[CODE] 2008-12-23,18:23:50 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows Server 2003, Enterprise Edition Service Pack 1 (build 3790) - Administrators ======================================== Registries [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [上海贝锐, 1, 0, 0, 11, C:2007-03-31 19:50 M:2007-03-31 19:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [(Verified)Realtek Semiconductor Corp., 2.0.9.1, C:2007-09-20 22:07 M:2006-08-23 20:08] <360Safetray> [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12] [N/A, C:2007-12-13 13:56 M:2005-02-19 17:38] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-08-05 19:57 M:2008-09-11 19:15] [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00|(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:43 M:2006-08-11 21:43] <%systemroot%\system32\dumprep 0 -k> [N/A, C:1601-01-01 08:00 M:1601-01-01 08:00] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.21, C:2008-12-18 15:43 M:2008-12-18 15:39] <360Antiarp> [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45] [安天信息技术有限公司, 2, 1, 4, 0, C:2008-12-23 17:37 M:2007-03-06 15:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:1986-01-01 23:53 M:2008-08-05 19:56] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2008-10-29 15:02 M:2008-10-31 03:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载] <> [N/A, C:2007-09-21 00:01 M:2008-07-28 15:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\使用迅雷下载全部链接] <> [N/A, C:2007-09-21 00:01 M:2007-12-10 14:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Excel(&x)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)] <> [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情] <> [N/A, C:2008-05-23 06:45 M:2008-05-23 06:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00|(Verified)Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00|(Verified)N/A, C:2005-11-25 08:00 M:2005-11-25 08:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00|(Verified)Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00|(Verified)N/A, C:2005-11-25 08:00 M:2005-11-25 08:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}] <启动迅雷5> [(Verified)Thunder Networking Technologies,LTD, 5, 6, 8, 19, C:2007-09-21 00:01 M:2008-12-01 17:44] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}] <番茄花园> [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor] [Microsoft Corporation, 11.3.1897.0, C:2008-12-11 12:34 M:2003-06-18 17:31] ======================================== Startup Folders [CCRUN.EXe] "G:\cc\cc\CCRUN.EXe" > [版权所有 (C) 2007, 1, 0, 0, 1, C:2008-04-18 15:51 M:2003-01-17 11:57] [宽带连接] "" > [] ======================================== Task ======================================== Components Shell Extension [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [] [NvCpl DesktopContext Class] {A70C977A-BF00-412C-90B7-034C51DA2439} [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:43 M:2006-08-11 21:43] [Play on my TV helper] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:43 M:2006-08-11 21:43] [Desktop Explorer] {1CDB2949-8F65-4355-8456-263E7C208A5D} [N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] [Desktop Explorer Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] [nView Desktop Context Menu] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-09-20 23:57 M:2006-06-18 00:08] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:43 M:2008-12-18 15:40] [木马防线] {5FC1E4A9-0884-46C2-1189-C374A8A40494} [Antiy Labs, 3, 0, 0, 0, C:2008-12-23 18:12 M:2007-03-06 15:31] [聚搜-超级搜索] {A078612A-EA84-4115-B2C7-7AE9EDA70C1F} [聚搜搜索, 1.0.1.54, C:2008-12-23 17:53 M:2008-12-23 17:53] Protocols [Microsoft Infotech Storage Protocol for IE 4.0] {0A9007C0-4076-11D3-8789-0000F8105754} [Microsoft Corporation, 05.02.9336.01, C:2000-04-19 18:47 M:2000-04-19 18:47] ActiveX Extension [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [(Verified)Thunder Networking Technologies,LTD, 6, 0, 5, 47, C:2007-09-21 00:01 M:2008-11-07 17:13] [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [(Verified)Thunder Networking Technologies,LTD, 3, 1, 6, 81, C:2008-12-06 10:51 M:2008-11-10 10:30] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 1, 1029, C:2008-11-25 09:42 M:2008-11-25 09:42] [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll> [Microsoft Corporation, 4.10.9404.0, C:2002-02-04 02:52 M:2002-02-04 02:52] [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Microsoft Corporation, 5.00.2916.0, C:2003-05-16 17:49 M:2003-05-16 17:49] [XML HTTP 5.0] {88D969EA-F192-11D4-A65F-0040963251E5} [Microsoft Corporation, 5.00.2916.0, C:2003-05-16 17:49 M:2003-05-16 17:49] [聚搜-超级搜索] {A078612A-EA84-4115-B2C7-7AE9EDA70C1F} [聚搜搜索, 1.0.1.54, C:2008-12-23 17:53 M:2008-12-23 17:53] [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [(Verified)ShenZhen Thunder Networking Technologies Ltd., 2, 3, 5807, 112, C:2008-12-06 10:51 M:2008-11-28 