删除以下启动项
<4><C:\DOCUME~1\snic\LOCALS~1\Temp\iexplorer.exe> [N/A]
<x><C:\DOCUME~1\snic\LOCALS~1\Temp\c0nime.exe> []
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<WinForm><C:\WINDOWS\WinForm.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
删除以下服务
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
删除以下驱动
[00 / 00][Stopped/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\11081562.sys><N/A>
[kfqfng / kfqfng][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\kfqfng.sys><N/A>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>
[shv / shv][Stopped/Manual Start]
<\??\C:\DOCUME~1\snic\LOCALS~1\Temp\shvixj><N/A>
进程中调用的以下文件删除
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\DOCUME~1\snic\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\snic\LOCALS~1\Temp\zxzo0.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
删除autorun.inf(不要双击盘符,用资源管理器,或左键打开)
把上面提到的启动项,驱动等相应文件全部删除(除了rundll32.exe),清空IE缓存。
