[CODE]

2008-11-23,07:24:45

SysLog Scanner 1.0 - build 20080726
Arswp (http://www.arswp.com)

Windows XP Professional Service Pack 2 (build 2600) - Administrators



========================================
注册项

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PPS Accelerator><F:\Program Files\PPStream\ppsap.exe>  [(Verified)PPStream Inc, 1, 0, 11, 160, C:2008-02-13 15:10 M:2008-11-04 11:39]
    <金山清理专家实时保护><"f:\Program Files\Kingsoft Antispy\monitor\kastray.exe">  [(Verified)Kingsoft Corporation, 2008,11,14,88, C:2008-11-14 12:16 M:2008-11-14 12:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)Yahoo! China, 3, 2, 6, 1032, C:2007-10-01 19:08 M:2007-12-29 15:14]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <nwiz><nwiz.exe /install>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    <RavTask><"f:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2007-10-14 12:03 M:2008-07-29 17:39]
    <runeip><"f:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-08-05 14:06 M:2008-11-21 20:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><F:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:2007-12-22 10:24 M:2008-11-21 20:10]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_Dlls><kmon.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载]
    <><F:\Program Files\Thunder Network\Thunder\Program\geturl.htm>  [N/A, C:2007-10-01 19:29 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接]
    <><F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm>  [N/A, C:2007-10-01 19:29 M:2008-06-13 09:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到雅虎订阅(&Y)]
    <><res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\雅虎搜索]
    <><res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52|(Verified)N/A, C:2004-08-04 00:48 M:2004-08-04 00:48]


========================================
启动项



========================================
计划任务



========================================
组件


Shell Extension
[Display Panning CPL Extension]
    {42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
    {88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-10-01 18:37 M:2004-06-06 14:13]
[粉碎文件]
    {C14F7681-33D8-11D3-A09B-00500402F30B}  <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll>  [Yahoo! China, 3, 0, 5, 1009, C:2007-10-05 20:14 M:2007-02-06 20:26]
[Yahoo!Photo]
    {33BBE430-0E42-4F12-B075-8D21ACB10DCB}  <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll>  [Yahoo! China, 3, 1, 2, 1013, C:2007-09-27 16:34 M:2007-09-27 16:34]
[RISING]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-14 12:03 M:2008-07-29 17:38]
[NvCpl DesktopContext Class]
    {A70C977A-BF00-412C-90B7-034C51DA2439}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Desktop Explorer]
    {1CDB2949-8F65-4355-8456-263E7C208A5D}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Desktop Explorer Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A47}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[nView Desktop Context Menu]
    {1E9B04FB-F9E5-4718-997B-B8DA88302A48}  <C:\WINDOWS\system32\nvshell.dll>  [N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Play on my TV helper]
    {FFB699E0-306A-11d3-8BD1-00104B6F7516}  <C:\WINDOWS\system32\nvcpl.dll>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[WinRAR shell extension]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <f:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-05-02 19:52 M:2007-09-23 18:59]

BrowserHelperObject
[ThunderAtOnce Class]
    {01443AEC-0FD1-40fd-9C87-E93D1494C233}  <f:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2007-10-01 19:29 M:2008-06-13 09:43]
[Yahoo!Photo]
    {33BBE430-0E42-4f12-B075-8D21ACB10DCB}  <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll>  [Yahoo! China, 3, 1, 2, 1013, C:2007-09-27 16:34 M:2007-09-27 16:34]
[AntiFish Class]
    {38928D50-8A48-44C2-945F-D2F23F771410}  <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll>  [yahoo! china, 3, 0, 9, 1011, C:2007-09-27 16:28 M:2007-09-27 16:28]
[DragSearch BHO]
    {62EED7C6-9F02-42f9-B634-98E2899E147B}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL>  [(Verified)yahoo! china, 3, 1, 1, 1013, C:2007-09-27 16:33 M:2007-12-14 21:44]
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2007-10-01 19:29 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-08-05 14:06 M:2008-11-21 20:10]
[kingsoft browser shield]
    {D963BE1A-6B35-47DB-B002-49FAE71D85CC}  <F:\PROGRA~1\KINGSO~1\KASBrowserShield.DLL>  [(Verified)Kingsoft Corporation, 2008,04,15,2, C:2008-10-30 10:47 M:2008-10-30 10:47]
[yFlashDl Class]
    {F166BC04-3C84-44cc-A6E9-2315EC4844B9}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll>  [(Verified)Yahoo! China, 3, 1, 1, 1025, C:2007-09-27 16:33 M:2007-12-24 16:57]
[assist]
    {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll>  [Yahoo! China, 3, 2, 3, 1029, C:2007-09-27 16:27 M:2007-11-08 16:39]

