日志分析练习080813 - 瑞星卡卡安全论坛bbs.ikaka.com

瑞星卡卡安全论坛综合娱乐区 活动专区 实习生专区 实习生交流区日志分析练习080813

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		请移步新论坛反馈问题或参与讨论		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

2 / 3 页

跳转页

日志分析练习080813

heiyeuiu 拙长孩提狮帖子:67 注册: 2008-07-31 来自:山东德州	发表于： 2008-08-14 18:27 \| 短消息资料字号：小中大 11楼回复: 日志分析练习080813 日志2 这很明显不只种了一种木马，所以首先建议断开网络，然后使用windows清理专家对系统进行清理，然后建议使用XDelBox删除以下文件： C:\WINDOWS\system32\HBInject.exe C:\WINDOWS\system32\kncer32.exe C:\WINDOWS\system32\HBmhly.dll C:\WINDOWS\system32\BLISS.SCR C:\WINDOWS\system32\dpvvoxmh.dll C:\WINDOWS\system32\bootvidgj.dll> C:\WINDOWS\system32\dispexcb.dll> C:\WINDOWS\system32\catsrvwl.dll> C:\WINDOWS\system32\wklsdd.dll> C:\WINDOWS\system32\fofedzyo.dll> C:\WINDOWS\system32\jfdses.dll> C:\WINDOWS\system32\dntggf.dll> C:\WINDOWS\system32\sgdewg.dll> C:\WINDOWS\system32\hhrdxd.dll> C:\WINDOWS\system32\adsntzt.dll> C:\WINDOWS\system32\zycdex.dll> C:\WINDOWS\system32\jhfrxz.dll> C:\WINDOWS\system32\cliconfgzx.dll> C:\WINDOWS\system32\jdsaex.dll> C:\WINDOWS\system32\kbdswjr.dll> C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> C:\WINDOWS\system32\mttwfh.dll> C:\WINDOWS\system32\360mon.dll> C:\WINDOWS\system32\wrqszl.dll> C:\WINDOWS\system32\zgtwfx.dll> C:\WINDOWS\system32\fsrgeb.dll> C:\WINDOWS\system32\tdggrz.dll> C:\WINDOWS\system32\fmcvxy.dll> C:\WINDOWS\system32\wyrsdj.dll> C:\WINDOWS\system32\zsdgff.dll> C:\WINDOWS\system32\kgfghd.dll> C:\Program Files\Internet Explorer\ExploreNt.Sys> C:\Program Files\Internet Explorer\ExploreNt.win> C:\Program Files\Internet Explorer\ExploreNt.Dat> C:\WINDOWS\Fonts\ijdycpaw.dll> C:\WINDOWS\system32\certmgrkd.dll> C:\WINDOWS\system32\lweurqhx.dll> C:\WINDOWS\system32\imgutilhx2.dll> C:\WINDOWS\system32\avicapwm.dll> C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> C:\WINDOWS\system32\jfrwdh.dll> c:\WINDOWS\system32\ddserh.dll> C:\WINDOWS\system32\wzcfsw.dll> 在删除时如果一个个找太麻烦，可以找到对文件进行时间排序，一般这些木马文件都在一起。然后使用SREng清除清册表启动项中的以下项 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <HBService><HBInject.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <kcien32><kncer32.exe> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll> [] <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> [] <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll> [] <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll> [] <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll> [] <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll> [] <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll> [] <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll> [N/A] <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll> [N/A] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> [] <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll> [] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll> [N/A] <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> [] <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll> [] <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [] <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll> [] <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll> [] <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll> [] <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll> [] <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll> [N/A] <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll> [N/A] <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll> [N/A] <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll> [] <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll> [] <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll> [N/A] <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll> [] <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys> [] <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win> [] <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat> [] <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll> [] <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll> [] <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll> [] <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll> [] <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll> [] <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [] <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll> [N/A] <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> [] <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll> [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] <SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR> [Microsoft] 修改 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><HBmhly.dll> []为 <AppInit_DLLs> 这里在启动SRENG时会自动提醒你。最后修改下面这项 [Remote Procedure Call (RPC) / RpcSs][Running/Auto Start] <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll><N/A> 这个服务项，不能随便动它在处理完其他以后，用Windows清理助手升级后可以自动修复它。（转载自天月来了http://bbs.ikaka.com/showtopic-8535283.aspx）也可以用以下方法：先找到rpcss.dll文件进行检查，看文件是否正常。然后打开注册表编辑器，搜索srpcss.dll文件，将所有搜索到的有关srpcss.dll的位置改成rpcss.dll。接下来在运行中打入services.msc，找到Remote Procedure Call (RPC)，右键点启动。重启后将一切恢复正常。（转载自http://blog.163.com/js4461751@126/blog/static/2365588820085284443690/）然后重启电脑。 heiyeuiu 最后编辑于 2008-08-14 21:48:50
heiyeuiu 拙长孩提狮帖子:67 注册: 2008-07-31 来自:山东德州

