瑞星卡卡安全论坛

我的电脑中毒了，有两个进程umqhool.exe \  mavlatna.exe.听说那个是AV的变种，电脑用AV 终结者杀过了，还是不行，不知道为什么杀不了。而且所有的进程都打不开，打开时是以文档的方式，我该怎么做？
比如说我要玩游戏的话，快捷方式打开的都是文档。开机时运行的卡巴显示的也是文档方式。
有机会我上穿样本！

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、打开已经解压缩的SRENG文件夹，双击运行其中的SREngPS.exe；
3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
4、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容在同一个主题帖下分多个回复帖子传上来）。
友情提示：
1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等下载程序什么的程序）和IE窗口（请注意，是关闭而不是最小化窗口）
2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。
3、SRENG操作图文详解：http://forum.ikaka.com/topic.asp?board=201&artid=8343881

C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe

C:\Program Files\Common Files\System\umqhool.exe
<rosftpm><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
        <jbrrjmm><C:\Program Files\Common Files\System\umqhool.exe>      []
        <avpms><C:\Program Files\NetMeeting\avpms.exe>      []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
        <AppInit_DLLs><kvmxfma.dll>      []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
        <IFEO[360rpt.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
        <IFEO[360Safe.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
        <IFEO[360tray.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
        <IFEO[adam.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
        <IFEO[AgentSvr.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
        <IFEO[AppSvc32.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe]
        <IFEO[ArSwp.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
        <IFEO[AST.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
        <IFEO[autoruns.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe]
        <IFEO[AvastU3.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
        <IFEO[avconsol.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
        <IFEO[avgrssvc.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
        <IFEO[AvMonitor.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
        <IFEO[avp.com]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
        <IFEO[avp.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
        <IFEO[CCenter.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
        <IFEO[ccSvcHst.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
        <IFEO[EGHOST.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
        <IFEO[FileDsty.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
        <IFEO[FTCleanerShell.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
        <IFEO[FYFireWall.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe]
        <IFEO[ghost.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
        <IFEO[HijackThis.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
        <IFEO[IceSword.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
        <IFEO[iparmo.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
        <IFEO[Iparmor.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe]
        <IFEO[irsetup.exe]><C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe>      []
还有很多很多啊。

LZ,找到C:\Program Files\Common Files\Microsoft Shared\mvlatna.exe
压缩加密发送到我的邮箱,我测试下~~
地址在签名,谢谢
弄出来了,给你回复