瑞星卡卡安全论坛
自由被绑架 - 2005-10-6 21:36:00
各位歌手,怎样查杀灰鸽子啊???
自由被绑架 - 2005-10-6 21:37:00
这是我的日志啊
HijackThis@Qoo的扫描日志 V1.97.7
Scan saved at 13:44:10, on 2005-10-6
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lenovo\联想键盘驱动\Kbdriver.exe
C:\Program Files\联想(北京)有限公司\幸福飞梭\Shuttle.exe
C:\Program Files\rising\Rfw\RfwMain.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
E:\Program Files\Tencent\QQ\QQ.exe
E:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Lenovo\TimerService\LenovoTimer.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\conime.exe
E:\Program Files\Thunder\Thunder.exe
C:\Program Files\rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
E:\DownLoad\hijackthis1.97_qoo\HijackThis.exe
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: ????? - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - E:\
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lskbdrv] C:\Program Files\Lenovo\
O4 - HKLM\..\Run: [Shuttle.exe] C:\Program Files\
O4 - HKLM\..\Run: [yahoo_mini] rem ; C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TimerClient.exe] ; "C:\Program Files\Lenovo\TimerService\TimerClient.exe"
O4 - HKLM\..\Run: [MyDevice.exe] ; "C:\Program Files\Common Files\Lenovo\Happyhome\Commondll\MyDevice.exe"
O4 - HKLM\..\Run: [iTunesHelper] ; "F:\ipod photo\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] rem ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: ntuser.dat
O4 - Startup: reglog.txt
O4 - Startup: Game.Dat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128440237703
O17 - HKLM\System\CCS\Services\Tcpip\..\{F06F4B14-9A6B-4AA3-8413-68655F96F6CF}: NameServer = 211.98.2.4 211.98.4.1
lion118 - 2005-10-6 21:40:00
用瑞星呀!
也可用瑞星在线先它查出来,在安全模式下手工办了它。
仅供参考。
lion118 - 2005-10-6 21:41:00
用最新版本17.47.10。
命运里の金色 - 2005-10-6 21:54:00
版本太低,请用V1.99.1在扫描下
自由被绑架 - 2005-10-6 22:01:00
可是我没有那个什么v1.99.1呀
自由被绑架 - 2005-10-6 22:03:00
我用瑞星查过的,说是给查杀了,可是,重新开机后又会出来了.
猎鹰渔民 - 2005-10-6 22:03:00
置顶帖中就有…………
自由被绑架 - 2005-10-6 22:06:00
我要崩溃了!!!!
自由被绑架 - 2005-10-6 22:07:00
哥哥,我是电脑白痴啊!!!根本看不懂!!!
命运里の金色 - 2005-10-6 22:10:00
http://forum.ikaka.com/topic.asp?board=28&artid=7259392看这里~
猎鹰渔民 - 2005-10-6 22:12:00
……http://forum.ikaka.com/topic.asp?board=28&artid=6979213一楼附件……
自由被绑架 - 2005-10-6 22:16:00
等我看看啊!不知道看不看的懂!
网络安全顾问 - 2005-10-6 22:19:00
帮不了你呀!我还中着招那!!
自由被绑架 - 2005-10-6 22:19:00
哥哥们,我看不懂,请你告诉我怎么做吧!该下载什么软件?在哪里下?谢谢谢谢!
自由被绑架 - 2005-10-6 22:21:00
哦,这个病毒会不会把我的QQ偷走啊?>我都不敢上QQ!
