[C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
[PID: 1292 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-

2158)]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
[PID: 1348 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 70]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 46]
    [C:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[PID: 1392 / SYSTEM][d:\瑞星防火墙\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 35]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
    [d:\瑞星防火墙\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [d:\瑞星防火墙\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [d:\瑞星防火墙\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [d:\瑞星防火墙\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\瑞星防火墙\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\瑞星防火墙\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [d:\瑞星防火墙\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1668 / new][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking

Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1804 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
[PID: 2024 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 260 / new][d:\瑞星防火墙\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [d:\瑞星防火墙\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\瑞星防火墙\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\瑞星防火墙\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\瑞星防火墙\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\瑞星防火墙\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
[PID: 592 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
[PID: 1164 / new][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1324 / new][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1544 / new][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]

[PID: 1552 / new][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
[PID: 1944 / new][D:\QQ\QQ.exe]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [D:\QQ\QQAPI.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\QQ\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
    [D:\QQ\QQRes.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\QQ\CQQApplication.dll]  [N/A, ]
    [D:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\QQ\NewSkin.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\CameraDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\MailSummary.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\QQ\QQSpace.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\QQ\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQAvatar.dll]  [N/A, ]
    [D:\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQPlugin.dll]  [N/A, ]
    [D:\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQCustomFace.dll]  [N/A, ]
    [D:\QQ\QRingMng.dll]  [N/A, ]
    [D:\QQ\LongConnection.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ\QQPet.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\QQ\BQQApplication.dll]  [N/A, ]
    [D:\QQ\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
    [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
    [D:\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
    [D:\QQ\QQSysMsgMng.dll]  [N/A, ]
[PID: 1172 / new][D:\QQ\TIMPlatform.exe]  [TENCENT, 7,0,365,1701]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 1624 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3024 / new][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180

(xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking

Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
[PID: 4064 / new][F:\优化大师\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\ztkpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\zxepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\mycpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\xyfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wldpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qjepri.dll]  [N/A, ]
    [C:\WINDOWS\system32\dhbpri.dll]  [N/A, ]
    [F:\优化大师\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 260, D:\瑞星防火墙\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1324, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1544, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

日志上传完毕，在线等待各好心大虾的结果！辛苦了！谢谢！

将C:\WINDOWS\system32\jzepri.dll这个文件改名，改成任何名如123.dll

打开SREng-启动项目->注册表->删除以下启动项目
<3bgsz1u34><C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> []
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\system32\qjepri.dll> []
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\system32\wldpri.dll> []
<{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\system32\xyfpri.dll> []
<{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\system32\jzepri.dll> []
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll> []
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\system32\qhbpri.dll> []
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\system32\mycpri.dll> []
<{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\system32\zxepri.dll> []
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\system32\wdbpri.dll> []
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\system32\dhbpri.dll> []
<{B1351752-5628-1547-FFAB-BADC13512AFB}><C:\WINDOWS\system32\ztkpri.dll> []

编辑<AppInit_DLLs><jzepri.dll> []
为<AppInit_DLLs><> []

删除下面的服务（运行SRENG--->启动项目--->服务--->Win32服务应用程序--->选择要删除的服务--->选择删除服务--->点击设置--->出现提示里选择否，确认删除。）

重启 显示隐藏文件后删除以下文件

C:\WINDOWS\system32\dhbpri.dll
C:\WINDOWS\system32\qjepri.dll
C:\WINDOWS\system32\wldpri.dll
C:\WINDOWS\system32\xyfpri.dll
C:\WINDOWS\system32\jhapri.dll
C:\WINDOWS\system32\qhbpri.dll
C:\WINDOWS\system32\mycpri.dll
C:\WINDOWS\system32\zxepri.dll
C:\WINDOWS\system32\wdbpri.dll
C:\WINDOWS\system32\ztkpri.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\jzepri.dll（改了名的那个文件）
C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe
C:\WINDOWS\mppds.exe

删除不掉的用冰刃删除
http://www.ttian.net/website/2005/0829/391.html

下载arswp(Windows清理助手)清理下
http://www.arswp.com/download/arswp/arswp.rar

<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\system32\qjepri.dll> []
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\system32\wldpri.dll> []
<{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\system32\xyfpri.dll> []
<{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\system32\jzepri.dll> []
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll> []
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\system32\qhbpri.dll> []
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\system32\mycpri.dll> []
<{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\system32\zxepri.dll> []
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\system32\wdbpri.dll> []
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\system32\dhbpri.dll> []
<{B1351752-5628-1547-FFAB-BADC13512AFB}><C:\WINDOWS\system32\ztkpri.dll> []

这些删不掉啊！怎么办？

下面文件尝试用XDelBox1.3一次行删除(enao.ys168.com 下载)
[C:\WINDOWS\system32\dhbpri.dll
[C:\WINDOWS\system32\qjepri.dll
[C:\WINDOWS\system32\wldpri.dll
[C:\WINDOWS\system32\xyfpri.dll
[C:\WINDOWS\system32\jzepri.dll
[C:\WINDOWS\system32\jhapri.dll
[C:\WINDOWS\system32\qhbpri.dll
[C:\WINDOWS\system32\mycpri.dll
[C:\WINDOWS\system32\zxepri.dll
[C:\WINDOWS\system32\wdbpri.dll
[C:\WINDOWS\system32\ztkpri.dll
[C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\mppds.exe
C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe

重启
编辑<AppInit_DLLs>内容为空 即删除<jzcpri.dll>

删除注册表项目
<3bgsz1u34><C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> []
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\system32\qjepri.dll> []
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\system32\wldpri.dll> []
<{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\system32\xyfpri.dll> []
<{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\system32\jzepri.dll> []
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll> []
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\system32\qhbpri.dll> []
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\system32\mycpri.dll> []
<{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\system32\zxepri.dll> []
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\system32\wdbpri.dll> []
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\system32\dhbpri.dll> []
<{B1351752-5628-1547-FFAB-BADC13512AFB}><C:\WINDOWS\system32\ztkpri.dll> []

下面文件尝试用XDelBox1.3一次性删除(enao.ys168.com 下载)
[C:\WINDOWS\system32\dhbpri.dll
[C:\WINDOWS\system32\qjepri.dll
[C:\WINDOWS\system32\wldpri.dll
[C:\WINDOWS\system32\xyfpri.dll
[C:\WINDOWS\system32\jzepri.dll
[C:\WINDOWS\system32\jhapri.dll
[C:\WINDOWS\system32\qhbpri.dll
[C:\WINDOWS\system32\mycpri.dll
[C:\WINDOWS\system32\zxepri.dll
[C:\WINDOWS\system32\wdbpri.dll
[C:\WINDOWS\system32\ztkpri.dll
[C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\mppds.exe
C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe

重启
编辑<AppInit_DLLs>内容为空 即删除<jzcpri.dll>

删除注册表项目
<3bgsz1u34><C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> []
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\system32\qjepri.dll> []
<{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\system32\wldpri.dll> []
<{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\system32\xyfpri.dll> []
<{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\system32\jzepri.dll> []
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll> []
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\system32\qhbpri.dll> []
<{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\system32\mycpri.dll> []
<{5A65498A-7653-9801-1647-987114AB7F45}><C:\WINDOWS\system32\zxepri.dll> []
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\system32\wdbpri.dll> []
<{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\system32\dhbpri.dll> []
<{B1351752-5628-1547-FFAB-BADC13512AFB}><C:\WINDOWS\system32\ztkpri.dll> []

C:\WINDOWS\system32\dhbpri.dll
C:\WINDOWS\system32\qjepri.dll
C:\WINDOWS\system32\wldpri.dll
C:\WINDOWS\system32\xyfpri.dll
C:\WINDOWS\system32\jhapri.dll
C:\WINDOWS\system32\qhbpri.dll
C:\WINDOWS\system32\mycpri.dll
C:\WINDOWS\system32\zxepri.dll
C:\WINDOWS\system32\wdbpri.dll
C:\WINDOWS\system32\ztkpri.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\jzepri.dll（改了名的那个文件）
C:\DOCUME~1\new\LOCALS~1\Temp\explorei.exe
C:\WINDOWS\mppds.exe
这里面有些文件删不掉，要是强删电脑直接蓝屏！
怎么办啊？