火影里鸣人的母亲是谁?死了吗?
火影里鸣人的母亲是谁?死了吗? 5
漩涡玖辛奈.& 死掉了，是上代九尾人柱力，在生鸣人的时候封印减弱，被斑把九尾弄出来了。
因为是漩涡一族。以封印出名的。所以九尾被抽离了也没有马上死掉，还封印了一些查克拉在鸣人体内。
那鸣人母亲厉害吗,她的忍术是什么?
貌似很厉害，因为鸣人之后说了一句話。我要成为比爸爸更帅气。比妈妈更厉害的忍着。但是具体什么忍术就没说了。
其他回答 (10)
&&&&&&漩涡玖辛奈&&&&&&&&&&&&
&她和4代一样，是把自己的查克拉封印在鸣人体内，然后在该出现的时候出来1次，但也只能出来1次，因为他们已经死了，查克拉用完了就没有了鸣人母亲在漫画497出场，在504消失
死了，以前是九尾的人柱力，叫什么我忘了
&& 是四代火影的老婆`死了
鸣人的妈妈生下他没多久就在和九尾一战中牺牲了鸣人的妈妈是三代的女儿
漩涡玖辛奈&&
漩涡玖辛奈&&&&&&&&&&
上一代九尾人柱力&&&&& 会运用九尾之链
&
名字叫..漩涡玖辛奈
将九尾封印的时候死了
在漫画中出现过一次，497话吧，
之后就消失了。
死了啊，是一个红头发的美女，名字忘了，谁叫配角容易让人忘呢？
她和鸣人一样，立志成为木叶第一个女火影
然后一群忍者盯上了她体内的九尾的能力，把它拐跑了，然后他留下自己的红头发，然后就是鸣人的爸爸风波水门注意到了，把它救了出来，之后就一见钟情
然后在鸣人对抗九尾的时候，是她把失控的鸣人平静下来
然后，在他生鸣人的时候，宇智波斑捣乱，把它九尾给释放出来了，可是那时候九尾还在他体内- - 之后水门和奈奈子就死了
漩涡玖辛奈，帮助鸣人收服九尾后死去........
漩涡玖辛奈 已故死因：死亡原因：在刚刚分娩后（封印最弱的时刻）遭到神秘面具男（宇智波斑）偷袭，被强行抽出尾兽。之后在极度虚弱的情况下仍坚持着与击退了面具男的水门合力对付九尾。本想与九尾同归于尽，但水门另有打算，因为水门相信鸣人会是能够改变世界的预言之子，并希望鸣人能够使用九尾的力量彻底打败面具男。之后水门先用尸鬼封尽封印了九尾阴性查克拉，然后准备用八卦封印将自己和妻子最后的查克拉以及九尾剩下的阳性查克拉一并封印到鸣人体内（为了能与鸣人相见，并能在最关键时刻帮助鸣人）。九尾发觉水门的意图后欲杀死鸣人，被水门玖辛奈夫妇拼死挡下。封印仪式完成后，水门的灵魂被死神吞噬，玖辛奈则因产后虚弱再加上尾兽被抽以及伤势过重，最终夫妻二人携手共赴黄泉……
&
&在漫画497话里鸣人试图控制九尾，与九尾大战，眼见得手却反被九尾憎恨意志侵蚀，就在快要被憎恨吞噬的危急关头，玖辛奈出现了（和漫画440话里水门的出现一样，都是由封印设定程序启动）。已经被憎恨侵蚀了一半的鸣人心志大乱，误 一直以来，我多么想见到你的样子呀，妈妈!
把玖辛奈当作九尾本体。但当之后鸣人终于认出眼前的正是自己的母亲时，一把将其紧紧抱住，哭泣。见到母亲的样子是鸣人十几年来的愿望，而当他真的见到了母亲时，虽然悲伤委屈的情绪一股脑涌上心头，但又由衷地感到高兴，先前内心被憎恨侵蚀所产生的黑暗也顿时烟消云散。
在504话的最后回忆结束时，玖辛奈抹着眼泪向鸣人道歉，鸣人微笑着说完全不用，虽然他作为人柱力之前活得很辛苦，也一直没有感受过父母之爱，但他从未责怪过父母，而且现在他也已经体会到了父母的伟大。正像水户所说的一样，父母的爱早在九尾被封印之前就将鸣人填满了。鸣人用他那经典的笑容告诉自己的母亲：“能成为你们的孩子，真是太好了！” 让玖辛奈的泪水再度滚涌而出。查克拉就要耗尽 “能成为你们的儿子，真是太好了!”
了，玖辛奈的身体开始消散，她再度拥抱鸣人，并表示感谢鸣人能够理解他们，之后在鸣人面前消失。长达7话的感人亲子剧最终在鸣人的眼泪中落下帷幕。
详见百度词条
漩涡玖辛奈. 死掉了，是上一任的九尾人柱力，在生鸣人的时候封印减弱，被斑用写轮眼控制了九尾抽出了身体，但没马上死去，最后在四代封住九尾的时候把她的查克拉也封了进去
等待您来回答
动漫领域专家【求助】[C:\WINDOWS\system32\winlib .dll]病毒模块IceSword下看不见
瑞星卡卡安全论坛
fhwiedgf -
15:11:00冰刃也被感染了好几天了没解决 这毒一天比一天厉害求高手帮我看一下启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&& [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &load&&&& [N/A]& & &run&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& & &IMJPMIG8.1&&; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32&& [(Verified)Microsoft Windows Publisher]& & &PHIME2002ASync&&; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC&& [(Verified)Microsoft Windows XP Publisher]& & &PHIME2002A&&; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName&& [(Verified)Microsoft Windows Publisher]& & &SoundMan&&SOUNDMAN.EXE&& [Realtek Semiconductor Corp.]& & &nwiz&&; nwiz.exe /install&& [NVIDIA Corporation]& & &SKYNET Personal FireWall&&C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe&& [广州众达天网技术有限公司]& & &TkBellExe&&; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"& -osboot&& [RealNetworks, Inc.]& & &StormCodec_Helper&&"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti&& []& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&& [N/A]& & &ISUSPM Startup&&; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup&& [InstallShield Software Corporation]& & &ISUSScheduler&&; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start&& [InstallShield Software Corporation]& & &HDCSP RegCertTool&&; C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe&& [CIDC]& & &BigDogPath&&C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera&& [N/A]& & &WangWang&&; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"&& [淘宝（中国）软件有限公司]& & &RavTask&&"C:\Program Files\Rising\Rav\RavTask.exe" -system&& [Beijing Rising Technology Co., Ltd.]& & &runeip&&; C:\Program Files\Rising\AntiSpyware\runiep.exe&& [Beijing Rising Technology Co., Ltd.]& & &CdnCtr&&C:\Program Files\CNNIC\Cdn\cdnup.exe&& [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]& & &RavStub&&"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE&& [Beijing Rising Technology Co., Ltd.][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]& & &twin&&C:\WINDOWS\system32\twunk32.exe&& [Microsoft Corporation][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &shell&&EXPLORER.EXE&& [(Verified)Microsoft Windows Publisher]& & &Userinit&&C:\WINDOWS\system32\UserInit.exe,&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &AppInit_DLLs&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &UIHost&&logonui.exe&& [(Verified)Microsoft Windows Publisher]==================================启动文件夹[ADSL拨号王]& &C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ADSL拨号王.lnk --& C:\PROGRA~1\ADSL拨~1\HelloNet.exe [HelloNet]&&N&[QQ游戏启动加速程序]& &C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --& F:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]&&H&==================================服务[SNDA EZPLAY Update Service / EZPLAYUpdate][Running/Auto Start]& &"F:\Program Files\EZPLAY\AutoUpdate\EZPUSvc.exe"&&Shanda Networking Co.,Ltd&[Human Interface Device Access / HidServ][Stopped/Disabled]& &C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]& &C:\WINDOWS\System32\nvsvc32.exe&&NVIDIA Corporation&[Rising Process Communication Center / RsCCenter][Running/Auto Start]& &"C:\Program Files\Rising\Rav\CCenter.exe"&&Beijing Rising Technology Co., Ltd.&[Rising RealTime Monitor / RsRavMon][Running/Auto Start]& &"C:\Program Files\Rising\Rav\Ravmond.exe"&&Beijing Rising Technology Co., Ltd.&[WebPrint / WebPrint][Stopped/Auto Start]& &c:\windows\system32\webprint.exe&&Microsoft Corporation&
fhwiedgf -
15:11:00驱动程序[acpidisk / acpidisk][Running/Auto Start]& &\??\C:\WINDOWS\system32\drivers\acpidisk.sys&&N/A&[ADProt / ADProt][Stopped/System Start]& &\SystemRoot\system32\drivers\ADProt.sys&&腾讯科技（深圳）有限公司&[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]& &system32\drivers\ALCXSENS.SYS&&Sensaura Ltd&[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]& &system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&[Rising TDI Base Driver / BaseTDI][Running/Auto Start]& &System32\DRIVERS\BaseTDI.SYS&&Beijing Rising Technology Co., Ltd.