Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <RavTask><"E:\瑞星杀毒\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"E:\瑞星防火墙\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <nwiz><nwiz.exe /install>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <runeip><E:\瑞星卡卡助手\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><E:\瑞星卡卡助手\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebSecurity><C:\WINDOWS\system32\PvSec.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{B63BFF8C-2E25-4CCC-9A01-68807F567AA7}><C:\WINDOWS\system32\BandRes.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\年韵20~1.SCR>  [Microsoft Corp.                                                                                                                                                                                                                                              ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <HF_GameClient><; F:\浩方作战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <LiveUpatePower><; rem MyUpdate.exe>  [N/A]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [N/A]
    <QuickTime Task><; "E:\QuickTimeInstaller\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
N/A

==================================
服务
[AntiVirusWmSrv / AntiVirusWmSrv][Running/Auto Start]
  <E:\完美卸载\AntiVirusWmSrv.exe><剑锋软件>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Imsvc / Imsvc][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Webmail.dll><>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\Messenger\msnsvc.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PnpWMmng / PnpWMmng][Running/Auto Start]
  <E:\完美卸载\PnpWMmng.exe><完美卸载>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\瑞星防火墙\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\瑞星防火墙\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\瑞星杀毒\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\瑞星杀毒\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\ExpScan.sys><>
[Hardlock / Hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\瑞星防火墙\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\瑞星防火墙\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\E:\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA Disk Cache Filter Driver / nvcchflt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvcchflt.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[parcls / parcls][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\parcls.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\瑞星防火墙\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\瑞星杀毒\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\winio.sys><N/A>
[wspipe / wspipe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\wspipe.sys><N/A>

==================================

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方作战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\显允示酒器鞴工ぞ具運\显允示酒器魇手植册崛软砑件\Reader\ActiveX\AcroIEHelper.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <E:\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\迅雷\Program\GetAllUrl.htm, N/A>

正在运行的进程
[PID: 604][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096][E:\瑞星杀毒\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1112][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\webmail.dll]  [, 1, 0, 0, 2]
    [c:\program files\messenger\msnsvc.dll]  [N/A, N/A]
[PID: 1136][E:\完美卸载\AntiVirusWmSrv.exe]  [剑锋软件, 1, 0, 0, 1]
[PID: 1164][E:\完美卸载\PnpWMmng.exe]  [完美卸载, 5.1.2600.2937 ]
[PID: 1220][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][E:\瑞星杀毒\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [E:\瑞星杀毒\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [E:\瑞星杀毒\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星杀毒\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [E:\瑞星杀毒\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\瑞星杀毒\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星杀毒\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\瑞星杀毒\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\瑞星杀毒\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\瑞星杀毒\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [E:\瑞星杀毒\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [E:\瑞星杀毒\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\瑞星杀毒\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [E:\瑞星杀毒\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\瑞星杀毒\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [E:\瑞星杀毒\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\瑞星杀毒\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\瑞星杀毒\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\瑞星杀毒\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [E:\瑞星杀毒\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\瑞星杀毒\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [E:\瑞星杀毒\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [E:\瑞星杀毒\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [E:\瑞星杀毒\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [E:\瑞星杀毒\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 32]
    [E:\瑞星杀毒\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [E:\瑞星杀毒\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [E:\瑞星杀毒\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [E:\瑞星杀毒\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [E:\瑞星杀毒\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [E:\瑞星杀毒\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1372][e:\瑞星防火墙\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [e:\瑞星防火墙\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [e:\瑞星防火墙\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [e:\瑞星防火墙\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
    [e:\瑞星防火墙\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\瑞星防火墙\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [e:\瑞星防火墙\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1588][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1768][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9131]
[PID: 1916][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 236][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\PvSec.dll]  [, 5, 1, 100, 2500]
    [C:\WINDOWS\system32\BandRes.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
    [E:\解压系统\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]

[E:\迅雷\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 396][e:\瑞星防火墙\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
    [e:\瑞星防火墙\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [e:\瑞星防火墙\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\瑞星防火墙\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\瑞星防火墙\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\瑞星防火墙\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 1060][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1396][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 54]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 1420][E:\瑞星杀毒\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [E:\瑞星杀毒\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\瑞星杀毒\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星杀毒\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\瑞星杀毒\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 848][E:\瑞星杀毒\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [E:\瑞星杀毒\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [E:\瑞星杀毒\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [E:\瑞星杀毒\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\瑞星杀毒\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\瑞星杀毒\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\瑞星杀毒\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\瑞星杀毒\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [E:\瑞星杀毒\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 1900][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1948][E:\瑞星卡卡助手\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [E:\瑞星卡卡助手\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 284][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 324][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMCTray.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
[PID: 1512][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
    [C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\nvshell.dll]  [N/A, N/A]
[PID: 3684][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2820][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [E:\迅雷\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [E:\瑞星杀毒\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2828][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
    [C:\WINDOWS\system32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [E:\迅雷\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
    [C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [E:\瑞星杀毒\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2196][E:\日志扫描\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\nview.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.11038]
    [C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [E:\瑞星卡卡助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
127.0.0.1 WWW.POWERNUM123.COM
127.0.0.1 WWW.POWERNUM123.COM.CN
127.0.0.1 POWERNUM123.COM
127.0.0.1 POWERNUM123.COM.CN
127.0.0.1 WWW.CHEBL.COM
127.0.0.1 WWW.CHEBL.CN
127.0.0.1 WWW.CHEBL.COM.CN
127.0.0.1 CHEBL.COM
127.0.0.1 CHEBL.COM.CN
127.0.0.1 CHEBL.CN
127.0.0.1 WWW.CHEBULUO.COM.CN
127.0.0.1 WWW.CHEBULUO.COM
127.0.0.1 WWW.CHEBULUO.CN
127.0.0.1 CHEBULUO.COM.CN
127.0.0.1 CHEBULUO.COM
127.0.0.1 CHEBULUO.CN
127.0.0.1 WWW.17SP.COM
127.0.0.1 WWW.17SP.COM.CN
127.0.0.1 17SP.COM
127.0.0.1 17SP.COM.CN
127.0.0.1 WWW.FEIKONG.COM
127.0.0.1 WWW.FEIKONG.COM.CN
127.0.0.1 WWW.FEIKONG.CN
127.0.0.1 FEIKONG.COM
127.0.0.1 FEIKONG.COM.CN
127.0.0.1 FEIKONG.CN
127.0.0.1 WWW.HACONG.COM
127.0.0.1 HACONG.COM

127.0.0.1 WWW.XBXBXBXB.COM
127.0.0.1 WWW.SOBT.COM
127.0.0.1 WWW.SOBT.COM.CN
127.0.0.1 WWW.SOBT.CN
127.0.0.1 WWW.SOBT.NET
127.0.0.1 SOBT.COM
127.0.0.1 SOBT.COM.CN
127.0.0.1 SOBT.CN
127.0.0.1 SOBT.NET
127.0.0.1 WWW.XBXBXBXBXB.COM
127.0.0.1 XBXBXBXB.COM
127.0.0.1 XBXBXBXBXB.COM
127.0.0.1 WWW.NFSINFO.COM
127.0.0.1 NFSINFO.COM
127.0.0.1 CRMEASE.COM
127.0.0.1 HONGBANGZHU.COM
127.0.0.1 LINUX007.COM
127.0.0.1 LOSPLE.COM
127.0.0.1 LOSTEMPLE.COM
127.0.0.1 WWW.CRMEASE.COM
127.0.0.1 WWW.HONGBANGZHU.COM
127.0.0.1 WWW.LINUX007.COM
127.0.0.1 WWW.LOSPLE.COM
127.0.0.1 WWW.LOSTEMPLE.COM
127.0.0.1 SMARTALLYES.COM
127.0.0.1 51CPM.NET
127.0.0.1 51CPM.COM
127.0.0.1 YIQILAI.COM
127.0.0.1 UPDATE.SMARTALLYES.COM
127.0.0.1 MDMDMDMDMD.COM
127.0.0.1 WWW.SMARTALLYES.COM
127.0.0.1 WWW.51CPM.NET
127.0.0.1 WWW.51CPM.COM
127.0.0.1 WWW.YIQILAI.COM
127.0.0.1 WWW.MDMDMDMDMD.COM
127.0.0.1 QUANTUMBIZS.COM
127.0.0.1 WWW.QUANTUMBIZS.COM
127.0.0.1 PDSHN.COM
127.0.0.1 WWW.PDSHN.COM
127.0.0.1 PKPKPK.COM
127.0.0.1 WWW.PKPKPK.COM
127.0.0.1 PKPKPK.NET
127.0.0.1 WWW.PKPKPK.NET
127.0.0.1 OOOOOS.COM
127.0.0.1 WWW.OOOOOS.COM
127.0.0.1 CCTV06.COM
127.0.0.1 WWW.CCTV06.COM
127.0.0.1 FEIXIN.ORG
127.0.0.1 WWW.FEIXIN.ORG
127.0.0.1 PENGK.COM
127.0.0.1 WWW.PENGK.COM
127.0.0.1 QQYE.COM
127.0.0.1 WWW.QQYE.COM
127.0.0.1 XIA3.COM
127.0.0.1 WWW.XIA3.COM
127.0.0.1 XIAZAI1.COM
127.0.0.1 WWW.XIAZAI1.COM
127.0.0.1 CCWINFO.NET
127.0.0.1 WWW.CCWINFO.NET
127.0.0.1 DDPDDP.COM
127.0.0.1 WWW.DDPDDP.COM

==================================
API HOOK
N/A

==================================
[/CODE]
每次启动都发现病毒