Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Synacast Corp.] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <1> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{5B77087D-AB76-4C22-B0A6-C34D1F438E55}> [File is missing] <{91C7DF6D-AEF5-4136-9252-AF030D7A5931}><91C7DF6D.dll> [N/A] <{F65BDEC7-4BF3-4512-840F-68B166B6D7AC}> [N/A] <{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}><16AF66EB.dll> [N/A] <{72B29486-39B6-4241-B234-B57DEF78302F}><72B29486.dll> [N/A] <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}> [N/A] <{16BC0F81-410C-41DF-A902-1B04368BA8AE}><16BC0F81.dll> [N/A] <{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll> [N/A] <{704C3595-DB85-40F6-A601-8D6F346907BD}><704C3595.dll> [N/A] <{1957817A-94B2-4CAC-B113-A331809B5730}><1957817A.dll> [N/A] <{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll> [N/A] <{08CBFE20-8DC8-4195-B8E2-DD66F860469D}> [File is missing] <{ADD75B80-64E3-4825-B470-88F2E0549874}> [File is missing] <{585CBFB1-5C78-4C57-8FB8-4D3CA69ADF77}> [File is missing] <{49B1FF0E-6297-4D66-9F4D-BBB7EC52DB6C}> [File is missing] <{1AAFD940-C0EE-4108-92E2-71B23CD4DD29}> [File is missing] <{0B2A8C68-60BB-4E62-BE7A-37526F7BF210}> [File is missing] <{1E3A8CD7-D4A0-4180-BAEC-9964387236D6}> [File is missing] <{A3D566F0-F93C-4105-8654-85D9A5623A53}> [File is missing] <{13132F6E-4EA3-4DF4-9C35-66AAC63CB1E4}> [File is missing] <{5AFE0627-545B-4C75-A2A3-027A8B178150}> [File is missing] <{A2F04D95-28BB-4450-ABEB-B273EA297164}> [File is missing] <{1A781335-9A9C-4566-995E-8AC4202AD4A4}> [File is missing] <{849AFAA3-789B-41C2-A067-58E37606CB77}> [File is missing] <{64E94AC6-2825-4F28-85E7-513CA99384A8}> [File is missing] <{D64374E8-8B1D-49AB-9284-5072687B6BD3}> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [File is missing] <585CBFB1> [File is missing] <49B1FF0E> [File is missing] <1AAFD940> [File is missing] <0B2A8C68> [File is missing] <1E3A8CD7> [File is missing] [File is missing] <13132F6E> [File is missing] <5AFE0627> [File is missing] [File is missing] <1A781335> [File is missing] <849AFAA3> [File is missing] <64E94AC6> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe] [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 N/A ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [Contrl Center of Storm Media / ccosm][Stopped/Disabled] <北京暴风网际科技有限公司> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Rav Process Communication Center / RavCCenter][Stopped/Auto Start] [Rising RavTask Manager / RavTask][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] ================================== 驱动程序 [aliimz / aliimz][Stopped/Manual Start] [AMD Processor Driver / AmdK8][Running/System Start] [ati2mtag / ati2mtag][Running/Manual Start] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [Intel AHCI Controller / iaStor7][Running/Boot Start] <\SystemRoot\system32\drivers\iastor7.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvrd32.sys> [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [StarForce Protection Environment Driver v6 / prodrv06][Running/System Start] <\SystemRoot\System32\drivers\prodrv06.sys> [StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start] <\SystemRoot\System32\drivers\prohlp02.sys> [StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start] <\SystemRoot\System32\drivers\prosync1.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [RsProtect / RsProtect][Running/System Start] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [StarForce Protection Helper Driver / sfhlp01][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp01.sys> [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [TCP/IP Protocol Driver / Tcpip][Running/System Start] [TSKSP / TSKSP][Stopped/Manual Start] <\??\D:\Program Files\Tencent\QQDoctor\TSKSP.sys> [viamraid / viamraid][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> ================================== 浏览器加载项 [] {08CBFE20-8DC8-4195-B8E2-DD66F860469D} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [Download_Bho Class] {A986E409-30CC-4185-89BB-AB212C104524} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [PPLive] {95B3F550-91C4-4627-BCC4-521288C52977} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [瑞星卡卡工具条(&R)] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [] {19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, > [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, > [] {08CBFE20-8DC8-4195-B8E2-DD66F860469D} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [] {889D2FEB-5411-4565-8998-1DD2C5261283} <, > [] {95B3F550-91C4-4627-BCC4-521288C52977} <, > [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [Download_Bho Class] {A986E409-30CC-4185-89BB-AB212C104524} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [瑞星卡卡工具条(&R)] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 664 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 728 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 760 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4176] [PID: 804 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 820 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 976 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4188] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513] [C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2527] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 996 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1188 / SYSTEM][C:\Program Files\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1196 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1420 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1464 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1512 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29] [C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 1632 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4188] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513] [C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2527] [C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4176] [PID: 1740 / SYSTEM][C:\Program Files\Rising\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files\Rising\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60] [PID: 1804 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1988 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [PID: 1216 / Administrator][C:\Program Files\PPLiveVA\PPLiveVA.exe] [Synacast, 0, 1, 0, 8] [C:\Program Files\PPLiveVA\PPVA.DLL] [Synacast, 0, 1, 2, 36] [C:\Program Files\PPLiveVA\NetTools.dll] [, 1.0.0.2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\PPLiveVA\peer.dll] [Synacast, 0, 0, 4, 42] [C:\Program Files\PPLiveVA\FWUpnp.dll] [N/A, ] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.25] [PID: 936 / Administrator][D:\新建文件夹\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [D:\新建文件夹\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [D:\新建文件夹\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\新建文件夹\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 1596 / SYSTEM][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [PID: 2020 / SYSTEM][C:\Program Files\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2592 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2688 / Administrator][C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe] [, 0, 1, 1, 2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2748 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 524 / Administrator][D:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\PSAPI.DLL] [N/A, ] [D:\Program Files\Tencent\QQ\MSIMG32.dll] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\Program Files\Tencent\QQ\FinePlus.dll] [N/A, ] [D:\Program Files\Tencent\QQ\fphelper.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,713,1791] [D:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ] [D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ] [D:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,775,1803] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2] [D:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ] [D:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [D:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ] [D:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,775,1803] [D:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [D:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ] [D:\Program Files\Tencent\QQ\QQDoctor\TSVulMdw.dat] [TENCENT, 2007, 12, 18, 3] [D:\Program Files\Tencent\QQ\QQDoctor\TSVulChk.DAT] [Tencent, 2007, 11, 14, 41] [PID: 4076 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3] [D:\新建文件夹\syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\新建文件夹\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [D:\新建文件夹\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\PPLiveVA\DownloaderManager.dll] [Synacast, 1.0.0.27] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.25] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 3412 / Administrator][D:\新建文件夹\ras.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.7] [D:\新建文件夹\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\新建文件夹\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\新建文件夹\KakaMgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.28] [D:\新建文件夹\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\新建文件夹\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\新建文件夹\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\新建文件夹\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\新建文件夹\dbmgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.4] [D:\新建文件夹\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [D:\新建文件夹\pweb.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.21] [D:\新建文件夹\pscan.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.60] [D:\新建文件夹\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [D:\新建文件夹\pset.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [D:\新建文件夹\pdefend.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [D:\新建文件夹\ptools.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.16] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [D:\新建文件夹\psysinfo.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.57] [D:\新建文件夹\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [D:\新建文件夹\engine.dll] [Beijing Rising Information Technology Co., Ltd., 19, 0, 0, 26] [D:\新建文件夹\zip.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 0] [PID: 2324 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX05.922\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 2840 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX05.922\SRE43e00ea6.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX05.922\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.60] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 222.189.238.6 hallcenter.ourgame.com 222.189.238.6 chat.sina.com.cn 222.189.238.6 news.51uc.com 222.189.238.6 recommend.xunlei.com 222.189.238.6 biz5c.sandai.net 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 976, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1632, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2324, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX05.922\SRENGLDR.EXE] ================================== 计划任务 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]