瑞星卡卡安全论坛

我的电脑中了Death.exe病毒，最新更新的瑞星也发现不了、杀不了，怎么办？帮帮忙啊，谢谢啦

如下:
http://www.kztechs.com/sreng/sreng2.zip 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改.一次贴不完,分几次贴.

注意:在扫描日志之前把一些不必要程序(如:QQ,MSN,浩方等一些游戏平台)关闭.

解决方法:
下载一个软件工具
unlocker
在天空下载站里面有下
http://www.skycn.com/soft/23022.html

装好之后工具后
打开杀毒软件 进行杀毒
一般会查到一个或者几个.dll .sys的文件

找到这几个文件 右键文件选择unlocker 进行解锁

然后杀毒软件会报毒，建议直接用杀毒软件删除它

其它同类的难杀的也可以这样做

熊猫变种。用置顶的熊猫专杀试试。

unlocker不管用啊，瑞星找不到病毒，所以没有删除的目标啊

http://forum.ikaka.com/topic.asp?board=28&artid=8261614
参考一下搞不定扫日志

mopery版主的指定帖子讲到过。
http://forum.ikaka.com/topic.asp?board=28&artid=8261614

http://forum.ikaka.com/topic.asp?board=28&artid=8261614
这个帖子是处理方法,
著名的死神,终于有人中招了,喜欢啊

对，就是mopery说的那个，可是mopery没说怎么处理啊，怎么弄？帮帮忙啊，谢谢啦

一楼的朋友，扫描完了，报告怎么给你？

没啥好处理的 全盘格

因为除系统外所有的EXE 全部被 垃圾代码覆盖掉了

是么?斑竹忘记写怎么处理了???
我记得他写了病毒运行后会出现什么新文件啊,你就把那些文件干掉就好了啊,别和我说不会啊.删除不掉的去下UNLOCKER删除

这个样本  首先 是偶  那边截获 给 M的

覆盖了 除系统外 所有 EXE文件  没法修复 只有全盘格

N久前看的M的帖子了,忘记具体情况了,既然如此,那么楼主,去下载ASRENG,扫描日志发上来,我看看还能不能救,不过别抱太大希望啊,网警可都说的那么严重了,我尽量试试

启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
(Supervise.exe)(C:\WINDOWS\system32\Supervise.exe) [N/A]
(Death.exe)(C:\WINDOWS\system32\Death.exe) [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Corporation]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(RfwMain)("D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(runeip)(C:\Program Files\Rising\AntiSpyware\runiep.exe) [Beijing Rising Technology Co., Ltd.]
(RavTask)("d:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(Windows Defender)("C:\Program Files\Windows Defender\MSASCui.exe" -hide) [(Verified)Microsoft Corporation]
(RegNetPass)(C:\WINDOWS\system32\regcsp.exe) [N/A]
(gemstrmw)(C:\WINDOWS\system32\gemstrmw.exe /r) [Gemplus]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [(Verified)RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
({091EB208-39DD-417D-A5DD-7E2C2D8FB9CB})(C:\PROGRA~1\WINDOW~4\MpShHook.dll) [(Verified)Microsoft Corporation]




--------------------------------------------------------------------------------



启动文件夹

[QQ游戏启动加速程序]
(C:\Documents and Settings\张庆希\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --) D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司])(N)



--------------------------------------------------------------------------------



服务

[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
(C:\WINDOWS\system32\drivers\CDAC11BA.EXE)(Macrovision)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(d:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(d:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("d:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("d:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[SmartLinkService / SLService][Running/Auto Start]
(slserv.exe)()



--------------------------------------------------------------------------------



驱动程序

[Atheros Wireless Network Adapter Service / AR5211][Running/Manual Start]
(system32\DRIVERS\ar5211.sys)(Atheros Communications, Inc.)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[CdaC15BA / CdaC15BA][Running/Auto Start]
(\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS)(Macrovision Europe Ltd)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\ExpScan.sys)()
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
(system32\DRIVERS\fetnd5.sys)(VIA Technologies, Inc.)
[GKeyUSB / GKeyUSB][Stopped/Manual Start]
(System32\Drivers\GKeyUSB.sys)(Gemplus)
[HookCont / HookCont][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\D:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\d:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[Mtlmnt5 / Mtlmnt5][Running/Manual Start]
(system32\DRIVERS\Mtlmnt5.sys)()
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
(system32\DRIVERS\Mtlstrm.sys)()
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\D:\Program Files\Tencent\qq\npkcrypt.sys)(INCA Internet Co., Ltd.)
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
(system32\DRIVERS\NtMtlFax.sys)()
[Padus ASPI Shell / pfc][Running/Manual Start]
(system32\drivers\pfc.sys)(Padus, Inc.)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RecAgent / RecAgent][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\DRIVERS\RecAgent.sys)(Smart Link)
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\d:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[S3SavageNB / S3SavageNB][Running/Manual Start]
(system32\DRIVERS\s3gnbm.sys)(S3 Graphics, Inc.)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[SmartLink AMR_PCI Driver / Slntamr][Running/Manual Start]
(system32\DRIVERS\slntamr.sys)()
[SlNtHal / SlNtHal][Stopped/Manual Start]
(system32\DRIVERS\Slnthal.sys)()
[SlWdmSup / SlWdmSup][Running/Manual Start]
(system32\DRIVERS\SlWdmSup.sys)(Vireo Software)
[ViaIde / ViaIde][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\viaide.sys)(Microsoft Corporation)
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
(system32\drivers\viaudios.sys)(VIA Technologies, Inc.)
[Virtual PC Application Services / VPCAppSv][Running/Auto Start]
(system32\DRIVERS\VPCAppSv.sys)(Connectix Corporation)
[Virtual PC Emulated Ethernet Switch Driver / VPCNetS2][Running/Manual Start]
(system32\DRIVERS\VPCNetS2.sys)(Connectix Corporation)

浏览器加载项

[SnagIt Toolbar Loader]
{00C6482D-C502-44C8-8409-FCE54AD9C208} (D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation)
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (D:\Program Files\FlashGet\jccatch.dll, www.flashget.com)
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} (D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} (D:\Program Files\FlashGet\getflash.dll, )
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT)
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (D:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com)
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} (%windir%\Network Diagnostic\xpnetdiag.exe, N/A)
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft)
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} (D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation)
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} (D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} (d:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (C:\WINDOWS\opuc.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[QPicControl Control]
{E4CF9B52-A94E-4A27-AD90-904A81D0643A} (C:\WINDOWS\system32\QPic\qpic.ocx, tencent)
[SnagIt Toolbar Loader]
{00C6482D-C502-44C8-8409-FCE54AD9C208} (D:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation)
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[ClientVer Class]
{099D0B8F-0583-41F4-A853-FC30C6DC004A} (d:\Program Files\PaiPaiClient\PPVersion.dll, )
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} (C:\WINDOWS\system32\certInStall.dll, )
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} (C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation)
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} (C:\WINDOWS\system32\aliedit\pta.dll, )
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[Flashget Catch Url Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (D:\Program Files\FlashGet\jccatch.dll, www.flashget.com)
[BitComet工具栏]
{3F1ABCDB-A875-46C1-8345-B72A4567E486} (d:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, N/A)
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} (D:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, Microsoft Corporation)
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} (D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} (D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, )
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\system32\SUBMIT~1.DLL, )
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} (D:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation)
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484F-8273-0445EE161910} (D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[Office Update Installation Engine]
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (C:\WINDOWS\opuc.dll, Microsoft Corporation)
[d:\Program Files\Tencent\QQ\QQPlayerProxy.dll]
{CD108273-D434-43E6-AA90-1469F97EB398} (d:\PROGRA~1\Tencent\QQ\QQPLAY~1.DLL, Tencent)
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft)
[QPicControl Control]
{E4CF9B52-A94E-4A27-AD90-904A81D0643A} (C:\WINDOWS\system32\QPic\qpic.ocx, tencent)
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[Scripting.Dictionary]
{EE09B103-97E0-11CF-978F-00A02463E06F} (C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation)
[gFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} (D:\Program Files\FlashGet\getflash.dll, )
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation)
[&使用快车(FlashGet)下载]
(D:\Program Files\FlashGet\jc_link.htm, N/A)
[&使用快车(FlashGet)下载全部链接]
(D:\Program Files\FlashGet\jc_all.htm, N/A)
[上传到QQ网络硬盘]
(D:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A)
[在Foxmail中添加该RSS频道/频道组]
(res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(D:\Program Files\Tencent\qq\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\Program Files\Tencent\qq\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\Program Files\Tencent\qq\SendMMS.htm, N/A)
[转换为 Adobe PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换为现有 PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[转换选定的链接为 Adobe PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A)
[转换选定的链接为现有 PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A)
[转换选项为 Adobe PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换选项为现有 PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[转换链接目标为 Adobe PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换链接目标为现有 PDF]
(res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)

正在运行的进程

[PID: 448][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1593.0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[PID: 1112][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1296][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1440][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[d:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1604][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] [N/A, N/A]
[PID: 1648][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1720][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1848][C:\WINDOWS\system32\slserv.exe] [ , 2.80.00(24Apr2000)]
[PID: 168][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1492][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[PID: 1316][D:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[D:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\Program Files\Rising\Rfw\PSAPI.DLL] [Microsoft Corporation, 4.00]
[D:\Program Files\Unlocker\UnlockerHook.dll] [N/A, N/A]
[PID: 1052][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1593.0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 324][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 496][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 548][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3812][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 3924][d:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]