14:10] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [(Verified)Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [(Verified)深圳腾讯科技, 3, 1, 163, 202, C:2008-05-19 10:09 M:2008-05-19 10:09] [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [(Verified)Xunlei Networking Technologies,LTD, 2, 1, 5880, 234, C:2008-12-06 10:51 M:2008-12-01 17:42] [InfoCheck Class] {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} [] Context Menu [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:43 M:2008-12-18 15:40] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2007-09-20 23:57 M:2006-06-18 00:08] [木马防线] {5FC1E4A9-0884-46C2-1189-C374A8A40494} [Antiy Labs, 3, 0, 0, 0, C:2008-12-23 18:12 M:2007-03-06 15:31] ======================================== Services [AutoUpdate / AutoUpdate][Running/Auto Start] [Microsoft Corporation, 1. 1. 1. 1010, C:2008-12-10 16:19 M:2008-12-10 16:19] [Human Interface Device Access / HidServ][Stopped/Disabled] <%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll"> [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [NetSend / NetSend][Running/Auto Start] [Microsoft Corporation, 1. 1. 1. 1009, C:2008-12-10 16:19 M:2008-12-10 16:19] [PeanutHull DDNS Service / Peanuthull5Core][Running/Auto Start] [上海贝锐, 1, 0, 0, 21, C:2007-03-31 19:47 M:2007-03-31 19:47] [COMEXE PIPClient / PIPClient][Running/Auto Start] <"G:\DDNS\winpip.exe" -service> [Copyright (C) 2003, 1, 0, 0, 1, C:2007-09-21 09:07 M:2004-12-03 11:23] [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"> [N/A, C:2003-04-04 14:54 M:2003-04-04 14:54] [基于 Windows 的程序和组件颁发的事件消息 / wdfmgrsvc][Stopped/Auto Start] [N/A, C:2008-12-23 17:53 M:2008-12-23 17:53] [WinHTTP Web Proxy Auto-Discovery Service / WinHttpAutoProxySvc][Stopped/Manual Start] <%SystemRoot%\system32\svchost.exe -k LocalService --> "winhttp.dll"> [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <%SystemRoot%\system32\nvsvc32.exe> [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:42 M:2006-08-11 21:42] [Rav Process Communication Center / RavCCenter][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-09-20 23:55 M:2008-12-18 15:39] [Rising RavTask Manager / RavTask][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask> [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22, C:2007-09-20 23:55 M:2008-12-18 15:39] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:43 M:2008-12-18 15:39] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-12-18 15:42 M:2008-12-18 15:39] ======================================== Drivers [AntiyFirewall / AntiyFirewall][Stopped/Manual Start] [N/A, C:2008-12-23 17:38 M:2007-03-06 15:29] [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [] [KSysCall / KSysCall][Stopped/System Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ksyscall.sys> [] [qfjv / qfjv][Running/Boot Start] [N/A, C:2008-11-08 15:12 M:2007-03-03 18:04] [rspp / rspp][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\Rspp.sys> [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8, C:2008-12-06 11:08 M:2008-12-06 11:08] [SNIFFER Protocol Driver / Sniffer][Running/Auto Start] [N/A, C:2008-12-10 14:18 M:2002-11-07 17:03] [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys> [(Verified)360安全中心, 1, 0, 1, 1007, C:2008-04-09 16:33 M:2008-04-09 16:33] [AMD Processor Driver / AmdK8][Running/System Start] [(Verified)Advanced Micro Devices, 1.3.1 (dnsrv(wmbla).060510-1126), C:2005-11-25 08:00 M:2006-05-10 11:27] [GKeyUSB / GKeyUSB][Stopped/Manual Start] [(Verified)Gemplus, 1,0,0,7, C:2007-12-13 13:54 M:2002-12-11 16:38] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2007-09-20 21:47 M:2005-07-08 17:56] [hookcont / hookcont][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6, C:2008-12-18 15:43 M:2008-12-18 15:39] [hooksys / hooksys][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 46, C:2008-12-18 15:43 M:2008-12-18 15:40] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [(Verified)Realtek Semiconductor Corp., 5.10.00.5288 built by: WinDDK, C:2007-09-20 22:07 M:2006-08-24 11:37] [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start] [(Verified)CACE Technologies, 4.0.0.755, C:2008-12-10 10:02 M:2007-01-26 01:31] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:42 M:2006-08-11 21:42] [nvata / nvata][Running/Boot Start] [(Verified)NVIDIA Corporation, 5.10.2600.0678 built by: WinDDK, C:2007-09-20 22:11 M:2006-07-10 22:09] [DDK PACKET Protocol / Packet][Running/Manual Start] [(Verified)360安全中心, 1, 0, 1, 1001, C:2008-04-09 16:36 M:2008-04-09 16:36] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.658.0814.2006 built by: WinDDK, C:2007-09-20 22:17 M:2006-08-14 21:09] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2005-11-25 08:00 M:2007-11-13 17:32] ======================================== Running Processes [PID: 516 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 612 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 660 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 