heiyeuiu 拙长孩提狮帖子:67 注册: 2008-07-31 来自:山东德州	发表于： 2008-08-14 21:09 \| 短消息资料字号：小中大 12楼回复: 日志分析练习080813 日志3 这个日志主要问题就在驱动中， C:\WINDOWS\system32\d32dx9.sys C:\NetApi000.sys 这两个文件最为可疑，应该重点检查！建议备份这两个文件后使用xdelbox将其删除。然后使用SRENG清除注册表启动项： [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <yassistse><; C:\Program Files\Yahoo!\Assistant\yAssistSe.exe> [File is missing] <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <midimapmy><> [N/A] <rasdlgcq.dll><> [N/A] <cliconfgzx.dll><> [N/A] <uepugifk.dll><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] 清除服务项： [HiddFldy / HiddFldy][Stopped/Auto Start] <\??\C:\WINDOWS\system32\d32dx9.sys><N/A> [NetApi000 / NetApi000][Stopped/Manual Start] <\??\C:\NetApi000.sys><N/A> heiyeuiu 最后编辑于 2008-08-14 21:11:22
heiyeuiu 拙长孩提狮帖子:67 注册: 2008-07-31 来自:山东德州

fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪	发表于： 2008-08-14 22:16 \| 短消息资料字号：小中大 13楼回复: 日志分析练习080813 No.1 Xdelbox删除 c:\windows\system32\bootvidgj.dll c:\windows\system32\kbdswjr.dll c:\windows\system32\msobjstl.dll c:\windows\system32\rasdlgcq.dll c:\windows\system32\bzahpuuj.dll c:\windows\system32\imgutilhx2.dll c:\windows\system32\cliconfgzx.dll c:\windows\system32\adsntzt.dll c:\windows\system32\slbiopfs2.dll ; c:\windows\nvdispdrv.exe ; c:\windows\upxdnd.exe ; c:\program files\yok\yok.exe c:\docume~1\new\locals~1\temp\1.tmp c:\program files\tencent\qq\qdshm.dll SREng修复启动项目－－注册表之如下项删除： [bootvidgj.dll] <C:\WINDOWS\system32\bootvidgj.dll> [kbdswjr.dll] <C:\WINDOWS\system32\kbdswjr.dll> [msobjstl.dll] <C:\WINDOWS\system32\msobjstl.dll> [rasdlgcq.dll] <C:\WINDOWS\system32\rasdlgcq.dll> [zkppcvyh.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [vhdfotay.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [imgutilhx2.dll] <C:\WINDOWS\system32\imgutilhx2.dll> [cliconfgzx.dll] <C:\WINDOWS\system32\cliconfgzx.dll> [bzahpuuj.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [adsntzt.dll] <C:\WINDOWS\system32\adsntzt.dll> [slbiopfs2.dll] <C:\WINDOWS\system32\slbiopfs2.dll> [NVDispDrv] <; C:\WINDOWS\NVDispDrv.exe> [upxdnd] <; C:\WINDOWS\upxdnd.exe> [yok.exe] <; C:\Program Files\yok\yok.exe> [Userinit]修改:把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,> 启动项目－－服务－－驱动程序之如下项禁用： [IIS Manager / IIS Manager ] <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp> Xdelbox使用方法
fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪

fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪	发表于： 2008-08-14 22:42 \| 短消息资料字号：小中大 14楼回复: 日志分析练习080813 No.2 Xdelbox删除 c:\windows\system32\wzcfsw.dll c:\windows\system32\ddserh.dll c:\windows\system32\jfrwdh.dll c:\program files\internet explorer\plugins\winnt64.sys c:\windows\system32\avicapwm.dll c:\windows\system32\imgutilhx2.dll c:\windows\system32\lweurqhx.dll c:\windows\system32\certmgrkd.dll c:\windows\fonts\ijdycpaw.dll c:\program files\internet explorer\explorent.dat c:\program files\internet explorer\explorent.win c:\program files\internet explorer\explorent.sys c:\windows\system32\kgfghd.dll c:\windows\system32\zsdgff.dll c:\windows\system32\wyrsdj.dll c:\windows\system32\fmcvxy.dll c:\windows\system32\tdggrz.dll c:\windows\system32\fsrgeb.dll c:\windows\system32\zgtwfx.dll c:\windows\system32\wrqszl.dll c:\windows\system32\360mon.dll c:\windows\system32\mttwfh.dll c:\program files\internet explorer\plugins\unixsys08.sys c:\windows\system32\kbdswjr.dll c:\windows\system32\jdsaex.dll c:\windows\system32\cliconfgzx.dll c:\windows\system32\jhfrxz.dll c:\windows\system32\zycdex.dll c:\windows\system32\adsntzt.dll c:\windows\system32\hhrdxd.dll c:\windows\system32\sgdewg.dll c:\windows\system32\dntggf.dll c:\windows\system32\jfdses.dll c:\windows\system32\fofedzyo.dll c:\windows\system32\wklsdd.dll c:\windows\system32\catsrvwl.dll c:\windows\system32\dispexcb.dll c:\windows\system32\bootvidgj.dll c:\windows\system32\dpvvoxmh.dll c:\windows\system32\hbmhly.dll c:\windows\system32\kncer32.exe c:\windows\system32\hbinject.exe c:\windows\system32\drivers\msiffei.sys c:\windows\system32\drivers\hbkernel.sys c:\windows\system32\gdipro.dll c:\windows\system32\sys07003.dll c:\windows\system32\squ\svchost.exe c:\program files\tencent\qq\nifuvq.dll c:\windows\system32\gbynoji.dll sreng修复启动项目－－注册表之如下项删除： [{28766E1C-74B0-4417-8C75-F12AE309EF35}] <C:\WINDOWS\system32\wzcfsw.dll> [{A9895933-6636-4281-BC58-EE6DE2AF96E3}] <C:\WINDOWS\system32\ddserh.dll> [{841529CB-7F77-4B99-A895-B5441E0D302F}] <C:\WINDOWS\system32\jfrwdh.dll> [{86899D14-95D7-4E22-8AB3-7ACC53076FC9}] <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}] <C:\WINDOWS\system32\avicapwm.dll> [{00300030-0030-0030-0030-00300030BB15}] <C:\WINDOWS\system32\imgutilhx2.dll> [{71A78CD4-E470-4a18-8457-E0E0283DD507}] <C:\WINDOWS\system32\lweurqhx.dll> [{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}] <C:\WINDOWS\system32\certmgrkd.dll> [{3A698452-C5D8-C584-C256-C264C987C5A3}] <C:\WINDOWS\Fonts\ijdycpaw.dll> [{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}] <C:\Program Files\Internet Explorer\ExploreNt.Dat> [{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}] <C:\Program Files\Internet Explorer\ExploreNt.win> [{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}] <C:\Program Files\Internet Explorer\ExploreNt.Sys> [{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}] <C:\WINDOWS\system32\kgfghd.dll> [{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}] <C:\WINDOWS\system32\zsdgff.dll> [{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}] <C:\WINDOWS\system32\wyrsdj.dll> [{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}] <C:\WINDOWS\system32\fmcvxy.dll> [{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}] <C:\WINDOWS\system32\tdggrz.dll> [{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}] <C:\WINDOWS\system32\fsrgeb.dll> [{006CA8A1-61BC-4774-A54C-F49034270BAD}] <C:\WINDOWS\system32\zgtwfx.dll> [{F99DEFDD-200B-4410-B572-E90883D527D2}] <C:\WINDOWS\system32\wrqszl.dll> [{AEB6717E-7E19-21d2-97EE-00C04FD91972}] <C:\WINDOWS\system32\360mon.dll> [{021F087F-4378-545F-74FA-37D345AD7A8C}] <C:\WINDOWS\system32\mttwfh.dll> [{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}] <C:\WINDOWS\system32\kbdswjr.dll> [{B29583D8-033A-4B9F-8553-7C5458F3FB8E}] <C:\WINDOWS\system32\jdsaex.dll> [{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}] <C:\WINDOWS\system32\cliconfgzx.dll> [{7914E0AA-ECCB-4311-B584-C49538227824}] <C:\WINDOWS\system32\jhfrxz.dll> [{45AADFAA-DD36-42AB-83AD-0521BBF58C24}] <C:\WINDOWS\system32\zycdex.dll> [{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}] <C:\WINDOWS\system32\adsntzt.dll> [{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}] <C:\WINDOWS\system32\hhrdxd.dll> [{8C41B7F7-3168-400D-A702-0E7EFE0BA304}] <C:\WINDOWS\system32\sgdewg.dll> [{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}] <C:\WINDOWS\system32\dntggf.dll> [{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}] <C:\WINDOWS\system32\jfdses.dll> [{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}] <C:\WINDOWS\system32\fofedzyo.dll> [{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}] <C:\WINDOWS\system32\wklsdd.dll> [{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}] <C:\WINDOWS\system32\catsrvwl.dll> [{76D44356-B494-443a-BEDC-AA68DE4255E6}] <C:\WINDOWS\system32\dispexcb.dll> [{D3112B69-A745-4805-874E-ABD480EA1299}] <C:\WINDOWS\system32\bootvidgj.dll> [{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}] <C:\WINDOWS\system32\dpvvoxmh.dll> [kcien32] <kncer32.exe> [HBService] <HBInject.exe> [WinlogonNotify: xy3safe] <C:\WINDOWS\system32\360mon.dll> [AppInit_DLLs]修改：把<HBmhly.dll>修改为<>即清空启动项目－－服务－－驱动程序之如下项禁用： [msiffei / msiffei] <System32\Drivers\msiffei.sys> [HBKernel Driver / HBKernel] <\SystemRoot\system32\DRIVERS\HBKernel.sys> 系统修复－－　浏览器加载项之如下项删除： [] <C:\Program Files\Internet Explorer\ExploreNt.win> [] <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Dat> [] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.win> [] <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Dat> [] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Sys> windows清理助手清理可自动修复服务项 [Remote Procedure Call (RPC) / RpcSs] <C:\WINDOWS\system32\svchost -k rpcss-->C:\WINDOWS\system32\srpcss.dll> Xdelbox使用方法
fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪

金星王子版主帖子:2663 注册: 2007-03-05 来自:黑龙江	发表于： 2008-08-14 23:03 \| 短消息资料字号：小中大 15楼回复：日志分析练习080813 日志1： [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> [File is missing] <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll> [File is missing] <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll> [File is missing] <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing] <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing] <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> [File is missing] <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll> [File is missing]这些位置的键值删除 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <Alitalk><; C:\PROGRA~1\阿里巴巴\贸易通\AliTalk.EXE> [File is missing] <Anti-Spy Tools><; C:\Documents and Settings\new\桌面\ast_PConline\ast\AST.exe -min> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <NVDispDrv><; C:\WINDOWS\NVDispDrv.exe> [File is missing] <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [File is missing] <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <SysExplr><; C:\Program Files\haojie\SuperPlayer3000\SYSEXPLR.EXE> [] <upxdnd><; C:\WINDOWS\upxdnd.exe> [File is missing] <WangWang><; "C:\Program Files\Alisoft\WangWang\WangWang.EXE"> [File is missing] 这些位置需要修复，其中<upxdnd><; C:\WINDOWS\upxdnd.exe> [File is missing] 是病毒残余的，删除 ; C:\Program Files\yok\yok.exe 是病毒，建议通过XDelBox删除 [IIS Manager / IIS Manager ][Stopped/Manual Start] <\??\C:\DOCUME~1\new\LOCALS~1\Temp\1.tmp><N/A> 该键值有问题，删除 \SystemRoot\System32\DRIVERS\ql1080.sys \SystemRoot\System32\DRIVERS\ql12160.sys \SystemRoot\System32\DRIVERS\ql1280.sys \SystemRoot\System32\DRIVERS\sparrow.sys \SystemRoot\System32\DRIVERS\sptrak.sys \SystemRoot\System32\DRIVERS\symc810.sys \SystemRoot\System32\DRIVERS\symc8xx.sys \SystemRoot\System32\DRIVERS\sym_u3.sys 这些键值有些可疑，有可能是感染病毒后导致出现问题，修复一下。金星王子最后编辑于 2008-08-14 23:04:34 安全，在任何行业中都是重中之重。
金星王子版主帖子:2663 注册: 2007-03-05 来自:黑龙江

fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪	发表于： 2008-08-14 23:12 \| 短消息资料字号：小中大 16楼回复: 日志分析练习080813 No.3 Xdelbox删除 c:\windows\system32\d32dx9.sys c:\netapi000.sys sreng修复启动项目－－注册表之如下项删除： [uepugifk.dll] <> [cliconfgzx.dll] <> [rasdlgcq.dll] <> [midimapmy] <> [{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}] <> [{45AADFAA-DD36-42AB-83AD-0521BBF58C24}] <> 启动项目－－服务－－驱动程序之如下项禁用： [HiddFldy / HiddFldy] <\??\C:\WINDOWS\system32\d32dx9.sys> [NetApi000 / NetApi000] <\??\C:\NetApi000.sys> fillix 最后编辑于 2008-08-15 00:16:56 Xdelbox使用方法
fillix 飘泊而立狮帖子:771 注册: 2008-07-05 来自:哪

金星王子版主帖子:2663 注册: 2007-03-05 来自:黑龙江	发表于： 2008-08-14 23:15 \| 短消息资料字号：小中大 17楼回复：日志分析练习080813 日志2： c:\windows\system32\wklsdd.dll c:\windows\system32\wrqszl.dll c:\windows\system32\wyrsdj.dll c:\windows\system32\hbmhly.dll c:\windows\system32\hhrdxd.dll c:\windows\system32\imgutilhx2.dll c:\windows\system32\jdsaex.dll c:\windows\system32\jfdses.dll c:\windows\system32\jhfrxz.dll c:\windows\system32\kbdswjr.dll c:\windows\system32\kgfghd.dll c:\windows\system32\lweurqhx.dll c:\windows\system32\mttwfh.dll c:\windows\system32\360mon.dll c:\windows\system32\adsntzt.dll c:\windows\system32\avicapwm.dll c:\windows\system32\bootvidgj.dll c:\windows\system32\catsrvwl.dll c:\windows\system32\certmgrkd.dll c:\windows\system32\cliconfgzx.dll c:\windows\system32\ddserh.dll c:\windows\system32\dispexcb.dll c:\windows\system32\dpvvoxmh.dll c:\windows\system32\fmcvxy.dll c:\windows\system32\fofedzyo.dll c:\windows\system32\gbynoji.dll c:\windows\fonts\ijdycpaw.dll c:\program files\internet explorer\plugins\winnt64.sys c:\program files\internet explorer\explorent.dat c:\program files\internet explorer\explorent.sys c:\program files\internet explorer\explorent.win c:\program files\internet explorer\plugins\unixsys08.sys c:\program files\tencent\qq\nifuvq.dll c:\windows\system32\wzcfsw.dll c:\windows\system32\jfrwdh.dll c:\windows\system32\zsdgff.dll c:\windows\system32\tdggrz.dll c:\windows\system32\fsrgeb.dll c:\windows\system32\zgtwfx.dll c:\windows\system32\zycdex.dll c:\windows\system32\sgdewg.dll c:\windows\system32\dntggf.dll hbmhly.dll kncer32.exe hbinject.exe 需要删除，如果手工删不掉，需配合XDelBox。 [WinlogonNotify: xy3safe] <C:\WINDOWS\system32\360mon.dll> [{28766E1C-74B0-4417-8C75-F12AE309EF35}] <C:\WINDOWS\system32\wzcfsw.dll> [{A9895933-6636-4281-BC58-EE6DE2AF96E3}] <C:\WINDOWS\system32\ddserh.dll> [{841529CB-7F77-4B99-A895-B5441E0D302F}] <C:\WINDOWS\system32\jfrwdh.dll> [{86899D14-95D7-4E22-8AB3-7ACC53076FC9}] <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [{00300030-0030-0030-0030-00300030BB15}] <C:\WINDOWS\system32\imgutilhx2.dll> [{71A78CD4-E470-4a18-8457-E0E0283DD507}] <C:\WINDOWS\system32\lweurqhx.dll> [{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}] <C:\WINDOWS\system32\certmgrkd.dll> [{3A698452-C5D8-C584-C256-C264C987C5A3}] <C:\WINDOWS\Fonts\ijdycpaw.dll> [{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}] <C:\Program Files\Internet Explorer\ExploreNt.Dat> [{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}] <C:\Program Files\Internet Explorer\ExploreNt.win> [{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}] <C:\Program Files\Internet Explorer\ExploreNt.Sys> [{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}] <C:\WINDOWS\system32\kgfghd.dll> [{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}] <C:\WINDOWS\system32\zsdgff.dll> [{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}] <C:\WINDOWS\system32\wyrsdj.dll> [{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}] <C:\WINDOWS\system32\fmcvxy.dll> [{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}] <C:\WINDOWS\system32\tdggrz.dll> [{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}] <C:\WINDOWS\system32\fsrgeb.dll> [{006CA8A1-61BC-4774-A54C-F49034270BAD}] <C:\WINDOWS\system32\zgtwfx.dll> [{F99DEFDD-200B-4410-B572-E90883D527D2}] <C:\WINDOWS\system32\wrqszl.dll> [{AEB6717E-7E19-21d2-97EE-00C04FD91972}] <C:\WINDOWS\system32\360mon.dll> [{021F087F-4378-545F-74FA-37D345AD7A8C}] <C:\WINDOWS\system32\mttwfh.dll> [{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}] <C:\WINDOWS\system32\kbdswjr.dll> [{B29583D8-033A-4B9F-8553-7C5458F3FB8E}] <C:\WINDOWS\system32\jdsaex.dll> [{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}] <C:\WINDOWS\system32\cliconfgzx.dll> [{7914E0AA-ECCB-4311-B584-C49538227824}] <C:\WINDOWS\system32\jhfrxz.dll> [{7914E0AA-ECCB-4311-B584-C49538227824}] <C:\WINDOWS\system32\jhfrxz.dll> [{45AADFAA-DD36-42AB-83AD-0521BBF58C24}] <C:\WINDOWS\system32\zycdex.dll> [{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}] <C:\WINDOWS\system32\adsntzt.dll> [{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}] <C:\WINDOWS\system32\hhrdxd.dll> [{8C41B7F7-3168-400D-A702-0E7EFE0BA304}] <C:\WINDOWS\system32\sgdewg.dll> [{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}] <C:\WINDOWS\system32\dntggf.dll> [{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}] <C:\WINDOWS\system32\jfdses.dll> [{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}] <C:\WINDOWS\system32\fofedzyo.dll> [{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}] <C:\WINDOWS\system32\wklsdd.dll> [{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}] <C:\WINDOWS\system32\catsrvwl.dll> [{76D44356-B494-443a-BEDC-AA68DE4255E6}] <C:\WINDOWS\system32\dispexcb.dll> [{D3112B69-A745-4805-874E-ABD480EA1299}] <C:\WINDOWS\system32\bootvidgj.dll> [{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}] <C:\WINDOWS\system32\dpvvoxmh.dll> 注意该项[AppInit_DLLs]修改：把<HBmhly.dll>修改为<>即清空 [kcien32] <kncer32.exe> [load] <> [HBService] <HBInject.exe> 删除后重新启动，用SREng进行修复 [] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.win> [] <C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Dat> [] <C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <C:\Program Files\Internet Explorer\ExploreNt.Sys> 将键值删除后用金山清理专家或是卡卡安全助手、SREng辅助修复安全，在任何行业中都是重中之重。
金星王子版主帖子:2663 注册: 2007-03-05 来自:黑龙江

