[CODE] 2009-05-07,18:55:22 SysLog Scanner 1.0 - build 20080726 Arswp (http://www.arswp.com) Windows XP Professional Service Pack 3 (build 2600) - Administrators ======================================== ×¢²áÏî [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <"D:\ÈðÐÇ¿¨¿¨\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.17, C:2009-05-04 11:06 M:2009-05-04 11:05] <"D:\ÈðÐÇ\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2009-05-04 11:23 M:2009-05-04 11:21] <360Safebox><"D:\360\360safebox\safeboxTray.exe" /r> [(Verified)360°²È«ÖÐÐÄ, 2, 5, 2, 1005, C:2009-04-29 21:40 M:2009-04-29 21:40] <360Safetray> [(Verified)360°²È«ÖÐÐÄ, 5, 0, 0, 1018, C:2009-04-22 18:50 M:2009-04-22 18:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 3, C:2009-05-04 11:06 M:2009-05-04 11:05] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2009-04-04 16:14 M:2008-04-13 19:14] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|(Verified)Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09|(Verified)N/A, C:2006-11-02 23:38 M:2006-11-02 23:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00|Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\RsAutorunsDisabled] <><> [] ======================================== Æô¶¯Ïî ======================================== ¼Æ»®ÈÎÎñ ======================================== ×é¼þ ShellExecuteHook [URL Ö´Ðйҹ³] {AEB6717E-7E19-11d0-97EE-00C04FD91972} [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] Shell Extension [HyperTerminal Icon Ext] {88895560-9AA2-1069-930E-00AA0030EBC8} [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-06-22 11:48 M:2008-05-01 08:00] [Set Program Access and Defaults] {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [ËÑË÷] {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [°ïÖúºÍÖ§³Ö] {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [°ïÖúºÍÖ§³Ö] {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [ÔËÐÐ...] {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Internet] {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [µç×ÓÓʼþ] {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [×ÖÌå] {D20EA4E1-3957-11d2-A40B-0C5020524152} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [¹ÜÀí¹¤¾ß] {D20EA4E1-3957-11d2-A40B-0C5020524153} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Favorites Band] {EFA24E61-B078-11d0-89E4-00C04FC9E26E} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [History Band] {EFA24E62-B078-11d0-89E4-00C04FC9E26E} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Shell Automation Inproc Service] {0A89A860-D7B1-11CE-8350-444553540000} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Microsoft Browser Architecture] {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [ISFBand OC] {131A6951-7F78-11D0-A979-00C04FD705A2} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Search Assistant OC] {9461b922-3c5a-11d2-bf8b-00c04fb93661} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [IE4 Ì×¼þ³õʼÆÁÄ»] {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [CDF Extension Copy Hook] {67EA19A0-CCEF-11d0-8024-00C04FD75D13} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [ä¯ÀÀÆ÷À¸] {EFA24E64-B078-11d0-89E4-00C04FC9E26E} <%SystemRoot%\system32\shdocvw.dll> [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [Microsoft Agent Character Property Sheet Handler] {143A62C8-C33B-11D1-84FE-00C04FA34A14} [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21] [WinRAR shell extension] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2009-04-04 16:08 M:2008-09-30 21:14] [RISING] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] Protocols [AP Class Install Handler filter] {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [AP encoding/decoding Filters] {8f6b0360-b80d-11d0-a9b3-006097942311} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [WebView MIME Filter] {733AC4CB-F1A4-11d0-B951-00A0C90312E1} <%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] [CDL: Asychronous Pluggable Protocol Handler] {3dd53d40-7b8b-11D0-b013-00aa0059ce02} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [file:, local: Asychronous Pluggable Protocol Handler] {79eac9e7-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [ftp: Asychronous Pluggable Protocol Handler] {79eac9e3-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [gopher: Asychronous Pluggable Protocol Handler] {79eac9e4-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [http: Asychronous Pluggable Protocol Handler] {79eac9e2-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [https: Asychronous Pluggable Protocol Handler] {79eac9e5-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [mk: Asychronous Pluggable Protocol Handler] {79eac9e6-baf9-11ce-8c82-00aa004ba90b} [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] BrowserHelperObject [¿¨¿¨ÉÏÍø°²È«ÖúÊÖ] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2009-05-04 11:06 M:2009-05-04 11:05] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 5, 0, 0, 1009, C:2009-04-22 18:50 M:2009-04-22 18:50] ToolBar [ÈðÐÇ¿¨¿¨¹¤¾ßÌõ(&R)] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3, C:2009-05-04 11:06 M:2009-05-04 11:05] ActiveX Extension [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [] [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330), C:2008-06-22 11:49 M:2008-10-16 14:13] [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [ShenZhen Thunder Networking Technologies,LTD, 2, 1, 9, 102, C:2009-04-04 16:13 M:2009-03-17 19:20] [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Copyright XunLei 2007, 1, 0, 0, 7, C:2009-04-04 16:13 M:2008-06-11 16:11] [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Microsoft Corporation, 11.0.5721.5260 (WMP_11.081111-1006), C:2008-05-01 00:00 M:2008-11-11 18:34] [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [(Verified)360.cn, 1, 0, 1, 1030, C:2009-02-11 16:33 M:2009-02-11 16:33] [¿¨¿¨ÉÏÍø°²È«ÖúÊÖ] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2009-05-04 11:06 M:2009-05-04 11:05] [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [(Verified)360.CN, 5, 0, 0, 1009, C:2009-04-22 18:50 M:2009-04-22 18:50] [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [Microsoft Corporation, 11.0.5721.5260 (WMP_11.081111-1006), C:2008-05-01 00:00 M:2008-11-11 18:34] [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [Microsoft Corporation, 11.0.5721.5260 (WMP_11.081111-1006), C:2008-05-01 00:00 M:2008-11-11 18:34] [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] Context Menu [Open With] {09799AFB-AD67-11d1-ABCD-00C04FC30936} <%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] [Open With EncryptionMenu] {A470F8CF-A1E8-4f65-8335-227475AA5C46} <%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] [RisingRavExt] {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] [WinRAR] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [N/A, C:2009-04-04 16:08 M:2008-09-30 21:14] [Send To] {7BA4C740-9E81-11CF-99D3-00AA004AE837} <%SystemRoot%\system32\SHELL32.dll> [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] ======================================== ·þÎñ [Volume Shadow Copy / VSS][Stopped/Manual Start] <%SystemRoot%\System32\vssvc.exe> [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] [Contrl Center of Storm Media / ccosm][Stopped/Auto Start] [(Verified)±±¾©±©·çÍø¼Ê¿Æ¼¼ÓÐÏÞ¹«Ë¾, 3, 9, 4, 17, C:2009-04-21 12:01 M:2009-04-21 12:01] [Ris Process Communication Center / RisCCenter][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-05-04 11:23 M:2009-05-04 11:21] [Rising RisTask Manager / RisTask][Running/Auto Start] <"D:\ÈðÐÇ\Rising\Ris\RavTask.exe" RisTask> [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2009-05-04 11:23 M:2009-05-04 11:21] [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2009-05-04 11:23 M:2009-05-04 11:21] ======================================== Çý¶¯ [AmdK8 Compatible Device / AmdK8][Stopped/Manual Start] [Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-01-03 17:01 M:2006-07-01 22:43] [dwshd / dwshd][/Disabled] <\SystemRoot\System32\drivers\dwshd.sys> [] [Intel AHCI Controller / iaStor6][Stopped/Disabled] [Intel Corporation, 6.2.1.1002, C:2006-10-31 19:46 M:2006-10-31 19:46] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-05-01 00:00 M:2008-06-20 19:51] [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys> [(Verified)360°²È«ÖÐÐÄ, 1, 0, 1, 1009, C:2008-12-25 13:33 M:2008-12-25 13:33] [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [(Verified)Avance Logic, Inc., 5.10.3830, C:2009-04-04 16:06 M:2002-02-04 16:35] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [(Verified)Creative Technology Ltd., 5.1.2501.0 built by: WinDDK, C:2008-06-22 11:46 M:2001-08-17 04:19] [hookcont / hookcont][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6, C:2009-05-04 11:23 M:2009-05-04 11:21] [hooksys / hooksys][Running/System Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 55, C:2009-05-04 11:23 M:2009-05-04 11:21] [nv / nv][Running/Manual Start] [(Verified)NVIDIA Corporation, 6.14.10.5673, C:2009-04-04 16:06 M:2008-04-13 01:34] [DDK PACKET Protocol / Packet][Stopped/Manual Start] [(Verified)360°²È«ÖÐÐÄ, 1, 0, 1, 1002, C:2008-09-28 01:50 M:2008-09-28 01:50] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [(Verified)AMD Inc., 4.38.00 built by: WinDDK, C:2008-06-22 11:46 M:2001-08-17 04:11] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-05-01 00:00 M:2008-05-01 00:00] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.2, C:2009-05-04 11:23 M:2009-05-04 11:21] [rfwtdi / rfwtdi][Running/Auto Start] <\??\D:\ÈðÐÇ\Rising\Ris\rfwtdi.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.7, C:2009-05-04 11:23 M:2009-05-04 11:21] [rsfwdrv / rsfwdrv][Running/System Start] <\??