Icesword v1.20
最新版本下载地址:
中文:http://202.38.64.10/~jfpan/download/IceSword120_cn.zip MD5 :cfb8514add1fbfb510b0084e837e561c
==========================================================================
清空临时文件夹:具体路径: C:\documents and settings\feifei\LOCALS~1\Temp
进到安全模式下[安全模式进入方法:重启电脑时按住F8 选择进入安全模式],
==========================================================================
用冰刃修改注册表:
启动项目需删除的:
1、[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]分支下的如下二键值:
<sun><C:\windows\SysSun2\svchost.exe> []
<wm><C:\windows\Syswm7\svchost.exe> []
2、[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]分支下的如下键值:
<pxdnd><C:\DOCUME~1\feifei\LOCALS~1\Temp\1261.exe> []
<mppds><C:\windows\mppds.exe> []
<mscrt><C:\windows\mscrt.exe> []
<cmdbcs><C:\windows\cmdbcs.exe> []
3、[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]分支下的如下键值
<MSDEG32 ><LYLoader.exe> []
==========================================================================
运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除(选中有问题的服务后,点“删除服务”,点“设置”按钮即可。 注意弹出的窗口中要点 “NO 否”才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置):
[lesdsa / lesdsa][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lesdsa.sys><N/A>
==========================================================================
下载冰刃后运行,结束进程:
文件-设置-勾选“禁止进程创建”选中以[PID]开头的进程(千万不要结束),右键-模块信息-卸载或强制解除(所插入的子进程)
[PID: 628][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\LYMANGR.DLL] [N/A, ](如本例为所要强制解除的子进程)
[PID: 800][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1280][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[PID: 1356][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1364][C:\windows\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.21]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1388][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 1404][C:\windows\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1848][C:\windows\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
PID: 1848][C:\windows\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1404][C:\windows\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 848][C:\windows\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2036][C:\Program Files\Rising\AntiSpyware\Update\Rsaupd.exe]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 976][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 6, 1]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1096][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[PID: 1624][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1020][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2436][C:\windows\System32\systemm.exe] [N/A, ]---该进程要用冰刃全部结束!!!
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2616][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 2680][C:\DOCUME~1\feifei\LOCALS~1\Temp\Rar$EX00.313\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
==========================================================================
用冰刃删除文件:
依次删除如下:
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
C:\windows\System32\cmdbcs.dll
C:\windows\System32\mscrt.dll
C:\windows\System32\mppds.dll
C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll
C:\windows\SysSun2\svchost.exe
C:\windows\Syswm7\svchost.exe
C:\windows\System32\systemm.exe
=========================================================================
在删除所对应的文件之后清理注册表;运行-regedit-我的电脑-编辑-查找-依次输入
System64.sys、cmdbcs.dll、mscrt.dll、mppds.dll、pxdnd.dll、systemm.exe
LYLoader.exe(用winrar搜索该关键字,找到所有相关的都删掉)
按F3继续,直到搜索完毕,凡查找到的一律删除!
重启计算机。
