[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<omwmstj><C:\WINDOWS\system32\pkeusvq.exe> []
<fmvluab><C:\WINDOWS\system32\ngpycxm.exe> []
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> []
<mppds><; C:\WINDOWS\mppds.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll> []
<{C54C4AFB-8A2A-6C1E-BA41-C10F02940702}><C:\WINDOWS\system32\15.dll> []
<{C51C4AFB-8A3A-6C1E-BA41-C20F02940603}><C:\WINDOWS\system32\20.dll> []

删除以上启动项目,下载xdelbox,分别填入下列文件路径,勾选"抑制再生",然后右键xdelbox下面空白处,立即执行重启后删除! 删除后,置顶帖子中下载IFEO修复工具,修复!
C:\WINDOWS\system32\ztinetzt.dll
C:\WINDOWS\system32\nwiztlbb.dll
C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\Kvsc3.dll
C:\WINDOWS\system32\Ravasktao.dll
C:\WINDOWS\system32\15.dll
C:\WINDOWS\system32\20.dll
C:\WINDOWS\system32\pkeusvq.exe
C:\WINDOWS\system32\20.dll
C:\WINDOWS\system32\15.dll
C:\WINDOWS\system32\ngpycxm.exe
C:\WINDOWS\system32\msdebug.dll
C:\WINDOWS\system32\RemoteDbg.dll
C:\WINDOWS\system32\windds32.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\xpdhcp.dll
C:\WINDOWS\system32\WMIApiSrv.dll
C:\WINDOWS\system32\netsrvcs.dll
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\Kvsc3.exe
D:\fmvluab.exe
E:\fmvluab.exe

PS:所有操作均在桌面上进行,日志里面缺了服务部分!!

搞漏了俄……  抱歉  补上了


==================================


启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>

[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
按如下方式分别处理上述服务:
运行SREng,启动项目-服务-win32服务应用程序-勾选"隐藏已验证的微软项目"-删除-设置,弹出的对话框,选择"否"!

PS:XDELOBOX1.2下载地址:http://www.i170.com/Attach/51FD704F-C0BD-41E7-B0E9-60673A888FD6