&[HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]& &system32\DRIVERS\brpppoe.sys&&N/A&[Closed Caption Decoder / CCDECODE][Stopped/Manual Start]& &system32\DRIVERS\CCDECODE.sys&&N/A&[cdnprot / cdnprot][Stopped/Boot Start]& &\SystemRoot\system32\drivers\cdnprot.sys&&中国互联网络信息中心(CNNIC)&[Ctrl2cap / Ctrl2cap][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\drivers\Ctrl2cap.sys&&N/A&[EagleNT / EagleNT][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\drivers\EagleNT.sys&&N/A&[ExpScaner / ExpScaner][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\ExpScan.sys&&&[GR / GR][Stopped/Manual Start]& &\??\F:\下载\ZE\zenosengine\GR.sys&&N/A&[HDHOOK / HDHOOK][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\Drivers\HdHook.sys&&rockhard&[HookCont / HookCont][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HOOKCONT.sys&&Rising&[HookReg / HookReg][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HookReg.sys&&&[HookSys / HookSys][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HookSys.sys&&Rising&[IdeBusDr / IdeBusDr][Running/Boot Start]& &\SystemRoot\System32\DRIVERS\IdeBusDr.sys&&Intel Corporation&[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]& &\SystemRoot\System32\DRIVERS\IdeChnDr.sys&&Intel Corporation&[iinrekc / iinrekc][Running/Boot Start]& &\SystemRoot\system32\drivers\iinrekc.sys&&&[KbdSimu / KbdSimu][Running/Manual Start]& &system32\DRIVERS\KbdSimu.drx&&N/A&[LvkeKill16 / LvkeKill16][Stopped/Manual Start]& &\??\F:\下载\冒险之星1.42测试四\lvke.sys&&N/A&[LvkeKNLA / LvkeKNLA][Stopped/Manual Start]& &\??\C:\Windows\System32\LvkeKNL.sys&&N/A&[MEMSCAN / MEMSCAN][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\MEMSCAN.sys&&瑞星软件有限公司&[MSBios / MSBios][Running/Boot Start]& &\SystemRoot\System32\Drivers\MSBios.sys&&&[NABTS/FEC VBI Codec / NABTSFEC][Stopped/Manual Start]& &system32\DRIVERS\NABTSFEC.sys&&N/A&[Microsoft TV/Video Connection / NdisIP][Stopped/Manual Start]& &system32\DRIVERS\NdisIP.sys&&N/A&[npkcrypt / npkcrypt][Stopped/Auto Start]& &\??\F:\Program Files\Tencent\QQ\npkcrypt.sys&&N/A&[npkycryp / npkycryp][Stopped/Manual Start]& &\??\F:\Program Files\Tencent\QQ\npkycryp.sys&&N/A&[nv / nv][Running/Manual Start]& &System32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&[oreans32 / oreans32][Running/System Start]& &\??\C:\WINDOWS\system32\drivers\oreans32.sys&&N/A&[Direct Parallel Link Driver / Ptilink][Running/Manual Start]& &System32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&[rcoijep / rcoijep][Running/Boot Start]& &\SystemRoot\\SystemRoot\System32\drivers\rcoijep.sys&&N/A&[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]& &\SystemRoot\system32\drivers\RsBoot.sys&&Beijing Rising&[RsNTGDI / RsNTGDI][Running/Boot Start]& &\SystemRoot\system32\Drivers\RsNTGdi.sys&&Beijing Rising Technology Co., Ltd.&[RSPPSYS / RSPPSYS][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\RSPPSYS.sys&&Rising&[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]& &System32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&[saruen / saruen][Stopped/Manual Start]& &\??\F:\下载\Kaspersky_Engine_2\saruen.sys&&N/A&[Secdrv / Secdrv][Stopped/Manual Start]& &System32\DRIVERS\secdrv.sys&&N/A&[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]& &\SystemRoot\System32\drivers\sfdrv01.sys&&Protection Technology&[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfhlp02.sys&&Protection Technology&[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfsync02.sys&&Protection Technology&[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfvfs02.sys&&Protection Technology&[SKNFW / SKNFW][Running/System Start]& &\??\C:\WINDOWS\system32\Drivers\SKNFW.sys&&N/A&[SkyProcs / SkyProcs][Stopped/Manual Start]& &\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys&&N/A&[BDA Slip De-Framer / SLIP][Stopped/Manual Start]& &system32\DRIVERS\SLIP.sys&&N/A&[BDA IPSink / streamip][Stopped/Manual Start]& &system32\DRIVERS\StreamIP.sys&&N/A&[Bubblefish 100 Enternet Virtual Adapter / TAP][Stopped/Manual Start]& &system32\DRIVERS\VNetWorkXP.sys&&陈伟&[TVicHW32 / TVicHW32][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS&&EnTech Taiwan&[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]& &system32\DRIVERS\WSTCODEC.SYS&&N/A&[xp1 / xp1][Stopped/Manual Start]& &\??\F:\下载\xpengine\xp.sys&&N/A&[XTrapD12 / XTrapD12][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\XTrapD12.sys&&N/A&[zenos1 / zenos1][Stopped/Manual Start]& &\??\F:\下载\Zenos Engine\zenos.sys&&N/A&[zenx1 / zenx1][Stopped/Manual Start]& &\??