\D:\ÈðÐÇ\Rising\Ris\rsfwdrv.sys> [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.47, C:2009-05-04 11:23 M:2009-05-04 11:21] [RsNTGDI / RsNTGDI][Running/Boot Start] [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-05-04 11:23 M:2009-05-04 11:21] [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [(Verified)Realtek Semiconductor Corporation , 5.687.0225.2008 built by: WinDDK, C:2009-04-04 16:06 M:2008-02-25 20:54] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [(Verified)Realtek Semiconductor Corporation, 5.398.613.2003 built by: WinDDK, C:2009-04-04 16:06 M:2008-04-13 01:35] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys> [(Verified)360°²È«ÖÐÐÄ, 2, 3, 0, 1010, C:2009-03-03 18:15 M:2009-03-03 18:15] [Secdrv / Secdrv][Stopped/Manual Start] [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-05-01 00:00 M:2008-05-01 00:00] ======================================== ½ø³Ì [PID: 804 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 884 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 908 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:1980-01-01 00:00 M:2008-05-09 00:00] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 964 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316), C:2008-05-01 00:00 M:2009-02-09 19:14] [PID: 976 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1144 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1208 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1372 / SYSTEM] D:\ÈðÐÇ\Rising\Ris\CCENTER.EXE [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\cnt09.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\cnt08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1380 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\WINSPOOL.DRV [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1440 / SYSTEM] D:\ÈðÐÇ\Rising\Ris\RavTask.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] D:\ÈðÐÇ\Rising\Ris\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\rstask.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rsstub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1544 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1584 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1760 / SYSTEM] D:\ÈðÐÇ\Rising\Ris\RavMonD.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] D:\ÈðÐÇ\Rising\Ris\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\MonBase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Rslog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.36, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\mondrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\defmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\moncom08.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\MonRule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\FileMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\MailMon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\HookWeb.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwsrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.84, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\mPorts.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.0, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwdrvc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Rfwdrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.5, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\Iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\urlrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1.0.0.18, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-07 16:53] D:\ÈðÐÇ\Rising\Ris\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-07 16:53] D:\ÈðÐÇ\Rising\Ris\rfwproxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Hooksys.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\HookCont.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\BACore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RSStore.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.17, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.38, C:2009-05-04 11:23 M:2009-05-04 11:30] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-06 10:31] D:\ÈðÐÇ\Rising\Ris\scansct.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\urllib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\extmail.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ur027.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-04 11:21] [PID: 1992 / Administrator] C:\WINDOWS\Explorer.EXE [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2009-04-04 16:14 M:2008-04-13 19:14] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHDOCVW.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] C:\WINDOWS\system32\ieframe.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2007-08-13 18:54 M:2009-02-21 02:09] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\360\360safe\safemon\safemon.dll [(Verified)360.CN, 5, 0, 0, 1009, C:2009-04-22 18:50 M:2009-04-22 18:50] C:\Program Files\WinRAR\rarext.dll [N/A, C:2009-04-04 16:08 M:2008-09-30 21:14] C:\WINDOWS\system32\RavExt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\browselc.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 196 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\winspool.drv [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 708 / Administrator] D:\ÈðÐÇ¿¨¿¨\rstray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.17, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ¿¨¿¨\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ¿¨¿¨\RsXML.