3:当前活动文件情况:
360tray.exe [启动值] d:\360safe\safemon\360tray.exe
ravtask.exe [启动值] c:\program files\rising\rav\ravtask.exe
ravext.dll [启动值] c:\windows\system32\ravext.dll
shmgrate.exe [启动项] ;c:\windows\system32\shmgrate.exe
shmgrate.exe [启动项] ;c:\windows\system32\shmgrate.exe
msnetmtg.inf [启动项] ;rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msnetmtg.inf
msmsgs.inf [启动项] ;rundll32.exe advpack.dll,launchinfsection c:\windows\inf\msmsgs.inf
nvcpl.dll [Explorer加载] c:\windows\system32\nvcpl.dll
nvcpl.dll [Explorer加载] c:\windows\system32\nvcpl.dll
nvshell.dll [Explorer加载] c:\windows\system32\nvshell.dll
nvshell.dll [Explorer加载] c:\windows\system32\nvshell.dll
nvshell.dll [Explorer加载] c:\windows\system32\nvshell.dll
rarext.dll [Explorer加载] c:\totalcmd\winrar\rarext.dll
ravext.dll [Explorer加载] c:\windows\system32\ravext.dll
unlockercom.dll [Explorer加载] d:\unlocker\unlockercom.dll
xunleibho_now.dll [BHO钩子] d:\thunder\comdlls\xunleibho_now.dll
xunleibho_now.dll [BHO钩子] d:\thunder\comdlls\xunleibho_now.dll
geturl.htm [IE右键] d:\thunder\program\geturl.htm
getallurl.htm [IE右键] d:\thunder\program\getallurl.htm
excel.exe [IE右键] res://d:\micros~1\office11\excel.exe
bsurl.htm [IE右键] d:\bitspirit\bsurl.htm
ravext.dll [文件右键] c:\windows\system32\ravext.dll
rarext.dll [文件右键] c:\totalcmd\winrar\rarext.dll
unlockercom.dll [文件右键] d:\unlocker\unlockercom.dll
ravext.dll [文件右键] c:\windows\system32\ravext.dll
unlockercom.dll [文件右键] d:\unlocker\unlockercom.dll
rarext.dll [文件右键] c:\totalcmd\winrar\rarext.dll

在12楼中的
shmgrate.exe [启动项] ;c:\windows\system32\shmgrate.exe
shmgrate.exe [启动项] ;c:\windows\system32\shmgrate.exe
只能用syscheck看到，其它都看不到用RISING没毒。文件在system32里同。改名的话又会被新建一个，我看大有可能是VIRUS因为人以前改名系统文件的时候会说文件系统被更新要插入光盘扫描保证完整性，而这个没有。