[CODE] 2008-12-10,03:20:24 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 2 (build 2600) - Administrators ======================================== Registries [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)PPStream Inc, 1, 0, 11, 166, C:2008-12-04 10:29 M:2008-11-27 16:41] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw), 1.58, C:2008-11-28 21:34 M:2003-04-06 17:39] <"E:\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-12-31 03:24 M:2008-12-31 03:20] [(Verified)HP, 2.323.0.0, C:2008-12-05 20:51 M:2004-03-04 23:46] <"E:\Rav\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-12-09 10:03 M:2008-12-09 12:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-12-09 10:03 M:2008-12-09 12:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2008-11-28 21:21 M:2008-07-28 15:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2008-11-28 21:21 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2007-10-11 15:11 M:2007-10-11 15:11] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00|(Verified)N/A, C:2007-10-17 00:34 M:2005-01-28 15:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [(Verified)Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2008-11-28 21:21 M:2008-11-12 14:30] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0A155D3C-68E2-4215-A47A-E800A446447A}] <浩方电竞平台> [(Verified)上海浩方在线信息技术有限公司, 5.1.1.0, C:2008-12-29 02:20 M:2008-11-20 20:01] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\hpzsnt10] [(Verified)HP, 2.323.0.0, C:2004-03-04 23:18 M:2004-03-04 23:18] ======================================== Startup Folders [QQ游戏启动加速程序] "C:\Program Files\Tencent\QQGame\Accel.exe" > [(Verified)深圳市腾讯计算机系统有限公司, 2, 0, 103, 5, C:2008-10-23 15:23 M:2008-10-23 15:23] ======================================== Task [SogouImeMgr.job] "C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe" /S > [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07] ======================================== Components ShellExecuteHook [ShlExecHack Class] {32CD708B-60A7-4C00-9377-D73EAA495F0F} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-12-09 10:03 M:2008-12-09 12:30] Shell Extension [Display Panning CPL Extension] {42071714-76d4-11d1-8b24-00a0c9068ff3} [] [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2007-09-15 12:13 M:2004-08-17 20:00] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-10-17 04:03 M:2007-09-23 18:59] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-12-09 10:03 M:2008-12-09 12:30] [DllRegShlExt extension] {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} [www.Tudou.com, 1.1.0.0, C:2008-12-09 14:14 M:2008-11-06 10:02] Protocols [CZipHandler Object] {CF184AD3-CDCB-4168-A3F7-8E447D129300} [] BrowserHelperObject [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44] ActiveX Extension [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36] [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] [] {5A041F13-A111-12A5-B0CF-F99818AA68A5} [] [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44] [宏杰加密辅助程序] {BE5EAD7D-1C3A-4DDE-9A8D-5AE1B426E88F} [] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,47,0, C:2007-06-12 04:04 M:2007-06-12 04:04] [] {F03BDE84-4DB2-4DAB-B350-B07E6B918021} [] Context Menu [DLLRegSvr] {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} [www.Tudou.com, 1.1.0.0, C:2008-12-09 14:14 M:2008-11-06 10:02] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-12-09 10:03 M:2008-12-09 12:30] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-10-17 04:03 M:2007-09-23 18:59] ======================================== Services [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start] [Copyright (C) 2008, 2008, 11, 14, 2, C:2008-12-09 12:16 M:2008-11-24 16:58] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.38, C:2008-12-31 03:24 M:2008-12-09 00:00] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2008-12-31 03:24 M:2008-12-31 03:20] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"E:\Rav\Rising\Rav\CCenter.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-12-09 10:03 M:2008-12-09 12:30] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"E:\RAV\RISING\RAV\Ravmond.exe"> [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-12-09 10:03 M:2008-12-09 12:30] ======================================== Drivers [BC / BC][Running/Boot Start] [Kingsoft Corporation, 2008, 11, 26, 88, C:2008-12-09 12:16 M:2008-11-26 09:29] [bootsafe / bootsafe][Running/Boot Start] [Copyright (C) 2008, 2008, 11, 19, 11, C:2008-12-09 12:16 M:2008-11-19 11:38] [KAVBootC / KAVBootC][Running/Boot Start] [Kingsoft Corporation, 2007, 8, 9, 14, C:2008-12-30 20:29 M:2007-08-14 10:19] [Mouse HID Driver / MouHid][Stopped/System Start] [] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254), C:2004-08-17 12:00 M:2006-04-20 19:51] [ViBus / ViBus][Stopped/Manual Start] [VIA Technologies, Inc., 6.0.6000.212, C:2007-10-20 08:17 M:2007-03-26 21:26] [C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start] [(Verified)C-Media Inc, 5.12.01.0643, C:2008-11-28 21:34 M:2003-04-06 17:39] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-12-09 10:03 M:2008-12-09 12:30] [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 52, C:2008-12-09 10:03 M:2008-12-09 12:30] [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29, C:2008-12-09 10:03 M:2008-12-09 12:30] [HookSys / HookSys][Stopped/Disabled] <\SystemRoot\system32\drivers\HookSys.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-12-09 10:03 M:2008-12-09 12:30] [HookUrl / HookUrl][Running/Auto Start] <\??\E:\Rfw\HookUrl.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.13, C:2008-12-31 03:24 M:2008-12-31 03:20] [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [(Verified)Kingsoft Corporation, 2008,03,04,62, C:2008-12-30 20:29 M:2008-12-30 20:29] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2008-11-26 16:54 M:2004-08-03 22:29] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2004-08-17 12:00 M:2004-08-17 12:00] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.10, C:2008-12-31 03:24 M:2008-12-31 03:20] [RsFwDrv / RsFwDrv][Running/System Start] <\??\E:\Rfw\RsFwDrv.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.35, C:2008-12-31 03:24 M:2008-12-31 03:20] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-12-30 11:29 M:2008-12-09 12:32] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)N/A, C:2004-08-17 12:00 M:2004-08-17 12:00] [SIS AGP Bus Filter / sisagp][Running/Boot Start] [(Verified)Silicon Integrated Systems Corporation, 5.12.01.2010 (xpsp_sp2_rtm.040803-2158), C:2008-11-26 16:54 M:2004-08-03 23:07] [SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start] [(Verified)SiS Corporation, 1.16.00.05 built by: WinDDK, C:2008-11-26 16:54 M:2004-08-03 22:31] ======================================== Running Processes [PID: 468 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] [PID: 596 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 620 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 664 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 676 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 824 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 884 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 968 / SYSTEM] E:\Rav\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 984 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1044 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1136 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1268 / SYSTEM] E:\RAV\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\BWList.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-12-09 10:03 M:2008-12-09 12:30] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-28 21:00 M:2008-11-28 20:58] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\RAV\RISING\RAV\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-12-09 10:03 M:2008-12-09 12:33] E:\RAV\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\RAV\RISING\RAV\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\HookReg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\HookNtos.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\rswalmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\RAV\RISING\RAV\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\RAV\RISING\RAV\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rav\Rising\Rav\RsStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-12-09 10:03 M:2008-12-09 12:33] E:\RAV\RISING\RAV\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\fakescan.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-12-09 10:03 M:2008-12-09 12:33] E:\Rav\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-12-09 10:03 M:2008-12-09 12:33] E:\RAV\RISING\RAV\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\RAV\RISING\RAV\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\RAV\RISING\RAV\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\RAV\RISING\RAV\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-12-09 10:03 M:2008-12-09 12:31] [PID: 1284 / SYSTEM] E:\Rfw\rfwsrv.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.77, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-28 21:00 M:2008-11-28 20:58] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.16, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\Rfwdrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.50, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\ijt_ctrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.0, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\unvdet.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.8, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\mPorts.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1352 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234), C:2004-08-17 12:00 M:2007-06-13 21:21] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\Program Files\KSM1.0.71\iebuddy2.dll [Kingsoft Corporation, 2008,10,24,13, C:2008-12-09 12:16 M:2008-12-10 16:22] C:\WINDOWS\system32\shdoclc.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-16 16:38] e:\Thunder\ComDlls\TDAtOnce_Now.dll [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-28 21:21 M:2008-09-06 10:36] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] e:\Thunder\ComDlls\xunleiBHO_Now.dll [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-28 21:21 M:2008-09-19 16:44] e:\Thunder\Components\ResWorker\DsBho_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-28 21:21 M:2008-11-12 14:29] e:\Thunder\Components\ResWorker\DataProcessor_00.dll [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-28 21:21 M:2008-11-12 14:29] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-12-09 10:03 M:2008-12-09 12:30] [PID: 1380 / SYSTEM] E:\Rfw\rfwProxy.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.38, C:2008-12-31 03:24 M:2008-12-09 00:00] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-28 21:00 M:2008-11-28 20:58] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\urlrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.15, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\MonMid.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.6, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1596 / SYSTEM] E:\Rfw\rfwstub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.12, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\Rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1824 / SYSTEM] E:\RAV\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\RAV\RISING\RAV\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1884 / SYSTEM] C:\Program Files\KSM1.0.71\KSMSvc.exe [Copyright (C) 2008, 2008, 11, 14, 2, C:2008-12-09 12:16 M:2008-11-24 16:58] C:\Program Files\KSM1.0.71\dump.dll [Kingsoft Corporation, 2006, 2, 16, 8, C:2008-12-09 12:17 M:2008-12-09 12:17] C:\Program Files\KSM1.0.71\KSMCore.dll [Copyright (C) 2008, 2008, 12, 11, 33, C:2008-12-09 12:16 M:2008-12-09 20:52] C:\Program Files\KSM1.0.71\KIPC.dll [Copyright (C) 2008, 2008, 11, 12, 5, C:2008-12-09 12:16 M:2008-11-24 16:56] C:\Program Files\KSM1.0.71\kaeautorunex.dll [Kingsoft Corporation, 2008, 12, 1, 326, C:2008-12-09 12:16 M:2008-12-01 18:23] C:\Program Files\KSM1.0.71\DC.dll [Kingsoft Corporation, 2008, 11, 26, 118, C:2008-12-09 12:16 M:2008-11-26 09:29] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\Program Files\KSM1.0.71\iebuddy2.dll [Kingsoft Corporation, 2008,10,24,13, C:2008-12-09 12:16 M:2008-12-10 16:22] C:\Program Files\KSM1.0.71\bcdll.dll [Copyright (C) 2008, 2008, 11, 17, 1, C:2008-12-09 12:16 M:2008-11-17 16:44] C:\Program Files\KSM1.0.71\kassysrepair.dll [Kingsoft Corporation, 2008, 11, 12, 202, C:2008-12-09 12:16 M:2008-11-24 16:58] [PID: 1924 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519), C:2004-08-17 12:00 M:2005-06-11 07:53] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] C:\WINDOWS\system32\hpzsnt10.dll [(Verified)HP, 2.323.0.0, C:2004-03-04 23:18 M:2004-03-04 23:18] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 272 / Administrator] E:\Rfw\RfwMain.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.1.70, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-28 21:00 M:2008-11-28 20:58] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\Rfw\RsGuiLib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RfwCtrl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\RfwRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.17, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] [PID: 1244 / Administrator] C:\WINDOWS\Mixer.exe [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw), 1.58, C:2008-11-28 21:34 M:2003-04-06 17:39] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\System32\cmnprop.dll [(Verified)C-Media Corporation, 5.00.2195.12, C:2008-11-28 21:34 M:2003-04-06 17:39] [PID: 1488 / Administrator] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [(Verified)HP, 2.323.0.0, C:2008-12-05 20:51 M:2004-03-04 23:46] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3210.dll [(Verified)HP, 2.323.0.0, C:2004-03-05 03:30 M:2004-03-05 03:30] [PID: 1504 / Administrator] E:\Rav\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\RSAPPMGR.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1520 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 1536 / Administrator] F:\PPStream\ppsap.exe [(Verified)PPStream Inc, 1, 0, 11, 166, C:2008-12-04 10:29 M:2008-11-27 16:41] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] f:\PPStream\1.1.0.2633\vodnet.dll [(Verified)PPStream Inc., 1, 0, 11, 168, C:2008-12-09 06:45 M:2008-12-09 00:00] f:\PPStream\1.1.0.2633\vodres.dll [(Verified)PPStream Inc., 1, 0, 11, 168, C:2008-12-09 06:45 M:2008-12-09 00:00] f:\PPStream\1.1.0.2633\ppssg.dll [(Verified)PPStream Inc., 1, 0, 11, 168, C:2008-12-09 06:45 M:2008-12-09 00:01] f:\PPStream\1.1.0.2633\fds.dll [(Verified)PPStream Inc., 1, 0, 0, 96, C:2008-12-09 06:45 M:2008-11-18 17:09] f:\PPStream\1.1.0.2633\PPSMedia.dll [(Verified)PPStream Inc., 1.0.0.1, C:2008-12-09 06:45 M:2008-09-16 15:41] [PID: 180 / Administrator] E:\Rav\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-12-09 10:03 M:2008-12-09 12:30] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2008-11-28 21:00 M:2008-11-28 20:58] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2007-02-24 10:01 M:2007-02-24 10:01] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-02-24 10:01 M:2007-02-24 10:01] E:\Rav\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\RSCOMMON.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rav\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rav\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rav\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rav\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-12-09 10:03 M:2008-12-09 12:30] E:\Rav\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-12-09 10:03 M:2008-12-09 12:31] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rav\Rising\Rav\Rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-12-09 10:03 M:2008-12-09 12:31] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rav\Rising\Rav\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-12-09 10:03 M:2008-12-09 12:30] [PID: 376 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2004-08-17 12:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] [PID: 3512 / Administrator] C:\WINDOWS\system32\freecell.exe [(Verified)Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148), C:2007-09-15 12:13 M:2004-08-17 20:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\Program Files\KSM1.0.71\iebuddy2.dll [Kingsoft Corporation, 2008,10,24,13, C:2008-12-09 12:16 M:2008-12-10 16:22] [PID: 3364 / Administrator] E:\重要文件\杀毒\新建文件夹\SREngLdr.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-30 11:40 M:2008-10-19 15:54] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] [PID: 3832 / Administrator] E:\重要文件\杀毒\新建文件夹\SRE3c296fb6.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-10 03:19 M:2008-12-10 03:19] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2004-08-17 12:00 M:2007-10-17 02:36] E:\重要文件\杀毒\新建文件夹\Upload\3rdUpd.DLL [Smallfrogs Studio, 2, 1, 0, 15, C:2008-12-30 11:40 M:2007-06-24 18:46] C:\Program Files\KSM1.0.71\iebuddy2.dll [Kingsoft Corporation, 2008,10,24,13, C:2008-12-09 12:16 M:2008-12-10 16:22] [PID: 3536 / Administrator] E:\重要文件\杀毒\SysLog-0804\SysLog.exe [N/A, C:2008-12-30 11:40 M:2008-08-04 21:19] E:\Rfw\ijt_base.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.21, C:2008-12-31 03:24 M:2008-12-31 03:20] E:\Rfw\olemon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 7.0.0.9, C:2008-12-31 03:24 M:2008-12-31 03:20] C:\Program Files\KSM1.0.71\iebuddy2.dll [Kingsoft Corporation, 2008,10,24,13, C:2008-12-09 12:16 M:2008-12-10 16:22] ======================================== File Link [.hlp] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148), C:1601-01-01 08:00 M:1601-01-01 08:00] ======================================== Autorun ======================================== Winsock Providers ======================================== HOSTS 127.0.0.1 www.360.cn 127.0.0.1 www.360safe.cn 127.0.0.1 www.360safe.com 127.0.0.1 www.chinakv.com 127.0.0.1 www.rising.com.cn 127.0.0.1 rising.com.cn 127.0.0.1 dl.jiangmin.com 127.0.0.1 jiangmin.com 127.0.0.1 www.jiangmin.com 127.0.0.1 www.duba.net 127.0.0.1 www.eset.com.cn 127.0.0.1 www.nod32.com 127.0.0.1 shadu.duba.net 127.0.0.1 union.kingsoft.com 127.0.0.1 www.kaspersky.com.cn 127.0.0.1 kaspersky.com.cn 127.0.0.1 virustotal.com 127.0.0.1 www.kaspersky.com 127.0.0.1 www.cnnod32.cn 127.0.0.1 www.lanniao.org 127.0.0.1 www.nod32club.com 127.0.0.1 www.dswlab.com 127.0.0.1 bbs.sucop.com 127.0.0.1 www.virustotal.com 127.0.0.1 tool.ikaka.com 127.0.0.1 360.qihoo.com [/CODE]