千橡病毒,中了千橡后剩下的病毒!

中了千橡后剩下的病毒! - 故障解答 - 电脑教程网

中了千橡后剩下的病毒!

日期:2006-04-08   荐:
.Lzm478 Logfile of HijackThis v1.99.1 Scan saved at 17:46:49, on 2006-12-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\svhost32.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svch0st.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\System32\svchost.exe D:\QQ\QQ.EXE D:\QQ\TIMPlatform.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\11660880782.exe C:\WINDOWS\wuauclt.exe c:\program files\rising\rfw\RfwMain.exe R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~1\tbhelper.dll F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll O2 - BHO: MallObj Class - {3B30B48F-617D-4F73-A20F-D3D54357F103} - C:\WINDOWS\system32\mallgoo2.dll O2 - BHO: XBTBPos00 - {BFD66E98-5C40-4C75-A9B9-7EDD5237BB6F} - C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL O3 - Toolbar: Abobe Flash Play 9 - {8798925C-D4AC-4503-9EA6-D24FAF9D0FB7} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 dngz.net O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKLM\..\Run: [DrWebScheduler] "C:\Documents and Settings\wx\桌面\DrWeb433green\drwebscd.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kavshell] C:\WINDOWS\system32\svch0st.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7E9D0F-569F-4D57-9D1B-3BB8AE3103C5}: NameServer = 202.103.24.68,202.103.0.117 O20 - AppInit_DLLs: 49400M.BMP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: msndns - Unknown owner - C:\WINDOWS\msn.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Windows_rejoice - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe ; 上面是扫出来的日志, 千橡好象杀了,但是杀不干净,现在exe文件打开了会自动关闭,有些干脆点了就没反应,还有一些文本文件都打不开, 还有流氓软件一直清除不了,用了好几种清除工具  图片怎么放上来啊?我截了几张图 知道的顶下,谢谢在线等

图片放不上来,一点插入图片窗口就死了,

中了威金的......

结束以下进程,注册表中搜索删除这些文件对应的项目,并删除这些文件: C:\PROGRA~1\svhost32.exe C:\WINDOWS\system32\svch0st.exe(数字0哟) C:\WINDOWS\system32\11660880782.exe C:\WINDOWS\wuauclt.exe 修复: O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKCU\..\Run: [kavshell] C:\WINDOWS\system32\svch0st.exe 修复O20 - AppInit_DLLs: 49400M.BMP,搜索删除49400M.BMP文件; 用SREng删除服务O23 - Service: msndns - Unknown owner - C:\WINDOWS\msn.exe 注册表搜索删除C:\WINDOWS\msn.exe的项目,最后删除些文件; 同样处理O23 - Service: Windows_rejoice - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe

谢谢啦,,我按你说的删了几个,修复了,还用橙色八月杀了11个毒,那些软件可以打开了。弹网页的还是会出来,用了360,兔子,还有ewdio卸载都没用, 重新扫了个日志,帮看下,,谢谢! 注明:20项 49400.bmp修复失败

还有注册表里找不到    C:\WINDOWS\msn.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe

20项 49400.bmp修复失败-----注册表搜索AppInit_DLLs,删除对应的49400.bmp值; 还有注册表里找不到    C:\WINDOWS\msn.exe(找不到就拉倒:lol ) C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe(服务删除先) 然后再扫SREng日志看看

:'( 你还笑的出来又发作了,我都不敢开网页啦, SREng日志扫了,等我发你,服务都删了,

2006-12-14,22:01:16

System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) www.dngz.net Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中:     所有的启动项目(包括注册表、启动文件夹、服务等)     浏览器加载项     正在运行的进程(包括进程模块信息)     文件关联     Winsock 提供者     Autorun.inf     HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]     <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]     <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]     <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]     <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]     <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]     <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]     <Ljx2><C:\WINDOWS\inf\rundll32.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]     <CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> [N/A]     <IceSword><C:\WINDOWS\system32\ipocnfig.exe> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]     <shell><Explorer.exe> [(Verified)Microsoft Corporation]     <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

,

    <AppInit_DLLs><49400M.BMP> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]     <UIHost><logonui.exe> [(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller]  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.> [ATI Smart / ATI Smart]  <C:\WINDOWS\system32\ati2sgag.exe><> [E861F2CC / E861F2CC]  <C:\WINDOWS\system32\E861F2CC.EXE -service><Microsoft Corporation> [Human Interface Device Access / HidServ]  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv]  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>

