象是熊猫变种
断网。关闭所有应用程序,任务管理器中止Explorer.exe进程,运行regedit, 查找删除下列值:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<svcshare><C:\WINDOWS\system32\drivers\spoclsv.exe> [N/A]
<myZt2><C:\DOCUME~1\EADING\LOCALS~1\Temp\Zt2\SVCH0ST.EXE> [N/A]
<myZt1><C:\DOCUME~1\EADING\LOCALS~1\Temp\Zt1\SVCH0ST.EXE> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\PROGRA~1\svhost32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,devgt.exe> [(Verified)Microsoft Corporation]
[Microsoft Office Indexing / Microsoft Office Indexing]
<C:\WINDOWS\system32\1sass.exe><N/A>
[Windows DHCP Service / WinDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
运行Explorer.exe,删除:
[C:\WINDOWS\system32\xpdhcp.dll
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\WINDOWS\system32\dllwm.dll
C:\WINDOWS\system32\funhws.dll
C:\WINDOWS\system32\windhcp.ocx
C:\PROGRA~1\svhost32.exe
C:\WINDOWS\system32\1sass.exe
C:\WINDOWS\system32\devgt.exe
C:\WINDOWS\system32\drivers\spoclsv.exe
清空:
C:\DOCUME~1\EADING\LOCALS~1\Temp
右键打开硬盘,显示隐藏文件,删除各分区:
Autorun.inf
setup.exe
修复HOSTS
升级杀软,杀毒
