热烈庆祝芯动力在@世界06年

@世界电脑城3周年庆典活动

国庆芯动力电脑连锁机构

国庆芯动力电脑连锁机构

芯动力数据恢复中心升级成

芯动力数据恢复中心升级成

More..

在线交流


	028-85353216 028-66742224

就业服务热线:
	028-85350886
	edu@cdwxw.net

购机指南

三星COMBO时尚首选

一分钟教你辨别返修硬盘

硬件学堂之---谈超频的概念

内存品质的细微体现

AMD Athlon64处理器实际运

More...

病毒预告

系统应用

用“替换法”“对照法”处

随机性死机故障分析与排除

全面深入了解电脑死机的原

“蓝屏”的原因及处理方法

黑屏的几个原因

电脑死机原因大全

更多...

工具下载

当前位置：	首页>>电脑维修>>网络学堂>>网络故障>>病毒防卫>>正文

灰鸽子winlogon.exe 的删除方法

来源：不详作者：点击数：

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,aa,00,5b,43,83,10,00,00,00,00,\
00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,aa,00,5b,43,83,22,00,1c,00,08,\
00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,00,00,\
46,81,00,00,00,10,00,00,00,a0,8f,ff,ba,9d,d4,c6,01,00,9e,02,bb,\
9d,d4,c6,01,a0,8f,ff,ba,9d,d4,c6,01,00,00,00,00,00,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,01,14,00,1f,50,\
e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,\
5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5c,\
00,31,00,00,00,00,00,3a,31,09,3c,10,00,44,4f,43,55,4d,45,7e,31,\
00,00,44,00,03,00,04,00,ef,be,3a,31,9c,36,2a,35,f7,29,14,00,00,\
00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,\
61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,\
00,73,00,00,00,18,00,4c,00,31,00,00,00,00,00,2a,35,cb,2e,16,00,\
4e,45,54,57,4f,52,7e,31,00,00,34,00,03,00,04,00,ef,be,3a,31,11,\
39,2a,35,cb,2e,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,\
6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,18,00,56,\
00,31,00,00,00,00,00,2a,35,cb,2e,11,00,46,41,56,4f,52,49,7e,31,\
00,00,3e,00,03,00,04,00,ef,be,2a,35,cb,2e,2a,35,cb,2e,14,00,28,\
00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00,\
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,18,\
00,30,00,35,00,00,00,00,00,2a,35,f1,2e,10,00,fe,94,a5,63,00,00,\
1c,00,03,00,04,00,ef,be,2a,35,f1,2e,2a,35,f1,2e,14,00,00,00,fe,\
94,a5,63,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,\
00,00,00,00,6c,69,6e,62,61,6f,68,65,00,00,00,00,00,00,00,00,1e,\
8c,63,4d,34,72,b3,48,8a,de,83,67,8f,38,be,10,b1,a9,fd,89,90,40,\
db,11,b2,29,00,d0,59,c0,b8,59,1e,8c,63,4d,34,72,b3,48,8a,de,83,\
67,8f,38,be,10,b1,a9,fd,89,90,40,db,11,b2,29,00,d0,59,c0,b8,59,\
00,00,00,00
5、在HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState
添加："Settings"=hex:0c,00,02,00,0a,01,ef,75,60,00,00,00
6、在HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
添加：
{0055C089-8582-441B-A0BF-17B458C2A3A8}
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
{AE7CD045-E861-484F-8273-0445EE161910}
{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}
{FB5F1910-F110-11D2-BB9E-00C04F795683}
7、在HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\链接
添加："Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

三、进行上述观察后，重启系统。
重启后，卡巴斯基报警（我的卡巴斯基为启动加载）：发现灰鸽子。但卡巴斯基仅仅将c:\windows\winlogon.dll删除；c:\windows\winlogon.exe和c:\windows\winlog

本新闻共3页,当前在第2页 1 2 3

责任编辑：木鱼【字体：小大】

	下一篇：Trojan.DL.VBS.Agent.cel 病毒的清除方法
	上一篇:IE浏览器的某些特性不支持Q-zone的解决办法

相关内容

“MSN幽灵相册”导致僵尸网络

破坏力超“熊猫烧香”?

8749新变种破坏系统和杀软

Trojan.Peacomm(CME-711)

麦英/ANI蠕虫