电脑中了av终结者,这是用sreng扫描的部分结果,高手帮忙分析下
现在打不开隐藏文件,改注册表直接被关掉,进我的电脑里没有地址栏,用icesword直接被退出,高手救命啊!!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
<IFEO[NPFMntor.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
<IFEO[QQDoctor.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
<IFEO[QQKav.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe]
<IFEO[QQSC.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
<IFEO[rstrui.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
<IFEO[TrojDie.kxp]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
<IFEO[upiea.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
<IFEO[UpLive.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe]
<IFEO[USBCleaner.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
<IFEO[vsstat.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
<IFEO[webscanx.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe]
<IFEO[zjb.exe]><C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe> []
==================================
==================================
正在运行的进程
[PID: 640 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\system32\Ati2evxx.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\ibmpmsvc.exe] [N/A, ]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1052 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe] [, ]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1080 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1160 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[PID: 1224 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[C:\Oracle\Ora81\bin\ociw32.dll] [Oracle Corporation, 8.0.5.0.0]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1340 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[PID: 1496 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[PID: 1516 / yuntian][C:\WINDOWS\system32\Ati2evxx.exe] [, ]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1576 / yuntian][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\WINDOWS\system32\avwghmn.dll] [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll] [N/A, ]
[C:\WINDOWS\system32\kawdfzy.dll] [N/A, ]
[C:\WINDOWS\system32\avzxhmn.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 6]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1880 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 3723, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL] [Hewlett-Packard Corporation, 60.5.36.2]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2032 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[PID: 160 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe] [Sohu.com Inc., 2, 0, 0, 27]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Sogou PXP\vodsvr.dll] [Sohu.com Inc., 2, 2, 0, 9]
[C:\Program Files\Sogou PXP\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 9]
[C:\Program Files\Sogou PXP\p2pclient.dll] [Sohu.com Inc., 2, 9, 0, 7]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 148 / SYSTEM][C:\WINDOWS\System32\QCONSVC.EXE] [IBM Corp., 3, 0, 0, 0]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 508 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\TpKmpSVC.exe] [N/A, ]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1060 / SYSTEM][C:\WINDOWS\system32\fxssvc.exe] [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 696 / yuntian][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2068 / yuntian][C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE] [Nokia, 6, 81, 61, 4]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 81, 62, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Nokia\NOKIAP~1\PCSCM.dll] [Nokia, 6, 81, 68, 0]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Common Files\PCSuite\ConfServer\ConfServer.dll] [Nokia, 6, 81, 26, 0]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Nokia\NOKIAP~1\Lang\LaunchApplication_chi-sc.NLR] [Nokia, 6, 81, 60, 0]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2208 / yuntian][C:\Program Files\Common Files\System\lkqpsmu.exe] [N/A, ]
[C:\WINDOWS\system32\avzxhmn.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 2300 / yuntian][C:\Program Files\Common Files\Microsoft Shared\cqprykh.exe] [N/A, ]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[PID: 3336 / SYSTEM][C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe] [Nokia., 6, 81, 60, 0]
[C:\WINDOWS\system32\NclTools.dll] [Nokia., 6, 81, 21, 1]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 81, 27, 0]
[C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll] [Nokia, 6, 81, 34, 1]
[C:\Program Files\Common Files\PCSuite\Transports\NCLUSBMM.dll] [Nokia, 6, 81, 39, 1]
[C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll] [Nokia., 6, 81, 40, 2]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2924 / yuntian][E:\orangeaug.com] [Beijing Rising Tech. Co., Ltd., 1, 8, 2, 0]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\avzxhmn.dll] [N/A, ]
[C:\WINDOWS\system32\kawdfzy.dll] [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll] [N/A, ]
[C:\WINDOWS\system32\avwghmn.dll] [N/A, ]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[PID: 2192 / SYSTEM][RsHide] [N/A, ]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[PID: 3476 / SYSTEM][RsHide] [N/A, ]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[C:\Program Files\Rising\Rav\SpamEng.dll] [, 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[C:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[C:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[C:\Program Files\Rising\Rav\RsVM.dll] [, 19, 0, 0, 16]
[C:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
[C:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ScanElf.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[C:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[PID: 3528 / yuntian][RsHide] [N/A, ]
[C:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[PID: 3692 / yuntian][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\avwghmn.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[PID: 58496 / yuntian][E:\sreng2(1)\rs.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\wsmsezx.dll] [N/A, ]
[C:\DOCUME~1\yuntian\LOCALS~1\Temp\rsv4.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\atmQQ2.dll] [N/A, ]
[C:\WINDOWS\system32\avwghmn.dll] [N/A, ]
[C:\WINDOWS\system32\avzxhmn.dll] [N/A, ]
[C:\WINDOWS\system32\kawdfzy.dll] [N/A, ]
[C:\WINDOWS\system32\rarjepi.dll] [N/A, ]
[E:\sreng2(1)\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
Autorun.inf
[C:\]
[AutoRun]
open=wvebiyg.exe
shell\open=打开(&O)
shell\open\Command=wvebiyg.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=wvebiyg.exe
[D:\]
[AutoRun]
open=wvebiyg.exe
shell\open=打开(&O)
shell\open\Command=wvebiyg.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=wvebiyg.exe
API HOOK
入口点错误:RegCreateKeyExA (危险等级: 高, 被下面模块所HOOK: 0x00F91FE5)
入口点错误:RegCreateKeyExW (危险等级: 高, 被下面模块所HOOK: 0x00F920B5)
入口点错误:Process32NextW (危险等级: 高, 被下面模块所HOOK: 0x00F92325)
入口点错误:Module32FirstW (危险等级: 高, 被下面模块所HOOK: 0x00F93945)
入口点错误:TerminateProcess (危险等级: 高, 被下面模块所HOOK: 0x00F94095)
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00F92185)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00F92255)
入口点错误:FindWindowA (危险等级: 高, 被下面模块所HOOK: 0x00F93A15)
入口点错误:FindWindowExA (危险等级: 高, 被下面模块所HOOK: 0x00F93BB5)
入口点错误:FindWindowExW (危险等级: 高, 被下面模块所HOOK: 0x00F93C85)
入口点错误:FindWindowW (危险等级: 高, 被下面模块所HOOK: 0x00F93AE5)
入口点错误:SendMessageA (危险等级: 高, 被下面模块所HOOK: 0x00F93D55)
入口点错误:SendMessageW (危险等级: 高, 被下面模块所HOOK: 0x00F93E25) 高手来看一下啊 搞得太复杂了吧。
找360,windows清理助手,av终结者专杀,杀一下啊。
[[i] 本帖最后由 cooller0123 于 2007-12-13 00:19 编辑 [/i]] 太复杂了,找专杀,应该可以的 金山的av专杀根本就打不开直接被关,瑞星的专杀一个都杀不出来 像冰刃那些最好是改了名再运行。
一般有两个进程。用冰刃结束并删除那文件
用SRENG修复安全模式,再用杀毒软件杀毒 專殺都不可以嗎? ooooo 我从上面看的是Image File Execution Options这个文件搞的鬼
你看对不对
对的话
把这个文件删了啊 最好用杀毒软件杀杀,看来你机子上的病毒应该还不少呢,不要光用能查的软件。。。 先看看进程里有什么 在别的电脑上下一个专杀用移动设备倒过来记住之前要不自动播放给禁止了要不又要中毒了在安全模式下杀毒
页:
[1]