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.31, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\rscommon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.1.1, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\pngdll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\runiep.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.43, C:2009-05-04 11:06 M:2009-05-07 10:22] D:\ÈðÐÇ¿¨¿¨\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\ProcCom.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\RsCommX2.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 752 / Administrator] D:\ÈðÐÇ\Rising\Ris\RsTray.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.22, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\ComServ.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.49, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] D:\ÈðÐÇ\Rising\Ris\rslang.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rsxml.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\MonState.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ScanEvnt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.14, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rsguilib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MFC71.DLL [Microsoft Corporation, 7.10.3077.0, C:2009-04-04 20:32 M:2009-04-04 20:32] D:\ÈðÐÇ\Rising\Ris\rsconf.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwrule.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rspalvd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.24, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rsnetsvr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ravbintl.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\mruleui.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\MonTray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.1.0, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\PngDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RavITray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ScanPrxy.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.17, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\rfwtray.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\rsmginfo.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\rfwlog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [PID: 880 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [PID: 1304 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 1720 / SYSTEM] D:\ÈðÐÇ\Rising\Ris\ScanFrm.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.11, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] D:\ÈðÐÇ\Rising\Ris\combase.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\moncomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scansrvp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.12, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\proccomm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ScanSrv.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.10, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\ScanRavT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.25, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ScanBT.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.46, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\ScanStub.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.9, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RsLog.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.36, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ScanAdd.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.17, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\RSAPPMGR.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\CfgDll.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.19, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\Scanner.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.38, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\recomp.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\refs.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\viruslib.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-07 16:53] D:\ÈðÐÇ\Rising\Ris\relibldr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-07 16:53] D:\ÈðÐÇ\Rising\Ris\mvengine.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\posttrt.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ffr.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\nvfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanexec.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\unexe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanex.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\pearc.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\scanpe.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\ur000.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:30] D:\ÈðÐÇ\Rising\Ris\urutils.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\extfile.