原帖由
哈些兰 于 2009-10-18 1:00:00 发表
[quote] 原帖由
aaccbbdd 于 2009-10-17 11:39:00 发表
Sreng官方下载SREng/智能扫描(
记得勾选“检查进程的数字签名)
等扫描完成,保存日志(LOG格式)
PS:如主程序SREng**.exe无法运行,导致
把附件的userinit.exe放到C:\WINDOWS\system32\下
C:\WINDOWS\system32\COMRes.dll找到重命名为1.dll,把附件里的COMRes.dll放到C:\WINDOWS\system32\下.
下面文件用XDelBox一次性删除
(
http://enao.ys168.com 下载)
复制上面所有要删除的文件,打开XDelBox,在待删除列表点 右键==>选择 剪贴版导入不检查路径==>勾选上 抑制再生==>点 右键==>选择==>立刻重启执行删除
C:\WINDOWS\system32\1.dll
C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf
C:\WINDOWS\Fonts\kb01803457.dll
C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf
C:\WINDOWS\Fonts\kb01803457.dll
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf
C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf
C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf
C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf
C:\WINDOWS\system32\pwd4Xpm8KYzkcbqcaKT.inf
C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur
C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf
C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf
C:\WINDOWS\system32\SCEVFJRCmaB7.dll
C:\WINDOWS\system32\CDuAUVkGy9.dll
C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf
C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll
C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf
C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf
C:\WINDOWS\fonts\A97CRaCB.fon
C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf
C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf
C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur
C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf
C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf
C:\WINDOWS\system32\qzp3jTZCSfSh.dll
C:\WINDOWS\system32\ndxq9awMc.dll
C:\WINDOWS\system32\dhDhwS7fFW.dll
C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll
C:\WINDOWS\Downloaded Program Files\TFKN5UmfMKAXpQvqR3Vg.cur
C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf
C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf
C:\WINDOWS\system32\2EF0D734.dll
C:\Program Files\Internet Explorer\sdk.dll
C:\WINDOWS\Fonts\kb01803937.dll
C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf
C:\WINDOWS\System32\Drivers\afyhand.sys
C:\DOCUME~1\zzd\LOCALS~1\Temp\~24459.ex
运行IFEO映像挟持修复程序(
http://enao.ys168.com 下载)
删除注册表项目
<{A2BCFCEE-C939-433F-A32A-7353A6E720DB}><C:\WINDOWS\Tasks\JJX5r8wnsqUnNxGwpwn.inf> []
<{9B1AE382-2647-4c4a-A313-B36B6CA34BD7}><C:\WINDOWS\Fonts\kb01803937.dll> []
<{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}><C:\WINDOWS\system32\AMNCZw74h8gwd6CpYGkrZDy8.inf> []
<{827E2FB4-1047-43DE-848D-E12BB0C97AAB}><C:\WINDOWS\Tasks\SbrmpxjdCrgRAFhz4gHh.inf> []
<{6049BC02-7EDA-4C41-B4AB-D5398607C39E}><C:\WINDOWS\Tasks\yGfdVUegEQm9fhY5rnN.inf> []
<{09FDF8F4-0F9E-4C84-9F0C-21A1143815E3}><C:\WINDOWS\system32\pwd4Xpm8KYzkcbqcaKT.inf> []
<{526EB425-7F56-4773-8D70-B8E45AA8E2B6}><C:\WINDOWS\Downloaded Program Files\WUstNjhyfQfpv8PQbC.cur> []
<{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}><C:\WINDOWS\Tasks\CgbYR44s5jCmgAd6ar.inf> []
<{87DE8A1A-96C5-4420-B222-EF998F697CE7}><C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.inf> []
<{84639C2D-CD75-4081-B515-329AFCECBF19}><C:\WINDOWS\Downloaded Program Files\SjRjQgREDp3P8B4rEEg.cur> []
<{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll> []
<{20CFDC59-228C-481F-80B6-404BCFA16B13}><C:\WINDOWS\system32\Je9hR9NedWPyAckEN42c.inf> []
<{CD478099-014D-4B3A-A4BB-B518F1019BC7}><C:\WINDOWS\system32\SCEVFJRCmaB7.dll> []
<{93DA1E7D-7C46-4F90-8674-EC90511FCA72}><C:\WINDOWS\system32\CDuAUVkGy9.dll> []
<{B7F1BFDC-4B6C-4E2F-AF7A-638D2D47802C}><C:\WINDOWS\system32\FsmBY3kmWnAG5gRbwGgU.inf> []
<{51716C09-6B08-4CCF-B526-718E912C0573}><C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll> []
<{1719B301-B494-4185-9379-242461F9CF02}><C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf> []
<{C07B914B-C164-42D2-9838-1422C3F70D99}><C:\WINDOWS\system32\BPRBASgvesMzHRfu3AfB.inf> []
<{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon> []
<{74DA2FEC-F68F-4DC7-9A45-9174AC044427}><C:\WINDOWS\system32\z6FVkEF47huPzgaXee.inf> []
<{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}><C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf> []
<{F181F067-7046-4DCB-993F-200990736305}><C:\WINDOWS\Downloaded Program Files\sZaeAC74EzXJeVeJu6p.cur> []
<{CB661471-055A-4C5B-9ED0-497B9908FEF5}><C:\WINDOWS\system32\CWcQnWxHjWqtE6PsYyEe.inf> []
<{335A9BAE-19FA-42F2-AFD2-20C3275EF392}><C:\WINDOWS\system32\qfK6YS52MyExkxpwMDmHq.inf> []
<{4F5EEDE5-1687-49D2-8A17-FF0B454FB37B}><C:\WINDOWS\system32\qzp3jTZCSfSh.dll> []
<{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}><C:\WINDOWS\system32\ndxq9awMc.dll> []
<{8A6A5B34-D995-4C5D-9338-B5E264B4A87}><C:\WINDOWS\system32\nXe2grrKNzF9dxYKmqg.inf> []
<{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll> []
<{8E6D4583-0FA1-41B2-BAAA-63352E6333CA}><C:\WINDOWS\system32\jY8sGUnWqbZb3x2BPhY.dll> []
<{7577B21C-0CE4-4572-A6F4-2B47B0117429}><C:\WINDOWS\Downloaded Program Files\TFKN5UmfMKAXpQvqR3Vg.cur> []
<{07B2788F-BD22-404E-B617-4ABCA2C0BF94}><C:\WINDOWS\Tasks\TQupe3tz9FGwu56yjWvyY4t.inf> []
<{612A87C6-33C3-4CCF-9F65-55FFC9C83860}><C:\WINDOWS\system32\t5SNSsxGp75apRFtS5Pkuajx.inf> []
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><C:\WINDOWS\system32\2EF0D734.dll> []
<{7F826903-D0C4-4A05-BA43-36379CEDC745}><C:\Program Files\Internet Explorer\sdk.dll> []
删除驱动服务
[afyhand / afyhand][Running/System Start]
<System32\Drivers\afyhand.sys><afyhand>
[vb / vb][Stopped/Manual Start]
<\??\C:\DOCUME~1\zzd\LOCALS~1\Temp\~24459.ex><N/A>
