打开冰刃 结束进程:
打开服务禁用下列服务:
File Replication / File Replication][Running/Auto Start]
<C:\WINDOWS\system32\ntfis.exe><Microsoft Corporation>
[Computer Storage / MOVEESS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\NIUMO.DLL,Export 1087><N/A>
[Portable Equipment Service / NtStub][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\tnpok.dll><Microsoft Corporation>
[Logical Disk Manager Amdindistrative Service9 / S8696669][Running/Auto Start]
<c:\windows\system\m9\iexplorer.exe><>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>
[Remote Access Connection Management / Remote Access Connection Management][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ncxml.dll><>
打开注册表 打开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks删除
<{48B783AE-8F87-4046-8154-7D82FBCE42D2}><C:\WINDOWS\system32\dsfhw.dll> []
打开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad删除
<SysChunk><C:\WINDOWS\system32\syschunk.dll> []
打开HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler删除
<{B63BFF8C-2E25-4CCC-9A01-68807F567AA7}><C:\WINDOWS\system32\BandRes.dll> []
删除文件(用冰刃)
C:\WINDOWS\system32\BandRes.dll
C:\WINDOWS\system32\syschunk.dll
C:\WINDOWS\system32\dsfhw.dll
c:\windows\system\m9\iexplorer.exe
删除c:\windows\system\m9\文件夹
清空C:\Documents and Settings\用户名\Local Settings\Temp
有能力把以上文件压缩发送到我的邮箱 下面有地址