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\revm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4, C:2009-05-04 11:23 M:2009-05-06 10:31] D:\ÈðÐÇ\Rising\Ris\ur001.dat [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7, C:2009-05-04 11:23 M:2009-05-04 11:21] [PID: 664 / Administrator] D:\ÈðÐÇ\Rising\Ris\rsnetsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.12, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\ÈðÐÇ\Rising\Ris\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:23 M:2009-05-04 11:21] D:\ÈðÐÇ\Rising\Ris\ProcComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] [PID: 2364 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\System32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\System32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] [PID: 2172 / Administrator] D:\ÈðÐÇ¿¨¿¨\knownsvr.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.14, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\NComm.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 6.0.0.11, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] D:\ÈðÐÇ¿¨¿¨\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:06 M:2009-05-04 11:05] [PID: 564 / Administrator] D:\360\360se\360SE.exe [(Verified)360°²È«ÖÐÐÄ, 2, 0, 0, 6, C:2009-04-07 16:48 M:2009-04-07 16:48] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\DSOUND.dll [Microsoft Corporation, 5.3.2600.5512 (xpsp.080413-0845), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\360\360safe\safemon\safemon.dll [(Verified)360.CN, 5, 0, 0, 1009, C:2009-04-22 18:50 M:2009-04-22 18:50] D:\360\360se\360\360core\360core.dll [(Verified)Copyright 2009, 1, 0, 0, 5, C:2009-03-18 17:17 M:2009-03-18 17:17] D:\360\360se\360\searchcore\searchcore.dll [(Verified)Copyright 2008, 1, 0, 1, 1, C:2009-04-07 16:48 M:2009-04-07 16:48] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ieframe.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2007-08-13 18:54 M:2009-02-21 02:09] D:\360\360safe\safemon\urlproc.dll [(Verified)360.CN, 1, 0, 0, 1005, C:2009-04-22 18:50 M:2009-04-22 18:50] D:\ÈðÐÇ\Rising\Ris\RavScrCh.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.70, C:2009-05-04 11:23 M:2009-05-04 11:21] C:\WINDOWS\system32\MSVCP71.dll [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 19:14 M:2003-03-19 20:14] C:\WINDOWS\system32\MSVCR71.dll [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 03:42 M:2006-02-02 17:23] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Adobe Systems, Inc., 9,0,124,0, C:2008-03-25 10:32 M:2008-03-25 10:32] C:\WINDOWS\system32\Pintlgnt.ime [Microsoft Corporation, 5.3.0.4427, C:2008-05-01 00:00 M:2008-05-01 08:00] C:\WINDOWS\system32\Dxtmsft.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] C:\WINDOWS\system32\shdocvw.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\WMVCore.DLL [Microsoft Corporation, 11.0.5721.5251 (WMP_11.080617-2149), C:2008-05-01 00:00 M:2008-06-18 05:03] [PID: 3624 / Administrator] D:\WINDOESÇåÀíÖúÊÖ\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2009-05-04 14:04 M:2008-11-15 11:58] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\WINSPOOL.DRV [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\urlmon.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2008-05-01 00:00 M:2009-02-21 02:09] C:\WINDOWS\system32\iphlpapi.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SETUPAPI.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\kmon.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\comx3.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.37, C:2009-05-04 11:06 M:2009-05-04 11:05] D:\ÈðÐÇ¿¨¿¨\Syslay.dll [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.6, C:2009-05-04 11:06 M:2009-05-04 11:05] C:\WINDOWS\system32\uxtheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] D:\360\360safe\safemon\safemon.dll [(Verified)360.CN, 5, 0, 0, 1009, C:2009-04-22 18:50 M:2009-04-22 18:50] C:\WINDOWS\system32\ieframe.dll [Microsoft Corporation, 7.00.6000.16825 (vista_gdr.090218-1505), C:2007-08-13 18:54 M:2009-02-21 02:09] D:\WINDOESÇåÀíÖúÊÖ\plugin\ArFix.dll [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2009-05-04 14:04 M:2007-11-28 15:19] [PID: 3128 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\ole32.dll [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108), C:2008-05-01 00:00 M:2008-05-01 00:00] C:\WINDOWS\system32\SHELL32.dll [Microsoft Corporation, 6.00.2900.5686 (xpsp_sp3_gdr.080929-1314), C:2008-05-01 00:00 M:2008-09-30 14:20] C:\WINDOWS\system32\UxTheme.dll [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\setupapi.DLL [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-05-01 00:00 M:2008-05-01 00:00] c:\windows\system32\WINSPOOL.DRV [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-05-01 00:00 M:2008-05-01 00:00] ======================================== Îļþ¹ØÁª ======================================== AutoRun.INF ======================================== WinsockÌṩÕß ======================================== HOSTS 127.0.0.1 localhost [/CODE]