UrlSeachHook
[雅虎助手]
    {406F94F0-504F-4a40-8DFD-58B0666ABEBD}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll>  [(Verified)yahoo! china, 3, 5, 1, 1128, C:2008-01-04 14:48 M:2007-12-29 15:14]

ToolBar
[雅虎助手]
    {406F94F0-504F-4A40-8DFD-58B0666ABEBD}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll>  [(Verified)yahoo! china, 3, 5, 1, 1128, C:2008-01-04 14:48 M:2007-12-29 15:14]

ActiveX Extension
[ThunderAtOnce Class]
    {01443AEC-0FD1-40FD-9C87-E93D1494C233}  <f:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2007-10-01 19:29 M:2008-06-13 09:43]
[Yahoo!Photo]
    {33BBE430-0E42-4F12-B075-8D21ACB10DCB}  <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll>  [Yahoo! China, 3, 1, 2, 1013, C:2007-09-27 16:34 M:2007-09-27 16:34]
[AntiFish Class]
    {38928D50-8A48-44C2-945F-D2F23F771410}  <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll>  [yahoo! china, 3, 0, 9, 1011, C:2007-09-27 16:28 M:2007-09-27 16:28]
[IEBuddyExtControl Class]
    {3AECD3C1-7085-4731-96DC-47B6CF7EF749}  <F:\PROGRA~1\KINGSO~1\IEBuddyExt.DLL>  [(Verified)Kingsoft Corporation, 2008,11,14,84, C:2008-11-14 08:52 M:2008-11-14 08:52]
[雅虎助手]
    {406F94F0-504F-4A40-8DFD-58B0666ABEBD}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll>  [(Verified)yahoo! china, 3, 5, 1, 1128, C:2008-01-04 14:48 M:2007-12-29 15:14]
[Thunder Agent Class]
    {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}  <F:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 4, 23, C:2007-10-01 19:29 M:2008-06-13 09:43]
[Yahoo!Live]
    {57421194-58FB-49AE-9B4F-FD48869B9AD4}  <C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll>  [(Verified)yahoo! china, 3, 8, 0, 1140, C:2007-09-27 16:30 M:2007-12-29 15:16]
[DragSearch BHO]
    {62EED7C6-9F02-42F9-B634-98E2899E147B}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL>  [(Verified)yahoo! china, 3, 1, 1, 1013, C:2007-09-27 16:33 M:2007-12-14 21:44]
[MediaComm Class]
    {7670648D-461B-42AF-BDFE-46D26AF5EFF2}  <f:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll>  []
[Thunder Browser Helper]
    {889D2FEB-5411-4565-8998-1DD2C5261283}  <F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2007-10-01 19:29 M:2008-06-13 09:43]
[卡卡上网安全助手]
    {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-08-05 14:06 M:2008-11-21 20:10]
[RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}  <C:\Program Files\StormII\Codec\rmoc3260.dll>  [(Verified)RealNetworks, Inc., 6.0.9.2568, C:2006-10-18 23:05 M:2006-10-18 23:05]
[Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000}  <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx>  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]
[kingsoft browser shield]
    {D963BE1A-6B35-47DB-B002-49FAE71D85CC}  <F:\PROGRA~1\KINGSO~1\KASBrowserShield.DLL>  [(Verified)Kingsoft Corporation, 2008,04,15,2, C:2008-10-30 10:47 M:2008-10-30 10:47]
[yFlashDl Class]
    {F166BC04-3C84-44CC-A6E9-2315EC4844B9}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll>  [(Verified)Yahoo! China, 3, 1, 1, 1025, C:2007-09-27 16:33 M:2007-12-24 16:57]
[XPPlayer Class]
    {F3E70CEA-956E-49CC-B444-73AFE593AD7F}  <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.5835.191.(45).dll>  [Xunlei Networking Technologies,LTD, 2, 0, 5835, 191, C:2008-08-11 10:44 M:2008-08-08 10:22]
[assist]
    {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}  <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll>  [Yahoo! China, 3, 2, 3, 1029, C:2007-09-27 16:27 M:2007-11-08 16:39]

Context Menu
[RisingRavExt]
    {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2007-10-14 12:03 M:2008-07-29 17:38]
[WinRAR]
    {B41DB860-8EE4-11D2-9906-E49FADC173CA}  <f:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-05-02 19:52 M:2007-09-23 18:59]
[粉碎文件]
    {C14F7681-33D8-11D3-A09B-00500402F30B}  <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll>  [Yahoo! China, 3, 0, 5, 1009, C:2007-10-05 20:14 M:2007-02-06 20:26]


========================================
服务


[Contrl Center of Storm Media / ccosm][Running/Auto Start]
    <C:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2007-12-17 17:21 M:2008-03-11 14:33]
[Kingsoft Basic Service / kaccore][Running/Manual Start]
    <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe">  [(Verified)Kingsoft Corporation, 2008,11,03,330, C:2008-11-03 08:49 M:2008-11-03 08:49]
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <%SystemRoot%\system32\nvsvc32.exe>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
    <f:\program files\rising\rfw\rfwproxy.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2007-10-14 18:53 M:2008-07-29 17:25]
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
    <f:\program files\rising\rfw\rfwsrv.exe>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2007-10-14 18:53 M:2008-07-26 11:02]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
    <"f:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2007-10-14 12:03 M:2008-07-29 17:39]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
    <"F:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2007-10-14 12:03 M:2008-07-29 17:39]


========================================
驱动

[Amoi WMC Composite Device driver (WDM) / aavmbus][Stopped/Manual Start]
    <system32\DRIVERS\aavmbus.sys>  [MCCI, V4.38, C:2008-05-03 17:20 M:2006-08-15 16:40]
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS>  [Avance Logic, Inc., 5.10.5011, C:2007-10-01 18:57 M:2002-07-24 13:09]
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\npptNT2.sys>  [INCA Internet Co., Ltd., 2005, 1, 5, 1, C:2007-10-03 14:15 M:2005-01-04 17:43]
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
    <system32\KeyCrypt.sys>  [ Tencent Technology (Shenzhen) Company Limited, 1, 0, 0, 9, C:2007-12-15 17:41 M:2008-07-03 20:48]
[zyrkiozm / zyrkiozm][Running/Boot Start]
    <System32\DRIVERS\zyrkiozm.sys>  [Yahoo! China Corporation, 1.8.0.1096, C:2007-10-05 20:15 M:2007-10-05 20:15]

[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
    <system32\DRIVERS\e100b325.sys>  [(Verified)Intel Corporation, 6.01.03.0000 built by: WinDDK, C:2007-10-01 18:55 M:2002-02-25 08:54]
[HookCont / HookCont][Running/System Start]
    <\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2007-10-14 12:03 M:2008-07-29 17:39]
[HookNtos / HookNtos][Running/System Start]
    <\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2007-10-14 12:03 M:2008-10-29 23:38]
[HookReg / HookReg][Running/System Start]
    <\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2007-10-14 12:03 M:2008-11-12 16:03]
[HookSys / HookSys][Running/System Start]
    <\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2007-10-14 12:03 M:2008-08-27 15:01]
[HookUrl / HookUrl][Running/Auto Start]
    <\??\f:\Program Files\Rising\Rfw\HookUrl.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2007-10-14 18:53 M:2008-07-29 17:25]
[nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys>  [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2007-10-01 18:34 M:2006-10-22 12:22]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
    <system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-06-06 06:13 M:2004-06-06 06:13]
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
    <System32\DRIVERS\rfwbase.SYS>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2007-10-14 18:53 M:2008-07-29 17:24]
[RsFwDrv / RsFwDrv][Running/System Start]
    <\??\f:\Program Files\Rising\Rfw\RsFwDrv.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.34, C:2007-10-14 18:53 M:2008-07-29 17:25]
[RsNTGDI / RsNTGDI][Running/Boot Start]
    <system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2007-10-14 12:03 M:2008-07-29 18:04]
[Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2004-07-17 11:36 M:2007-11-13 18:25]
[TesSafe / TesSafe][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\TesSafe.sys>  [(Verified)TENCENT, 0, 0, 8, 2, C:2007-12-01 19:33 M:2008-08-02 18:03]
[yaskp / yaskp][Running/Boot Start]
    <system32\drivers\yaskp.sys>  [(Verified)Copyright (C) yahoo Corporation., 3.0.9.1010, C:2008-11-20 21:04 M:2008-05-07 18:15]


========================================
进程

[PID: 556 / SYSTEM]   \SystemRoot\System32\smss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]

[PID: 632 / SYSTEM]   \??\C:\WINDOWS\system32\csrss.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 656 / SYSTEM]   \??\C:\WINDOWS\system32\winlogon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 700 / SYSTEM]   C:\WINDOWS\system32\services.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 712 / SYSTEM]   C:\WINDOWS\system32\lsass.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 868 / SYSTEM]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 936 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1044 / SYSTEM]   f:\Program Files\Rising\Rav\CCenter.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2007-10-14 12:03 M:2008-07-29 17:39]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1072 / SYSTEM]   C:\WINDOWS\System32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1156 / NETWORK SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1284 / LOCAL SERVICE]   C:\WINDOWS\system32\svchost.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1320 / SYSTEM]   F:\PROGRAM FILES\RISING\RAV\ravmond.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2007-10-14 12:03 M:2008-07-29 17:40]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    F:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2007-10-14 12:03 M:2008-07-29 18:05]
    F:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2007-10-14 12:03 M:2008-07-29 17:39]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    F:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2007-10-14 12:03 M:2008-08-21 13:14]
    F:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-09-27 20:38]
    f:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2007-10-14 12:04 M:2008-07-29 18:05]
    F:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2007-10-14 12:03 M:2008-07-29 17:39]
    f:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2007-10-14 12:03 M:2008-07-29 18:05]
    f:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2007-10-14 12:03 M:2008-07-29 18:05]
    F:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2007-10-14 12:03 M:2008-07-29 17:49]
    F:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2007-10-14 12:03 M:2008-08-27 15:01]
    F:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2007-10-14 12:03 M:2008-07-29 17:51]
    F:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 99, C:2007-10-14 12:03 M:2008-11-21 19:56]
    F:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2007-10-14 12:03 M:2008-07-29 17:56]

[PID: 1336 / SYSTEM]   f:\program files\rising\rfw\rfwsrv.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.76, C:2007-10-14 18:53 M:2008-07-26 11:02]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-14 18:53 M:2008-07-29 17:24]
    f:\program files\rising\rfw\rfwlog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2007-10-14 18:53 M:2008-07-29 17:24]
    f:\program files\rising\rfw\Rfwdrv.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.48, C:2007-10-14 18:53 M:2008-07-26 11:02]
    f:\program files\rising\rfw\ijt_ctrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2007-10-14 18:53 M:2008-07-26 11:02]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\unvdet.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2007-10-14 18:53 M:2008-07-29 18:14]
    f:\program files\rising\rfw\mPorts.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2007-10-14 18:53 M:2008-07-29 17:24]

[PID: 1420 / SYSTEM]   f:\program files\rising\rfw\rfwproxy.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.37, C:2007-10-14 18:53 M:2008-07-29 17:25]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-14 18:53 M:2008-07-29 17:24]
    f:\program files\rising\rfw\urlrule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-05-13 18:28 M:2008-07-29 17:25]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\MonMid.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2007-10-14 18:53 M:2008-07-29 17:25]

[PID: 1680 / SYSTEM]   f:\program files\rising\rfw\rfwstub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2007-10-14 18:53 M:2008-07-29 18:14]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    f:\program files\rising\rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 1856 / cs]   C:\WINDOWS\Explorer.EXE   [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-04 00:52 M:2007-06-13 21:21]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    c:\documents and settings\cs\application data\ppstream\bin\1.0.0.2\vodrc.dll  [ppstream.com, 1.0.0.2, C:2007-10-01 19:35 M:2007-09-12 16:43]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll  [(Verified)yahoo! china, 3, 8, 0, 1140, C:2007-09-27 16:30 M:2007-12-29 15:16]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll  [Yahoo! China, 3, 0, 3, 1012, C:2007-09-27 16:31 M:2007-09-27 16:31]
    f:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.29, C:2007-10-01 19:29 M:2008-06-13 09:43]
    F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 96, C:2007-10-01 19:29 M:2008-06-13 09:43]
    F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2007-10-01 19:29 M:2008-08-08 10:22]
    F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2007-10-01 19:29 M:2008-08-08 10:22]
    C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll  [Yahoo! China, 3, 1, 2, 1013, C:2007-09-27 16:34 M:2007-09-27 16:34]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL  [(Verified)yahoo! china, 3, 1, 1, 1013, C:2007-09-27 16:33 M:2007-12-14 21:44]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll  [Yahoo! China, 3, 2, 3, 1029, C:2007-09-27 16:27 M:2007-11-08 16:39]

[PID: 2040 / SYSTEM]   F:\PROGRAM FILES\RISING\RAV\RavStub.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-07-29 17:40]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 180 / cs]   f:\program files\rising\rfw\RfwMain.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2007-10-14 18:53 M:2008-07-26 11:01]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    f:\program files\rising\rfw\RsGuiLib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2007-10-14 18:53 M:2008-07-29 18:16]
    f:\Program Files\Rising\Rfw\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RfwCtrl.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-10-14 18:53 M:2008-07-29 17:28]
    f:\program files\rising\rfw\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2007-10-14 18:53 M:2008-07-29 18:16]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\RfwRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2007-10-14 18:53 M:2008-07-29 17:24]

[PID: 224 / SYSTEM]   C:\WINDOWS\system32\spoolsv.exe   [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-04 00:52 M:2005-06-11 07:53]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 400 / cs]   C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe   [(Verified)Yahoo! China, 3, 2, 6, 1032, C:2007-10-01 19:08 M:2007-12-29 15:14]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll  [(Verified)yahoo! china, 3, 8, 0, 1140, C:2007-09-27 16:30 M:2007-12-29 15:16]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll  [Yahoo! China, 3, 0, 3, 1012, C:2007-09-27 16:31 M:2007-09-27 16:31]

[PID: 440 / cs]   F:\Program Files\Rising\Rav\RavTask.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\Program Files\Rising\Rav\RSAPPMGR.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-14 12:03 M:2008-07-29 17:40]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]

[PID: 592 / cs]   F:\Program Files\Rising\AntiSpyware\rstray.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\rsmginfo.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    F:\Program Files\Rising\AntiSpyware\ComServ.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-08-05 14:05 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-12-22 10:24 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-12-22 10:24 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-12-22 10:24 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\rscommon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-08-05 14:06 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\pngdll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-05 14:06 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\runiep.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.41, C:2008-08-05 14:06 M:2008-11-21 20:10]
    F:\Program Files\Rising\AntiSpyware\NComm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.6, C:2008-01-22 19:28 M:2008-11-21 20:10]
    f:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\AntiSpyware\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-21 20:10 M:2008-11-21 20:10]

[PID: 716 / cs]   C:\WINDOWS\system32\ctfmon.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]

[PID: 1028 / cs]   F:\Program Files\Rising\Rav\Ravmon.exe   [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2007-10-14 12:03 M:2008-08-27 15:01]
    C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2007-10-14 12:03 M:2007-10-14 12:02]
    C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2007-10-14 12:03 M:2007-10-14 12:02]
    F:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\Program Files\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2007-10-14 12:03 M:2008-08-21 13:14]
    F:\Program Files\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\Program Files\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2007-10-14 12:03 M:2008-07-29 17:49]
    F:\Program Files\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2007-10-14 12:03 M:2008-07-29 17:54]
    F:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2007-10-14 12:03 M:2008-07-29 17:40]
    F:\Program Files\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2007-10-14 12:03 M:2008-07-29 17:39]
    F:\Program Files\Rising\Rav\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2007-10-14 12:03 M:2008-07-29 17:57]
    F:\Program Files\Rising\Rav\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2007-10-14 12:03 M:2008-07-29 17:57]
    F:\Program Files\Rising\Rav\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-10-14 12:03 M:2008-07-29 17:40]

[PID: 1260 / cs]   F:\Program Files\PPStream\ppsap.exe   [(Verified)PPStream Inc, 1, 0, 11, 160, C:2008-02-13 15:10 M:2008-11-04 11:39]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    f:\Program Files\PPStream\vodnet.dll  [(Verified)PPStream Inc., 1, 0, 11, 160, C:2008-11-04 11:39 M:2008-11-04 11:39]
    f:\Program Files\PPStream\vodres.dll  [(Verified)PPStream Inc., 1, 0, 11, 160, C:2008-11-04 11:39 M:2008-11-04 11:39]
    f:\Program Files\PPStream\ppssg.dll  [(Verified)PPStream Inc., 1, 0, 11, 160, C:2008-11-04 11:39 M:2008-11-04 11:39]
    f:\Program Files\PPStream\fds.dll  [(Verified)PPStream Inc., 1, 0, 0, 95, C:2008-11-03 15:23 M:2008-11-03 15:23]
    f:\Program Files\PPStream\PPSMedia.dll  [(Verified)PPStream Inc., 1.0.0.1, C:2008-09-16 15:41 M:2008-09-16 15:41]

