以后发帖看看这个~~
游戏迷的发帖必读
http://forum.ikaka.com/topic.asp?board=40&artid=8363891另外SRENG的使用方法可以看:
http://bbs.ikaka.com/showtopic-8442813.aspx(注意,删除服务和驱动最后一个对话框选择“否”)
你中了木马群~~~
如下操作:
用附件的XDELBOX删除文件
C:\WINDOWS\system32\kcoin32.dll
C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys
C:\WINDOWS\system32\adsntzt.dll
C:\WINDOWS\system32\jleocsqh.dll
C:\WINDOWS\system32\mstimewd.dll
C:\WINDOWS\system32\ksuserfy.dll
C:\WINDOWS\system32\dispexcb.dll
C:\WINDOWS\system32\cliconfgzx.dll
C:\WINDOWS\system32\d32dx9.sys
C:\WINDOWS\system32\nsnblkuk.sys
复制他们,从剪贴板导入,点上抑制再生,右键点击要删除的文件列表,选择立即重起删除(如果说找不到文件,不用管,继续操作)
重起以后进入XDELBOX工具,执行删除~
删除过后,打开SRENG
注册表中删除
<{00050005-0005-0005-0005-00050005BB15}><C:\WINDOWS\system32\cliconfgzx.dll> []
<{00060006-0006-0006-0006-00060006BB15}><C:\WINDOWS\system32\dispexcb.dll> []
<{91954FAC-1023-154F-895A-1458258AD819}><C:\WINDOWS\system32\ypdjgbmp.dll> []
<{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><C:\WINDOWS\system32\mnmhgsrv.dll> []
<{528DF602-9541-A985-210A-984A698C6F25}><C:\WINDOWS\system32\ptjhehlp.dll> []
<{7FD45A54-9875-698F-E56E-65102358FDF7}><C:\WINDOWS\system32\apsggjba.dll> []
<{6C648541-1025-9650-9057-6541258720C6}><C:\WINDOWS\system32\mndhfdwd.dll> []
<{00130013-0013-0013-0013-00130013BB15}><C:\WINDOWS\system32\ksuserfy.dll> []
<{00180018-0018-0018-0018-00180018BB15}><C:\WINDOWS\system32\mstimewd.dll> []
<{00150015-0015-0015-0015-00150015BB15}><C:\WINDOWS\system32\jleocsqh.dll> []
<{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll> []
<{32596546-2036-9451-6058-658402589723}><C:\WINDOWS\system32\opshcbty.dll> []
<{4F4F0064-71E0-4f0d-0021-708476C7815F}><C:\WINDOWS\system32\midimappt.dll> [N/A]
<{4372FE4D-E2C2-45FE-A893-E2B1691A7DD0}><C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<cliconfgzx.dll><C:\WINDOWS\system32\cliconfgzx.dll> []
<dispexcb.dll><C:\WINDOWS\system32\dispexcb.dll> []
<ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll> []
<mstimewd.dll><C:\WINDOWS\system32\mstimewd.dll> []
<jleocsqh.dll><C:\WINDOWS\system32\jleocsqh.dll> []
<adsntzt.dll><C:\WINDOWS\system32\adsntzt.dll> []
<midimappt><C:\WINDOWS\system32\midimappt.dll> [N/A]
<kcoin><kcoin32.exe> []
编辑<AppInit_DLLs><ieprot.dll toolbo.dll wocronce.dll pocolieov.dll qqtmd.dll womsoy.dll zipyqld.dll jelens.dll wcpome.dll verptw.dll qananp.dll> [N/A]为
<AppInit_DLLs><ieprot.dll> [N/A]
删除驱动程序
[HiddFldy / HiddFldy][Running/Auto Start]
<\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[IIS Manager / IIS Manager ][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp><N/A>
[nsnblkuk / nsnblkuk][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\nsnblkuk.sys><N/A>
删除
浏览器加载项
[]
{32596546-2036-9451-6058-658402589723} <C:\WINDOWS\system32\opshcbty.dll, N/A>
[]
{4372FE4D-E2C2-45FE-A893-E2B1691A7DD0} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[]
{528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A>
[]
{6C648541-1025-9650-9057-6541258720C6} <C:\WINDOWS\system32\mndhfdwd.dll, N/A>
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>
[]
{7FD45A54-9875-698F-E56E-65102358FDF7} <C:\WINDOWS\system32\apsggjba.dll, N/A>
[]
{91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A>
修复文件关联
然后下载arswp(Windows清理助手)清理下..
http://www.arswp.com/download/arswp/arswp.rar清理临时文件夹:
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空下列临时文件夹中所有内容:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp
C:\WINDOWS\TEMP
更新杀软全盘杀毒
