12   1  /  2  页   跳转

[求助] 各位大虾救命啊~~~~

收藏
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-10 22:27 | 只看楼主 短消息 资料
字号: 1楼

各位大虾救命啊~~~~

大虾们,救命啊~~~~
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[McAfee Framework 服务 / McAfeeFramework][Stopped/Disabled]
  <><(File is missing)>
[MS Software Shadow Copy Provide / MS Software Shadow Copy Provide][Stopped/Auto Start]
  <><(File is missing)>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Remote Procedure Call Locator / RpcUsnsvc][Stopped/Auto Start]
  <><(File is missing)>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Windows_rejoice47 / Windows_rejoice47][Stopped/Auto Start]
  <><(File is missing)>
==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><N/A>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[ejbjaebf / ejbjaebf][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\ejbjaebf.sys><N/A>
[EntDrv51 / EntDrv51][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
  <System32\Drivers\FTCkillfile.sys><N/A>
[FTCProtect / FTCProtect][Stopped/Manual Start]
  <System32\Drivers\FTCProtect.sys><N/A>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[hookreg / hookreg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><SafeNet China Ltd.>
[Netpas Win32 Virtual Network Adapter / netpasadapter1][Running/Manual Start]
  <system32\DRIVERS\netpas.sys><Netpas>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
  <system32\drivers\NPF.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Motorola USB Device / P2k][Stopped/Manual Start]
  <system32\DRIVERS\P2k.sys><N/A>
[p2pfilter / p2pfilter][Stopped/Manual Start]
  <\??\C:\Program Files\p2pover\p2pfilter.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><SafeNet China Ltd.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SNIFFER Protocol Driver / Sniffer][Running/Auto Start]
  <system32\DRIVERS\sniffer.sys><N/A>
[TorjanFW / TorjanFW][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\TFW.SYS><N/A>
[SafeNet MicroDog USB Device Driver / UsbC][Stopped/Manual Start]
  <System32\Drivers\rcusbwdm.sys><SafeNet China Ltd.>
[xFileMgr / xFileMgr][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yukonwxp.sys><Marvell Semiconductor Inc.>
[ywna / ywnal][Running/Boot Start]
  <\SystemRoot\system32\drivers\ywnal.syss><N/A>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><N/A>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[ZMHBAKYVYDHSPKDPAYYLEAAZOTYQMUQ / ZMHBAKYVYDHSPKDPAYYLEAAZOTYQMUQ][Running/Auto Start]
  <\??\D:\XXX的文件\应用软件\杀毒\首页巡警 V1.3 Build 0529\IEGuard.sys><DSW Lab>
==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder.exe, Thunder Networking Technologies,LTD>
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[]
  {0C7C23EF-A848-485B-873C-0ED954731014} <, >
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[]
  {4045D313-1D5E-4FE4-93A0-A34630B6A00B} <, >
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD\eREAD\WebHook.dll, (Signed) >
[]
  {6C1C7AF0-0DC2-4770-9B27-517416A85F3B} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\urlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[SecAddons Class]
  {AF69627B-8489-41C2-971A-B927DF7A5B0F} <D:\XXX的文件\应用软件\杀毒\超级巡警\SecAddons.dll, 超级巡警>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {C74E94A7-B7BD-4891-9328-455395BCC7AD} <, >
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)
分享到:
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-10 22:29 | 只看楼主 短消息 资料
字号: 2楼

回复:各位大虾救命啊~~~~

==================================
正在运行的进程
[PID: 464 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
[PID: 612 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 1280 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\CNMLM66.DLL]  [CANON INC., 1.80.2.70]
    [C:\WINDOWS\system32\hpzlnt09.dll]  [HP, 2.233.10.0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD66.DLL]  [CANON INC., 1.80.2.70]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1384 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1540 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1752 / Admin][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1848 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1948 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1976 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 1712 / Admin][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
[PID: 1624 / Admin][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.33]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 1816 / Admin][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 1924 / Admin][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2316 / Admin][C:\Program Files\Rising\AntiSpyware\knownsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 228 / Admin][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
[PID: 2708 / Admin][C:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 3, 2430]
    [C:\Program Files\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 216]
    [C:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 369]
    [C:\Program Files\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4082]
    [C:\Program Files\Maxthon2\MxExt.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 9]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Maxthon2\Plugin\NewsBar\NewsBar.dll]  [abc@home, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll]  [Maxthon International ltd., 1,0,0,1386]
    [C:\Program Files\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1259]
    [C:\Program Files\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [C:\Program Files\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 271]
    [C:\Program Files\Maxthon2\Plugin\News\News.dll]  [, 1.00]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Maxthon2\MxFav.dll]  [Maxthon International ltd., 1, 0, 0, 258]
[PID: 4032 / Admin][C:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 3, 2430]
    [C:\Program Files\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 216]
    [C:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 369]
    [C:\Program Files\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4082]
    [C:\Program Files\Maxthon2\MxExt.dll]  [N/A, ]
    [C:\Program Files\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 9]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Maxthon2\MxFav.dll]  [Maxthon International ltd., 1, 0, 0, 258]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
[PID: 3292 / Admin][D:\XXX的文件\应用软件\杀毒\sreng2-系统修复工程师\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 2744 / Admin][D:\XXX的文件\应用软件\杀毒\sreng2-系统修复工程师\SRE91156015.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [D:\XXX的文件\应用软件\杀毒\sreng2-系统修复工程师\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-10 22:31 | 只看楼主 短消息 资料
字号: 3楼

回复:各位大虾救命啊~~~~

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 2708, C:\PROGRAM FILES\MAXTHON2\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4032, C:\PROGRAM FILES\MAXTHON2\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3292, D:\XXX的文件\应用软件\杀毒\SRENG2-系统修复工程师\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]




十万火急啊,大虾们帮忙看看怎么解决啊~~~跪谢~~~
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-10 22:32 | 只看楼主 短消息 资料
字号: 4楼

回复:各位大虾救命啊~~~~

D:\XXX的文件\应用软件\杀毒\SRENG2-系统修复工程师\SRENGLDR.EXE]
其中XXX是本人的名字命名的文件夹~~~在这里用代号代替~~~谢谢
gototop
 
fillix
头像
飘泊而立狮
  • 帖子:771
  • 注册: 2008-07-05
  • 来自:
发表于: 2008-09-10 22:58 | 短消息 资料
字号: 5楼

回复: 各位大虾救命啊~~~~

1.用XDelBox删除以下文件:(XDelBox1.7版下载)
使用说明:先勾选抑制再生,删除时复制下面的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)

C:\WINDOWS\system32\drivers\ejbjaebf.sys
C:\WINDOWS\system32\drivers\TFW.SYS
C:\WINDOWS\system32\drivers\ywnal.syss

C:\WINDOWS\system32\Drivers\xFileMgr.sys(这个上传http://www.virscan.org/检测一下,有问题也删了)

2.删除重启后使用SREng修复下面各项

启动项目--服务--驱动程序  删除:

[ejbjaebf / ejbjaebf][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\ejbjaebf.sys><N/A>

[TorjanFW / TorjanFW][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\TFW.SYS><N/A>

[ywna / ywnal][Running/Boot Start]
  <\SystemRoot\system32\drivers\ywnal.syss><N/A>

[xFileMgr / xFileMgr][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\xFileMgr.sys><N/A>(如果上面检测那个有问题就把这个删了)


下载 windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip
Xdelbox使用方法
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-11 10:07 | 只看楼主 短消息 资料
字号: 6楼

回复:各位大虾救命啊~~~~

非常感谢,先试一下~
gototop
 
非拉鐵非
头像
锋芒艾服狮
  • 帖子:1810
  • 注册: 2007-07-08
  • 来自:
论坛8周年活动礼物论坛9周年纪念
发表于: 2008-09-11 10:22 | 短消息 资料
字号: 7楼

回复: 各位大虾救命啊~~~~



引用:
原帖由 戅爽 于 2008-9-11 10:07:00 发表
非常感谢,先试一下~


关于病毒求助帖
1. 发帖时主题鲜明,能简明突出问题的特征,不要发什么“求助”“大侠帮忙啊”什么的帖子,这种标题无助于您的问题的解决。
2.请尽量具体说明所遇到的问题,如中毒症状,病毒名称和路径等信息,不要只附上一个log(日志/报告)或者某个杀毒软件报告的病毒名。不能用文字表达清楚的可以截图贴出(上传图片),尽可能地将问题和遇到的情况说明清楚描述具体,以方便能够较快速地得到较合适的解答,提高工作效率特别提醒:为了更有效率解决你的问题,请务必在帖子中提供更多资料,详细叙述你遇到的问题。一个无头无脑的提问不会得到有效的回答,包括那些没有描述,只简单地贴出扫描Log式帖子)
3.发求助帖的必要内容:
相关的病毒报告(专业反病毒软件处理的结果)
病毒/可疑文件所在目录的位置(完整路径)
病毒名称
日志(log)等辅助信息
4. 如果您发表的求助帖没有人回复或没有得到及时回复,请见谅,由于论坛本身的特性,所以即时性不是很强。

LZ为什么不看版规呢
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-11 10:54 | 只看楼主 短消息 资料
字号: 8楼

回复:各位大虾救命啊~~~~

老大,我用http://www.virscan.org/检测一下,
C:\WINDOWS\system32\drivers\ejbjaebf.sys       
C:\WINDOWS\system32\drivers\TFW.SYS
C:\WINDOWS\system32\drivers\ywnal.syss
C:\WINDOWS\system32\Drivers\xFileMgr.sys
1.3.4都显示ERROR: 没有找到上载的文件!请检查您的网络!而且在C:\WINDOWS\system32\drivers\也没有这些文件(已经把隐藏的受保护文件点掉)
2显示1/36认为是病毒,这怎么办啊?
gototop
 
戅爽
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2008-09-09
  • 来自:
发表于: 2008-09-11 10:55 | 只看楼主 短消息 资料
字号: 9楼

回复:各位大虾救命啊~~~~

VirSCAN.org Scanned Report :
Scanned time  : 2008/09/11 10:46:10 (CST)
Scanner results: 3%的杀软(1/36)报告发现病毒
File Name      : TFW.SYS
File Size      : 14852 byte
File Type      : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5            : 781b45319059badeca23ae7b8446c47a
SHA1          : c964f44931bfd858c3e5ce269a3075574da515a3
Online report  : http://virscan.org/report/cbc02ce7e52823f95a83ce7dba97fe49.html

Scanner        Engine Ver      Sig Ver          Sig Date    Time  Scan result
a-squared      4.0.0.14        2008.09.10        2008-09-10  1.42  -
安博士V3      2008.09.11.00  2008.09.11        2008-09-11  0.89  -
AntiVir        7.8.1.28        7.0.6.143        2008-09-10  2.28  -
Arcavir        1.0.5          200809101308      2008-09-10  1.20  -
AVAST!        3.0.1          080910-0          2008-09-10  0.00  -
AVG            7.5.52.442      270.6.19/1665    2008-09-10  1.56  -
BitDefender    7.60825.1750534 7.20887          2008-09-11  3.09  -
CA (VET)      9.0.0.143      31.6.6083        2008-09-10  6.21  -
ClamAV        0.94            8210              2008-09-11  0.01  -
Comodo        2.11            2.0.0.642        2008-09-10  0.42  -
CP Secure      1.1.0.715      2008.09.10        2008-09-10  7.02  -
Dr.Web        4.44.0.9170    2008.09.10        2008-09-10  3.17  -
ewido          4.0.0.2        2008.09.10        2008-09-10  4.05  -
F-Prot        4.4.4.56        20080910          2008-09-10  1.02  -
F-Secure      5.51.6100      2008.09.10.08    2008-09-10  0.04  -
飞塔          2.81-3.113      9.535            2008-09-10  0.18  Suspicious
ViRobot        20080910        2008.09.10        2008-09-10  0.40  -
Ikarus        T3.1.01.34      2008.09.10.71432  2008-09-10  3.42  -
江民杀毒      11.0.706        2008.09.10        2008-09-10  1.52  -
卡巴斯基      5.5.10          2008.09.11        2008-09-11  0.03  -
金山毒霸      2008.1.14.15    2008.9.10.20      2008-09-10  0.63  -
迈克菲        5.3.00          5381              2008-09-10  1.76  -
Microsoft      1.3903          2008.09.11        2008-09-11  3.90  -
mks_vir        2.01            2008.09.10        2008-09-10  2.85  -
Norman        5.93.01        5.93.00          2008-09-10  5.12  -
熊猫卫士      9.05.01        2008.09.10        2008-09-10  1.95  -
趋势科技      8.700-1004      5.534.09          2008-09-10  0.02  -
Quick Heal    9.50            2008.09.10        2008-09-10  1.95  -
瑞星          20.0            20.61.22.00      2008-09-10  0.87  -
Sophos        2.78.0          4.33              2008-09-11  1.77  -
Sunbelt        3.1.1616.1      2222              2008-09-09  0.46  -
赛门铁克      1.3.0.24        20080910.003      2008-09-10  0.07  -
nProtect      2008-09-10.00  2097573          2008-09-10  4.27  -
The Hacker    6.3.0.9        v00078            2008-09-10  0.44  -
VBA32          3.12.8.5        20080910.0550    2008-09-10  1.23  -
VirusBuster    4.5.11.10      10.87.8/623956    2008-09-10  0.81  -
gototop
 
q306951672
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2008-09-10
  • 来自:
发表于: 2008-09-11 11:05 | 短消息 资料
字号: 10楼

回复:各位大虾救命啊~~~~

病毒...最好能进安全模式,然后用5楼的方法.
一方有难,八方支援!
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT