[CODE]

2008-11-10,23:34:24

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51, C:2008-11-10 21:01 M:2008-11-10 21:00]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><C:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2008-11-10 21:07 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2008-11-10 21:07 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
    <><res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
    <><C:\Program Files\Tencent\QQ\AddEmotion.htm>  [N/A, C:2008-09-17 04:08 M:2008-09-17 04:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52|(Verified)N/A, C:2004-08-04 08:48 M:2004-08-04 08:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <启动迅雷5><C:\Program Files\Thunder Network\Thunder\Thunder.exe>  [Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-10 21:07 M:2008-07-10 21:15]


========================================
启动项



========================================
计划任务



========================================
组件


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-11-10 20:39 M:2004-06-06 14:13]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-11-10 20:58 M:2007-03-02 14:42]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2005-10-10 21:49 M:2005-10-10 21:49]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2005-10-10 21:49 M:2005-10-10 21:49]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2005-10-10 21:49 M:2005-10-10 21:49]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-10 21:08 M:2008-06-13 09:43]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-10 21:08 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-10 21:12 M:2008-11-10 21:12]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-10 21:08 M:2008-06-13 09:43]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2008-11-10 21:08 M:2008-06-13 09:43]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Copyright XunLei 2007, 2, 1, 2, 77, C:2008-11-10 21:08 M:2008-08-08 10:22]
[XDRM]
    {693571CB-54A3-4E90-9D52-EEAE1334E2D3}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work>  [Copyright XunLei 2007, 1, 0, 0, 7, C:2008-11-10 21:08 M:2008-08-08 10:22]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  [Thunder Networking Technologies,LTD, 3, 1, 5, 78, C:2008-11-10 21:08 M:2008-08-08 10:22]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-10 21:08 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-10 21:12 M:2008-11-10 21:12]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5804.62.(319).dll>  [ShenZhen Thunder Networking Technologies Ltd., 2, 1, 5804, 62, C:2008-11-10 21:08 M:2008-08-08 10:22]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx>  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]
[Thunder DapPlayer]
    {EEDD6FF9-13DE-496B-9A1C-D78B3215E266}  <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.319.dll>  [ShenZhen Thunder Networking Technologies Ltd., 3, 0, 5712, 71, C:2008-11-10 21:08 M:2008-08-08 10:22]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(319).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 5835, 191, C:2008-11-10 21:08 M:2008-08-08 10:22]

Context Menu
[QvodMenu]
    {9F44453E-1E46-4D5C-B57C-112FF2EDAE82}  <C:\Program Files\QvodPlayer\QvodBand.dll>  [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0, C:2008-10-31 18:47 M:2008-10-31 18:47]
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-11-10 20:58 M:2007-03-02 14:42]


========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
[Qvod Terminal / Qvod Terminal][Stopped/Manual Start]
    <C:\Program Files\QvodPlayer\QvodTerminal.exe>  [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 55, C:2008-11-04 17:26 M:2008-11-04 17:26]
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
    <c:\program files\rising\rfw\rfwproxy.exe>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 14, C:2008-11-10 21:01 M:2008-11-10 21:01]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <c:\program files\rising\rfw\rfwsrv.exe>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 32, C:2008-11-10 21:01 M:2008-11-10 21:00]

[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <C:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-10 21:03 M:2008-11-10 21:02]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-10 21:03 M:2008-11-10 21:02]


========================================
驱动

[Basetdi / BaseTDI][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\basetdi.sys>  [Rising, 3, 0, 1, 5, C:2008-11-10 21:01 M:2008-11-10 21:00]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rfw\HookUrl.sys>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3, C:2008-11-10 21:01 M:2008-11-10 21:01]
[mProcRs / mProcRs][Running/Auto Start]
    <\??\c:\program files\rising\rfw\mProcRs.sys>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6, C:2008-11-10 21:01 M:2008-11-10 21:00]
[RsFwDrv / RsFwDrv][Running/Auto Start]
    <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys>  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6, C:2008-11-10 21:01 M:2008-11-10 21:00]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 07:14 M:2004-08-04 07:14]

[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
    <system32\drivers\cmuda.sys>  [(Verified)C-Media Inc, 5.12.01.0049.1 (63), C:2008-11-10 20:55 M:2005-05-12 14:21]
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
    <system32\DRIVERS\fetnd5.sys>  [(Verified)VIA Technologies, Inc.              , 2.66, C:2008-11-10 20:33 M:2001-08-17 12:13]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-11-10 21:03 M:2008-11-10 21:02]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2008-11-10 21:03 M:2008-11-10 22:21]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2008-11-10 21:03 M:2008-11-10 22:21]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-11-10 21:03 M:2008-11-10 21:02]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2008-11-10 20:33 M:2005-10-10 21:49]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 14:13 M:2004-06-06 14:13]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-11-10 21:03 M:2008-11-10 21:02]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)N/A, C:2004-07-17 19:36 M:2004-07-17 19:36]
[viamraid / viamraid][Running/Boot Start]
    <system32\DRIVERS\viamraid.sys>  [(Verified)VIA Technologies inc,.ltd, 5.1.2600.430, C:2008-11-10 20:55 M:2005-06-20 18:53]


========================================
进程

[PID: 596 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 660 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 684 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 728 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 740 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 900 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1016 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1108 / SYSTEM]   C:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 1124 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1224 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1340 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1392 / SYSTEM]   c:\program files\rising\rfw\rfwsrv.exe   [Beijing Rising Technology Co., Ltd., 4, 0, 0, 32, C:2008-11-10 21:01 M:2008-11-10 21:00]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    c:\program files\rising\rfw\RfwRule.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13, C:2008-11-10 21:01 M:2008-11-10 21:01]
    c:\program files\rising\rfw\rfwlog.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\Rfwdrv.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\psapi.dll  [Microsoft Corporation, 4.00, C:2008-11-10 21:01 M:2008-11-10 21:01]
    c:\program files\rising\rfw\MonDrv.dll  [rs, 1, 0, 0, 4, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\ProcLib.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\mPorts.dll  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3, C:2008-11-10 21:01 M:2008-11-10 21:00]

[PID: 1564 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]

[PID: 1764 / wuhuayuan]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\nvcpl.dll  [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
    C:\WINDOWS\system32\NVRSZHC.DLL  [NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
    C:\WINDOWS\system32\nvshell.dll  [N/A, C:2005-10-10 21:49 M:2005-10-10 21:49]
    C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2008-11-10 21:08 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2008-11-10 21:08 M:2008-06-13 09:43]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-10 21:08 M:2008-08-08 10:22]
    C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-10 21:08 M:2008-08-08 10:22]
    C:\Program Files\WinRAR\rarext.dll  [N/A, C:2008-11-10 20:58 M:2007-03-02 14:42]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\QvodPlayer\QvodBand.dll  [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0, C:2008-10-31 18:47 M:2008-10-31 18:47]

[PID: 1848 / wuhuayuan]   c:\program files\rising\rfw\RfwMain.exe   [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\RsGuiLib.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23, C:2008-11-10 21:01 M:2008-11-10 21:00]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    c:\program files\rising\rfw\RSCOMMON.DLL  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4, C:2008-11-10 21:01 M:2008-11-10 21:00]
    c:\program files\rising\rfw\PngDll.dll  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5, C:2008-11-10 21:01 M:2008-11-10 21:00]

[PID: 1908 / SYSTEM]   C:\Program Files\StormII\stormliv.exe   [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
    C:\Program Files\StormII\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 1948 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [(Verified)NVIDIA Corporation, 6.14.10.8185, C:2005-10-10 21:49 M:2005-10-10 21:49]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 1156 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\WINDOWS\System32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 1400 / wuhuayuan]   C:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 2332 / wuhuayuan]   C:\Program Files\Rising\AntiSpyware\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.40, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\AntiSpyware\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 2412 / wuhuayuan]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 4016 / wuhuayuan]   C:\WINDOWS\system32\ntvdm.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 1680 / wuhuayuan]   C:\Program Files\Rising\AntiSpyware\knownsvr.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.12, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 2712 / wuhuayuan]   C:\Program Files\Tencent\QQ\QQ.exe   [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\QQHelperDll.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 16:04 M:2007-09-17 16:04]
    C:\Program Files\Tencent\QQ\BasicCtrlDll.dll  [(Verified)TENCENT, 8,0,1248,1851, C:2007-09-17 15:02 M:2007-09-17 15:02]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Tencent\QQ\QQAPI.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\LoginCtrl.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:51 M:2007-09-17 14:51]
    C:\Program Files\Tencent\QQ\LoginCtrlRes.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:51 M:2007-09-17 14:51]
    C:\Program Files\Tencent\QQ\QQRes.dll  [(Verified)TENCENT, 8,0,978,1833, C:2007-09-17 14:57 M:2007-09-17 14:57]
    C:\Program Files\Tencent\QQ\WizardCtrl.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:01 M:2007-09-17 15:01]
    C:\Program Files\Tencent\QQ\QQMainFrame.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56]
    C:\Program Files\Tencent\QQ\CQQApplication.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:50 M:2007-09-17 14:50]
    C:\Program Files\Tencent\QQ\UnReadMsgMgr.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:00 M:2007-09-17 15:00]
    C:\Program Files\Tencent\QQ\QQAllInOne.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\SCCore.dll  [(Verified)TENCENT, 1, 6, 0, 2, C:2007-09-17 14:59 M:2007-09-17 14:59]
    C:\Program Files\Tencent\QQ\CameraDll.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:03 M:2007-09-17 15:03]
    C:\Program Files\Tencent\QQ\FlashAvatarDll.dll  [(Verified)版权所有 (C) 2008, 1, 0, 0, 1, C:2007-09-17 14:50 M:2007-09-17 14:50]
    C:\Program Files\Tencent\QQ\NewSkin.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52]
    C:\Program Files\Tencent\QQ\MailSummary.dll  [(Verified)TENCENT, 8,0,1234,1851, C:2007-09-17 14:51 M:2007-09-17 14:51]
    C:\Program Files\Tencent\QQ\QQSpace.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:57 M:2007-09-17 14:57]
    C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\Program Files\Tencent\QQ\QQAvatar.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\OEMApplication.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52]
    C:\Program Files\Tencent\QQ\QQGroupMng.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55]
    C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:55 M:2007-09-17 14:55]
    C:\Program Files\Tencent\QQ\QQPlugin.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56]
    C:\Program Files\Tencent\QQ\UserDefinedHead.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:01 M:2007-09-17 15:01]
    C:\Program Files\Tencent\QQ\QQPet.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:56 M:2007-09-17 14:56]
    C:\Program Files\Tencent\QQ\QRingMng.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:58 M:2007-09-17 14:58]
    C:\WINDOWS\system32\macromed\flash\flash.ocx  [(Verified)Macromedia, Inc., 6,0,79,0, C:2008-11-10 20:42 M:2004-07-17 19:41]
    C:\Program Files\Tencent\QQ\QQSettingCtrl.dll  [(Verified)TENCENT, , C:2007-09-17 14:57 M:2007-09-17 14:57]
    C:\Program Files\Tencent\QQ\QQConfigPlugin.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:53 M:2007-09-17 14:53]
    C:\Program Files\Tencent\QQ\QQCustomFace.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:54 M:2007-09-17 14:54]
    C:\Program Files\Tencent\QQ\LongConnection.dll  [(Verified)TENCENT, 8,0,1249,1851, C:2007-09-17 15:05 M:2007-09-17 15:05]
    C:\Program Files\Tencent\QQ\PhoneAPI.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:52 M:2007-09-17 14:52]
    C:\Program Files\Tencent\QQ\DialerAllinOne.dll  [(Verified)tencent, 1, 4, 0, 0, C:2007-09-17 14:50 M:2007-09-17 14:50]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Tencent\QQ\BQQApplication.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:49 M:2007-09-17 14:49]
    C:\Program Files\Tencent\QQ\CommercesMng.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:49 M:2007-09-17 14:49]
    C:\Program Files\Tencent\QQ\PersonalDesktop.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 15:06 M:2007-09-17 15:06]
    C:\Program Files\Tencent\QQ\QQAddr.dll  [(Verified)深圳市腾讯计算机系统有限公司, 5, 0, 101, 330, C:2007-09-17 15:06 M:2007-09-17 15:06]
    C:\Program Files\Tencent\QQ\QQSceneMng.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:57 M:2007-09-17 14:57]
    C:\Program Files\Tencent\QQ\AddrSearch.dll  [(Verified)腾讯科技（深圳）有限公司, 2, 2, 1, 17, C:2007-09-17 14:49 M:2008-11-10 21:56]
    C:\Program Files\Tencent\QQ\QQSysMsgMng.dll  [(Verified)TENCENT, 8,0,1249,1853, C:2007-09-17 14:58 M:2007-09-17 14:58]

[PID: 3704 / wuhuayuan]   C:\Program Files\Tencent\QQ\TXPlatform.exe   [(Verified)Tencent, 1, 5, 225, 0, C:2008-05-20 17:53 M:2008-05-20 17:53]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 3868 / wuhuayuan]   C:\WINDOWS\system32\conime.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 08:52 M:2004-08-04 08:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]

[PID: 3908 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 22:21]
    C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 98, C:2008-11-10 21:03 M:2008-11-10 22:21]
    C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-10 21:03 M:2008-11-10 22:21]
    C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-11-10 21:03 M:2008-11-10 22:21]
    C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\extole.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 22:21]
    C:\PROGRAM FILES\RISING\RAV\uroutine.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ur004.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 3792 / wuhuayuan]   C:\Program Files\Rising\Rav\RAVMON.EXE   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\Program Files\Rising\Rav\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 1404 / SYSTEM]   C:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-10 21:03 M:2008-11-10 21:02]

[PID: 2132 / wuhuayuan]   F:\工具\arswp\arswp2\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 1, 815, C:2008-11-02 17:11 M:2008-08-15 22:25]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    F:\工具\arswp\arswp2\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-11-02 17:11 M:2007-11-28 15:19]

[PID: 2284 / wuhuayuan]   C:\Program Files\Tencent\TT\bin\TTraveler.exe   [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTUtilWidget.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-10 21:12 M:2008-11-10 21:12]
    C:\Program Files\Tencent\TT\bin\TTStore.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\PlatformWidget.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTMainFrame.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\UpdateUtil.dll  [(Verified)N/A, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTMBrowser.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTabMgr.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTSkin.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTPluginMng.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\FavoriteLogical.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TSupport.dll  [(Verified)TENCENT Inc., 1, 2, 11, 201, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTHtmlApp.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Tencent\TT\bin\TTFilter.dll  [(Verified)Tencent, 4, 8, 10, 17, C:2008-09-08 17:00 M:2008-09-08 17:00]
    C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-10 21:03 M:2008-11-10 21:02]
    C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]