首先重命名以下文件
C:\WINDOWS\System32\ztlpri.dll> [N/A]
<C:\WINDOWS\System32\xyhpri.dll> [N/A]
<C:\WINDOWS\System32\wdbpri.dll> []
<C:\WINDOWS\System32\dhcpri.dll> [N/A]
<C:\WINDOWS\System32\wgepri.dll> [N/A]
<C:\WINDOWS\System32\mydpri.dll> [N/A]
<C:\WINDOWS\System32\wlfpri.dll> [N/A]
<C:\WINDOWS\System32\qhcpri.dll> [N/A]
<C:\WINDOWS\System32\wscpri.dll> [N/A]
<C:\WINDOWS\System32\tlrpri.dll> [N/A]
C:\WINDOWS\System32\qjepri.dll> [N/A]
C:\WINDOWS\System32\qhbpri.dll> [N/A]
C:\WINDOWS\System32\xyipri.dll> [N/A]
C:\WINDOWS\System32\jhapri.dll> []
C:\WINDOWS\System32\wsdpri.dll> [N/A]
C:\WINDOWS\System32\qhdpri.dll> [N/A]
C:\WINDOWS\System32\jzgpri.dll> [N/A]
C:\WINDOWS\System32\wddpri.dll> [N/A]
C:\WINDOWS\System32\dhdpri.dll> [N/A]
C:\WINDOWS\System32\wgfpri.dll> []
C:\WINDOWS\System32\zxgpri.dll> [N/A]
C:\WINDOWS\System32\wsepri.dll> [
然后重启计算机 进入
安全模式下(开机后不断 按F8键 然后出来一个高级菜单 选择第一项 安全模式 进入系统)
打开sreng (就是你扫日志的软件)
启动项目 注册表 删除如下项目
<WinForm><C:\WINDOWS\WinForm.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<WinSrv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinSrvGunKvs.EXE> [N/A]
<{6B3FCDC8-E5C7-477a-817E-72865A7758AE}><C:\WINDOWS\Winhelp.dll> [N/A]
<{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins> [N/A]
<{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> [N/A]
<{C1351752-5628-1547-FFAB-BADC13512AFC}><C:\WINDOWS\System32\ztlpri.dll> [N/A]
<{13BC17BF-1B9D-1F8D-235C-275F2B3D2F2D}><C:\WINDOWS\System32\014qso.dll> [N/A]
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll> [N/A]
<{913AF41A-21B1-131B-1BFC-D2A90DF4A2B9}><C:\WINDOWS\System32\xyhpri.dll> [N/A]
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\System32\wdbpri.dll> []
<{32311A42-AC1B-158F-FD32-5674345F23A3}><C:\WINDOWS\System32\dhcpri.dll> [N/A]
<{525AB2F3-234A-7469-2F43-E341713ABFA5}><C:\WINDOWS\System32\wgepri.dll> [N/A]
<{4562452F-FA36-BA4F-892A-FF5FBBAC5314}><C:\WINDOWS\System32\mydpri.dll> [N/A]
<{3182C1EB-375C-573D-1F5E-234552345213}><C:\WINDOWS\System32\wlfpri.dll> [N/A]
<{36368135-64FA-BC34-DA32-DCF4FD431C93}><C:\WINDOWS\System32\qhcpri.dll> [N/A]
<{3FFAB213-ABCF-F421-FBA1-3FA352343213}><C:\WINDOWS\System32\wscpri.dll> [N/A]
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> [N/A]
<{712BC423-3713-224D-3F55-32B35C62B117}><C:\WINDOWS\System32\tlrpri.dll> [N/A]
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\qjepri.dll> [N/A]
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll> [N/A]
<{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}><C:\WINDOWS\System32\xyipri.dll> [N/A]
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\System32\jhapri.dll> []
<{4FFAB213-ABCF-F421-FBA1-3FA352343214}><C:\WINDOWS\System32\wsdpri.dll> [N/A]
<{46368135-64FA-BC34-DA32-DCF4FD431C94}><C:\WINDOWS\System32\qhdpri.dll> [N/A]
<{759AFD5B-159F-ACD8-954C-ACD545FA6587}><C:\WINDOWS\System32\jzgpri.dll> [N/A]
<{4F12545B-1212-1314-5679-4512ACEF8904}><C:\WINDOWS\System32\wddpri.dll> [N/A]
<{42311A42-AC1B-158F-FD32-5674345F23A4}><C:\WINDOWS\System32\dhdpri.dll> [N/A]
<{625AB2F3-234A-7469-2F43-E341713ABFA6}><C:\WINDOWS\System32\wgfpri.dll> []
<{7A65498A-7653-9801-1647-987114AB7F47}><C:\WINDOWS\System32\zxgpri.dll> [N/A]
<{5FFAB213-ABCF-F421-FBA1-3FA352343215}><C:\WINDOWS\System32\wsepri.dll> []
双击AppInit_DLLs把器键值改为空
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”,
选中以下项目,点“删除服务”,再点“设置”,在弹出的框中点“否”:
1D081CA8 / 1D081CA8
双击我的电脑,工具,文件夹选项,查看,单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件(推荐)"前面的钩。在提示确定更改时,单击“是” 然后确定
点击 菜单栏下方的 文件夹按钮(搜索右边的按钮)
在左边的资源管理器中单击C盘
(千万不要双击打开)删除如下文件C:\WINDOWS\System32\8531CC1C.EXE
C:\WINDOWS\System32\B0E59A94.DLL
[C:\WINDOWS\System32\DiskMan32.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\WinForm.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
C:\auto.exe
C:\autorun.inf
<WinForm><C:\WINDOWS\WinForm.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<WinSrv><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WinSrvGunKvs.EXE> [N/A]
<{6B3FCDC8-E5C7-477a-817E-72865A7758AE}><C:\WINDOWS\Winhelp.dll> [N/A]
<{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins> [N/A]
<{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys> [N/A]
<{C1351752-5628-1547-FFAB-BADC13512AFC}><C:\WINDOWS\System32\ztlpri.dll> [N/A]
<{13BC17BF-1B9D-1F8D-235C-275F2B3D2F2D}><C:\WINDOWS\System32\014qso.dll> [N/A]
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Internet Explorer\PLUGINS\NewTemp.dll> [N/A]
<{913AF41A-21B1-131B-1BFC-D2A90DF4A2B9}><C:\WINDOWS\System32\xyhpri.dll> [N/A]
<{2F12545B-1212-1314-5679-4512ACEF8902}><C:\WINDOWS\System32\wdbpri.dll> []
<{32311A42-AC1B-158F-FD32-5674345F23A3}><C:\WINDOWS\System32\dhcpri.dll> [N/A]
<{525AB2F3-234A-7469-2F43-E341713ABFA5}><C:\WINDOWS\System32\wgepri.dll> [N/A]
<{4562452F-FA36-BA4F-892A-FF5FBBAC5314}><C:\WINDOWS\System32\mydpri.dll> [N/A]
<{3182C1EB-375C-573D-1F5E-234552345213}><C:\WINDOWS\System32\wlfpri.dll> [N/A]
<{36368135-64FA-BC34-DA32-DCF4FD431C93}><C:\WINDOWS\System32\qhcpri.dll> [N/A]
<{3FFAB213-ABCF-F421-FBA1-3FA352343213}><C:\WINDOWS\System32\wscpri.dll> [N/A]
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> [N/A]
<{712BC423-3713-224D-3F55-32B35C62B117}><C:\WINDOWS\System32\tlrpri.dll> [N/A]
<{54123FF1-8371-9834-9021-184518451FA5}><C:\WINDOWS\System32\qjepri.dll> [N/A]
<{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll> [N/A]
<{A13AF41A-21B1-131B-1BFC-D2A90DF4A2BA}><C:\WINDOWS\System32\xyipri.dll> [N/A]
<{252D2432-37A2-324F-2A54-21BF5CF2F1A2}><C:\WINDOWS\System32\jhapri.dll> []
<{4FFAB213-ABCF-F421-FBA1-3FA352343214}><C:\WINDOWS\System32\wsdpri.dll> [N/A]
<{46368135-64FA-BC34-DA32-DCF4FD431C94}><C:\WINDOWS\System32\qhdpri.dll> [N/A]
<{759AFD5B-159F-ACD8-954C-ACD545FA6587}><C:\WINDOWS\System32\jzgpri.dll> [N/A]
<{4F12545B-1212-1314-5679-4512ACEF8904}><C:\WINDOWS\System32\wddpri.dll> [N/A]
<{42311A42-AC1B-158F-FD32-5674345F23A4}><C:\WINDOWS\System32\dhdpri.dll> [N/A]
<{625AB2F3-234A-7469-2F43-E341713ABFA6}><C:\WINDOWS\System32\wgfpri.dll> []
<{7A65498A-7653-9801-1647-987114AB7F47}><C:\WINDOWS\System32\zxgpri.dll> [N/A]
<{5FFAB213-ABCF-F421-FBA1-3FA352343215}><C:\WINDOWS\System32\wsepri.dll> [
从左边的资源管理器 进入其他盘
(千万不要双击打开)删除auto.exe autorun.inf
以下文件希望你发送给我newcenturymoon1986@yahoo.com.cn 压缩加密123C:\auto.exe