728 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 748 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 928 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1012 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1080 / SYSTEM] C:\Program Files\Rising\Rav\CCENTER.EXE [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:42 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37, C:2008-12-18 15:42 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\cnt08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:42 M:2008-12-18 15:41] [PID: 1088 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\System32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] c:\windows\system32\jusou\ootdksvc.dll [N/A, C:2008-12-23 17:53 M:2008-12-23 17:53] [PID: 1168 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1184 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1300 / SYSTEM] C:\Program Files\Rising\Rav\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:42 M:2008-12-18 15:41] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.32, C:2007-11-25 09:53 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\mondrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21, C:2008-12-18 15:43 M:2008-12-19 10:44] C:\Program Files\Rising\Rav\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:43 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-11-25 09:53 M:2008-07-28 16:51] C:\Program Files\Rising\Rav\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:43 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\BACore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 18:30 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.14, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.32, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15, C:2008-07-09 19:08 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2007-12-20 14:16 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-12-20 14:16 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ur025.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scriptci.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\uroutine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scansct.dll [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-09-20 23:55 M:2008-12-23 18:00] C:\Program Files\Rising\Rav\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-09-20 23:55 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-01-07 13:36 M:2008-12-18 15:39] [PID: 1468 / LOCAL SERVICE] C:\WINDOWS\System32\SCardSvr.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1520 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\mdimon.dll [Microsoft Corporation, 11.3.1897.0, C:2008-12-11 12:34 M:2003-06-18 17:31] C:\WINDOWS\system32\spool\PRTPROCS\W32X86\mdippr.dll [Microsoft Corporation, 11.3.1897.0, C:2008-12-11 12:34 M:2003-06-18 17:31] [PID: 1580 / SYSTEM] C:\Program Files\Rising\Rav\rsnetsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:43 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.9, C:2008-12-18 15:43 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] [PID: 1616 / NETWORK SERVICE] C:\WINDOWS\system32\msdtc.exe [(Verified)Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447), C:2007-09-20 21:50 M:2005-11-25 08:00] [PID: 1732 / SYSTEM] C:\WINDOWS\system32\autoupdate.exe [Microsoft Corporation, 1. 1. 1. 1010, C:2008-12-10 16:19 M:2008-12-10 16:19] [PID: 1816 / SYSTEM] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [(Verified)Microsoft Corporation, 7.00.9466, C:2003-06-19 23:25 M:2003-06-19 23:25] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll [Microsoft Corporation, 7.00.9466, C:2002-01-29 15:06 M:2002-01-29 15:06] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL [Microsoft Corporation, 7.00.9466, C:2002-01-05 08:03 M:2002-01-05 08:03] [PID: 1844 / SYSTEM] C:\WINDOWS\system32\netsend.exe [Microsoft Corporation, 1. 1. 1. 1009, C:2008-12-10 16:19 M:2008-12-10 16:19] [PID: 264 / SYSTEM] C:\WINDOWS\system32\nvsvc32.exe [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:42 M:2006-08-11 21:42] C:\WINDOWS\system32\nvapi.dll [(Verified)N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] [PID: 452 / SYSTEM] d:\Program Files\Oray\PeanutHull5\PhCore.exe [上海贝锐, 1, 0, 0, 21, C:2007-03-31 19:47 M:2007-03-31 19:47] d:\Program Files\Oray\PeanutHull5\iconv.dll [Free Software Foundation, 1.9, C:2005-04-07 19:07 M:2005-04-07 19:07] d:\Program Files\Oray\PeanutHull5\PhAlive.dll [上海贝锐, 1, 0, 0, 26, C:2007-03-29 15:37 M:2007-03-29 15:37] [PID: 576 / SYSTEM] G:\DDNS\winpip.exe [Copyright (C) 2003, 1, 0, 0, 1, C:2007-09-21 09:07 M:2004-12-03 11:23] G:\DDNS\BCGCBPRO64.dll [BCGSoft Ltd, 6, 4, 0, 0, C:2004-03-12 09:40 M:2004-02-13 14:43] [PID: 776 / SYSTEM] C:\Program Files\Rising\Rav\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 33, C:2008-12-18 15:42 M:2008-12-18 15:39] [PID: 1148 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 1268 / SYSTEM] C:\Program Files\Rising\Rav\ScanFrm.