晕,我还以为附件是病毒呢.
重启按F8进入安全模式下修复
R3 - 默认的URLSearchHook丢失。用HijackThis修复
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:\WINNT\Downloaded Program Files\barhelp22.0.dll
O4 - 启动项HKLM\\RunServices: [Windows Update] wualalct.exe
O4 - Global Startup: Service Manager.lnk = D:\MSSQL7\Binn\sqlmangr.exe
O23 - NT 服务: Remote Procedure Call (RPC) Monitoring (Rpcmon) - Unknown owner - C:\WINNT\system32\Rpcmon.exe
O23 - NT 服务: Sound Sservice Driver (Sound Service) - Unknown owner - C:\WINNT\system32\cfmon.exe (file missing)
O23 - NT 服务: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINNT\system32\upnpdrv.exe (file missing)
停止Remote Procedure Call ,Sound Sservice Driver,Universal Plug and Play device driver 的服务.
停止服务:开始--控制面版--管理工具--服务--找到以上3项属性--改成已禁用
删除文件:
c:\PROGRA~1\chinanet\VNETTR~1.DLL
C:\WINNT\Downloaded Program Files\barhelp22.0.dll
wualalct.exe(显示隐藏文件用 开始--搜索功能找.)
D:\MSSQL7\Binn\sqlmangr.exe
C:\WINNT\system32\Rpcmon.exe
在未修复之前找到C:\WINNT\system32\Rpcmon.exe压缩加密virus发到我邮箱rsvirus@163.com谢谢.
