我今天装了个播放器中的病毒
我用XDelBox删除了 大家帮我看下 还有什么地方没对的 希望高手指教一下(我知道看日记很麻烦的,辛苦了)谢谢!!
XDelBox删除
C:\WINDOWS\system32\zxexe.exe
C:\WINDOWS\system32\opfoaklf.dll
C:\WINDOWS\system32\gmfgbhea.dll
C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\opfoaklf.dll
C:\WINDOWS\system32\gmfgbhea.dll
C:\WINDOWS\INF\wmp10.inf
C:\WINDOWS\System32\shsvcs.dll
C:\WINDOWS\system32\wiaservc.dll
C:\WINDOWS\System32\shsvcs.dll
C:\WINDOWS\System32\upnphost.dll
C:\WINDOWS\system32\MsPMSNSv.dll
d:\ProgramFiles\QvodPlayer\QvodTerminal.exe(我就是装这个才中病毒的这个也干掉)
C:\WINDOWS\system32\gmfgbhea.dll
C:\WINDOWS\system32\RICHED20.dll
C:\WINDOWS\system32\F71A67D5.dll
C:\WINDOWS\system32\CC80F0B4.dll
C:\WINDOWS\system32\C60BC4DF.dll
C:\WINDOWS\system32\opfoaklf.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\76B9BA7A.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zxdll.dat
C:\DOCUME~1\ADMINI~1\LOCALS~\Temp\zxdll.dat
C:\WINDOWS\system32\CC80F0B4.dll
C:\DocumentsandSettings\Administrator\桌面\new23.exe
C:\DocumentsandSettings\Administrator\LocalSettings\Temp(下清空所有(因为我发发现这个下面有个A366.exe也是病毒)
修复 HOSTS文件
服务删除
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Windows User Mode Driver Framework / UMWdf][Stopped/Disabled]
<C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\MsPMSNSv.dll><Microsoft Corporation>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
<d:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>(我恨死这个,就是因为装了这个)
注册表删除
<zxexe.exe><C:\WINDOWS\system32\zxexe.exe> []
<{89F8A45F-F474-4B5F-84D7-489272357D13}><C:\WINDOWS\system32\opfoaklf.dll> []
<{06F0B1EA-7329-4841-9E7C-C8F29FC501DE}><C:\WINDOWS\system32\gmfgbhea.dll> []
<{F71A67D5-5BBB-47A3-9534-4150FC739257}><F71A67D5.dll> []
<{76B9BA7A-81D0-4979-8598-8471F2AB5186}><76B9BA7A.dll> []
<{CC80F0B4-04D7-44D0-8DB9-9109B5B72141}><CC80F0B4.dll> []
<{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll> []
<{C60BC4DF-4CAB-4F66-ABED-D3FCCE7910AD}><C60BC4DF.dll> []
清除
<AppInit_DLLs><gmfgbhea.dll,opfoaklf.dll>
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon; CIBA)