用這工具可以解決問題 牽涉到 REG DLL EXE 與 Services 這工具一次完成
http://bilder.informationsarchiv.net/Nikitas_Tools/Find_It__s.zip1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient
Nail.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SvcProc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCPROC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: WinStat - {0A51FD8D-6835-4212-B796-AFC24F4D108A} - C:\WINDOWS\System32\WinStat10.dll
O4 - HKLM\..\Run: [nbggc] C:\WINDOWS\System32\nbggc.exe
@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit
•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
C:\WINDOWS\Bolger.dll
C:\WINDOWS\system32\dload.exe
C:\WINDOWS\system32\prvdi.exe
C:\WINDOWS\Nail.exe
c:\windows\system32\qbpthln.exe
C:\WINDOWS\System32\nbggc.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\WinStat10.dll
.clean IE\temp
\Temporary Internet Files\Content.IE5\NAQ03MF1\Nail[1].exe
\Temporary Internet Files\Content.IE5\184EC3FR\Bolger[1].dll
\Temporary Internet Files\Content.IE5\ZJFZZEWL\aurora[1].exe
仅供参考