Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="200"
"WaitToKillAppTimeout"="200"
"WaitTOKillService"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="200"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL]
@="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareServer"=dword:00000000
"AutoSharewks"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows]
"NoPopUpsOnBoot"=dword:00000001
[HKEY_CLASSES_ROOT\lnkfile]
@="快捷方式"
"EditFlags"=dword:00000001
"NeverShowExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer\NameSpace\{2227A280-3AEA-1069-A2DE-08002B30309D}]
@="Printers"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Link"=hex:00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"EnablePrefetcher"=dword:00000003
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"FontSmoothing"="2"
"FontSmoothingType"=dword:00000002
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPer1_0Server"=dword:00000008
"MaxConnectionsPerServer"=dword:00000008
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control]
"WaitToKillServiceTimeout"="1000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expiorer.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expiorer.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idman509b1-cn.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idman509b1-cn.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k11836469548.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k11836469548.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpsrv.dll]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpsrv.dll]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winform.dll]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winform.dll]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\timhost.dll]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\timhost.dll]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.dll]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.dll]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dh2104.dll]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dh2104.dll]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msimms32.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msimms32.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdbcs.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpsrv.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpsrv.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winform.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winform.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\timhost.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\timhost.exe]
"Debugger"="c:\\病毒类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwizdh.exe]
"Debugger"="c:\\破坏类.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwizdh.exe]
"Debugger"="c:\\病毒类.exe"
以上请自己复制到记事本,保存为.reg的文件,运行导入即可!
重启下电脑 那么它将会被禁止运行
先试下下面的方法 不行再导入上面的代码
先到多特软件站搜索 冰刃 数据病毒木马暴力杀灭天王
看其进程位置在哪 到其位置删除
不行的话 到安全模式下删
再不行 复制上面的代码禁止它运行
装个360安全卫士扫描系统漏洞 及时为您的系统打上补丁
个人怀疑你的系统里不只这个病毒 做完上面的操作后请升级你的杀毒软件
到安全模式下全盘扫描下你的电脑
友情提示:然后到下面的位置删除
c:\windows\expiorer.exe
d:\我的文档\idman.v5.09b1cn\idman509b1-cn.exe
c:\windows\system32\k11836469548.exe
c:\windows\system32\avpsrv.dll
c:\windows\system32\winform.dll
c:\windows\system32\timhost.dll
c:\windows\system32\cmdbcs.dll
c:\windows\system32\dh2104.dll
c:\windows\msimms32.exe
c:\windows\cmdbcs.exe
c:\windows\avpsrv.exe
c:\windows\winform.exe
c:\windows\timhost.exe
c:\windows\system32\nwizdh.exe
早上一开机发现也是这样的,哈哈,正等着下载完东西重装
如果卡吧查杀出来 一般是可以杀的,如果杀不了就用木马专杀~~不过你也停牛的,感染那么多,不容易啊~