命运里の金色 - 2005-10-6 22:25:00
http://forum.ikaka.com/topic.asp?board=28&artid=6202404用这个网页里楼主的附件,扫描电脑,把日志发上来
自由被绑架 - 2005-10-6 22:47:00
对不起,让你久等了!以下是扫描出来的东西:
Logfile of HijackThis v1.99.1
Scan saved at 22:43:56, on 2005-10-6
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lenovo\联想键盘驱动\Kbdriver.exe
C:\Program Files\联想(北京)有限公司\幸福飞梭\Shuttle.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\TimerService\LenovoTimer.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
E:\DownLoad\155847200541134207\HijackThis.exe
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\3721\Assist\Angling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: BitCometBar - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - E:\工具\BT\BitComet\BitCometBar\BitCometBar0.2.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lskbdrv] C:\Program Files\Lenovo\联想键盘驱动\Kbdriver.exe
O4 - HKLM\..\Run: [Shuttle.exe] C:\Program Files\联想(北京)有限公司\幸福飞梭\Shuttle.exe
O4 - HKLM\..\Run: [yahoo_mini] rem ; C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TimerClient.exe] ; "C:\Program Files\Lenovo\TimerService\TimerClient.exe"
O4 - HKLM\..\Run: [MyDevice.exe] ; "C:\Program Files\Common Files\Lenovo\Happyhome\Commondll\MyDevice.exe"
O4 - HKLM\..\Run: [iTunesHelper] ; "F:\ipod photo\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] rem ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 腾讯QQ.lnk = E:\Program Files\Tencent\QQ\QQ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - E:\Program Files\Thunder\geturl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\HAPPYH~1\CIBA2002\IEPlugin.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\HAPPYH~1\CIBA2002\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.legend.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128440237703
O17 - HKLM\System\CCS\Services\Tcpip\..\{F06F4B14-9A6B-4AA3-8413-68655F96F6CF}: NameServer = 211.98.2.4 211.98.4.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\ipod photo\ipod\bin\iPodService.exe
O23 - Service: LenovoTimerService - Unknown owner - C:\Program Files\Lenovo\TimerService\LenovoTimer.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - C:\Program Files\rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
O23 - Service: svchost.exe - Unknown owner - C:\WINDOWS\svchost.exe
baohe - 2005-10-6 22:49:00
| 引用: |
【自由被绑架的贴子】哥哥们,我看不懂,请你告诉我怎么做吧!该下载什么软件?在哪里下?谢谢谢谢!
........................... |
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
附件:
1558472005106224915.jpg
自由被绑架 - 2005-10-6 22:50:00
我想知道这个病毒会不会把我的QQ弄没了啊?我的QQ都不敢上!
baohe - 2005-10-6 22:52:00
| 引用: |
【自由被绑架的贴子】我想知道这个病毒会不会把我的QQ弄没了啊?我的QQ都不敢上!
........................... |
O23 - Service: svchost.exe - Unknown owner - C:\WINDOWS\svchost.exe
灰鸽子
自由被绑架 - 2005-10-6 22:55:00
haohe /然后我该怎么办?
自由被绑架 - 2005-10-6 22:57:00
等等,上面有人说什么安全模式?怎么回事?
自由被绑架 - 2005-10-6 22:58:00
haohe/我看过你写的那个"怎样挡住灰鸽子"的帖.可是我看不懂!
命运里の金色 - 2005-10-6 22:59:00
O23 - Service: svchost.exe - Unknown owner - C:\WINDOWS\svchost.exe
1,开始-运行输入regedit,打开注册表编辑器,定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支,删除左栏中的病毒服务名svchost.exe
2.重启系统,在“文件夹选项”的“查看”面板中勾选“显示系统文件”、“显示所有的文件和文件夹”两项,点击“确定”按钮。然后在%windows%下寻找病毒文件名C:\WINDOWS\svchost.exe,C:\WINDOWS\svchost.dll,C:\WINDOWS\svchost_Hook.dll,C:\WINDOWS\svchostkey.dll能找到的都删除
累了,睡觉了
baohe - 2005-10-6 23:02:00
| 引用: |
【自由被绑架的贴子】haohe/我看过你写的那个"怎样挡住灰鸽子"的帖.可是我看不懂!
........................... |
不知道安全模式,也没关系。不一定非要在安全模式下搞。
1、打开注册表编辑器,依次点击:HKEY_LOCAL_MACHINE、SYSTEM、CURRENTCONTROLSET、SERVICES,删除左栏中的svchost.exe。
2、重启系统。
3、在“文件夹选项”中勾选“显示系统文件夹”、“显示所有文件和文件夹”,按“确定。
4、删除C:\WINDOWS\文件夹中的svchost.exe以及文件名中包含svchost的.dll。搞定!!
自由被绑架 - 2005-10-6 23:03:00
哦,谢谢谢谢,你辛苦啦!我去试试!
自由被绑架 - 2005-10-6 23:21:00
哥哥.我的那个Windows文件夹里没有找到你们说的那几个东西啊!我在SYSTEN32里找到了那个svchost.exe.可是我又没办法删除去.
baohe - 2005-10-6 23:28:00
| 引用: |
【自由被绑架的贴子】哥哥.我的那个Windows文件夹里没有找到你们说的那几个东西啊!我在SYSTEN32里找到了那个svchost.exe.可是我又没办法删除去.
........................... |
打住!!不要胡来!!!!
SYSTEN32里的svchost.exe是系统文件,不能删!!!!!!
时间time - 2005-10-6 23:30:00
你先删注册表里的东西,如果在WINDOWS里找不到它们的话就不删了,先重起,再看一下还有无病毒
© 2000 - 2026 Rising Corp. Ltd.