千橡病毒，中了千橡后剩下的病毒！

中了千橡后剩下的病毒！ - 故障解答 - 电脑教程网

站点导航

中了千橡后剩下的病毒！

日期：2006-04-08 荐：

.Lzm478 Logfile of HijackThis v1.99.1 Scan saved at 17:46:49, on 2006-12-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\program files\rising\rfw\rfwsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\svhost32.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svch0st.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\System32\svchost.exe D:\QQ\QQ.EXE D:\QQ\TIMPlatform.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\11660880782.exe C:\WINDOWS\wuauclt.exe c:\program files\rising\rfw\RfwMain.exe R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ABOBEF~1\tbhelper.dll F3 - REG:win.ini: load=C:\PROGRA~1\svhost32.exe O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll O2 - BHO: MallObj Class - {3B30B48F-617D-4F73-A20F-D3D54357F103} - C:\WINDOWS\system32\mallgoo2.dll O2 - BHO: XBTBPos00 - {BFD66E98-5C40-4C75-A9B9-7EDD5237BB6F} - C:\PROGRA~1\ABOBEF~1\CAB301~1.DLL O3 - Toolbar: Abobe Flash Play 9 - {8798925C-D4AC-4503-9EA6-D24FAF9D0FB7} - C:\Program Files\Abobe Flash Play 9\Cab301b48.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ＂C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE＂ /Spoil /RemAdvDef /Migration32 dngz.net O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] ＂C:\Program Files\Analog Devices\SoundMAX\Smax4.exe＂ /tray O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RfwMain] ＂C:\Program Files\Rising\Rfw\rfwmain.exe＂ -Startup O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKLM\..\Run: [DrWebScheduler] ＂C:\Documents and Settings\wx\桌面\DrWeb433green\drwebscd.exe＂ O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kavshell] C:\WINDOWS\system32\svch0st.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{BA7E9D0F-569F-4D57-9D1B-3BB8AE3103C5}: NameServer = 202.103.24.68,202.103.0.117 O20 - AppInit_DLLs: 49400M.BMP O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: msndns - Unknown owner - C:\WINDOWS\msn.exe O23 - Service: Rising Proxy　Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Windows_rejoice - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe ; 上面是扫出来的日志，千橡好象杀了，但是杀不干净，现在exe文件打开了会自动关闭，有些干脆点了就没反应，还有一些文本文件都打不开，还有流氓软件一直清除不了，用了好几种清除工具　图片怎么放上来啊？我截了几张图知道的顶下，谢谢在线等

图片放不上来，一点插入图片窗口就死了，

中了威金的......

结束以下进程，注册表中搜索删除这些文件对应的项目，并删除这些文件： C:\PROGRA~1\svhost32.exe C:\WINDOWS\system32\svch0st.exe（数字0哟） C:\WINDOWS\system32\11660880782.exe C:\WINDOWS\wuauclt.exe 修复： O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKCU\..\Run: [kavshell] C:\WINDOWS\system32\svch0st.exe 修复O20 - AppInit_DLLs: 49400M.BMP，搜索删除49400M.BMP文件；用SREng删除服务O23 - Service: msndns - Unknown owner - C:\WINDOWS\msn.exe 注册表搜索删除C:\WINDOWS\msn.exe的项目，最后删除些文件；同样处理O23 - Service: Windows_rejoice - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe

谢谢啦，，我按你说的删了几个，修复了，还用橙色八月杀了11个毒，那些软件可以打开了。弹网页的还是会出来，用了360，兔子，还有ewdio卸载都没用，重新扫了个日志，帮看下，，谢谢！注明：20项 49400.bmp修复失败

还有注册表里找不到　　 C:\WINDOWS\msn.exe C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe

20项 49400.bmp修复失败-----注册表搜索AppInit_DLLs，删除对应的49400.bmp值；还有注册表里找不到　　 C:\WINDOWS\msn.exe（找不到就拉倒:lol ） C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe（服务删除先）然后再扫SREng日志看看

:'( 你还笑的出来又发作了，我都不敢开网页啦， SREng日志扫了，等我发你，服务都删了，

2006-12-14,22:01:16

System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) www.dngz.net Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：　　所有的启动项目（包括注册表、启动文件夹、服务等）　　浏览器加载项　　正在运行的进程（包括进程模块信息）　　文件关联　　 Winsock 提供者　　 Autorun.inf 　　 HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 　　＜ctfmon.exe＞＜C:\WINDOWS\system32\ctfmon.exe＞　[(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 　　＜IMJPMIG8.1＞＜＂C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE＂ /Spoil /RemAdvDef /Migration32＞　[(Verified)Microsoft Corporation] 　　＜PHIME2002ASync＞＜C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC＞　[(Verified)Microsoft Corporation] 　　＜PHIME2002A＞＜C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName＞　[(Verified)Microsoft Corporation] 　　＜SoundMAXPnP＞＜C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe＞　[Analog Devices, Inc.] 　　＜SoundMAX＞＜＂C:\Program Files\Analog Devices\SoundMAX\Smax4.exe＂ /tray＞　[Analog Devices, Inc.] 　　＜RfwMain＞＜＂C:\Program Files\Rising\Rfw\rfwmain.exe＂ -Startup＞　[Beijing Rising Technology Co., Ltd.] 　　＜Ljx2＞＜C:\WINDOWS\inf\rundll32.exe＞　[N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 　　＜CheckFaultKernel＞＜C:\WINDOWS\system32\mswdm.exe＞　[N/A] 　　＜IceSword＞＜C:\WINDOWS\system32\ipocnfig.exe＞　[N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 　　＜shell＞＜Explorer.exe＞　[(Verified)Microsoft Corporation] 　　＜Userinit＞＜C:\WINDOWS\system32\userinit.exe,＞　[(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

　　＜AppInit_DLLs＞＜49400M.BMP＞　[N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 　　＜UIHost＞＜logonui.exe＞　[(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller] 　＜C:\WINDOWS\system32\Ati2evxx.exe＞＜ATI Technologies Inc.＞ [ATI Smart / ATI Smart] 　＜C:\WINDOWS\system32\ati2sgag.exe＞＜＞ [E861F2CC / E861F2CC] 　＜C:\WINDOWS\system32\E861F2CC.EXE -service＞＜Microsoft Corporation＞ [Human Interface Device Access / HidServ] 　＜C:\WINDOWS\System32\svchost.exe -k netsvcs--＞%SystemRoot%\System32\hidserv.dll＞＜N/A＞ [Rising Proxy　Service / RfwProxySrv] 　＜c:\program files\rising\rfw\rfwproxy.exe＞＜Beijing Rising Technology Co., Ltd.＞

[Rising Personal Firewall Service / RfwService] 　＜c:\program files\rising\rfw\rfwsrv.exe＞＜Beijing Rising Technology Co., Ltd.＞ [SoundMAX Agent Service / SoundMAX Agent Service (default)] 　＜C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe＞＜Analog Devices, Inc.＞ [Windows DHCP Service / WinDHCPsvc] 　＜C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start＞＜Microsoft Corporation＞ ================================== 驱动程序 [aeaudio / aeaudio] 　＜system32\drivers\aeaudio.sys＞＜Andrea Electronics Corporation＞ [ati2mtag / ati2mtag] 　＜system32\DRIVERS\ati2mtag.sys＞＜ATI Technologies Inc.＞ [Rising TDI Base Driver / BaseTDI] 　＜System32\DRIVERS\BaseTDI.SYS＞＜Beijing Rising Technology Co., Ltd.＞ [GWIOPM / GWIOPM] 　＜\？\D:\Windows优化大师\GWIOPM.sys＞＜N/A＞ [HookUrl / HookUrl] 　＜\？\C:\Program Files\Rising\Rfw\HookUrl.sys＞＜Beijing Rising Technology Co., Ltd.＞ [MidiSyn / MidiSyn]

dngz.net

　＜system32\drivers\MidiSyn.sys＞＜Analog Devices Inc＞ [mProcRs / mProcRs] 　＜\？\c:\program files\rising\rfw\mProcRs.sys＞＜Beijing Rising Technology Co., Ltd.＞ [Netgroup Packet Filter / NPF] 　＜system32\DRIVERS\npf.sys＞＜CACE Technologies＞ [npkcrypt / npkcrypt] 　＜\？\D:\QQ\npkcrypt.sys＞＜N/A＞ [Direct Parallel Link Driver / Ptilink] 　＜system32\DRIVERS\ptilink.sys＞＜Parallel Technologies, Inc.＞ [RsAntiSpyware / RsAntiSpyware] 　＜\SystemRoot\system32\drivers\RsBoot.sys＞＜Beijing Rising＞ [RsFwDrv / RsFwDrv] 　＜\？\C:\Program Files\Rising\Rfw\RsFwDrv.sys＞＜Beijing Rising Technology Co., Ltd.＞ [Secdrv / Secdrv] 　＜system32\DRIVERS\secdrv.sys＞＜N/A＞ [smwdm / smwdm] 　＜system32\drivers\smwdm.sys＞＜Analog Devices, Inc.＞ [System SSDP Services / SysDrver] 　＜\？\C:\WINDOWS\system32\oQtGnAbL.sys＞＜N/A＞ ================================== 浏览器加载项 [Messenger] 　{FB5F1910-F110-11d2-BB9E-00C04F795683} ＜C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation＞ [HTML Document] 　{25336920-03F9-11CF-8FD0-00AA00686F13} ＜%SystemRoot%\system32\Mshtml.dll, N/A＞ [MallObj Class] 　{3B30B48F-617D-4F73-A20F-D3D54357F103} ＜C:\WINDOWS\system32\mallgoo2.dll, 上海奥德易海科技＞ [RDS.DataSpace] 　{BD96C556-65A3-11D0-983A-00C04FC29E36} ＜C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation＞ [Shockwave Flash Object] 　{D27CDB6E-AE6D-11CF-96B8-444553540000} ＜C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.＞ [] 　{E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} ＜C:\WINDOWS\system32\cnwin.dll, N/A＞ ================================== 正在运行的进程 [PID: 600][\SystemRoot\System32\smss.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 本文来自(www.dngz.net) [PID: 664][\？\C:\WINDOWS\system32\csrss.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 692][\？\C:\WINDOWS\system32\winlogon.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [C:\WINDOWS\system32\Ati2evxx.dll]　[ATI Technologies Inc., 6.14.10.4110] 　　 [C:\WINDOWS\system32\httppai.dll]　[N/A, N/A] [PID: 744][C:\WINDOWS\system32\services.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 756][C:\WINDOWS\system32\lsass.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 928][C:\WINDOWS\system32\Ati2evxx.exe]　[ATI Technologies Inc., 6.14.10.4110] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [C:\WINDOWS\system32\Ati2edxx.dll]　[ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 948][C:\WINDOWS\system32\svchost.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1044][C:\WINDOWS\system32\svchost.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1144][C:\WINDOWS\System32\svchost.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1200][C:\WINDOWS\system32\svchost.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1284][C:\WINDOWS\system32\svchost.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1404][c:\program files\rising\rfw\rfwsrv.exe]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 33] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A]

