【回复“梦帆浪子”的帖子】
关于主帖日志
——————
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<winlogon><C:\WINNT\system32\ControlPanel.{21EC2020-3AEA-1069-A2DD-08002B30309d}\ControlPanel\winlogon.exe> []
<zz><C:\WINNT\system32\intenet.exe> []
<rx><C:\WINNT\system32\explore.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINNT\rundl132.exe> []
<ms><C:\Program Files\Microsoft\svhost32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<WinAutoUp><C:\WINNT\AutoUp.exe> []
<AlxInit><C:\WINNT\system32\AlxUp.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{08315C1A-9BA9-4B7C-A432-26885F78DF28}><> []
<{25E1EECB-E580-4032-97A2-A456D33820D1}><C:\Program Files\Outlook Express\mqq.dll> []
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system.sys> []
<{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FBA}><C:\WINNT\system32\cnscheck.dll> []
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> []
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<DelayRun><> []
[sserver / sserver]
<C:\WINNT\help\sserver.exe><N/A>
断网。关闭所有应用程序。
删除上述启动项、服务项。
重启系统。
显示隐藏文件。
删除下列文件:
C:\WINNT\system32\ControlPanel.{21EC2020-3AEA-1069-A2DD-08002B30309d}\ControlPanel\winlogon.exe
C:\WINNT\system32\intenet.exe
C:\WINNT\system32\explore.exe
C:\WINNT\rundl132.exe
C:\Program Files\Microsoft\svhost32.exe
C:\WINNT\AutoUp.exe
C:\WINNT\system32\AlxUp.exe
C:\Program Files\Outlook Express\mqq.dll
C:\Program Files\Internet Explorer\PLUGINS\system.sys
C:\WINNT\system32\cnscheck.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\Program Files\Internet Explorer\IEXPLORE.Sys
C:\WINNT\help\sserver.exe