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2008-12-18 15:42 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.9, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanRavT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.23, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanBT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.36, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanStub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.8, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.32, C:2007-11-25 09:53 M:2008-12-18 15:41] C:\Program Files\Rising\Rav\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.14, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.32, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 18:30 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\SysMail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.5, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\mvengine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\posttrt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15, C:2008-07-09 19:08 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2007-12-20 14:16 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-12-20 14:16 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ur025.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RKPColl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-01-07 13:36 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ur023.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2008-04-08 14:03 M:2008-12-18 15:39] [PID: 1952 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 2184 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 2236 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 2844 / Administrator] C:\WINDOWS\Explorer.EXE [(Verified)Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\nvcpl.dll [(Verified)NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:43 M:2006-08-11 21:43] C:\WINDOWS\system32\NVRSZHC.DLL [NVIDIA Corporation, 6.14.10.9147, C:2006-08-11 21:43 M:2006-08-11 21:43] C:\WINDOWS\system32\nvapi.dll [(Verified)N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] C:\WINDOWS\system32\nvshell.dll [N/A, C:2006-08-11 21:43 M:2006-08-11 21:43] C:\WINDOWS\system32\JuSou\ibfloin.dll [, 9.0.0.23, C:2008-12-23 17:53 M:2008-12-23 17:53] [PID: 2916 / Administrator] C:\WINDOWS\system32\Rundll32.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\eBAHu.dll [Microsoft Corporation, 1, 0, 0, 1, C:2008-11-08 15:12 M:2007-03-03 18:04] [PID: 2952 / Administrator] C:\WINDOWS\RTHDCPL.EXE [(Verified)Realtek Semiconductor Corp., 2.0.9.1, C:2007-09-20 22:07 M:2006-08-23 20:08] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 2968 / Administrator] D:\Program Files\360safe\safemon\360tray.exe [(Verified)奇虎网, 5, 0, 0, 1002, C:2008-08-25 14:12 M:2008-08-25 14:12] D:\Program Files\360safe\safemon\safemon.dll [(Verified)360.CN, 4, 2, 0, 1007, C:2008-12-10 01:14 M:2008-12-10 01:14] D:\Program Files\360safe\safemon\SafeKrnl.dll [(Verified)奇虎网, 4, 3, 0, 1003, C:2008-08-26 16:55 M:2008-08-26 16:55] D:\Program Files\360safe\AntiAdwa.dll [(Verified)360Safe.com, 4, 2, 0, 1001, C:2008-06-13 20:16 M:2008-06-13 20:16] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] D:\Program Files\360safe\live.dll [(Verified)360.cn, 1, 0, 1, 1029, C:2008-11-25 09:42 M:2008-11-25 09:42] [PID: 3008 / Administrator] C:\Program Files\Rising\AntiSpyware\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-08-05 19:57 M:2008-09-11 19:15] C:\Program Files\Rising\AntiSpyware\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8, C:2008-08-05 19:57 M:2008-08-05 19:57] C:\Program Files\Rising\AntiSpyware\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2007-11-25 10:14 M:2008-08-05 19:56] C:\Program Files\Rising\AntiSpyware\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 10:14 M:2008-08-05 19:55] C:\Program Files\Rising\AntiSpyware\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2008-08-05 19:57 M:2008-08-05 19:55] C:\Program Files\Rising\AntiSpyware\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-09-02 20:06 M:2008-09-03 00:11] C:\Program Files\Rising\AntiSpyware\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2008-08-05 19:57 M:2008-08-05 19:55] C:\Program Files\Rising\AntiSpyware\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-09-28 01:02 M:2008-10-03 01:02] C:\Program Files\Rising\AntiSpyware\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-08-05 19:57 M:2008-08-05 19:55] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\Program Files\Rising\AntiSpyware\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.42, C:2008-08-05 19:57 M:2008-12-19 00:39] C:\Program Files\Rising\AntiSpyware\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2008-01-22 13:01 M:2008-12-19 00:39] C:\Program