瓶子里没有水锋芒艾服狮帖子:1763 注册: 2007-01-27 来自:地域的游魂	发表于： 2008-08-15 09:07 \| 短消息资料字号：小中大 18楼回复：日志分析练习080813 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <bootvidgj.dll><C:\WINDOWS\system32\bootvidgj.dll> [File is missing] <kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll> [File is missing] <msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> [File is missing] <rasdlgcq.dll><C:\WINDOWS\system32\rasdlgcq.dll> [File is missing] <zkppcvyh.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <vhdfotay.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing] <cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> [File is missing] <bzahpuuj.dll><C:\WINDOWS\system32\bzahpuuj.dll> [File is missing] <adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> [File is missing] <slbiopfs2.dll><C:\WINDOWS\system32\slbiopfs2.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <yok.exe><; C:\Program Files\yok\yok.exe> [File is missing]
瓶子里没有水锋芒艾服狮帖子:1763 注册: 2007-01-27 来自:地域的游魂

瓶子里没有水锋芒艾服狮帖子:1763 注册: 2007-01-27 来自:地域的游魂	发表于： 2008-08-15 10:13 \| 短消息资料字号：小中大 19楼回复：日志分析练习080813 第二个,注册表中~ <HBService><HBInject.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] <kcien32><kncer32.exe> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><HBmhly.dll> [] <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll> [] <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll> [] <{76D44356-B494-443a-BEDC-AA68DE4255E6}><C:\WINDOWS\system32\dispexcb.dll> [] <{AF976DCD-754F-4ac2-BE49-951DC7AA57D2}><C:\WINDOWS\system32\catsrvwl.dll> [] <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll> [] <{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}><C:\WINDOWS\system32\fofedzyo.dll> [] <{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}><C:\WINDOWS\system32\jfdses.dll> [] <{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}><C:\WINDOWS\system32\dntggf.dll> [N/A] <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll> [N/A] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> [] <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll> [] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll> [N/A] <{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> [] <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll> [] <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [] <{432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D}><C:\WINDOWS\system32\kbdswjr.dll> [] <{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277}><C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys> [] <{021F087F-4378-545F-74FA-37D345AD7A8C}><C:\WINDOWS\system32\mttwfh.dll> [] <{AEB6717E-7E19-21d2-97EE-00C04FD91972}><C:\WINDOWS\system32\360mon.dll> [] <{F99DEFDD-200B-4410-B572-E90883D527D2}><C:\WINDOWS\system32\wrqszl.dll> [] <{006CA8A1-61BC-4774-A54C-F49034270BAD}><C:\WINDOWS\system32\zgtwfx.dll> [N/A] <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll> [N/A] <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll> [N/A] <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}><C:\WINDOWS\system32\fmcvxy.dll> [] <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll> [] <{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}><C:\WINDOWS\system32\zsdgff.dll> [N/A] <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll> [] <{0CD9CB21-F56C-4AE1-B188-39F1E8D692AB}><C:\Program Files\Internet Explorer\ExploreNt.Sys> [] <{D51510C1-ECEA-45F7-B782-FE0EC2D2535D}><C:\Program Files\Internet Explorer\ExploreNt.win> [] <{53AC264F-6DD8-41D9-921F-01FAAEA95C8B}><C:\Program Files\Internet Explorer\ExploreNt.Dat> [] <{3A698452-C5D8-C584-C256-C264C987C5A3}><C:\WINDOWS\Fonts\ijdycpaw.dll> [] <{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}><C:\WINDOWS\system32\certmgrkd.dll> [] <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll> [] <{00300030-0030-0030-0030-00300030BB15}><C:\WINDOWS\system32\imgutilhx2.dll> [] <{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}><C:\WINDOWS\system32\avicapwm.dll> [] <{86899D14-95D7-4E22-8AB3-7ACC53076FC9}><C:\Program Files\Internet Explorer\PLUGINS\WinNt64.Sys> [] <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll> [N/A] <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> [] <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xy3safe] <WinlogonNotify: xy3safe><C:\WINDOWS\system32\360mon.dll> []
瓶子里没有水锋芒艾服狮帖子:1763 注册: 2007-01-27 来自:地域的游魂

fairsentence 飘泊而立狮帖子:552 注册: 2008-07-13 来自:	发表于： 2008-08-15 10:47 \| 短消息资料字号：小中大 20楼回复：日志分析练习080813 第一篇 b]1.建议使用XDelBox删除以下文件：(XDelBox1.6下载) 使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。 c:\windows\system32\bootvidgj.dll c:\windows\system32\kbdswjr.dll c:\windows\system32\msobjstl.dll c:\windows\system32\rasdlgcq.dll c:\windows\system32\bzahpuuj.dll c:\windows\system32\imgutilhx2.dll c:\windows\system32\cliconfgzx.dll c:\windows\system32\adsntzt.dll c:\windows\system32\slbiopfs2.dll ; c:\windows\nvdispdrv.exe ; c:\windows\upxdnd.exe 2.删除重启后使用SREng修复下面各项：启动项目－－注册表之如下项删除： [bootvidgj.dll] <C:\WINDOWS\system32\bootvidgj.dll> [kbdswjr.dll] <C:\WINDOWS\system32\kbdswjr.dll> [msobjstl.dll] <C:\WINDOWS\system32\msobjstl.dll> [rasdlgcq.dll] <C:\WINDOWS\system32\rasdlgcq.dll> [zkppcvyh.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [vhdfotay.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [imgutilhx2.dll] <C:\WINDOWS\system32\imgutilhx2.dll> [cliconfgzx.dll] <C:\WINDOWS\system32\cliconfgzx.dll> [bzahpuuj.dll] <C:\WINDOWS\system32\bzahpuuj.dll> [adsntzt.dll] <C:\WINDOWS\system32\adsntzt.dll> [slbiopfs2.dll] <C:\WINDOWS\system32\slbiopfs2.dll> [NVDispDrv] <; C:\WINDOWS\NVDispDrv.exe> [upxdnd] <; C:\WINDOWS\upxdnd.exe> [NVDispDrv] <; C:\WINDOWS\NVDispDrv.exe> 注意该项[Userinit]修改：把<C:\WINDOWS\system32\userinit.exe,svchost.xy3>修改为<C:\WINDOWS\system32\userinit.exe,>逗号不可省略 fairsentence 最后编辑于 2008-08-15 11:26:22
fairsentence 飘泊而立狮帖子:552 注册: 2008-07-13 来自:

<<上一主题|下一主题>>

2 / 3 页

跳转页

页面顶部

Powered by Discuz!NT