[C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll]  [N/A, ]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common_firewall.dll]  [N/A, ]
    [C:\NVIDIA\NetworkAccessManager\bin\NMI.dll]  [NVIDIA Corporation, 1, 0, 2, 0]
    [C:\NVIDIA\NetworkAccessManager\bin\SpecialCase.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.8]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 3056 / SYSTEM][C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe]  [N/A, ]
    [C:\NVIDIA\NetworkAccessManager\bin\nv_common.dll]  [N/A, ]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.8]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 3080 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 20]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.8]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [C:\Program Files\P4P\p4pipc.dll]  [Sohu.com Inc., 1, 0, 0, 11]
[PID: 3156 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\swrcbzc.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.8]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 3252 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
    [C:\WINDOWS\System32\swrcbzc.dll]  [N/A, ]
[PID: 3728 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3468 / 123][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 1, 2]
[PID: 3488 / 123][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3275]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
[PID: 3532 / 123][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 1072 / 123][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
[PID: 3636 / 123][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.05]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 3872 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.8]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 4040 / 123][F:\新建文件夹 (9)\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\swrcbzc.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxshma.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxhma.dll]  [N/A, ]
    [F:\新建文件夹 (9)\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost
202.103.67.180    auto.search.msn.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3028, C:\NVIDIA\NETWORKACCESSMANAGER\BIN\NSVCIP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3056, C:\NVIDIA\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3468, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3468, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3488, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3488, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

C:\DOCUME~1\123~1.BIL\LOCALS~1\Temp\wkebsr.exe>这个好象可以删

【回复“ssuusu”的帖子】
除了这个基本没别的毛病了吧　？

引用:

【Trojan87的贴子】【回复“ssuusu”的帖子】 除了这个基本没别的毛病了吧　？ ………………

半天不见，又下载了一堆病毒，汗死了耶！！！！！

【回复“天月来了”的帖子】
啥 我机器又有病毒了? 没啊 我早上扫描完事发完 我就关机器出去了  刚才回来开机 就上来看然后就安上面的方法弄的  弄完又扫描发上来地 现在还有病毒啊 ????????? 不是吧 ? 那瑞星也没提示啊

再忙吧。

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><swrcbzc.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{634345F1-DACF-3452-CB7D-4620F34A1536}><C:\WINDOWS\system32\rsztfpm.dll> [N/A]
<{38907901-1416-3389-9981-372178569983}><C:\WINDOWS\system32\kawdczy.dll> [N/A]
<{8C87A354-ABC3-DEDE-FF33-3213FD7447C8}><C:\WINDOWS\system32\kvdxhma.dll> []
<{7E32FA58-3453-FA2D-BC49-F340348ACCE7}><C:\WINDOWS\system32\rsmygpm.dll> [N/A]
<{38847374-8323-FADC-B443-4732ABCD3783}><C:\WINDOWS\system32\sidjczy.dll> [N/A]
<{6859245F-345D-BC13-AC4F-145D47DA34F6}><C:\WINDOWS\system32\avzxfmn.dll> [N/A]
<{378A7521-FA87-34AB-34C2-4893F3AD34C3}><C:\WINDOWS\system32\swrcbzc.dll> []
<{35983698-1025-2685-5984-595778514653}><C:\WINDOWS\system32\wsjrczx.dll> [N/A]
<{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\system32\avwgemn.dll> [N/A]
<{97D81718-1314-5200-2597-587901018079}><C:\WINDOWS\system32\kaqhizy.dll> [N/A]
<{8D561258-45F3-A451-F908-A258458226D8}><C:\WINDOWS\system32\kvdxshma.dll> []
==================================
驱动程序
[XDva033 / XDva033][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\XDva033.sys><N/A>  (这个不知道什么)
==================================
正在运行的进程

[C:\WINDOWS\system32\swrcbzc.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxhma.dll] [N/A, ]
[C:\WINDOWS\system32\kvdxshma.dll] [N/A, ]

将下面三个改名，重启电脑，再做做吧。
C:\WINDOWS\system32\swrcbzc.dll
C:\WINDOWS\system32\kvdxhma.dll
C:\WINDOWS\system32\kvdxshma.dll


不知道又过这一阵有没又下载。

【回复“天月来了”的帖子】

上面启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><swrcbzc.dll> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{634345F1-DACF-3452-CB7D-4620F34A1536}><C:\WINDOWS\system32\rsztfpm.dll> [N/A]
<{38907901-1416-3389-9981-372178569983}><C:\WINDOWS\system32\kawdczy.dll> [N/A]
<{8C87A354-ABC3-DEDE-FF33-3213FD7447C8}><C:\WINDOWS\system32\kvdxhma.dll> []
<{7E32FA58-3453-FA2D-BC49-F340348ACCE7}><C:\WINDOWS\system32\rsmygpm.dll> [N/A]
<{38847374-8323-FADC-B443-4732ABCD3783}><C:\WINDOWS\system32\sidjczy.dll> [N/A]
<{6859245F-345D-BC13-AC4F-145D47DA34F6}><C:\WINDOWS\system32\avzxfmn.dll> [N/A]
<{378A7521-FA87-34AB-34C2-4893F3AD34C3}><C:\WINDOWS\system32\swrcbzc.dll> []
<{35983698-1025-2685-5984-595778514653}><C:\WINDOWS\system32\wsjrczx.dll> [N/A]
<{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\system32\avwgemn.dll> [N/A]
<{97D81718-1314-5200-2597-587901018079}><C:\WINDOWS\system32\kaqhizy.dll> [N/A]
<{8D561258-45F3-A451-F908-A258458226D8}><C:\WINDOWS\system32\kvdxshma.dll> []
这些是要删除的吗 ????????????
下面的文件应该怎么改名啊?