　　 [c:\program files\rising\rfw\RfwRule.dll]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 13] 　　 [c:\program files\rising\rfw\rfwlog.dll]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 6] 　　 [c:\program files\rising\rfw\Rfwdrv.dll]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 21] 　　 [c:\program files\rising\rfw\MonDrv.dll]　[rs, 1, 0, 0, 4] 　　 [c:\program files\rising\rfw\ProcLib.dll]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 9] 　　 [c:\program files\rising\rfw\mPorts.dll]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 3] [PID: 1520][C:\WINDOWS\system32\Ati2evxx.exe]　[ATI Technologies Inc., 6.14.10.4110] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [C:\WINDOWS\system32\Ati2edxx.dll]　[ATI Technologies, Inc., 6, 14, 10, 2495] [PID: 1636][C:\WINDOWS\Explorer.EXE]　[Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [C:\WINDOWS\system32\windhcp.ocx]　[N/A, N/A] 　　 [C:\Program Files\WinRAR\rarext.dll]　[N/A, N/A] 　　 [C:\WINDOWS\system32\httppai.dll]　[N/A, N/A] [PID: 1844][C:\WINDOWS\system32\spoolsv.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 244][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]　[Analog Devices, Inc., 3, 2, 6, 0] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 644][c:\program files\rising\rfw\RfwMain.exe]　[Beijing Rising Technology Co., Ltd., 4, 0, 0, 52] 　　 [c:\program files\rising\rfw\RsGuiLib.dll]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 23] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [c:\program files\rising\rfw\RSCOMMON.DLL]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] 　　 [c:\program files\rising\rfw\PngDll.dll]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 5] [PID: 1648][C:\WINDOWS\system32\wscntfy.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 欢迎来到(www.dngz.net) 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1360][C:\WINDOWS\System32\alg.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1500][C:\WINDOWS\system32\conime.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 112][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]　[Analog Devices, Inc., 4, 0, 4, 11] 　　 [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]　[Analog Device, Inc., 1, 0, 22, 26] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 1332][C:\WINDOWS\system32\ctfmon.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 2372][C:\Program Files\Internet Explorer\iexplore.exe]　[Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] 　　 [C:\WINDOWS\system32\mallgoo2.dll]　[上海奥德易海科技, 1, 0, 2, 0] [PID: 632][H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\ewido.exe]　[Anti-Malware Development a.s., 4, 0, 0, 172] 　　 [H:\防火墙杀毒软件\ewido anti-spyware 4.0\ewido anti-spyware 4.0\engine.dll]　[Anti-Malware Development a.s., 4, 0, 0, 172] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 824][C:\WINDOWS\regedit.exe]　[Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] [PID: 2604][C:\Documents and Settings\wx\桌面\sreng2\SREng\SREng.exe]　[Smallfrogs Studio, 2.2.6.605] 　　 [C:\WINDOWS\49400M.BMP]　[N/A, N/A] ================================== 文件关联 .TXT　OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE　OK. [＂%1＂ %*] .COM　OK. [＂%1＂ %*] .PIF　OK. [＂%1＂ %*] .REG　OK. [regedit.exe ＂%1＂] .BAT　OK. [＂%1＂ %*] ; .SCR　OK. [＂%1＂ /S] .CHM　Error. [＂hh.exe＂ %1] .HLP　Error. [winhlp32.exe %1] .INI　OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF　OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS　OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .JS　OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .LNK　OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1　　　 localhost ==================================

气死了，好容易写完了，发表结果找不到服务器:Q ，气死了

不是吧，好多？直接发我QQ上也可以的撒，191248617

注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]中删除这项：　　　＜Ljx2＞＜C:\WINDOWS\inf\rundll32.exe＞　[N/A]（并删除对应文件，下同） [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 　　＜CheckFaultKernel＞＜C:\WINDOWS\system32\mswdm.exe＞　[N/A] 　　＜IceSword＞＜C:\WINDOWS\system32\ipocnfig.exe＞　[N/A]（竟然标Icesword，查却没有） [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 　　＜AppInit_DLLs＞＜49400M.BMP＞　[N/A] 保险起见，注册表完整搜索以上对应文件，如有也删除；此二服务删除： [E861F2CC / E861F2CC] 　＜C:\WINDOWS\system32\E861F2CC.EXE -service＞＜Microsoft Corporation＞（同样删除对应文件及其注册表项目） [Windows DHCP Service / WinDHCPsvc] 　＜C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start＞＜Microsoft Corporation＞（参看http://www.dngz.net/bbs/thread-126466-1-0.html）驱动没完全仔细看，就这个觉得可疑： [System SSDP Services / SysDrver] 　＜\？\C:\WINDOWS\system32\oQtGnAbL.sys＞＜N/A＞本文来自(www.dngz.net) 同样删除对应文件及其注册表项目，可能要用到Icesword；这三个文件： [C:\WINDOWS\system32\httppai.dll]　[N/A, N/A]（我机器上没有） [C:\WINDOWS\49400M.BMP] （已经知道了吧） [C:\WINDOWS\system32\windhcp.ocx]　[N/A, N/A]（上边链接里提到了）修复文件关联错误： .CHM　Error. [＂hh.exe＂ %1] .HLP　Error. [winhlp32.exe %1]

好郁闷。icesword删不了，还要找工具删他们

标签：