[CODE]

2008-11-15,23:29:57

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
Registries

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A, C:2008-11-15 21:00 M:2004-02-22 16:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp., 5.1.00, C:2008-11-15 21:43 M:2003-04-25 08:53]
    <RavTask><"D:\ɱ¶¾\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-11-15 21:59 M:2008-11-15 21:58]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-15 21:59 M:2008-11-15 21:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:2008-11-15 21:59 M:2008-11-15 21:59]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Shell><Explorer.exe %windir%\system32\drivers\svchost.exe>  [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00|N/A, C:2008-11-15 23:12 M:2008-11-15 23:12]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ʹÓÃѸÀ×ÏÂÔØ]
    <><D:\ѸÀ×\Program\GetUrl.htm>  [N/A, C:2008-11-15 21:56 M:2008-07-28 15:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó]
    <><D:\ѸÀ×\Program\GetAllUrl.htm>  [N/A, C:2008-11-15 21:56 M:2007-12-10 14:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Ìí¼Óµ½QQ±íÇé]
    <><D:\QQ\AddEmotion.htm>  [N/A, C:2008-06-30 17:14 M:2008-06-30 17:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00|(Verified)N/A, C:2006-09-25 08:00 M:2006-09-25 08:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00|(Verified)N/A, C:2008-11-15 21:14 M:2005-01-28 15:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}]
    <Æô¶¯Ñ¸À×5><D:\ѸÀ×\Thunder.exe>  [(Verified)Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-15 21:56 M:2008-11-12 14:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}]
    <·¬ÇÑ»¨Ô°><http://www.tomatolei.com>  []


========================================
Startup Folders

[ÌÚѶQQ]
    <C:\Documents and Settings\Administrator\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\ÌÚѶQQ.lnk --> "D:\QQ\QQ.exe"  > [(Verified)TENCENT, 8,0,978,1833, C:2007-07-01 08:50 M:2007-07-01 08:50]


========================================
Task



========================================
Components


ShellExecuteHook
[ShlExecHack Class]
    {32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]

Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-11-15 20:55 M:2006-09-25 08:00]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <D:\RAR\rarext.dll>  [N/A, C:2008-11-15 21:49 M:2007-09-23 18:59]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <D:\ѸÀ×\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-15 21:56 M:2008-09-06 10:36]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\ѸÀ×\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-15 21:56 M:2008-09-19 16:44]
[¿¨¿¨ÉÏÍø°²È«ÖúÊÖ]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-15 21:59 M:2008-11-15 21:59]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <D:\ѸÀ×\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-15 21:56 M:2008-09-06 10:36]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <D:\ѸÀ×\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 6, 0, 5, 47, C:2008-11-15 21:56 M:2008-11-07 17:13]
[XMP Class]
    {6483F145-A768-4C41-AACC-52D4D7845851}  <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work>  [Xunlei Networking Technologies,LTD, 2, 1, 9, 100, C:2008-11-15 21:56 M:2008-11-12 14:29]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <D:\ѸÀ×\Components\InMedia\MediaAddin18.dll>  [(Verified)Thunder Networking Technologies,LTD, 3, 1, 6, 81, C:2008-11-15 21:56 M:2008-11-10 10:30]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <D:\ѸÀ×\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-15 21:56 M:2008-09-19 16:44]
[¿¨¿¨ÉÏÍø°²È«ÖúÊÖ]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-15 21:59 M:2008-11-15 21:59]
[DapCtrl Class]
    {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8}  <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.2.5807.96.(662).dll>  [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 2, 5807, 96, C:2008-11-15 21:56 M:2008-11-03 21:47]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx>  [(Verified)Adobe Systems, Inc., 9,0,16,0, C:2006-06-22 13:44 M:2006-06-22 13:44]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5871.228.(663).dll>  [(Verified)Xunlei Networking Technologies,LTD, 2, 1, 5871, 228, C:2008-11-15 21:56 M:2008-11-07 17:17]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <D:\RAR\rarext.dll>  [N/A, C:2008-11-15 21:49 M:2007-09-23 18:59]


========================================
Services

[Human Interface Device Access / HidServ][Stopped/Disabled]
    <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"D:\ɱ¶¾\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-15 21:59 M:2008-11-15 21:58]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"D:\ɱ¶¾\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-15 21:59 M:2008-11-15 21:58]


========================================
Drivers

[rspp / rspp][Stopped/System Start]
    <\??\C:\WINDOWS\system32\Drivers\Rspp.sys>  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8, C:2008-11-15 22:48 M:2008-11-15 22:48]
[Intel (R) System Management BIOS Service / SMBios][Running/Manual Start]
    <system32\DRIVERS\SMBios.sys>  [Intel Corporation, 1.0.0.14, C:2008-11-15 21:41 M:2003-10-15 04:10]
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
    <system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254), C:2006-09-25 08:00 M:2008-11-15 21:49]

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [(Verified)Realtek Semiconductor Corp., 5.10.5190, C:2008-11-15 21:43 M:2003-04-25 15:48]
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
    <system32\DRIVERS\e100b325.sys>  [(Verified)Intel Corporation, 7.0.26.0 built by: WinDDK, C:2008-11-15 21:44 M:2003-03-05 04:56]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-11-15 21:59 M:2008-11-15 21:58]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2008-11-15 21:59 M:2008-11-15 21:58]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2008-11-15 21:59 M:2008-11-15 22:05]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-11-15 21:59 M:2008-11-15 21:58]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2008-11-15 20:52 M:2004-08-03 22:29]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2006-09-25 08:00 M:2006-09-25 08:00]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-11-15 21:59 M:2008-11-15 21:58]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)N/A, C:2006-09-25 08:00 M:2006-09-25 08:00]


========================================
Running Processes

[PID: 560 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 632 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 656 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 700 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 712 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 868 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 948 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 1048 / SYSTEM]   D:\ɱ¶¾\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 1112 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 1328 / SYSTEM]   D:\ɱ¶¾\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-15 21:56 M:2008-08-12 17:41]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:56 M:2008-08-12 17:41]
    D:\ɱ¶¾\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 98, C:2008-11-15 21:59 M:2008-11-15 22:05]
    D:\ɱ¶¾\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 1524 / Administrator]   C:\WINDOWS\Explorer.exe   [(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ѸÀ×\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-15 21:56 M:2008-09-06 10:36]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:56 M:2008-08-12 17:41]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-15 21:56 M:2008-08-12 17:41]
    D:\ѸÀ×\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-15 21:56 M:2008-09-19 16:44]
    D:\ѸÀ×\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-15 21:56 M:2008-11-12 14:29]
    D:\ѸÀ×\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-15 21:56 M:2008-11-12 14:29]
    D:\RAR\rarext.dll  [N/A, C:2008-11-15 21:49 M:2007-09-23 18:59]
    D:\ɱ¶¾\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 1716 / SYSTEM]   D:\ɱ¶¾\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 1800 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2006-09-25 08:00 M:2005-06-11 07:53]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 180 / LOCAL SERVICE]   C:\WINDOWS\system32\wdfmgr.exe   [(Verified)Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act), C:2005-01-28 01:36 M:2005-01-28 01:36]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]

[PID: 184 / Administrator]   C:\WINDOWS\SOUNDMAN.EXE   [(Verified)Realtek Semiconductor Corp., 5.1.00, C:2008-11-15 21:43 M:2003-04-25 08:53]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]

[PID: 328 / Administrator]   D:\ɱ¶¾\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 368 / Administrator]   C:\Program Files\Rising\AntiSpyware\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\Program Files\Rising\AntiSpyware\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.41, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]
    D:\ɱ¶¾\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\Program Files\Rising\AntiSpyware\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 376 / Administrator]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]

[PID: 428 / Administrator]   D:\ɱ¶¾\Rising\Rav\Ravmon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2008-11-15 21:56 M:2008-08-12 17:41]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2008-11-15 21:56 M:2008-08-12 17:41]
    D:\ɱ¶¾\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-15 21:59 M:2008-11-15 21:58]
    D:\ɱ¶¾\Rising\Rav\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-11-15 21:59 M:2008-11-15 21:58]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    D:\ɱ¶¾\Rising\Rav\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-15 21:59 M:2008-11-15 21:58]

[PID: 1192 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 1756 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\System32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]

[PID: 2976 / Administrator]   C:\Program Files\Opera\opera.exe   [Opera Software, 10108, C:2008-08-14 15:52 M:2008-08-14 15:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Opera\Opera.dll  [Opera Software, 10108, C:2008-08-14 15:52 M:2008-08-14 15:52]
    C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\Program Files\Opera\Program\Plugins\NPSWF32.dll  [(Verified)N/A, C:2008-11-15 22:32 M:2008-10-05 11:24]
    C:\WINDOWS\system32\SOGOUPY.IME  [Sohu.com Inc., 3, 0, 3, 0, C:2007-10-19 13:03 M:2007-10-19 13:03]
    C:\Program Files\SogouInput\Plugin\SgImeWord.dll  [(Verified)Copyright 2006, 1, 0, 0, 31, C:2007-10-19 13:04 M:2007-10-19 13:04]

[PID: 3452 / Administrator]   C:\Program Files\SogouInput\PinyinUp.exe   [(Verified)N/A, C:2007-10-19 13:03 M:2007-10-19 13:03]
    C:\Program Files\SogouInput\HWSignature.dll  [(Verified)N/A, C:2007-10-19 13:03 M:2007-10-19 13:03]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]

[PID: 2808 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]
    C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 3012 / SYSTEM]   C:\WINDOWS\system32\drivers\svchost.exe   [N/A, C:2008-11-15 23:12 M:2008-11-15 23:12]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]

[PID: 2640 / Administrator]   C:\Syslog.exe   [N/A, C:2008-11-15 23:25 M:2008-08-27 08:39]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2006-09-25 08:00 M:2006-09-25 08:00]

[PID: 1520 / Administrator]   C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1.exe   [N/A, C:2008-11-15 23:29 M:2008-08-04 21:19]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-11-15 21:59 M:2008-11-15 22:09]
    C:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-11-15 21:59 M:2008-11-15 21:59]
    C:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-11-15 21:59 M:2008-11-15 21:59]


========================================
File Link



========================================
Autorun



========================================
Winsock Providers



========================================
HOSTS

    127.0.0.1 localhost


[/CODE]