运行SRENG删除启动项注册表:
<g7jkvu7d4ids86u><C:\DOCUME~1\Binwoo\LOCALS~1\Temp\crasos.exe> [N/A]
<0820r7dee><C:\DOCUME~1\Binwoo\LOCALS~1\Temp\iexp10re.exe> [N/A]
<xctl3by9hisx7is><C:\DOCUME~1\Binwoo\LOCALS~1\Temp\c0nime.exe> [N/A]
<16735txy6f><C:\DOCUME~1\Binwoo\LOCALS~1\Temp\iexpl0re.exe
<cmdbcs><C:\WINDOWS\cmdbcs.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<upxdnd><C:\DOCUME~1\Binwoo\LOCALS~1\Temp\5.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> [N/A]
删除服务:
[Background Intelligent Transfer Service / BITS][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Documents and Settings\All Users\Application Data\Real\IE_BitsClass.dll><N/A>
删除文件:C:\DOCUME~1\Binwoo\LOCALS~1\Temp\crasos.exe
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\iexp10re.exe
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\c0nime.exe
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\iexpl0re.exe
C:\WINDOWS\cmdbcs.exe
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\5.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp
C:\Documents and Settings\All Users\Application Data\Real\IE_BitsClass.dll
C:\WINDOWS\system32\GameLink.dll
C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\DOCUME~1\Binwoo\LOCALS~1\Temp\Msxo0.dll]
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\qjzo1.dll] [N/A, N/A]
[C:\WINDOWS\system32\mppds.dll
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\DOCUME~1\Binwoo\LOCALS~1\Temp\Gjzo1.dll
C:\DOCUME~1\Binwoo\LOCALS~1\Temp\LgSy0.dll
修复错误的文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.SCR Error. [AutoCADScriptFile]
.CHM Error. ["hh.exe" %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
修复WINSOCK
建议在段网的安全模式下处理,可能有木马下载器。
处理这些后再清空C:\DOCUME~1\Binwoo\LOCALS~1\Temp下所有文件,清空IE缓存
