准备好冰刃 和SRE 首先打开这俩个软件 然后在冰刃的文件 设置里把禁止进线程创建打上勾 结束进程
[PID: 3796][E:\软件安装程序\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.5604]
[PID: 568][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1784][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3W1.EXE] [SEIKO EPSON CORPORATION, 3.00]
[PID: 992][C:\Syswm1i\svchost.exe] [N/A, ]
[PID: 908][C:\WINDOWS\VM303_STI.EXE] [Vimicro, 3, 5, 930, 9]
[PID: 900][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
按PID号找 然后用SRE删除这些
<333><C:\Syswm1i\svchost.exe> []
<tx><C:\SysTx4\svchost.exe> []
<4><C:\SysWsj7\svchost.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><> [N/A]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
最后用冰刃的文件功能找到这几个
C:\SysWsj7\Ghook.dll] [N/A, ]
[C:\SysTx4\Ghook.dll] [N/A, ]
[C:\Syswm1i\Ghook.dll] [N/A,
C:\WINDOWS\ddIEHelper.dll
C:\Syswm1i\svchost.exe
这些文件按路径删除
看完后把我的这些话复制下来保存到你桌面上 然后断开网线操作 |
楼主: zhang1978
发表于 2007-3-31 11:14:35