[Rising Personal Firewall Service / RfwService]  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [SoundMAX Agent Service / SoundMAX Agent Service (default)]  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.> [Windows DHCP Service / WinDHCPsvc]  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation> ================================== 驱动程序 [aeaudio / aeaudio]  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation> [ati2mtag / ati2mtag]  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [Rising TDI Base Driver / BaseTDI]  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [GWIOPM / GWIOPM]  <\?\D:\Windows优化大师\GWIOPM.sys><N/A> [HookUrl / HookUrl]  <\?\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [MidiSyn / MidiSyn]

dngz.net

 <system32\drivers\MidiSyn.sys><Analog Devices Inc> [mProcRs / mProcRs]  <\?\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.> [Netgroup Packet Filter / NPF]  <system32\DRIVERS\npf.sys><CACE Technologies> [npkcrypt / npkcrypt]  <\?\D:\QQ\npkcrypt.sys><N/A> [Direct Parallel Link Driver / Ptilink]  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [RsAntiSpyware / RsAntiSpyware]  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising> [RsFwDrv / RsFwDrv]  <\?\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [Secdrv / Secdrv]  <system32\DRIVERS\secdrv.sys><N/A> [smwdm / smwdm]  <system32\drivers\smwdm.sys><Analog Devices, Inc.> [System SSDP Services / SysDrver]  <\?\C:\WINDOWS\system32\oQtGnAbL.sys><N/A> ================================== 浏览器加载项 [Messenger]  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [HTML Document]  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A> [MallObj Class]  {3B30B48F-617D-4F73-A20F-D3D54357F103} <C:\WINDOWS\system32\mallgoo2.dll, 上海奥德易海科技> [RDS.DataSpace]  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation> [Shockwave Flash Object]  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.> []  {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} <C:\WINDOWS\system32\cnwin.dll, N/A> ================================== 正在运行的进程 [PID: 600][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 本文来自(www.dngz.net) [PID: 664][\?\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 692][\?\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4110]     [C:\WINDOWS\system32\httppai.dll] [N/A, N/A] [PID: 744][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 756][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 928][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 948][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1144][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1200][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1284][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1404][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]

.

    [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]     [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]     [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]     [c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]     [c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]     [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 1520][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4110]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 1636][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]     [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]     [C:\WINDOWS\system32\httppai.dll] [N/A, N/A] [PID: 1844][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 244][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 644][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]     [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]     [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 1648][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 欢迎来到(www.dngz.net)     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1360][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1500][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 112][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc., 4, 0, 4, 11]     [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll] [Analog Device, Inc., 1, 0, 22, 26]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 1332][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 2372][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A]     [C:\WINDOWS\system32\mallgoo2.dll] [上海奥德易海科技, 1, 0, 2, 0] [PID: 632][H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]     [H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 824][C:\WINDOWS\regedit.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] [PID: 2604][C:\Documents and Settings\wx\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]     [C:\WINDOWS\49400M.BMP] [N/A, N/A] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] ; .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1      localhost ==================================

气死了,好容易写完了,发表结果找不到服务器:Q ,气死了

不是吧,好多?直接发我QQ上也可以的撒,191248617

注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]中删除这项:       <Ljx2><C:\WINDOWS\inf\rundll32.exe> [N/A](并删除对应文件,下同) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]     <CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe> [N/A]     <IceSword><C:\WINDOWS\system32\ipocnfig.exe> [N/A](竟然标Icesword,查却没有) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]     <AppInit_DLLs><49400M.BMP> [N/A] 保险起见,注册表完整搜索以上对应文件,如有也删除; 此二服务删除: [E861F2CC / E861F2CC]  <C:\WINDOWS\system32\E861F2CC.EXE -service><Microsoft Corporation>(同样删除对应文件及其注册表项目) [Windows DHCP Service / WinDHCPsvc]  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation> (参看http://www.dngz.net/bbs/thread-126466-1-0.html) 驱动没完全仔细看,就这个觉得可疑: [System SSDP Services / SysDrver]  <\?\C:\WINDOWS\system32\oQtGnAbL.sys><N/A> 本文来自(www.dngz.net) 同样删除对应文件及其注册表项目,可能要用到Icesword; 这三个文件: [C:\WINDOWS\system32\httppai.dll] [N/A, N/A](我机器上没有) [C:\WINDOWS\49400M.BMP] (已经知道了吧) [C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A](上边链接里提到了) 修复文件关联错误: .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1]

好郁闷。icesword删不了,还要找工具删他们

标签: