用SREng在“启动项目”-“注册表”中删除:
<MyShares><c:\program Files\易虎\MyShares.exe /tray> []
<spoolsv><C:\WINNT\system32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<{B48F6409-4740-475B-A474-651F54CCE460}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.Dll> []
<stdup><C:\WINNT\SYSTEM32\stdup.dll> [MStdup Co Ltd.]
<Vision><C:\PROGRA~1\MMSASS~1\Mmsass~1.dll> []
在“启动项目”-“服务”-“Win32服务应用程序”中隐藏微软服务并删除以下服务:
[StdService / StdService]
<C:\WINNT\system32\rundll32.exe C:\WINNT\System32\STDSVER.DLL,Service><N/A>
[WinWrCup / WinWrCup]
<C:\WINNT\wincup\wincup.exe -R><MsWinCup>(这个不太清楚是什么,如果你知道请告诉我,如果不知道,建议删除)
在“系统修复”-“浏览器加载项”中删除:
[搜索助手]
{04844102-FC0B-4f44-9E93-0C4293BB5E80} <C:\Program Files\ydt\ydt.dll, >
[ChajianHelper Class]
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} <C:\WINNT\system32\SYSREA~1.DLL, Kmedia>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINNT\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4590.dll, Microsoft Corporation>
[DTSvc Class]
{2EF14E3B-45CE-45d6-913E-7AA65331A933} <C:\WINNT\DTSVC\DTS\DTS.dll, N/A>
[wmicsmgr]
{333872C4-92D6-4396-8542-64AB96518950} <C:\WINNT\system32\wmicsmgr.dll, N/A>
[KmediaHelper Class]
{42D25F15-CF07-4A72-B191-DB0792BF310C} <C:\WINNT\system32\Kmedia.dll, Kmedia>
[MMSAssist BHO]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINNT\system32\ssup.dll, N/A>
[std software]
{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} <C:\WINNT\SYSTEM32\stdup.dll, MStdup Co Ltd.>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[EigDbwcj Class]
{EAE91A44-DA38-6446-7C70-769D72713954} <C:\WINNT\DOWNLO~1\opoy.dll, tafemsoft>
[Letscool System Helper]
{F0C15012-7DBD-4068-95A2-0A82DB03AC35} <C:\WINNT\system32\CoolBho.dll, LETSCOOL Network Technology>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\Mmsass~1.dll, >
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[ActNep3 Control]
{DA18E449-725E-45F7-8DE7-B7B0B66375FC} <C:\WINNT\DOWNLO~1\actNep3.ocx, >
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[用炫彩图铃发送该图片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
卸载(如果还在,而且有卸载程序的话):
c:\program Files\易虎\
C:\PROGRA~1\MMSASS~1\
C:\Program Files\CaiShow Tech\
C:\Program Files\ydt\
重启后删除:
c:\program Files\易虎\
C:\PROGRA~1\MMSASS~1\
C:\Program Files\CaiShow Tech\
C:\WINNT\system32\spoolsv\spoolsv.exe(看清楚路径)
C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.Dll(如果还有的话)
C:\WINNT\SYSTEM32\stdup.dll
C:\WINNT\System32\STDSVER.DLL
C:\WINNT\wincup\
C:\Program Files\ydt\
C:\WINNT\system32\SYSREA~1.DLL
C:\WINNT\system32\wmpdrm.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_4590.dll
C:\WINNT\DTSVC\
C:\WINNT\DOWNLO~1\opoy.dll
C:\WINNT\system32\CoolBho.dll
C:\WINNT\DOWNLO~1\actNep3.ocx
C:\WINNT\xboxcenter.dll
C:\WINNT\system32\msplus.dll
这两个文件的处理方法,请参考
http://forum.ikaka.com/topic.asp?board=28&artid=7259392
中有关HijackThis日志中的O10项的处理方法
下载LSPFix和WinsockXPFix,按照参考的操作方法,关闭浏览器或到安全模式下用LSPFix删除
C:\WINNT\xboxcenter.dll
C:\WINNT\system32\msplus.dll
重启后如果不能上网,再用WinsockXPFix来修复。
