瑞星卡卡安全论坛

这是SREng的检查报告:

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TencentTraveler 4.0; QQDownload 1.7; IPMS/7D64A8C0-1498AB19909)

附件: SREngLOG.log

http://bbs.ikaka.com/attachment.aspx?attachmentid=435625下载工具清理下劫持。

去我置顶贴下载映像劫持清除工具试试

你能不能多试试我那工具，然后再折腾你这个？

建议按照如下步骤操作下：

一、驱动程序中，
[TKP / TKP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\c79><N/A>
以上病毒驱动，删除。
[QuakeDRV / QuakeDRV][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
如果没有安装游戏的话，建议禁用以上驱动程序。

二、重启电脑；

三、重启后，进入注册表编辑器，删除如下注册表子项：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\2005116234123330.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DataExplore.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DiskGenius.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRW.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EasyRecovery.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FinalData.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finalrecovery.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FolderSniffer.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HandyRecovery.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntbackup.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuadroUneraser.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Recover4all Professional.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RecoverMyFiles.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOTALCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undelete_plus.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YtReFile.EXE]

四、搞完后，重启电脑……

改了:default6:
以后就用这个 省得我上传:default6: