发表于: 2007-04-04 15:00 | 短消息 资料
字号: 11楼

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070402.dll

start> [N/A]

别删除,置空成;

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,>

===================================================


C:\WINDOWS\system32\winsys16_070402.dll

<{7C3E3EA0-F318-43FB-952E-74736B2F6789}><> [N/A]
这个备份下.再删除..

<{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection

Wizard\isignup.sys> [N/A]


服务
[219829DA / 219829DA]
<C:\WINDOWS\system32\219829DA.EXE -service><Microsoft Corporation>
[3A452D83 / 3A452D83]
<C:\WINDOWS\system32\3A452D83.EXE -service><Microsoft Corporation>
[AEA6EAEC / AEA6EAEC]
<C:\WINDOWS\system32\AEA6EAEC.EXE -service><Microsoft Corporation>
[Alerter / Alerter]
<C:\WINDOWS\Alerter.exe><N/A>
这个可以只设置为禁用



<C:\WINDOWS\system32\B302EC43.EXE -service><Microsoft Corporation>
[Std beok Service / beok]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\wwgc\gjtp.dll,Service -s><Microsoft Corporation>


[Windows Install Helper / MOBILL]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\RBIDY.DLL,Export 1087><Microsoft

Corporation>
禁用
[System Security / Security]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\psbhn.dll><Microsoft

Corporation>

禁用


[Windows Accounts Driver / windows_0]
<C:\WINDOWS\system32\xx.exe><N/A>



[gxho / gxhoe]
<\SystemRoot\System32\DRIVERS\gxhoe.sys><N/A>

[jpxejw5 / jpxejw58]
<\SystemRoot\System32\DRIVERS\jpxejw58.sys><N/A>

[ndcia / ndcia]
<\??\C:\WINDOWS\system32\drivers\ndcia.sys><N/A>

[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><CACE Technologies>


[romman / romman]
<\??\C:\WINDOWS\system32\drivers\romman.sys><N/A>

[uqws / uqws]
<\??\C:\DOCUME~1\new\LOCALS~1\Temp\uqwslba><N/A>


[HPXGR]
{0DECAB19-38B1-4437-B0D2-0DE0B5659C9C} <C:\WINDOWS\system32\ELTBKSAIQZHPXF.DLL, N/A>
[RZHQZHPXF]
{0E3056A9-C254-4054-B101-9EBD8DF37237} <C:\WINDOWS\system32\GNWEOWEMVDLUCKR.DLL, N/A>
[Sodui Search]
{35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\system32\winhyz35.dll, N/A>
[]
{4fc0b51e-5012-4447-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\4447cfsb.dll, N/A>


[SZHPYHPXG]
{BCA16D3E-FC7F-4179-82F9-178DCB2F8FC3} <C:\WINDOWS\system32\FMVENVEMUCKSBJR.DLL, N/A>
[]
{c433882b-ec64-4056-ae2b-1b294ae19f4f} <C:\WINDOWS\system32\4056ntos.dll, N/A>

[Sodui Search]
{35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\system32\winhyz35.dll, N/A>

[]
{4FC0B51E-5012-4447-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4447cfsb.dll, N/A>

[ec64]
{DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4056ntos.dll, N/A>

[C:\WINDOWS\system32\ELTBKSAIQZHPXF.DLL] [N/A, N/A]
[C:\WINDOWS\system32\winsys32_070402.dll] [N/A, N/A]
[C:\WINDOWS\system32\GNWEOWEMVDLUCKR.DLL] [N/A, N/A]
[C:\WINDOWS\system32\4447cfsb.dll] [N/A, N/A]

[C:\WINDOWS\system32\FMVENVEMUCKSBJR.DLL] [N/A, N/A]
[C:\WINDOWS\system32\4056ntos.dll] [N/A, N/A]
[C:\PROGRA~1\wwgc\jmws.dll] [, 1, 0, 0, 6]
[C:\PROGRA~1\wwgc\oryx.dll] [ , 1, 0, 0, 6]

[C:\WINDOWS\system32\YFNUCKSZHOWE.DLL] [N/A, N/A]


Autorun.inf
[C:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[E:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe


进程里动态插入技术的病毒,看反病毒版的置顶..

PS:

SRENG操作方法:
http://hi.baidu.com/%B9%C2%B6%C0%B8%FC%BF%C9%BF%BF/blog/item/9025a818a7592ab44aedbc05.html