Files\Rising\Rav\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2007-11-25 09:53 M:2008-07-28 16:51] C:\Program Files\Rising\AntiSpyware\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-10-06 16:40 M:2008-10-06 16:40] [PID: 3160 / Administrator] C:\Program Files\Rising\Rav\RsTray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.21, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.49, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 26, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.12, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsvrinfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2008-03-19 18:30 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2007-09-20 23:55 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 69, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.85, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RavITray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10, C:2008-12-18 15:43 M:2008-12-18 15:40] [PID: 3208 / Administrator] D:\Program Files\360safe\antiarp\AntiArp.exe [(Verified)360安全中心, 2, 0, 0, 1008, C:2008-04-11 20:45 M:2008-04-11 20:45] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 3324 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] [PID: 3380 / Administrator] d:\Program Files\Oray\PeanutHull5\PhDesktop.exe [上海贝锐, 1, 0, 0, 11, C:2007-03-31 19:50 M:2007-03-31 19:50] d:\Program Files\Oray\PeanutHull5\iconv.dll [Free Software Foundation, 1.9, C:2005-04-07 19:07 M:2005-04-07 19:07] d:\Program Files\Oray\PeanutHull5\MSVCP60.dll [Microsoft Corporation, 6.00.8972.0, C:2002-09-13 21:00 M:2002-09-13 21:00] d:\Program Files\Oray\PeanutHull5\PhGUI.dll [上海贝锐, 1, 0, 0, 1, C:2007-03-29 15:38 M:2007-03-29 15:38] [PID: 3492 / Administrator] G:\cc\cc\CCRUN.EXe [版权所有 (C) 2007, 1, 0, 0, 1, C:2008-04-18 15:51 M:2003-01-17 11:57] [PID: 3500 / Administrator] C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe [Antiy Labs, 2, 1, 0, 0, C:2008-12-23 12:31 M:2006-05-23 10:56] [PID: 2912 / SYSTEM] C:\WINDOWS\system32\wbem\wmiprvse.exe [(Verified)Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447), C:2007-09-20 21:50 M:2005-11-25 08:00] [PID: 3792 / Administrator] G:\cc\cc\CASNOC.RUN [北京空港龙信息技术有限公司, 0, 8, 1, 8, C:2008-04-18 15:51 M:2008-04-01 23:30] G:\cc\cc\LIBEAY32.dll [N/A, C:2008-04-18 15:51 M:2003-01-07 19:11] G:\cc\cc\SSLEAY32.dll [N/A, C:2008-04-18 15:51 M:2003-01-07 19:12] [PID: 2464 / Administrator] C:\Program Files\Rising\Rav\rsmain.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rspalmgr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.29, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\RSXML.DLL [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\RsGuiLib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 69, C:2007-11-25 09:53 M:2008-12-18 15:40] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2007-11-25 09:53 M:2007-11-25 09:46] C:\Program Files\Rising\Rav\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 26, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ravbmenu.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ravppops.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ravpsafe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\psafecfg.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.16, C:2008-12-18 15:42 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.13, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2008-12-18 15:42 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ravxpage.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 78, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\Program Files\Rising\Rav\ravxmons.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2008-12-18 15:43 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\ravptool.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.18, C:2008-12-18 15:43 M:2008-12-18 15:40] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] C:\Program Files\Rising\Rav\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2007-11-25 09:53 M:2008-12-18 15:39] C:\Program Files\Rising\Rav\htmllib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2008-12-18 15:43 M:2008-12-18 15:39] [PID: 3980 / Administrator] H:\刘波\日志扫描工具\sreng2\SREngLdr.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-10 20:45 M:2008-10-19 15:54] [PID: 3196 / Administrator] H:\刘波\日志扫描工具\sreng2\SREe9e85119.EXE [Smallfrogs Studio, 2.7.0.1210, C:2008-12-23 18:23 M:2008-12-23 18:23] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447), C:2005-11-25 08:00 M:2005-11-25 08:00] H:\刘波\日志扫描工具\sreng2\Upload\3rdUpd.DLL [Smallfrogs Studio, 2, 1, 0, 15, C:2008-12-10 20:45 M:2007-06-24 18:46] [PID: 4084 / Administrator] H:\刘波\日志扫描工具\SysLog-0804\SysLog-0804\SysLog.exe [N/A, C:2008-12-10 20:45 M:2008-08-04 21:19] ======================================== File Link ======================================== Autorun ======================================== Winsock Providers [/CODE]