【回复“baiyingzi”的帖子】
1、用XDELBOX删除下列文件:
c:\windows\system32\gdisvc.exe
c:\program files\common files\microsoft shared\vgx\regin.exe
c:\windows\system32\msime82.exe
c:\windows\system32\LYLoader.exe
c:\windows\system32\LYLoadbr.exe
c:\windows\system32\LYLeador.exe
c:\windows\system32\LYLoador.exe
c:\windows\system32\LYLoadar.exe
c:\windows\system32\LYLoadmr.exe
c:\windows\system32\LYLoadhr.exe
c:\windows\system32\LYLoadqr.exe
C:\WINDOWS\system32\system.dat
c:\program files\common files\system\gdiServer.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe
C:\WINDOWS\system32\drivers\idnaux.sys
C:\WINDOWS\system32\drivers\stou0mhn.sys
C:\WINDOWS\system32\drivers\add_sys.sys
C:\WINDOWS\SystemRoot\System32\DRIVERS\z8xk.sys
2、重启后用SRENG删除下列注册表内容:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.2><msime82.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> []
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ACADABAF-1000-0010-8000-10AA006D2EA4}><C:\WINDOWS\system32\system.dat> []
服务
[Gdi Server / Gdi Server][Stopped/Auto Start]
<c:\program files\common files\system\gdiServer.exe><Microsoft Corporation>
[System Event loader / sysloader][Stopped/Auto Start]
<"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><Microsoft>
驱动程序
[idnaux / idnaux][Stopped/Auto Start]
<system32\drivers\idnaux.sys><N/A>
[stou0mhn / stou0mhn][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\stou0mhn.sys><N/A>
[w / w][Stopped/Disabled]
<system32\drivers\add_sys.sys><N/A>
[z8x / z8xk][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\z8xk.sys><N/A>