\F:\下载\fcz1119\fcz\zenx.sys&&N/A&[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]& &System32\Drivers\usbVM31b.sys&&VM&==================================浏览器加载项[IeCatch5 Class]& {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet&[Info cache]& {385AB8C6-FB22-4D17-BA0A6F0} &C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司&[BitComet Helper]& {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet&[CdnForIE Class]& {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} &C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC&[超级兔子上网精灵]& {B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[浩方对战平台]& {0A155D3C-68E2-4215-A47A-E800A446447A} &F:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司&[CdnForIE Class]& {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} &C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC&[QQ]& {c95fe080-8f5d-11d2-a20b-00aa003c157b} &F:\Program Files\Tencent\QQ\QQ.EXE, N/A&[FlashGet Bar]& {E0E899AB-F487-11D5-8D29-E3} &C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft&[超级兔子上网精灵]& {4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[CEditCtrl Object]& {488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\AliEdit.dll, &[WUWebControl Class]& {6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation&[CPPMediaCtrl Object]& {FCD6ADD-88E5-9AF} &C:\WINDOWS\system32\forcetv.dll, forcepp&[IeCatch5 Class]& {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet&[Info cache]& {385AB8C6-FB22-4D17-BA0A6F0} &C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司&[BitComet Helper]& {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet&[超级兔子上网精灵]& {4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[CdnForIE Class]& {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} &C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC&[超级兔子上网精灵]& {B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.&[CPPMediaCtrl Object]& {FCD6ADD-88E5-9AF} &C:\WINDOWS\system32\forcetv.dll, forcepp&[&使用BitComet下载]& &res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A&[&使用BitComet下载全部链接]& &res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A&[&使用BitComet下载本页视频]& &res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A&[上传到QQ网络硬盘]& &F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A&[使用网际快车下载]& &C:\Program Files\FlashGet\jc_link.htm, N/A&[使用网际快车下载全部链接]& &C:\Program Files\FlashGet\jc_all.htm, N/A&[添加到QQ自定义面板]& &F:\Program Files\Tencent\QQ\AddPanel.htm, N/A&[添加到QQ表情]& &F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A&[用QQ彩信发送该图片]& &F:\Program Files\Tencent\QQ\SendMMS.htm, N/A&[访问通用网址]& &C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A&
fhwiedgf -
15:12:00正在运行的进程[PID: 464][\SystemRoot\System32\smss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 524][\??\C:\WINDOWS\system32\csrss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 548][\??\C:\WINDOWS\system32\winlogon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\msacm32.drv]& [Microsoft Corporation, 5.1.2600.0 (xpclient.8)]& & [C:\WINDOWS\system32\winlib .dll]& [N/A, ][PID: 1284][C:\WINDOWS\Explorer.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\msacm32.drv]& [Microsoft Corporation, 5.1.2600.0 (xpclient.8)]& & [C:\WINDOWS\System32\nvcpl.dll]& [NVIDIA Corporation, 6.14.10.7214]& & [C:\WINDOWS\system32\NVRSZHC.DLL]& [NVIDIA Corporation, 6.14.10.7214]& & [C:\WINDOWS\system32\EZHomeExtend.dll]& [, 1.0.0.118]& & [C:\WINDOWS\System32\nvshell.dll]& [NVIDIA Corporation, 6.14.10.10047]& & [C:\PROGRA~1\FLASHGET\jccatch.dll]& [FlashGet, 1, 1, 5, 0]& & [C:\Program Files\BitComet\tools\BitCometBHO.dll]& [BitComet, ]& & [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]& [CNNIC, 2, 0, 0, 2][PID: 1692][C:\WINDOWS\SOUNDMAN.EXE]& [Realtek Semiconductor Corp., 5.1.11][PID: 1720][C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe]& [广州众达天网技术有限公司, 3.0.0.1007]& & [C:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL]& [N/A, ]& & [C:\PROGRA~1\SKYNET\FIREWALL\SKYPROCSIO.DLL]& [N/A, ]& & [C:\PROGRA~1\SKYNET\FIREWALL\COMPRESSWRAP.DLL]& [N/A, ][PID: 1744][C:\WINDOWS\VM_STI.EXE]& [Vimicro, 4, 2, 1225, 6]& & [C:\WINDOWS\system32\msdmo.dll]& [, ][PID: 1824][C:\WINDOWS\system32\ctfmon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1888][C:\Program Files\ADSL拨号王\HNMainUI.exe]& [, 2, 3, 0, 1]& & [C:\Program Files\ADSL拨号王\HNKernel.dll]& [HelloNet, 2.2.0.1]& & [C:\Program Files\ADSL拨号王\HNUtils.dll]& [, 2, 2, 0, 1]& & [C:\Program Files\ADSL拨号王\HNRes_0804.dll]& [, 2, 2, 0, 1]& & [C:\Program Files\ADSL拨号王\plugins\Diagnose.dll]& [HelloNet, 2.2.0.1]==================================文件关联.TXT& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE& OK. ["%1" %*].COM& OK. ["%1" %*].PIF& OK. ["%1" %*].REG& OK. [regedit.exe "%1"].BAT& OK. ["%1" %*].SCR& OK. ["%1" /S].CHM& OK. ["C:\WINDOWS\hh.exe" %1].HLP& OK. [%SystemRoot%\system32\winhlp32.exe %1].INI& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS&
OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK& OK. [{0-}]==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件N/A==================================API HOOKN/A==================================隐藏进程& & [132] C:\WINDOWS\System32\alg.exe& & [1520] C:\Program Files\Internet Explorer\IEXPLORE.EXE& & [2460] C:\Program Files\Rising\Rav\Rav.exe& & [3060] c:\windows\system32\webpnt.exe& & [3780] C:\Program Files\WinRAR\WinRAR.exe& & [3824] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.609\SREng.EXE==================================[/CODE]
15:24:00【回复“fhwiedgf”的帖子】冰刃被感染了？重新下载个新的。你这电脑————乱！！ 不是一般的乱。1、禁止进程创建。2、卸除插入到下列进程中的病毒模块C:\WINDOWS\system32\winlib .dll[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe]3、结束下列隐藏进程：[132] C:\WINDOWS\System32\alg.exe[1520] C:\Program Files\Internet Explorer\IEXPLORE.EXE[2460] C:\Program Files\Rising\Rav\Rav.exe[3060] c:\windows\system32\webpnt.exe[3780] C:\Program Files\WinRAR\WinRAR.exe[3824] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.609\SREng.EXE4、删除下列启动项、服务项、驱动项：[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]&twin&&C:\WINDOWS\system32\twunk32.exe& [Microsoft Corporation]服务[WebPrint / WebPrint][Stopped/Auto Start]&c:\windows\system32\webprint.exe&&Microsoft Corporation&驱动[oreans32 / oreans32][Running/System Start]&\??\C:\WINDOWS\system32\drivers\oreans32.sys&&N/A&5、删除上述各启动项、服务项、驱动项指向的文件。6、取消IceSword的“禁止进程创建”。下列驱动，我不认识。怎么处理？自己决定。[GR / GR][Stopped/Manual Start]&\??\F:\下载\ZE\zenosengine\GR.sys&&N/A&[iinrekc / iinrekc][Running/Boot Start]&\SystemRoot\system32\drivers\iinrekc.sys&&&[LvkeKill16 / LvkeKill16][Stopped/Manual Start]&\??\F:\下载\冒险之星1.42测试四\lvke.sys&&N/A&[LvkeKNLA / LvkeKNLA][Stopped/Manual Start]&\??\C:\Windows\System32\LvkeKNL.sys&&N/A&[rcoijep / rcoijep][Running/Boot Start]&\SystemRoot\\SystemRoot\System32\drivers\rcoijep.sys&&N/A&[saruen / saruen][Stopped/Manual Start]&\??\F:\下载\Kaspersky_Engine_2\saruen.sys&&N/A&[xp1 / xp1][Stopped/Manual Start]&\??\F:\下载\xpengine\xp.sys&&N/A&[XTrapD12 / XTrapD12][Stopped/Manual Start]&\??\C:\WINDOWS\system32\XTrapD12.sys&&N/A&[zenos1 / zenos1][Stopped/Manual Start]&\??\F:\下载\Zenos Engine\zenos.sys&&N/A&[zenx1 / zenx1][Stopped/Manual Start]&\??\F:\下载\fcz1119\fcz\zenx.sys&&N/A&
fhwiedgf -
22:18:00谢谢猫叔 解决中...
fhwiedgf -
17:29:00C:\WINDOWS\system32\winlib .dll找不到这个文件 在[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe]模块里也找不到其他的照做了 重启后没发现病毒了 但是瑞星杀软 和天网防火墙被感染 重装这两个软件后还是一样被感染 不知道之后该怎么解决
fhwiedgf -
17:33:00在刷一个新的日志启动项目注册表[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]& & &ctfmon.exe&&C:\WINDOWS\system32\ctfmon.exe&& [(Verified)Microsoft Windows Publisher][HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &load&&&& [N/A]& & &run&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]& & &IMJPMIG8.1&&; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32&& [(Verified)Microsoft Windows Publisher]& & &PHIME2002ASync&&; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC&& [(Verified)Microsoft Windows Publisher]& & &PHIME2002A&&; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName&& [(Verified)Microsoft Windows Publisher]& & &SoundMan&&SOUNDMAN.EXE&& [Realtek Semiconductor Corp.]& & &nwiz&&; nwiz.exe /install&& [NVIDIA Corporation]& & &SKYNET Personal FireWall&&C:\PROGRA~1\SKYNET\FIREWALL\PFW.exe&& [广州众达天网技术有限公司]& & &TkBellExe&&; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"& -osboot&& [RealNetworks, Inc.]& & &StormCodec_Helper&&"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti&& []& & &KernelFaultCheck&&%systemroot%\system32\dumprep 0 -k&& [N/A]& & &ISUSPM Startup&&; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup&& [InstallShield Software Corporation]& & &ISUSScheduler&&; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start&& [InstallShield Software Corporation]& & &HDCSP RegCertTool&&; C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe&& [CIDC]& & &BigDogPath&&C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera&& [N/A]& & &WangWang&&; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"&& [淘宝（中国）软件有限公司]& & &NvCplDaemon&&RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup&& [NVIDIA Corporation]& & &runeip&&C:\Program Files\Rising\AntiSpyware\runiep.exe&& [Beijing Rising Technology Co., Ltd.]