[d:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[d:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[d:\Program Files\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[d:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[d:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[d:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[d:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[d:\Program Files\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[d:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[d:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[d:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[d:\Program Files\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[D:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[D:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[D:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[D:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[D:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[D:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[D:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 224][d:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[d:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 2980][D:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[D:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Program Files\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[D:\Program Files\Rising\Rav\Engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[D:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[D:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[D:\Program Files\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[D:\Program Files\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[D:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Program Files\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 3064][D:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3108][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3360][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3376][E:\My Download\因特网内容\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\Program Files\FlashGet\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\NpOpenStore.dll] [N/A, N/A]
[C:\WINDOWS\system32\NPCard.dll] [N/A, N/A]
[C:\WINDOWS\system32\RsaFun.dll] [N/A, N/A]
[C:\WINDOWS\system32\GPKPCSC.dll] [N/A, N/A]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



API HOOK

N/A

各位大侠，扫描结果出来了，赶快帮帮忙啊，谢谢啦

我也没把握,我写出我的建议吧,希望能对你有所帮助.
1:给系统所有帐号添加启动密码
2:清理各处的临时文件夹(包括清空回收站)
3:关闭系统还原
4:升级你的杀毒软件查杀
5:若杀毒软件查到病毒了却没有给删除,那么请下在UNLOCKER这个软件,将病毒文件删除
6:检查以下两个文件:
(Supervise.exe)(C:\WINDOWS\system32\Supervise.exe) [N/A]
(Death.exe)(C:\WINDOWS\system32\Death.exe) [N/A]
若做完上面的事情后这两个文件还有,那么请删除

希望能拯救你

非常感谢大侠的帮助，两个文件均可以删除，但重新启动后又出现了，还好我的大对数EXE文件没有被破坏（试锅过的知道，没试过的就不知道了），还望大侠进一步帮忙，谢谢啦

再请教一下，系统还原怎么关闭？

C:\WINDOWS\system32\Supervise.exe
建立2个C:\WINDOWS\system32\Supervise.exe进程
释放C\WINDOWS\system32\Death.SiShen内容如下
[Autorun]
OPEN=SuperDown.EXE
shellexecute=SuperDown.EXE
shell\Auto\command=SuperDown.EXE

还感染EXE文件..但被感染文件已经无法运行...提示不是有效的WIN32程序
没有发现联网下载到东西..
修改注册表
进程：
  路径： C:\WINDOWS\system32\Supervise.exe
  PID: 1904
注册表群组： User AutoRun
对象：
  注册表键： HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  注册表值： Supervise.exe
      类型: REG_SZ
      值： C:\WINDOWS\system32\Supervise.exe

进程：
  路径： C:\WINDOWS\system32\Supervise.exe
  PID: 1904
注册表群组： User AutoRun
对象：
  注册表键： HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  注册表值： Death.exe
      类型: REG_SZ
      值： C:\WINDOWS\system32\Death.exe
开2个C:\WINDOWS\system32\Supervise.exe进程.进行重复的2次写注册表操作.应该是已防万一吧..
没有找到C:\WINDOWS\system32\Death.exe这个东西.....这个病毒有点怪....
现在比较晚...状态不好。估计会漏东西..而且这个毒没花多少时间详细看..
补充..来自mopery
搜索感染除系统盘以外的 .exe/.scr 文件.
受感染的 .exe/.scr 文件直接被替换.. 大小为:81,928 字节 ..这样一来所有的 .exe/.scr 文件全部无法恢复.

修改 显示文件和文件夹 注册表
[HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
"checkedvalue"=dword:00000000

尝试关闭窗口
symantec antivirus 企业版
江民杀毒软件 kv2006：实时监视
ravmonclass
tflockdownmain
zonealarm
zaframewnd
天网防火墙个人版
tapplication
天网防火墙企业版
tapplication
virusscan
symantec antivirus
duba
wrapped gift killer
icesword
pjf(ustc)
tform1
噬菌体
木马克星

尝试关闭进程
eghost.exe
mailmon.exe
kavpfw.exe
iparmor.exe
_avp32.exe
_avpcc.exe
_avpm.exe
avp32.exe
avpcc.exe
avpm.exe
avp.exe
navapw32.exe
navw32.exe
nod32kui.exe
nod32kru.exe
pfw.exe
kfw.exe
vsmon.exe
mcshield.exe
vstskmgr.exe
naprdmgr.exe
updaterui.exe
tbmon.exe
scan32.exe
ravmond.exe
ccenter.exe
ravtask.exe
rav.exe
ravmon.exe
ravmond.exe
ravstub.exe
kvxp.kxp
kvmonxp.kxp
kvcenter.kxp
kvsrvxp.exe
kregex.exe
uihost.exe
trojdie.kxp
frogagent.exe
logo1_.exe
logo_1.exe
rundl132.exe
death.exe (说明:自身副本)

谢谢各位大侠，终于搞定了，不过这个病毒好像不怎么厉害，我原来就安装有瑞星的防火墙和卡卡，当病毒试图修改注册表时，瑞星会有提示，只要拒绝修改，就能保证EXE文件不被破坏，我的电脑上的EXE文件一个也没被破坏，只是在SYSTEM32下多了两个文件而已，再次谢谢各位大侠的帮助

不厉害？看过这个样本，不是感染，而是覆盖EXE文件，这一点就比熊猫厉害，也许这是一个被修改过的半死不活的死神