[PID: 1388 / cs]   F:\Program Files\Kingsoft Antispy\monitor\kastray.exe   [(Verified)Kingsoft Corporation, 2008,11,14,88, C:2008-11-14 12:16 M:2008-11-14 12:16]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    F:\Program Files\Kingsoft Antispy\monitor\kaspop.dll  [(Verified)Kingsoft Corporation, 2008,11,14,93, C:2008-11-14 17:35 M:2008-11-14 17:35]

[PID: 2128 / SYSTEM]   C:\Program Files\StormII\stormliv.exe   [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2007-12-17 17:21 M:2008-03-11 14:33]
    C:\Program Files\StormII\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]

[PID: 2184 / SYSTEM]   C:\WINDOWS\system32\nvsvc32.exe   [(Verified)NVIDIA Corporation, 6.14.10.9371, C:2006-10-22 12:22 M:2006-10-22 12:22]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\WINDOWS\system32\nvapi.dll  [(Verified)N/A, C:2006-10-22 12:22 M:2006-10-22 12:22]

[PID: 3188 / SYSTEM]   C:\Program Files\Kingsoft\KAC\Service\kaccore.exe   [(Verified)Kingsoft Corporation, 2008,11,03,330, C:2008-11-03 08:49 M:2008-11-03 08:49]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\Program Files\Kingsoft\KAC\Service\corehelper.dll  [(Verified)Kingsoft Corporation, 2008,10,20,303, C:2008-10-20 17:35 M:2008-10-20 17:35]

[PID: 3400 / cs]   F:\Program Files\Kingsoft Antispy\monitor\kudiskmon.exe   [(Verified)Kingsoft Corporation, 2008,11,10,55, C:2008-11-12 22:15 M:2008-11-12 22:15]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]

[PID: 3700 / LOCAL SERVICE]   C:\WINDOWS\System32\alg.exe   [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-04 00:52 M:2004-08-04 00:52]
    C:\WINDOWS\System32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]

[PID: 3148 / cs]   F:\PROGRA~1\KINGSO~1\KASMain.EXE   [(Verified)Kingsoft Corporation, 2008,11,21,104, C:2008-11-18 16:48 M:2008-11-22 21:36]
    F:\PROGRA~1\KINGSO~1\MFC80U.DLL  [Microsoft Corporation, 8.00.50727.762, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\kis.dll  [(Verified)Kingsoft Corporation, 2008,08,12,55, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\MSVCP80.dll  [Microsoft Corporation, 8.00.50727.762, C:2008-10-30 10:47 M:2008-10-30 10:47]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    F:\PROGRA~1\KINGSO~1\KAVDevC.dll  [(Verified)Kingsoft Corporation, 2008,04,28,112, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\KAO\KAOExtend.dll  [(Verified)Copyright (C) 1998-2008 Kingsoft Corporation, 2008,06,16,525, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\KAEAutorunEx.DLL  [(Verified)Kingsoft Corporation, 2008,05,15,287, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\RICHED20.DLL  [Microsoft Corporation, 5.30.23.1221, C:2008-10-30 10:47 M:2008-10-30 10:47]
    F:\PROGRA~1\KINGSO~1\KASearch.DLL  [(Verified)Kingsoft Corporation, 2007,11,09,276, C:2008-10-30 10:47 M:2008-10-30 10:47]

[PID: 2252 / cs]   F:\Program Files\arswp\ArSwp.exe   [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-22 20:43 M:2008-11-15 11:58]
    C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\comx3.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-08-05 14:05 M:2008-11-21 20:10]
    f:\Program Files\Rising\AntiSpyware\Syslay.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-08-05 14:06 M:2008-11-21 20:10]
    f:\program files\rising\rfw\ijt_base.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2007-10-14 18:53 M:2008-07-26 10:59]
    f:\program files\rising\rfw\olemon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2007-10-14 18:53 M:2008-07-26 10:59]
    C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll  [Yahoo! China, 3, 1, 5, 1033, C:2007-10-01 19:08 M:2007-09-15 22:14]
    c:\documents and settings\cs\application data\ppstream\bin\1.0.0.2\vodrc.dll  [ppstream.com, 1.0.0.2, C:2007-10-01 19:35 M:2007-09-12 16:43]
    F:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2008-11-22 20:43 M:2007-11-28 15:19]


========================================
文件关联



========================================
AutoRun.INF



========================================
Winsock提供者



[/CODE]