& & &RavTask&&"C:\Program Files\Rising\Rav\RavTask.exe" -system&& [Beijing Rising Technology Co., Ltd.][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]& & &RavStub&&"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE&& [Beijing Rising Technology Co., Ltd.][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &shell&&EXPLORER.EXE&& [(Verified)Microsoft Windows Publisher]& & &Userinit&&C:\WINDOWS\system32\UserInit.exe,&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]& & &AppInit_DLLs&&&& [N/A][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]& & &UIHost&&logonui.exe&& [(Verified)Microsoft Windows Publisher][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]& & &{32CD708B-60A7-4C00-9377-D73EAA495F0F}&&C:\WINDOWS\system32\RavExt.dll&& [Beijing Rising Technology Co., Ltd.]==================================启动文件夹[ADSL拨号王]& &C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ADSL拨号王.lnk --& C:\PROGRA~1\ADSL拨~1\HelloNet.exe [HelloNet]&&N&[QQ游戏启动加速程序]& &C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --& F:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]&&H&==================================服务[SNDA EZPLAY Update Service / EZPLAYUpdate][Stopped/Disabled]& &"F:\Program Files\EZPLAY\AutoUpdate\EZPUSvc.exe"&&Shanda Networking Co.,Ltd&[Human Interface Device Access / HidServ][Stopped/Disabled]& &C:\WINDOWS\System32\svchost.exe -k netsvcs--&%SystemRoot%\System32\hidserv.dll&&N/A&[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]& &C:\WINDOWS\System32\nvsvc32.exe&&NVIDIA Corporation&[Rising Process Communication Center / RsCCenter][Running/Auto Start]& &"C:\Program Files\Rising\Rav\CCenter.exe"&&Beijing Rising Technology Co., Ltd.&[Rising RealTime Monitor / RsRavMon][Running/Auto Start]& &"C:\Program Files\Rising\Rav\Ravmond.exe"&&Beijing Rising Technology Co., Ltd.&[WebPrint / WebPrint][Stopped/Disabled]& &c:\windows\system32\webprint.exe&&N/A&
fhwiedgf -
17:37:00驱动程序[acpidisk / acpidisk][Running/Auto Start]& &\??\C:\WINDOWS\system32\drivers\acpidisk.sys&&N/A&[ADProt / ADProt][Stopped/System Start]& &\SystemRoot\system32\drivers\ADProt.sys&&腾讯科技（深圳）有限公司&[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]& &system32\drivers\ALCXSENS.SYS&&Sensaura Ltd&[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]& &system32\drivers\ALCXWDM.SYS&&Realtek Semiconductor Corp.&[Rising TDI Base Driver / BaseTDI][Running/Auto Start]& &System32\DRIVERS\BaseTDI.SYS&&Beijing Rising Technology Co., Ltd.&[HelloNet PPPoE 虚拟网卡 / BRPPPOE][Running/Manual Start]& &system32\DRIVERS\brpppoe.sys&&N/A&[Closed Caption Decoder / CCDECODE][Stopped/Manual Start]& &system32\DRIVERS\CCDECODE.sys&&N/A&[Ctrl2cap / Ctrl2cap][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\drivers\Ctrl2cap.sys&&N/A&[EagleNT / EagleNT][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\drivers\EagleNT.sys&&N/A&[ExpScaner / ExpScaner][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\ExpScan.sys&&&[HDHOOK / HDHOOK][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\Drivers\HdHook.sys&&rockhard&[HookCont / HookCont][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HOOKCONT.sys&&Rising&[HookReg / HookReg][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HookReg.sys&&&[HookSys / HookSys][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\HookSys.sys&&Rising&[IdeBusDr / IdeBusDr][Running/Boot Start]& &\SystemRoot\System32\DRIVERS\IdeBusDr.sys&&Intel Corporation&[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]& &\SystemRoot\System32\DRIVERS\IdeChnDr.sys&&Intel Corporation&[KbdSimu / KbdSimu][Running/Manual Start]& &system32\DRIVERS\KbdSimu.drx&&N/A&[MEMSCAN / MEMSCAN][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\MEMSCAN.sys&&瑞星软件有限公司&[MSBios / MSBios][Running/Boot Start]& &\SystemRoot\System32\Drivers\MSBios.sys&&&[NABTS/FEC VBI Codec / NABTSFEC][Stopped/Manual Start]& &system32\DRIVERS\NABTSFEC.sys&&N/A&[Microsoft TV/Video Connection / NdisIP][Stopped/Manual Start]& &system32\DRIVERS\NdisIP.sys&&N/A&[nv / nv][Running/Manual Start]& &System32\DRIVERS\nv4_mini.sys&&NVIDIA Corporation&[Direct Parallel Link Driver / Ptilink][Running/Manual Start]& &System32\DRIVERS\ptilink.sys&&Parallel Technologies, Inc.&[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]& &\SystemRoot\system32\drivers\RsBoot.sys&&Beijing Rising&[RsNTGDI / RsNTGDI][Running/Boot Start]& &\SystemRoot\system32\Drivers\RsNTGdi.sys&&Beijing Rising Technology Co., Ltd.&[RSPPSYS / RSPPSYS][Running/Auto Start]& &\??\C:\Program Files\Rising\Rav\RSPPSYS.sys&&Rising&[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]& &System32\DRIVERS\RTL8139.SYS&&Realtek Semiconductor Corporation&[Secdrv / Secdrv][Stopped/Manual Start]& &System32\DRIVERS\secdrv.sys&&N/A&[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]& &\SystemRoot\System32\drivers\sfdrv01.sys&&Protection Technology&[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfhlp02.sys&&Protection Technology&[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfsync02.sys&&Protection Technology&[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]& &\SystemRoot\System32\drivers\sfvfs02.sys&&Protection Technology&[SKNFW / SKNFW][Running/System Start]& &\??\C:\WINDOWS\system32\Drivers\SKNFW.sys&&N/A&[SkyProcs / SkyProcs][Running/Manual Start]& &\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys&&N/A&[BDA Slip De-Framer / SLIP][Stopped/Manual Start]& &system32\DRIVERS\SLIP.sys&&N/A&[BDA IPSink / streamip][Stopped/Manual Start]& &system32\DRIVERS\StreamIP.sys&&N/A&[Bubblefish 100 Enternet Virtual Adapter / TAP][Stopped/Manual Start]& &system32\DRIVERS\VNetWorkXP.sys&&陈伟&[TVicHW32 / TVicHW32][Stopped/Manual Start]& &\??\C:\WINDOWS\system32\DRIVERS\TVicHW32.SYS&&EnTech Taiwan&[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]& &system32\DRIVERS\WSTCODEC.SYS&&N/A&[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]& &System32\Drivers\usbVM31b.sys&&VM&==================================浏览器加载项[IeCatch5 Class]& {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet&[BitComet Helper]& {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet&[超级兔子上网精灵]& {B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[浩方对战平台]& {0A155D3C-68E2-4215-A47A-E800A446447A} &F:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司&[QQ]& {c95fe080-8f5d-11d2-a20b-00aa003c157b} &F:\Program Files\Tencent\QQ\QQ.EXE, N/A&[FlashGet Bar]& {E0E899AB-F487-11D5-8D29-E3} &C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft&[超级兔子上网精灵]& {4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[CEditCtrl Object]& {488AB3-8F27-FA1AECAA8844} &C:\WINDOWS\system32\aliedit\AliEdit.dll, &[WUWebControl Class]& {6414512B-B978-451D-A0D8-FCFDF33E833C} &C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation&[CPPMediaCtrl Object]& {FCD6ADD-88E5-9AF} &C:\WINDOWS\system32\forcetv.dll, forcepp&[Windows Media Player]& {22D6F312-B0F6-11D0-94AB-E95} &C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation&[IeCatch5 Class]& {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} &C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet&[BitComet Helper]& {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} &C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet&[超级兔子上网精灵]& {4FD-4F15-9B46-F4E} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[Windows Media Player]& {6BF52A52-394A-11D3-B153-00C04F79FAA6} &C:\WINDOWS\system32\wmp.dll, Microsoft Corporation&[超级兔子上网精灵]& {B70-4A5B-B789-B25FE09B4AF3} &C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology&[SearchAssistantOC]& {B45FF030--85DE-00C04FA35C89} &%SystemRoot%\System32\shdocvw.dll, N/A&[Shockwave Flash Object]& {D27CDB6E-AE6D-11CF-96B8-} &C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.&[FlashGet Bar]& {E0E899AB-F487-11D5-8D29-E3} &C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft&[CPPMediaCtrl Object]& {FCD6ADD-88E5-9AF} &C:\WINDOWS\system32\forcetv.dll, forcepp&[&使用BitComet下载]& &res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A&[&使用BitComet下载全部链接]& &res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A&[&使用BitComet下载本页视频]& &res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A&[上传到QQ网络硬盘]& &F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A&[使用网际快车下载]& &C:\Program Files\FlashGet\jc_link.htm, N/A&[使用网际快车下载全部链接]& &C:\Program Files\FlashGet\jc_all.htm, N/A&[添加到QQ自定义面板]& &F:\Program Files\Tencent\QQ\AddPanel.htm, N/A&[添加到QQ表情]& &F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A&[用QQ彩信发送该图片]& &F:\Program Files\Tencent\QQ\SendMMS.htm, N/A&
fhwiedgf -
17:38:00==================================正在运行的进程[PID: 464][\SystemRoot\System32\smss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 532][\??\C:\WINDOWS\system32\csrss.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 556][\??\C:\WINDOWS\system32\winlogon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\msacm32.drv]& [Microsoft Corporation, 5.1.2600.0 (xpclient.8)]& & [C:\WINDOWS\system32\winlib .dll]& [N/A, ][PID: 600][C:\WINDOWS\system32\services.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 612][C:\WINDOWS\system32\lsass.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 772][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 820][C:\WINDOWS\system32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 932][C:\WINDOWS\System32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1008][C:\WINDOWS\System32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1040][C:\WINDOWS\System32\svchost.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)][PID: 1264][C:\WINDOWS\Explorer.EXE]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [C:\WINDOWS\system32\RavExt.dll]& [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]& & [C:\WINDOWS\System32\nvcpl.dll]& [NVIDIA Corporation, 6.14.10.7214]& & [C:\WINDOWS\system32\NVRSZHC.DLL]& [NVIDIA Corporation, 6.14.10.7214]& & [C:\WINDOWS\system32\EZHomeExtend.dll]& [, 1.0.0.118]& & [C:\WINDOWS\System32\nvshell.dll]& [NVIDIA Corporation, 6.14.10.10047]& & [C:\PROGRA~1\FLASHGET\jccatch.dll]& [FlashGet, 1, 1, 5, 0]& & [C:\Program Files\BitComet\tools\BitCometBHO.dll]& [BitComet, ]& & [C:\WINDOWS\system32\msacm32.drv]& [Microsoft Corporation, 5.1.2600.0 (xpclient.8)][PID: 1612][C:\WINDOWS\SOUNDMAN.EXE]& [Realtek Semiconductor Corp., 5.1.11]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10][PID: 1656][C:\WINDOWS\VM_STI.EXE]& [Vimicro, 4, 2, 1225, 6]& & [C:\WINDOWS\system32\msdmo.dll]& [, ]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10][PID: 1688][C:\Program Files\Rising\AntiSpyware\runiep.exe]& [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]& & [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10][PID: 1788][C:\WINDOWS\system32\ctfmon.exe]& [Microsoft Corporation, 5.1. (xpsp_sp2_rtm.8)]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10][PID: 2004][C:\Program Files\ADSL拨号王\HNMainUI.exe]& [, 2, 3, 0, 1]& & [C:\Program Files\ADSL拨号王\HNKernel.dll]& [HelloNet, 2.2.0.1]& & [C:\Program Files\ADSL拨号王\HNUtils.dll]& [, 2, 2, 0, 1]& & [C:\Program Files\ADSL拨号王\HNRes_0804.dll]& [, 2, 2, 0, 1]& & [C:\Program Files\ADSL拨号王\plugins\Diagnose.dll]& [HelloNet, 2.2.0.1]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10][PID: 2604][C:\Program Files\Internet Explorer\iexplore.exe]& [Microsoft Corporation, 6.00. (xpsp_sp2_rtm.8)]& & [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]& [Xiang Feng Technology, 2, 2, 0, 1578]& & [C:\PROGRA~1\FLASHGET\jccatch.dll]& [FlashGet, 1, 1, 5, 0]& & [C:\Program Files\BitComet\tools\BitCometBHO.dll]& [BitComet, ]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]& & [C:\Program Files\Rising\Rav\RavScrCh.dll]& [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]& & [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]& [Adobe Systems, Inc., 9,0,16,0]& & [C:\WINDOWS\system32\msacm32.drv]& [Microsoft Corporation, 5.1.2600.0 (xpclient.8)][PID: 3468][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.235\SREng.EXE]& [Smallfrogs Studio, 2.4.12.806]& & [C:\Program Files\Rising\AntiSpyware\ieprot.dll]& [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]==================================文件关联.TXT& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].EXE& OK. ["%1" %*].COM& OK. ["%1" %*].PIF& OK. ["%1" %*].REG& OK. [regedit.exe "%1"].BAT& OK. ["%1" %*].SCR& OK. ["%1" /S].CHM& OK. ["C:\WINDOWS\hh.exe" %1].HLP& OK. [%SystemRoot%\system32\winhlp32.exe %1].INI& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].INF& OK. [%SystemRoot%\system32\NOTEPAD.EXE %1].VBS& OK. [%SystemRoot%\System32\WScript.exe "%1" %*].JS&
OK. [%SystemRoot%\System32\WScript.exe "%1" %*].LNK& OK. [{0-}]==================================Winsock 提供者N/A==================================Autorun.infN/A==================================HOSTS 文件N/A==================================API HOOKN/A==================================隐藏进程N/A==================================[/CODE]
17:48:00【回复“fhwiedgf”的帖子】以下回复针对6楼开始的新日志：[WebPrint / WebPrint][Stopped/Disabled]&c:\windows\system32\webprint.exe&&N/A&这个服务————你没删除。注意：病毒文件，除了c:\windows\system32\webprint.exe外，还有一个c:\windows\system32\webprnt.exe，也必须删除。C:\WINDOWS\system32\winlib .dll————这个病毒模块插入了winlogon进程。没理干净winlogon进程，C:\WINDOWS\system32\winlib .dll在WINDOWS环境下无法删除。如果你不会用IceSword强制卸除病毒模块（或无法强制卸除之），请启动到安全模式下删除C:\WINDOWS\system32\winlib.dll。如果此模块在安全模式下不加载，肯定能删除。————————————c:\windows\system32\webprint.exec:\windows\system32\webprnt.exe删除服务项WebPrint后，重启到安全模式下，这两个病毒文件也能删除。
fhwiedgf -
18:48:00报告一下 服务[WebPrint / WebPrint][Stopped/Disabled]&c:\windows\system32\webprint.exe&&N/A&以及c:\windows\system32\webprint.exec:\windows\system32\webprnt.exe都删除掉了但是在[PID: 556][\??\C:\WINDOWS\system32\winlogon.exe]中的病毒模块C:\WINDOWS\system32\winlib .dll还是删除不了 我都是在安全模式下操作的 在IceSword下看不见 在sreng2和瑞星卡卡下都发现了C:\WINDOWS\system32\winlib .dll 但是我用瑞星卡卡打开目标文件提示"找不到该文件"要是卡卡有卸除模块功能就好了
fhwiedgf -
19:25:00在安全模式下sreng2扫描出的日志中米有发现C:\WINDOWS\system32\winlib .dll模块 迷惑中不知道该怎么删了
11:44:00把C:\WINDOWS\system32\drivers\acpidisk.sys删除后，重启看看是否解决。建议删除前上报给瑞星分析看看。
查看完整版本: