瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 怎么删除这个病毒?
四处奔波3388 - 2007-6-29 18:48:00
我的电脑一直有这两个病毒删不了.


附件: 8892502007629183751.bmp
安全防卫 - 2007-6-29 18:51:00
用冰刃删除这两个病毒文件!工具我的网盘有下载
四处奔波3388 - 2007-6-29 18:52:00
怎么删我不会呀!
安全防卫 - 2007-6-29 19:23:00
下载地址:http://www.kztechs.com/sreng/sreng2.zip
尽量把不用的程序关掉.扫描个日志上来看看.应该 还有其它的病毒文件.....
安全防卫 - 2007-6-29 19:26:00
冰刃IceSwordv1.20
下载地址: http://www.crsky.com/soft/6947.html
安全防卫 - 2007-6-29 19:38:00
打开冰刃.点下面的文件按病毒文件路径找到文件右键强制删除
仔细一点不要删除错了,用冰刃删除的文件是无法恢复的
baohe - 2007-6-29 20:11:00
【回复“四处奔波3388”的帖子】
贴SRENG日志看看。
如果病毒的dll插入了系统/应用程序进程,某些情形下,即使是“强制删除”,也删不掉。
四处奔波3388 - 2007-6-29 20:43:00
SRENG日志?
什么?
怎么扫,我不会.
天月来了 - 2007-6-29 20:56:00
将你的系统日期对正确

下载 System Repair Engineer,到你的“Windows”文件夹里。

http://www.kztechs.com/sreng/download.html

1 解压缩sreng2.zip
2 将SREng.exe重命名为abc.exe运行.
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝分段贴上来,不要修改
四处奔波3388 - 2007-6-29 21:14:00
引用:
【天月来了的贴子】将你的系统日期对正确

下载 System Repair Engineer,到你的“Windows”文件夹里。

http://www.kztechs.com/sreng/download.html

1 解压缩sreng2.zip
2 将SREng.exe重命名为abc.exe运行.
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝分段贴上来,不要修改
………………

对不起,我不会智能扫描,请教一下.
尜尜逍遥 - 2007-6-29 21:32:00
不会吧这么简单的智能扫描都不会用晕
四处奔波3388 - 2007-6-29 21:56:00
会了.
四处奔波3388 - 2007-6-29 21:59:00
[CODE]

2007-06-29,21:40:47

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [TENCENT]
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)>  [N/A]
    <NMGameX_AutoRun><C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa>  [NMGameX]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook146.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook146.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_50064.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_50064.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad1809.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad1809.exe>  [N/A]
    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20295.exe><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20295.exe>  [N/A]
    <hqghumeay><"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\cdnprh.dll",Start>  [N/A]
    <pkyqjomc><#D;]XJOEPXT]tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <IdnSvr><C:\Program Files\OCINS\idnsvr.exe>  [(Verified)China Internet Network Information Center]
    <TpdSysSvr><C:\WINDOWS\system32\\Rundll32.exe "C:\WINDOWS\system32\\bvemcx36.dll",DllCanUnloadNow>  []
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
四处奔波3388 - 2007-6-29 22:01:00
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Local Connection Manager / MOBILL][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\EPFVO.DLL,Export 1087><Microsoft Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Gateway / Security][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wiozr.dll><Microsoft Corporation>

==================================
驱动程序
[100133 / 100133][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\100133.sys><N/A>
[aaoxbq60 / aaoxbq60][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Running/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技(深圳)有限公司>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[armyel2 / armyel26][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\armyel26.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bjvgwe95 / bjvgwe95][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[caudnm69 / caudnm69][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[ddzglm7 / ddzglm72][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ddzglm72.sys><N/A>
[dvdxxs9 / dvdxxs98][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dvdxxs98.sys><N/A>
[dvhohq8 / dvhohq87][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dvhohq87.sys><N/A>
[dygrfx84 / dygrfx84][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[eezgts3 / eezgts33][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\eezgts33.sys><N/A>
[elrran1 / elrran19][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\elrran19.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fbhfbaaj / fbhfbaaj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\fbhfbaaj.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[geeplu1 / geeplu19][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\geeplu19.sys><N/A>
[hervwa67 / hervwa67][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[idnaux / idnaux][Running/Auto Start]
  <system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[ipdbldr / ipdbldrv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipdbldrv.sys><N/A>
[jregpx0 / jregpx02][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\jregpx02.sys><N/A>
[kiosav3 / kiosav33][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\kiosav33.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[ldxisx7 / ldxisx76][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ldxisx76.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlmgu0 / nwlmgu05][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\nwlmgu05.sys><N/A>
[odcxsb0 / odcxsb07][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\odcxsb07.sys><N/A>
[oijdyo3 / oijdyo37][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\oijdyo37.sys><N/A>
[ppxopn8 / ppxopn86][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ppxopn86.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[ruvncz68 / ruvncz68][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smlunn4 / smlunn46][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\smlunn46.sys><N/A>
[SysTdSvr / SysTdSvr][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\SysTdSvr.sys><N/A>
[tbrxhj1 / tbrxhj10][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\tbrxhj10.sys><N/A>
[tjrish52 / tjrish52][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[trepbd55 / trepbd55][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[uhdlpyx / uhdlpyx][Running/Boot Start]
  <\SystemRoot\system32\drivers\uhdlpyx.sys><>
[ujijcm50 / ujijcm50][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[uzchyu9 / uzchyu99][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\uzchyu99.sys><N/A>
[vqrakl18 / vqrakl18][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[wvowad7 / wvowad78][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wvowad78.sys><N/A>
[xjsdrj5 / xjsdrj52][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\xjsdrj52.sys><N/A>
[zdah / zdahy][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zdahy.sys><N/A>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
四处奔波3388 - 2007-6-29 22:01:00
==================================
浏览器加载项
[LpkHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\wtlhlp.dll, Microsoft Corporation>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, N/A>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[中文上网]
  {B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[LpkHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\wtlhlp.dll, Microsoft Corporation>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&访问通用网址]
  <C:\Program Files\OCINS\cnrbtn.html, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>
四处奔波3388 - 2007-6-29 22:02:00
==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\vivcc.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 62]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\SYSTEM32\WBEM\EPFVO.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [c:\windows\system32\wiozr.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\WINDOWS\downlo~1\Sflu.dll]  [Tencent, 5, 0, 1, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 144][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
[PID: 196][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 224][C:\WINDOWS\VM_STI.EXE]  [Vimicro, 4, 2, 1124, 6]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
[PID: 288][C:\Program Files\OCINS\idnsvr.exe]  [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
    [C:\Program Files\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 304][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\bvemcx36.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 352][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1496][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
    [C:\WINDOWS\downlo~1\Sflu.dll]  [Tencent, 5, 0, 1, 17]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 62]
    [C:\WINDOWS\system32\wtlhlp.dll]  [Microsoft Corporation, 1, 0, 2, 0]
    [C:\PROGRA~1\OCINS\ieaux.dll]  [中国互联网络信息中心(CNNIC), 2, 6, 0, 2]
    [C:\PROGRA~1\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 1]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3121 (xpsp_sp2_gdr.070418-0032)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 6432][E:\钟智强\新建文件夹\sreng2\abc.exe]  [Smallfrogs Studio, 2.4.12.806]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [TENCENT, 5, 0, 1, 19]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A
四处奔波3388 - 2007-6-29 22:03:00
==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
四处奔波3388 - 2007-6-29 22:20:00
人呢?
帮一下.
baohe - 2007-6-29 22:24:00
【回复“四处奔波3388”的帖子】

用IceSword杀。操作流程:

1、禁止进程创建。
2、结束下列进程:

[PID: 1300][C:\WINDOWS\Explorer.EXE]
[PID: 304][C:\WINDOWS\system32\Rundll32.exe]

3、删除下列病毒文件:
C:\WINDOWS\system32\bvemcx36.dll
C:\WINDOWS\system32\vivcc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook146.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_50064.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad1809.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20295.exe
C:\WINDOWS\system32\cdnprh.dll
C:\WINDOWS\system32\\bvemcx36.dll
C:\WINDOWS\SYSTEM32\WBEM\EPFVO.DLL
C:\WINDOWS\system32\wiozr.dll
C:\WINDOWS\System32\drivers\100133.sys
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys
C:\WINDOWS\System32\DRIVERS\armyel26.sys
C:\WINDOWS\System32\DRIVERS\ddzglm72.sys
C:\WINDOWS\System32\DRIVERS\dvdxxs98.sys><N/A>
C:\WINDOWS\System32\DRIVERS\dvhohq87.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\eezgts33.sys><N/A>
C:\WINDOWS\System32\DRIVERS\elrran19.sys><N/A>
C:\WINDOWS\system32\drivers\fbhfbaaj.sys><N/A>
C:\WINDOWS\System32\DRIVERS\geeplu19.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\ipdbldrv.sys><N/A>
C:\WINDOWS\System32\DRIVERS\jregpx02.sys><N/A>
C:\WINDOWS\System32\DRIVERS\kiosav33.sys><N/A>
C:\WINDOWS\System32\DRIVERS\ldxisx76.sys><N/A>
C:\WINDOWS\System32\DRIVERS\nwlmgu05.sys><N/A>
C:\WINDOWS\System32\DRIVERS\odcxsb07.sys><N/A>
C:\WINDOWS\System32\DRIVERS\oijdyo37.sys><N/A>
C:\WINDOWS\system32\DRIVERS\ppxopn86.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\DRIVERS\secdrv.sys><N/A>
C:\WINDOWS\System32\DRIVERS\smlunn46.sys><N/A>
C:\WINDOWS\system32\\drivers\\SysTdSvr.sys><N/A>
C:\WINDOWS\System32\DRIVERS\tbrxhj10.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\drivers\uhdlpyx.sys><>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\uzchyu99.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\wvowad78.sys><N/A>
C:\WINDOWS\System32\DRIVERS\xjsdrj52.sys><N/A>
C:\WINDOWS\System32\DRIVERS\zdahy.sys

4、删除下列注册表内容:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run分支下的:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook146.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_50064.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad1809.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20295.exe
hqghumeay
pkyqjomc
TpdSysSvr
HKEY_LOCAL_MACHIME\SYSTEM\CURRENYCONTROLSET\SERVICES分支下的:
MOBILL
Security
100133
aaoxbq60
armyel26
bjvgwe95
caudnm69
ddzglm72
dvdxxs98
dvhohq87
dygrfx84
eezgts33
elrran19
fbhfbaaj
geeplu19
hervwa67
ipdbldrv
jregpx02
kiosav33
ldxisx76
nwlmgu05
odcxsb07
oijdyo37
ppxopn86
ruvncz68
Secdrv
smlunn46
SysTdSvr
tbrxhj10
tjrish52
trepbd55
uhdlpyx
ujijcm50
uzchyu99
vqrakl18
wvowad78
xjsdrj52
zdahy
5、取消IceSword的“禁止进程创建。

6、用SRENG修复HOSTS文件
baohe - 2007-6-29 22:28:00
这是我回复过的最辛苦的一个帖子(累死!)
四处奔波3388 - 2007-6-29 22:37:00
3、删除下列病毒文件:
C:\WINDOWS\system32\bvemcx36.dll
C:\WINDOWS\system32\vivcc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dodolook146.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bind_50064.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ad1809.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20295.exe
C:\WINDOWS\system32\cdnprh.dll
C:\WINDOWS\system32\\bvemcx36.dll
C:\WINDOWS\SYSTEM32\WBEM\EPFVO.DLL
C:\WINDOWS\system32\wiozr.dll
C:\WINDOWS\System32\drivers\100133.sys
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys
C:\WINDOWS\System32\DRIVERS\armyel26.sys
C:\WINDOWS\System32\DRIVERS\ddzglm72.sys
C:\WINDOWS\System32\DRIVERS\dvdxxs98.sys><N/A>
C:\WINDOWS\System32\DRIVERS\dvhohq87.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\eezgts33.sys><N/A>
C:\WINDOWS\System32\DRIVERS\elrran19.sys><N/A>
C:\WINDOWS\system32\drivers\fbhfbaaj.sys><N/A>
C:\WINDOWS\System32\DRIVERS\geeplu19.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\ipdbldrv.sys><N/A>
C:\WINDOWS\System32\DRIVERS\jregpx02.sys><N/A>
C:\WINDOWS\System32\DRIVERS\kiosav33.sys><N/A>
C:\WINDOWS\System32\DRIVERS\ldxisx76.sys><N/A>
C:\WINDOWS\System32\DRIVERS\nwlmgu05.sys><N/A>
C:\WINDOWS\System32\DRIVERS\odcxsb07.sys><N/A>
C:\WINDOWS\System32\DRIVERS\oijdyo37.sys><N/A>
C:\WINDOWS\system32\DRIVERS\ppxopn86.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\DRIVERS\secdrv.sys><N/A>
C:\WINDOWS\System32\DRIVERS\smlunn46.sys><N/A>
C:\WINDOWS\system32\\drivers\\SysTdSvr.sys><N/A>
C:\WINDOWS\System32\DRIVERS\tbrxhj10.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\system32\drivers\uhdlpyx.sys><>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\uzchyu99.sys><N/A>
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
C:\WINDOWS\System32\DRIVERS\wvowad78.sys><N/A>
C:\WINDOWS\System32\DRIVERS\xjsdrj52.sys><N/A>
C:\WINDOWS\System32\DRIVERS\zdahy.sys

都要删吗?
baohe - 2007-6-29 22:39:00
引用:
【四处奔波3388的贴子】

都要删吗?
………………

还想养着玩儿玩儿?
四处奔波3388 - 2007-6-29 22:43:00
删不了呀.
baohe - 2007-6-29 22:50:00
引用:
【四处奔波3388的贴子】删不了呀.
………………



附件: 1558472007629223954.jpg
四处奔波3388 - 2007-6-29 22:53:00
这是冰刃吗?
baohe - 2007-6-29 22:55:00
引用:
【四处奔波3388的贴子】这是冰刃吗?
………………

四处奔波3388 - 2007-6-29 23:06:00
很难找,有搜索吗?
四处奔波3388 - 2007-6-29 23:08:00
1、禁止进程创建。
2、结束下列进程:

[PID: 1300][C:\WINDOWS\Explorer.EXE]
[PID: 304][C:\WINDOWS\system32\Rundll32.exe]

怎么弄,有图吗?
天月来了 - 2007-6-29 23:16:00
猫猫说的那几个:
C:\WINDOWS\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>

估计应该是下面的几个文件,不知对不对。你自己试着找找。

C:\WINDOWS\System32\drivers\aaoxbq60.sys><N/A>
C:\WINDOWS\System32\drivers\bjvgwe95.sys
C:\WINDOWS\System32\drivers\caudnm69.sys
C:\WINDOWS\System32\drivers\dygrfx84.sys
C:\WINDOWS\System32\drivers\hervwa67.sys
C:\WINDOWS\System32\drivers\ruvncz68.sys
C:\WINDOWS\System32\drivers\tjrish52.sys
C:\WINDOWS\System32\drivers\trepbd55.sys
C:\WINDOWS\System32\drivers\uhdlpyx.sys
C:\WINDOWS\System32\drivers\ujijcm50.sys
C:\WINDOWS\System32\drivers\vqrakl18.sys><N/A>
天月来了 - 2007-6-29 23:23:00
冰刃的禁止进程创建---------------


附件: 8390772007629231335.jpg
123
查看完整版本: 怎么删除这个病毒?
© 2000 - 2026 Rising Corp. Ltd.