[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<snpstd3><C:\WINDOWS\vsnpstd3.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5ED84827-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\system32\HED84827.log>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<IPicture><c:\program files\internet explorer\PLUGINS\IPictureEx.dll>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<adx.exe><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\real\adx.dll,Rundll32> [Microsoft Corporation
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<avptask><; C:\Progra~1\Eset\rund1132.exe> [N/A]
wdfmgr32><; C:\WINDOWS\system32\wdfmgr32.exe> [N/A]
<wdfmgr32x.exe><; C:\WINDOWS\system32\wdfmgr32x.exe> [N/A]
<ZhanYouSever><; C:\WINDOWS\ZhanYouSever.exe> [N/A]
服务:
[Win32 DHCP Service / Win32DHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.dll,start><Microsoft Corporation>
[QCONSVC / QCONSVC][Running/Auto Start]
<System32\QCONSVC.EXE><N/A>
[Windows_ServerDdos / Windows_ServerDdos][Stopped/Auto Start]
<C:\WINDOWS\system32\ddos.exe><N/A>
用sreng删除以上!
重启电脑,安全模式下显示隐藏文件,删除如下:
C:\WINDOWS\system32\ddos.exe><N/
C:\PROGRA~1\real\atloader.dll]
C:\WINDOWS\vsnpstd3.exe]
C:\Progra~1\Eset\rund1132.exe> [N/A]
C:\WINDOWS\system32\wdfmgr32.exe> [N/A]
C:\WINDOWS\system32\wdfmgr32x.exe> [N/A]
C:\WINDOWS\ZhanYouSever.exe
c:\program files\internet explorer\PLUGINS\IPictureEx.dll
C:\WINDOWS\system32\HED84827.log
C:\PROGRA~1\real\adx.dll
C:\WINDOWS\system32\windhcp.dll
PS:楼主真是有钱,thinkpad!
