瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.PSW.Win32.YBonline.j怎么杀的彻底

12   2  /  2  页   跳转

Trojan.PSW.Win32.YBonline.j怎么杀的彻底

收藏
smallperson
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-05-30
  • 来自:
发表于: 2007-07-20 14:51 | 只看楼主 短消息 资料
字号: 11楼

[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 360 / a][C:\Program Files\D-Link\AirPlus G\AirGCFG.exe]  [D-Link, 3, 3, 1, 51123]
    [C:\WINDOWS\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 36, 51122]
    [C:\WINDOWS\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 3, 51006]
    [C:\WINDOWS\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 15, 51118]
    [C:\Program Files\D-Link\AirPlus G\WlanMon.dll]  [D-Link, 3, 3, 1, 50907]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 368 / a][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 352 / SYSTEM][C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe]  [Alpha Networks Inc., 1, 0, 1, 30507]
    [C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSd.DLL]  [Alpha Networks Inc., 2, 4, 38, 51122]
    [C:\WINDOWS\system32\AQCKGen.dll]  [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\ANIOApi.dll]  [Alpha Networks Inc., 2, 0, 3, 51006]
    [C:\WINDOWS\system32\WlanApp.dll]  [Alpha Networks Inc., 1, 0, 15, 51118]
    [C:\WINDOWS\system32\wlanapi.dll]  [Alpha Networks Inc., 1, 3, 36, 51122]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 1160 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[PID: 1436 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.10.3077]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\2052\mdmui.dll]  [Microsoft Corporation, 7.10.3077]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll]  [Microsoft Corporation, 7.10.3077]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll]  [Microsoft Corporation, 7.10.3077]
[PID: 1500 / a][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2088 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 2328 / SYSTEM][E:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  [VMware, Inc., 5.5.2 build-29772]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 2416 / a][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.2039.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2768 / SYSTEM][C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe]  [VMware, Inc., 5.5.2 build-29772]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll]  [VMware, Inc., 5.5.2 build-29772]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 2816 / SYSTEM][C:\WINDOWS\system32\vmnat.exe]  [VMware, Inc., 5.5.2 build-29772]
[PID: 2852 / SYSTEM][C:\WINDOWS\system32\vmnetdhcp.exe]  [VMware, Inc., 5.5.2 build-29772]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 3872 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3600 / a][C:\Program Files\Rising\AntiSpyware\Ras.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.52]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\RasGui.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 0, 11]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
[PID: 2516 / a][C:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\WINDOWS\system32\jhapri.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
gototop
 
smallperson
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-05-30
  • 来自:
发表于: 2007-07-20 14:52 | 只看楼主 短消息 资料
字号: 12楼

[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavQu.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[PID: 1868 / a][C:\Program Files\360safe\360safe.exe]  [奇虎网, 3, 5, 2, 1003]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [C:\Program Files\360safe\AntiEng.dll]  [360Safe.com, 3, 5, 2, 1002]
    [C:\Program Files\360safe\Antispy.dll]  [奇虎网, 3, 5, 2, 1001]
    [C:\Program Files\360safe\LeakCheck.dll]  [360Safe.com, 3, 5, 1, 1001]
    [C:\Program Files\360safe\CleanHis.dll]  [奇虎网, 3, 0, 2, 1000]
    [C:\Program Files\360safe\AntiActi.dll]  [360Safe.com, 2, 0, 0, 3000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1017]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 4000 / a][C:\WINDOWS\regedit.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
[PID: 2636 / a][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1: 2006101023]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, ]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, ]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
    [C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll]  [, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[PID: 2624 / a][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[PID: 3020 / a][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1732 / a][C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX00.454\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\wlcpri.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.8.9 20Nov03]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX00.454\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 1064, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 368, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2416, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2768, C:\PROGRAM FILES\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3600, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3600, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2516, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1868, C:\PROGRAM FILES\360SAFE\360SAFE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1868, C:\PROGRAM FILES\360SAFE\360SAFE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2636, C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2624, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3020, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-07-20 14:55 | 短消息 资料
字号: 13楼

注意:删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区!
下面所提到的文件中如果有哪项你认识或者确认不是病毒 请不要删除!
首先重命名 C:\WINDOWS\system32\wlcpri.dll为其他名称
重启计算机进入
安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng (就是你扫日志的软件)
启动项目  注册表 删除如下项目
<?{F382C1EB-375C-573D-1F5E-23455234524F}><wlcpri.dll> []
<?{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><jhapri.dll> []
<{F382C1EB-375C-573D-1F5E-23455234524F}><C:\WINDOWS\system32\wlcpri.dll> []
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\system32\jhapri.dll> []
双击AppInit_DLLs 把其键值改为空




双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
点击  菜单栏下方的 文件夹按钮(搜索右边的按钮)
从左边的资源管理器 进入C盘
删除如下文件
C:\WINDOWS\system32\wlcpri.dll你重命名的那个文件
C:\WINDOWS\system32\jhapri.dll
gototop
 
smallperson
头像
初生襁褓狮
  • 帖子:13
  • 注册: 2007-05-30
  • 来自:
发表于: 2007-07-20 16:01 | 只看楼主 短消息 资料
字号: 14楼

用sreng无法修改注册表
提示可能中病毒
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT