[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<GDStartDc><GDStartDc.exe> [N/A]
<Winlogin><C:\DOCUME~1\miaojie\LOCALS~1\Temp\kernel33.exe> [N/A]
<wWinlogin><C:\DOCUME~1\miaojie\LOCALS~1\Temp\wkernel33.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><
KB2357802.LOG> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<DLMon><C:\WINDOWS\System32\DLMain.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5]
<WinlogonNotify: reset5><reset5.dll> [N/A]
删除上述注册表中的启动项,注意红字的修改为空!
[Remote Registry Protect / Hardware][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system\ntstub.dll><N/A>
[Reset 5 / Reset 5][Running/Auto Start]
<C:\WINDOWS\system32\srvany.exe><N/A>
[QQFace / Universal Disk Manager][Stopped/Auto Start]
<C:\Program Files\Common Files\SAND\qqfacerclient.exe><N/A>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[New0 / New0][Running/Auto Start]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<System32\DRIVERS\npf.sys><CACE Technologies
用SREng,删除以上服务项目(运行SREng-启动项-服务(头三个点win32,后三个点驱动)勾选隐藏以签证的微软服务-选中上述服务-选中删除-设置-弹出对话框点“否”)置顶帖子中下载killbox,将如下文件穆肪短钊耄囱≈仄艉笊境瑀eset5.dll这个文件勾选替换后重启!
C:\DOCUME~1\miaojie\LOCALS~1\Temp\kernel33.exe
C:\DOCUME~1\miaojie\LOCALS~1\Temp\wkernel33.exe
C:\WINDOWS\System32\DLMain.dll
C:\WINDOWS\System32\KB2357802.LOG
C:\WINDOWS\system\ntstub.dll
C:\WINDOWS\System32\reset5.dll
C:\WINDOWS\system32\srvany.exe(建议备份后删除)
C:\Program Files\Common Files\SAND\qqfacerclient.exe
SystemRoot\system32\drivers\ADProt.sys
C:\WINDOWS\System32\new.sys
System32\DRIVERS\npf.sys
如上处理后,卸载掉QQ,删除其安装目录,重装QQ,兔子完整清理系统!
PS:猫叔已经把可疑项分析好了,偶拣了个便宜!
