system32\shadow\MSVCR80.dll [Microsoft Corporation, 8.00.50727.762, C:2008-10-25 21:06 M:2008-10-25 21:06] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] [PID: 2896 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] [PID: 2936 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] [PID: 3068 / Administrator] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [(Verified)Google Inc., 2, 0, 301, 1654, C:2008-03-01 14:20 M:2008-03-01 14:20] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll [(Verified)Google Inc., 2, 0, 301, 7164, C:2008-03-01 14:20 M:2008-03-01 14:20] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll [Google Inc., 2, 0, 301, 7164, C:2008-03-01 14:20 M:2008-03-01 14:20] C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [(Verified)Google Inc., 2, 0, 301, 7164, C:2008-03-01 14:20 M:2008-03-01 14:20] [PID: 2168 / Administrator] F:\ÃλÃ\my.exe [Netease, 1, 0, 0, 1, C:2007-08-29 15:13 M:2008-10-14 12:32] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] F:\ÃλÃ\mhmain.dll [N/A, C:2007-08-29 15:13 M:2008-10-14 12:32] F:\ÃλÃ\fmodex.dll [Firelight Technologies, 4.6.26, C:2007-09-11 12:40 M:2007-09-11 12:40] C:\WINDOWS\system32\WINWB86.IME [Microsoft Corporation, 4.00.950, C:2007-07-17 03:58 M:2000-06-08 17:00] [PID: 3524 / Administrator] F:\WindowsÇåÀíÖúÊÖ\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-08-25 20:34 M:2008-08-15 22:25] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll [ppstream.com, 1.0.0.2, C:2007-11-15 19:43 M:2007-09-12 16:43] F:\WindowsÇåÀíÖúÊÖ\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-08-25 20:34 M:2007-11-28 15:19] [PID: 3304 / Administrator] D:\ÌÚѶTT\bin\TTraveler.exe [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] D:\ÌÚѶTT\bin\TTUtilWidget.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:1980-01-01 00:00 M:2004-08-07 09:37] D:\ÌÚѶTT\bin\TTStore.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49] D:\ÌÚѶTT\bin\sqlite3.dll [(Verified)N/A, C:2008-08-08 14:47 M:2008-08-08 14:47] D:\ÌÚѶTT\bin\PlatformWidget.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:46 M:2008-08-08 14:46] D:\ÌÚѶTT\bin\TTMainFrame.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] D:\ÌÚѶTT\bin\UpdateUtil.dll [(Verified)N/A, C:2008-08-08 14:49 M:2008-08-08 14:49] D:\ÌÚѶTT\bin\TTMBrowser.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] D:\ÌÚѶTT\bin\TTabMgr.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:47 M:2008-08-08 14:47] D:\ÌÚѶTT\bin\TTSkin.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:49 M:2008-08-08 14:49] c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll [ppstream.com, 1.0.0.2, C:2007-11-15 19:43 M:2007-09-12 16:43] D:\ÌÚѶTT\bin\TTPluginMng.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] D:\ÌÚѶTT\Plugins\3TTWeather\TTWeather.dll [Tencent, 1.0.0.1, C:2008-08-08 10:34 M:2008-08-08 10:34] D:\ÌÚѶTT\Plugins\WebInfo\WebToolbar.dll [Tencent, 1.0.0.1, C:2008-08-08 10:34 M:2008-08-08 10:34] D:\ÌÚѶTT\bin\FavoriteLogical.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:46 M:2008-08-08 14:46] D:\ÌÚѶTT\bin\TSupport.dll [(Verified)TENCENT Inc., 1, 2, 11, 201, C:2008-08-08 14:47 M:2008-08-08 14:47] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-30 21:46 M:2008-08-28 07:49] D:\ÌÚѶTT\bin\TTFilter.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:47 M:2008-08-08 14:47] D:\ÌÚѶTT\bin\TTNetwork.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] D:\ÌÚѶTT\bin\TTHtmlApp.dll [(Verified)Tencent, 4, 11, 0, 8, C:2008-08-08 14:48 M:2008-08-08 14:48] C:\Program Files\Rising\Rav\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2007-10-30 21:46 M:2008-08-28 07:49] C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-06-12 04:04 M:2007-06-12 04:04] [PID: 316 / Administrator] D:\ÌÚѶTT\bin\ttpartner.exe [(Verified)N/A, C:2008-08-08 14:48 M:2008-08-08 14:48] d:\ÈðÐÇ1\rising\rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-31 09:43 M:2008-07-26 14:58] d:\ÈðÐÇ1\rising\rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-31 09:43 M:2008-07-26 14:58] ======================================== Îļþ¹ØÁª ======================================== AutoRun.INF ======================================== WinsockÌṩÕß [/CODE]