下了一个电影,但是删不掉,CPU总是占50%以上,删不掉也打不开的文件,肯定是病毒,但是又不知道是什么毒!

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + Win32 Services
    + HKLM\System\CurrentControlSet\Services
      aspnet_state
        [A ] 1. c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
      Ati HotKey Poller
        [AM] 2. c:\windows\system32\ati2evxx.exe
      ATI Smart
        [A ] 3. c:\windows\system32\ati2sgag.exe
      clr_optimization_v2.0.50727_32
        [A ] 4. c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
      EPSONStatusAgent2
        [AM] 5. c:\program files\common files\epson\ebapi\sagent2.exe
      ForceWare Intelligent Application Manager (IAM)
        [AM] 6. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe
      ForcewareWebInterface
        [AM] 7. c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
      gusvc
        [A ] 8. c:\program files\google\common\google updater\googleupdaterservice.exe
      nSvcIp
        [AM] 9. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
      nSvcLog
        [AM] 10. c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
      ose
        [A ] 11. c:\program files\common files\microsoft shared\source engine\ose.exe
      RsCCenter
        [A ] 12. c:\program files\rising\rav\ccenter.exe
      RsRavMon
        [A ] 13. c:\program files\rising\rav\ravmond.exe
  + Kernel Drivers
    + HKLM\System\CurrentControlSet\Services
      BaseTDI
        [A ] 14. c:\windows\system32\drivers\basetdi.sys
      ENTECH
        [A ] 15. c:\windows\system32\drivers\entech.sys
      ExpScaner
        [A ] 16. c:\program files\rising\rav\expscan.sys
      HDAudBus
        [A ] 17. c:\windows\system32\drivers\hdaudbus.sys
      HookCont
        [A ] 18. c:\program files\rising\rav\hookcont.sys
      HookReg
        [A ] 19. c:\program files\rising\rav\hookreg.sys
      HookSys
        [A ] 20. c:\program files\rising\rav\hooksys.sys
      IntcAzAudAddService
        [A ] 21. c:\windows\system32\drivers\rtkhdaud.sys
      MEMSCAN
        [A ] 22. c:\program files\rising\rav\memscan.sys
      nvata
        [A ] 23. c:\windows\system32\drivers\nvata.sys
      NVENETFD
        [A ] 24. c:\windows\system32\drivers\nvenetfd.sys
      nvnetbus
        [A ] 25. c:\windows\system32\drivers\nvnetbus.sys
      NVTCP
        [A ] 26. c:\windows\system32\drivers\nvtcp.sys
      RsAntiSpyware
        [A ] 27. c:\windows\system32\drivers\rsboot.sys
      RsNTGDI
        [A ] 28. c:\windows\system32\drivers\rsntgdi.sys
      RSPPSYS
        [A ] 29. c:\program files\rising\rav\rsppsys.sys
      Secdrv
        [A ] 30. c:\windows\system32\drivers\secdrv.sys
      Tcpip
        [A ] 31. c:\windows\system32\drivers\tcpip.sys
      TesSafe
        [A ] 32. c:\windows\system32\tessafe.sys
      WINIO
        [A ] 33. g:\winio.sys
  + Winlogon
    + HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
      AtiExtEvent
        [AM] 34. c:\windows\system32\ati2evxx.dll
    + HKCU\Control Panel\Desktop
      Scrnsave.exe
        [A ] 35. c:\windows\system32\夜光时钟屏保.scr
  + Internet Explorer
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
        [A ] 36. c:\windows\system32\kakatool.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {00000AAA-A363-466E-BEF5-9BB68697AA7F}
        [AM] 37. e:\program files\thunder network\webthunder\webthunderbho_now.dll
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 38. e:\program files\浩方对战平台\gameclient.exe
  + Explorer
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      application/octet-stream
        [AM] 39. c:\windows\system32\mscoree.dll
      application/x-complus
        [AM] 39. c:\windows\system32\mscoree.dll
      application/x-msdownload
        [AM] 39. c:\windows\system32\mscoree.dll
      text/xml
        [A ] 40. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 41. c:\windows\system32\hticons.dll
      ContextBG
        [AM] 42. c:\windows\system32\contextbg.dll
      ShellLink for Application References
        [A ] 43. c:\windows\system32\dfshim.dll
      Shell Icon Handler for Application References
        [A ] 43. c:\windows\system32\dfshim.dll
      Catalyst Context Menu extension
        [AM] 44. c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll
      WinRAR shell extension
        [AM] 45. c:\program files\winrar\rarext.dll
      Microsoft Office HTML Icon Handler
        [AM] 46. c:\program files\microsoft office\office11\msohev.dll
      Web Folders
        [A ] 47. c:\program files\common files\microsoft shared\web folders\msonsext.dll
      RISING
        [AM] 48. c:\windows\system32\ravext.dll
      Shell Extensions for RealOne Player
        [AM] 49. e:\program files\real\realplayer\rpshell.dll
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
        [AM] 50. c:\windows\system32\shlhook.dll
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 48. c:\windows\system32\ravext.dll
  + Logon
    + HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      StartCCC
        [A ] 51. c:\program files\ati technologies\ati.ace\core-static\clistart.exe
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Vistadrv
        [A ] 52. c:\windows\resources\themes\vistadrv\vsdrv.exe
      RTHDCPL
        [AM] 53. c:\windows\rthdcpl.exe
      Alcmtr
        [A ] 54. c:\windows\alcmtr.exe
      RavTask
        [A ] 55. c:\program files\rising\rav\ravtask.exe
      runeip
        [AM] 56. c:\program files\rising\antispyware\runiep.exe
      StormCodec_Helper
        [A ] 57. e:\program files\ringz studio\storm codec\stormset.exe
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 58. c:\program files\rising\antispyware\runonce.exe
  + Boot Execute
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 59. c:\windows\system32\bsmain.exe
        [A ] 60. c:\windows\system32\kknative.exe
  + Image Hijacks
    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
      htmlfile\Print\Command
        [A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
      htmlfile\Print\Command
        [A ] 61. c:\program files\microsoft office\office11\msohtmed.exe
    + HKCR\.mp3
      RealPlayer.MP3.6\open\Command
        [A ] 62. e:\program files\real\realplayer\realplay.exe
  + Print Monitor
    + HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
      EPSON V5 2KMonitor
        [AM] 63. c:\windows\system32\ebpmon2.dll
+ 其他自启动项目
  + C:\Documents and Settings\sss\「开始」菜单\程序\启动
    腾讯QQ.lnk
      [AM] 64. e:\program files\tencent\qq\qq.exe
  + C:\Documents and Settings\All Users\「开始」菜单\程序\启动
    EPSON Status Monitor 3 Environment Check 2.lnk
      [A ] 65. c:\windows\system32\spool\drivers\w32x86\3\e_srcv02.exe
    Microtek 扫描仪探测器.lnk
      [AM] 66. c:\program files\microtek\scanwizard 5\scannerfinder.exe

活动模块
  + 000000c8(200) SAgent2.exe
    00400000[00018000]
      [AM] 5. c:\program files\common files\epson\ebapi\sagent2.exe
    10000000[00025000]
      [ M] 67. c:\windows\system32\ebapi2.dll
    00FB0000[0003D000]
      [ M] 68. c:\program files\common files\epson\ebapi\ebplpt.dll
  + 00000110(272) ccc.exe
    00400000[0000E000]
      [ M] 69. c:\program files\ati technologies\ati.ace\core-static\ccc.exe
    79000000[00045000]
      [AM] 39. c:\windows\system32\mscoree.dll
    79E70000[00561000]
      [ M] 70. c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
    790C0000[00AE6000]
      [ M] 71. c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\50c16dc87cb1d94abfa0b5a01e0508fb\mscorlib.ni.dll
    5ADC0000[00037000]
      [ M] 72. c:\windows\system32\uxtheme.dll
    79060000[00053000]
      [ M] 73. c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
    7A440000[007BE000]
      [ M] 74. c:\windows\assembly\nativeimages_v2.0.50727_32\system\a457fff53a38e448affd43518f2eb290\system.ni.dll
    7ADE0000[00194000]
      [ M] 75. c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\66caaf9b806e3441a6f5d2620c471a43\system.drawing.ni.dll
    7AFD0000[00C86000]
      [ M] 76. c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3990b025c3cc1349818e85c66c0790a2\system.windows.forms.ni.dll
    51400000[0000C000]
      [ M] 77. c:\windows\assembly\gac_msil\ccc.implementation\2.0.2589.34834__90ba9c70f846762e\ccc.implementation.dll
    60C00000[0000C000]
      [ M] 78. c:\windows\assembly\gac_msil\log.foundation\2.0.2560.25959__90ba9c70f846762e\log.foundation.dll
    61400000[00008000]
      [ M] 79. c:\windows\assembly\gac_msil\mom.foundation\2.0.2560.25974__90ba9c70f846762e\mom.foundation.dll
    5FA00000[00010000]
      [ M] 80. c:\windows\assembly\gac_msil\cli.foundation\2.0.2560.25961__90ba9c70f846762e\cli.foundation.dll
    61000000[00008000]
      [ M] 81. c:\windows\assembly\gac_msil\log.foundation.implementation.private\2.0.2560.25982__90ba9c70f846762e\log.foundation.implementation.private.dll
    60E00000[00012000]
      [ M] 82. c:\windows\assembly\gac_msil\log.foundation.implementation\2.0.2589.34833__90ba9c70f846762e\log.foundation.implementation.dll
    67770000[0004C000]
      [ M] 83. c:\windows\assembly\gac_msil\system.runtime.remoting\2.0.0.0__b77a5c561934e089\system.runtime.remoting.dll
    61200000[0000C000]
      [ M] 84. c:\windows\assembly\gac_msil\log.foundation.private\2.0.2560.25964__90ba9c70f846762e\log.foundation.private.dll
    64890000[000EE000]
      [ M] 85. c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\53480915f3b2834eb8866b058770e893\system.configuration.ni.dll
    69BE0000[00568000]
      [ M] 86. c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\749b43e7cac7204395b5d3b1c06d551e\system.xml.ni.dll
    61600000[0001C000]
      [ M] 87. c:\windows\assembly\gac_msil\mom.implementation\2.0.2589.34834__90ba9c70f846762e\mom.implementation.dll
    5FE00000[0000A000]
      [ M] 88. c:\windows\assembly\gac_msil\cli.foundation.xmanifest\2.0.2560.26040__90ba9c70f846762e\cli.foundation.xmanifest.dll
    5EC00000[0001A000]
      [ M] 89. c:\windows\assembly\gac_msil\cli.component.runtime\2.0.2589.34533__90ba9c70f846762e\cli.component.runtime.dll
    5EE00000[0000C000]
      [ M] 90. c:\windows\assembly\gac_msil\cli.component.runtime.shared.private\2.0.2560.25980__90ba9c70f846762e\cli.component.runtime.shared.private.dll
    5FC00000[00008000]
      [ M] 91. c:\windows\assembly\gac_msil\cli.foundation.private\2.0.2560.25966__90ba9c70f846762e\cli.foundation.private.dll
    50E00000[0000C000]
      [ M] 92. c:\windows\assembly\gac_msil\aticccom\2.0.0.0__90ba9c70f846762e\aticccom.dll
    50200000[0000A000]
      [ M] 93. c:\windows\assembly\gac_msil\aem.foundation\2.0.2560.25960__90ba9c70f846762e\aem.foundation.dll
    50400000[0000C000]
      [ M] 94. c:\windows\assembly\gac_msil\aem.server\2.0.2589.34532__90ba9c70f846762e\aem.server.dll
    61A00000[0000A000]
      [ M] 95. c:\windows\assembly\gac_msil\newaem.foundation\2.0.2560.25964__90ba9c70f846762e\newaem.foundation.dll
    10000000[0001B000]
      [ M] 96. c:\program files\rising\antispyware\ieprot.dll
    50600000[00008000]
      [ M] 97. c:\windows\assembly\gac_msil\aem.server.shared\2.0.2560.25970__90ba9c70f846762e\aem.server.shared.dll
    04000000[0000C000]
      [ M] 98. c:\windows\assembly\gac_msil\aem.plugin.source.kit.server\2.0.2589.34878__90ba9c70f846762e\aem.plugin.source.kit.server.dll
    04020000[00008000]
      [ M] 99. c:\windows\assembly\gac_msil\aem.plugin.dppe.shared\2.0.2560.26010__90ba9c70f846762e\aem.plugin.dppe.shared.dll
    60600000[0000E000]
      [ M] 100. c:\windows\assembly\gac_msil\dem.graphics.i0601\2.0.2537.29860__90ba9c70f846762e\dem.graphics.i0601.dll
    60200000[00008000]
      [ M] 101. c:\windows\assembly\gac_msil\dem.foundation\2.0.2531.19989__90ba9c70f846762e\dem.foundation.dll
    60400000[00008000]
      [ M] 102. c:\windows\assembly\gac_msil\dem.graphics\2.0.2560.25997__90ba9c70f846762e\dem.graphics.dll
    51000000[0004E000]
      [ M] 103. c:\program files\ati technologies\ati.ace\core-implementation\atidemgx.dll
    67510000[0005E000]
      [ M] 104. c:\windows\assembly\gac_msil\system.management\2.0.0.0__b03f5f7f11d50a3a\system.management.dll
    6A300000[0000A000]
      [ M] 105. c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
    5C400000[0003A000]
      [ M] 106. c:\windows\assembly\gac_msil\cli.caste.graphics.runtime\2.0.2589.34534__90ba9c70f846762e\cli.caste.graphics.runtime.dll
    5C800000[00010000]
      [ M] 107. c:\windows\assembly\gac_msil\cli.caste.graphics.shared\2.0.2560.25971__90ba9c70f846762e\cli.caste.graphics.shared.dll
    50000000[0000A000]
      [ M] 108. c:\windows\assembly\gac_msil\ace.graphics.displaysmanager.shared\2.0.2531.19989__90ba9c70f846762e\ace.graphics.displaysmanager.shared.dll
    60A00000[00008000]
      [ M] 109. c:\windows\assembly\gac_msil\dem.os.i0602\2.0.2560.26001__90ba9c70f846762e\dem.os.i0602.dll

文字太多了,还是看TXT文件吧...老是复制不上来!