瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】已经杀了很多了,但还有,请帮帮我(附SREng日志)

1   1  /  1  页   跳转

【求助】已经杀了很多了,但还有,请帮帮我(附SREng日志)

收藏
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:37 | 显示全部 短消息 资料
字号: 1楼

【求助】已经杀了很多了,但还有,请帮帮我(附SREng日志)

不知道这个SREng日志怎么操作,希望知道的详细说明一下,修复操作步骤顺序,谢谢
最后编辑2007-07-03 22:58:21.890000000
分享到:
gototop
 
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:37 | 显示全部 短消息 资料
字号: 2楼

2007-07-03,22:15:15

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <wsctf.exe><wsctf.exe>  [Microsoft Corporation]
    <KavPFW><"D:\KAV2005\KAVPFW.EXE">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <PHIME2002ASync><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <Microsoft (R) Windows Protocol Deployment Manager><D:\WINDOWS\system32\3.tmp>  [N/A]
    <Windows Explorer><D:\WINDOWS\System32\explorer.exe>  [N/A]
    <stup.exe><D:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <supdate2.dll><; RUNDLL32.EXE D:\WINDOWS\System32\supdate2.dll,Run>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><D:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\DOCUME~1\abcd\桌面\WATER.SCR>  []

==================================
启动文件夹
N/A

==================================
服务
[aucup / aucup][Stopped/Auto Start]
  <><N/A>
[aukld / aukld][Stopped/Auto Start]
  <><N/A>
[aumms / aumms][Stopped/Auto Start]
  <><N/A>
[CoolWare / CoolWare][Running/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\System32\main.dll><>
[gkazgj / gkazgj][Stopped/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\PROGRA~1\mkazgj\mkazgj.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"D:\Program Files\iPod\bin\iPodService.exe"><N/A>
[jkuowmr / jkuowmr][Stopped/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\PROGRA~1\COMMON~1\pkuocmr\pkuocmr.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <D:\KAV2005\KWatch.EXE><Kingsoft Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"D:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[Network helper Service / MSDisk][Stopped/Auto Start]
  <"D:\WINDOWS\System32\irdvxc.exe" /service><N/A>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINDOWS\System32\nvsvc32.exe><N/A>
[PDEngine / PDEngine][Stopped/Manual Start]
  <D:\Program Files\Raxco\PerfectDisk\PDEngine.exe><Raxco Software, Inc.>
[Windows Protocol Deployment Manager / PDM][Stopped/Auto Start]
  <D:\WINDOWS\system32\3.tmp><N/A>
[PDScheduler / PDSched][Stopped/Auto Start]
  <D:\Program Files\Raxco\PerfectDisk\PDSched.exe><Raxco Software, Inc.>
[qjfqrh / qjfqrh][Running/Auto Start]
  <D:\WINDOWS\System32\rundll32.exe D:\PROGRA~1\COMMON~1\wjfqxh\wjfqxh.dll,Service -s><Microsoft Corporation>
[winaua / winaua][Stopped/Auto Start]
  <><N/A>
[winmum / winmum][Stopped/Auto Start]
  <><N/A>
[Windows Service Monitor / winsvcmon][Stopped/Auto Start]
  <D:\WINDOWS\System32\winsvcmon.exe><N/A>
[WMDM PMSP Service / WMDM PMSP Service][Stopped/Auto Start]
  <D:\WINDOWS\System32\MsPMSPSv.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[00002a2d / 00002a2d][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\00002a2d.SYS><N/A>
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[aahacahg / aahacahg][Stopped/System Start]
  <\??\D:\WINDOWS\system32\drivers\aahacahg.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[basic2 / basic2][Running/Manual Start]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Copystar / Copystar][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\copystar.sys><An Chen Computer>
[d346bus / d346bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d346prt.sys><>
[ehbheecc / ehbheecc][Stopped/System Start]
  <\??\D:\WINDOWS\system32\drivers\ehbheecc.sys><N/A>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><N/A>
[hsf_msft / hsf_msft][Running/Manual Start]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56][Running/Auto Start]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\D:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\D:\KAV2005\KNetWch.SYS><金山电脑公司>
[KWatch3 / KWatch3][Running/System Start]
  <\??\D:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[New0 / New0][Running/Auto Start]
  <\??\D:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwupspx / nwupspx][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\nwupspx.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Running/Manual Start]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SoftFax / SoftFax][Running/Auto Start]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[Tones / Tones][Running/Auto Start]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[V124 / V124][Running/Auto Start]
  <System32\DRIVERS\HSF_V124.sys><Conexant>
[37687 / 37687][Running/Disabled]
  <2 - 系统找不到指定的文件。
><N/A>
gototop
 
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:38 | 显示全部 短消息 资料
字号: 3楼

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <D:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <D:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <D:\WINDOWS\DOWNLO~1\WEBACT~1.OCX, QQ>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <D:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[WuYou.WySystem]
  {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <D:\WINDOWS\System32\WYSYSTEM.OCX, WuYou>
[Spocx Class]
  {8135EF31-FE8C-4C6E-A18A-F59944C3A488} <D:\WINDOWS\Downloaded Program Files\dddspocx.dll, >
[VDLCtrl Class]
  {A2A63268-7BBE-48DC-B462-7AB5812DB159} <D:\WINDOWS\VDLProxy.dll, >
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <D:\PROGRA~1\Tencent\QQ\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, 360safe.com>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[>>2êD?·¢?í<<]
  <, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 580][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 604][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [D:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [D:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
[PID: 648][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 816][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 852][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\windows\system32\main.dll]  [, 1, 0, 0, 5]
[PID: 932][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 956][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1104][D:\KAV2005\KWatch.EXE]  [Kingsoft Corporation, 2005, 4, 24, 48]
    [D:\KAV2005\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [D:\KAV2005\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [D:\KAV2005\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
[PID: 1180][D:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [D:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1336][D:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.39.1]
    [D:\Program Files\Common Files\LightScribe\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Common Files\LightScribe\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1364][D:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\WINDOWS\TEMP\cccc\gggg.dll]  [, 2, 8, 0, 2]
[PID: 1540][D:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wjfqxh.dll]  [ , 3, 8, 0, 9]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
[PID: 1852][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
    [D:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 9.00.00.3086]
    [D:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [D:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [D:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2024][D:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [D:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
[PID: 2032][D:\WINDOWS\System32\wsctf.exe]  [Microsoft Corporation, 5.2600.2180]
    [D:\WINDOWS\System32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
    [D:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]
[PID: 976][E:\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls]  [, 3, 6, 0, 9]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A
gototop
 
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:55 | 显示全部 短消息 资料
字号: 4楼

========Content========
任务管理器里显示有“落雪”winlogon.exe,用过江民的专杀,没杀掉

msconfig启动里有wsctf

附件附件:

下载次数:296
文件类型:image/pjpeg
文件大小:
上传时间:2007-7-3 22:55:47
描述:
gototop
 
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:57 | 显示全部 短消息 资料
字号: 5楼

.

附件附件:

下载次数:266
文件类型:image/pjpeg
文件大小:
上传时间:2007-7-3 22:57:33
描述:
gototop
 
怕怕救救
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2007-07-03
  • 来自:
发表于: 2007-07-03 22:58 | 显示全部 短消息 资料
字号: 6楼

引用:
【agee的贴子】删除以下启动项
<wsctf.exe><wsctf.exe> [Microsoft Corporation]
<Microsoft (R) Windows Protocol Deployment Manager><D:\WINDOWS\system32\3.tmp> [N/A]
<Windows Explorer><D:\WINDOWS\System32\explorer.exe> [N/A]
<supdate2.dll><; RUNDLL32.EXE D:\WINDOWS\System32\supdate2.dll,Run> [N/A]
<stup.exe><D:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
删除以下服务
[CoolWare / CoolWare][Running/Auto Start]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\System32\main.dll><>
[gkazgj / gkazgj][Stopped/Auto Start]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\PROGRA~1\mkazgj\mkazgj.dll><N/A>
[jkuowmr / jkuowmr][Stopped/Auto Start]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\PROGRA~1\COMMON~1\pkuocmr\pkuocmr.dll><N/A>
[Network helper Service / MSDisk][Stopped/Auto Start]
<"D:\WINDOWS\System32\irdvxc.exe" /service><N/A>
[Windows Protocol Deployment Manager / PDM][Stopped/Auto Start]
<D:\WINDOWS\system32\3.tmp><N/A>
[qjfqrh / qjfqrh][Running/Auto Start]
<D:\WINDOWS\System32\rundll32.exe D:\PROGRA~1\COMMON~1\wjfqxh\wjfqxh.dll,Service -s><Microsoft Corporation>
[Windows Service Monitor / winsvcmon][Stopped/Auto Start]
<D:\WINDOWS\System32\winsvcmon.exe><N/A>
删除以下驱动
[00002a2d / 00002a2d][Stopped/Boot Start]
<\SystemRoot\System32\drivers\00002a2d.SYS><N/A>
[aahacahg / aahacahg][Stopped/System Start]
<\??\D:\WINDOWS\system32\drivers\aahacahg.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[ehbheecc / ehbheecc][Stopped/System Start]
<\??\D:\WINDOWS\system32\drivers\ehbheecc.sys><N/A>
[New0 / New0][Running/Auto Start]
<\??\D:\WINDOWS\System32\new.sys><N/A>
[nwupspx / nwupspx][Stopped/Boot Start]
<\SystemRoot\System32\drivers\nwupspx.sys><N/A>
进程中调用的以下文件删除
[D:\PROGRA~1\COMMON~1\wjfqxh\wleehk.nls] [, 3, 6, 0, 9]
[d:\windows\system32\main.dll] [, 1, 0, 0, 5]
[D:\WINDOWS\TEMP\cccc\gggg.dll] [, 2, 8, 0, 2]
[D:\PROGRA~1\COMMON~1\wjfqxh\wjfqxh.dll] [ , 3, 8, 0, 9]
并将上述有问题文件全部删除
………………

谢谢,弱弱的问一下,如何删除法,用不来sreng
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT