版主帮忙```` - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛技术交流区 反病毒/反流氓软件论坛版主帮忙````

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

12

2 / 2 页

跳转页

版主帮忙````

lqqk7 社区嘉宾帖子:4876 注册: 2006-03-15 来自:	发表于： 2008-04-30 21:10 \| 短消息资料字号：小中大 11楼回复：版主帮忙```` 按顺序操作，先去删文件！另外删除服务或驱动的时候会弹出提示让你选是、否、取消，这时候先别忙着操作，注意看一下提示内容，应该不难发现如果确定要删除的话这里应该是点“否”的！哦
lqqk7 社区嘉宾帖子:4876 注册: 2006-03-15 来自:

lqqk7 社区嘉宾帖子:4876 注册: 2006-03-15 来自:	发表于： 2008-04-30 21:12 \| 短消息资料字号：小中大 12楼回复: 版主帮忙```` 引用: 原帖由 zouyanglin 于 2008-4-30 21:09:00 发表 c:\windows\system32\drivers\2f90.sys c:\windows\system32\drivers\xt2bw5x30h.sys c:\documents and settings\all users\application data\microsoft\office\system\ntptdb.sys c:\windows\system32\drivers\1...... 你按照我上面给你那个流程去做，不是让你手动找到文件删除，要用XDelBox 哦
lqqk7 社区嘉宾帖子:4876 注册: 2006-03-15 来自:

zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:	发表于： 2008-04-30 21:29 \| 只看楼主短消息资料字号：小中大 13楼回复：版主帮忙```` 对不起啊``是我没看清楚那些Win32服务应用程序驱动程序已经删了那些文件我是用XDelBox删的没有手动去删现在就只有那些注册表删用sreng不掉要不要浏览的方式找到文件后手动删除？
zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:

zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:	发表于： 2008-04-30 21:32 \| 只看楼主短消息资料字号：小中大 14楼回复: 版主帮忙```` 引用: 原帖由 zouyanglin 于 2008-4-30 21:29:00 发表对不起啊``是我没看清楚那些Win32服务应用程序驱动程序已经删了那些文件我是用XDelBox删的没有手动去删现在就只有那些注册表删用sreng不掉要不要浏览的方式找到文件后手动删除？附件: 文件名:SREngLOG3.log 下载次数:95 文件类型:application/octet-stream 文件大小: 上传时间:2008-4-30 21:31:42 描述:最新扫描
zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:

UFO不幸外人特邀体验者帖子:2592 注册: 2006-11-26 来自:火星	发表于： 2008-04-30 21:38 \| 短消息资料字号：小中大 15楼回复：版主帮忙```` 利用SRE 打开启动项目——服务——Win32服务，删除以下服务： [Google Updater Service / gusvc][Stopped/Manual Start] <><N/A> 打开启动项目——注册表项目删除以下项目：最下面所有IFEO相关： [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\60e41.exe] <IFEO[60e41.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\an006.exe] <IFEO[an006.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AtiSrv.exe] <IFEO[AtiSrv.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d03.exe] <IFEO[d03.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dbghlp32.exe] <IFEO[dbghlp32.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dotnetfc1.exe] <IFEO[dotnetfc1.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dxdiags.exe] <IFEO[dxdiags.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frhhusyk.exe] <IFEO[frhhusyk.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\haZl0oh.exe] <IFEO[haZl0oh.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kbfz.exe] <IFEO[kbfz.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kvsc3.exE] <IFEO[Kvsc3.exE]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kzdh@webbrowser-lyrics_2012.exe] <IFEO[kzdh@webbrowser-lyrics_2012.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msyaxk.exe] <IFEO[msyaxk.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peer.exe] <IFEO[peer.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Performance.exe] <IFEO[Performance.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rpcs.exe] <IFEO[Rpcs.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe] <IFEO[rundll.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sashost.exe] <IFEO[sashost.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhost.exe] <IFEO[scvhost.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servciesa.exe] <IFEO[servciesa.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servciesb.exe] <IFEO[servciesb.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servciesc.exe] <IFEO[servciesc.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servciesd.exe] <IFEO[servciesd.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\server1.exe] <IFEO[server1.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe] <IFEO[servet.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SSDPDiscovv.exe] <IFEO[SSDPDiscovv.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svch0st.exe] <IFEO[svch0st.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe] <IFEO[svchosts.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svsh0st.exe] <IFEO[svsh0st.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysloader.exe] <IFEO[sysloader.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\temp3.exe] <IFEO[temp3.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wiasoisao.exe] <IFEO[wiasoisao.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wincom.exe] <IFEO[wincom.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winnir.exe] <IFEO[winnir.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinserviceExten.exe] <IFEO[WinserviceExten.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WSockDrv32.exe] <IFEO[WSockDrv32.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xin.exe] <IFEO[xin.exe]><C:\windows\system32\svchost.exe> [(Verified)Microsoft Windows Publisher] 删除后再利用冰刃查看上面删除的文件是否还有痕迹冰刃下载地址：http://www.skycn.com/soft/37828.html 在下面的文件中查看确认是否删除如果有病毒问题，请大家与我联系邮箱是1987noodle0158@sina.com 我的博客是http://blog.sina.com.cn/ufovirus
UFO不幸外人特邀体验者帖子:2592 注册: 2006-11-26 来自:火星

zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:	发表于： 2008-04-30 22:20 \| 只看楼主短消息资料字号：小中大 16楼回复：版主帮忙```` 那些注册表已经删了只剩Google Updater Service / gusvc重起后又有最后还有两个请求要麻烦再帮我看看日志看哪些是没用的多余的可以删掉还有桌面上的文件名称的背景总有颜色如何设为透明？见下图（黑色的）
zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:

zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:	发表于： 2008-04-30 22:21 \| 只看楼主短消息资料字号：小中大 17楼回复: 版主帮忙```` 引用: 原帖由 zouyanglin 于 2008-4-30 22:20:00 发表那些注册表已经删了只剩Google Updater Service / gusvc重起后又有最后还有两个请求要麻烦再帮我看看日志看哪些是没用的多余的可以删掉还有桌面上的文件名称的背景总有颜色如何设为透明？见下图（黑色的...... 附件: 文件名:SREngLOG4.log 下载次数:72 文件类型:application/octet-stream 文件大小: 上传时间:2008-4-30 22:20:57 描述:log
zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:

zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:	发表于： 2008-04-30 22:25 \| 只看楼主短消息资料字号：小中大 18楼回复：版主帮忙```` 最后谢谢各位的帮忙 lqqk7 UFO不幸外人 tjcum210210
zouyanglin 初生襁褓狮帖子:12 注册: 2008-04-30 来自:

<<上一主题|下一主题>>

12

2 / 2 页

跳转页

页面顶部

Powered by Discuz!NT