用冰刃强制结束如下进程
SVCH0ST.EXE --(中间是数字0,不是字母O,弄错后果自负)
用冰刃强制删除如下项
E:\WINDOWS\system32\SVCH0ST.EXE --(中间是数字0,不是字母O,弄错后果自负)
E:\WINDOWS\system32\drivers\acpidisk.sys
E:\WINDOWS\system32\GPKPCSC.dll --(为保险起见,建议删除)
E:\WINDOWS\system32\dnsgj.dll
E:\WINDOWS\SYSTEM32\WBEM\PAQXB.DLL
E:\WINDOWS\system32\drivers\mrtxnjtg.sys
E:\WINDOWS\mppds.exe
E:\WINDOWS\cmdbcs.exe
E:\WINDOWS\wsttrs.exe
E:\DOCUME~1\msi\LOCALS~1\Temp\ 目录下所有文件
E:\Program Files\Internet Explorer\Connection Wizard\ 目录下所有文件
检查文件是否已删除干净。然后用System Repair Engineer删除如下注册表键
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ravshell><E:\WINDOWS\system32\SVCH0ST.EXE> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mppds><E:\WINDOWS\mppds.exe> []
<cmdbcs><E:\WINDOWS\cmdbcs.exe> []
<upxdnd><E:\DOCUME~1\msi\LOCALS~1\Temp\TIMPLATF0RM.exe> []
<wsttrs><E:\WINDOWS\wsttrs.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><E:\Program Files\Internet Explorer\Connection Wizard\isignup.sys> [N/A]
用System Repair Engineer删除如下服务
[Application Accelerator / Patterns][Running/Auto Start]
<E:\WINDOWS\System32\svchost.exe -k netsvcs-->E:\WINDOWS\system32\dnsgj.dll><Microsoft Corporation>
[Routing Protect Access / SHipING][Running/Auto Start]
<E:\WINDOWS\SYSTEM32\RUNDLL2000.EXE E:\WINDOWS\SYSTEM32\WBEM\PAQXB.DLL,Export 1087><Microsoft Corporation>
重起
