【回复“0神龙0”的帖子】
1、用XDELBOX删除下列文件(参考置顶帖子操作):
C:\DOCUME~1\Helen\LOCALS~1\Temp\rsv4.tmp
C:\WINDOWS\system32\kvdxcma.dll
C:\WINDOWS\system32\msplrct.dll
C:\WINDOWS\system32\avwlbmn.dll
C:\WINDOWS\system32\kaqhezy.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\opx7zv02q.dll
C:\WINDOWS\system32\jsshow.dll
C:\WINDOWS\system32\jvmtiv.dll
C:\WINDOWS\system32\aawmkk.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\sqmapi32.dll
C:\WINDOWS\system32\addrzthelp.dll
C:\WINDOWS\system32\addrmshelp.dll
C:\WINDOWS\system32\addrgjhelp.dll
C:\WINDOWS\system32\addrzxhelp.dll
C:\WINDOWS\system32\allatl.dll
C:\WINDOWS\system32\rsmydpm.dll
C:\WINDOWS\system32\kvmxema.dll
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\GenProtect.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\system32\LYLeador.exe
C:\WINDOWS\system32\jshelp.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins
C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\common~1\system\..\system\WinSys64.Sys
C:\WINDOWS\system32\kvmxdma.dll
C:\WINDOWS\system32\avwlbmn.dll
C:\WINDOWS\system32\kaqhezy.dll
C:\Program Files\Internet Explorer\PLUGINS\WinSys88.Sys
C:\WINDOWS\system32\kvmxema.dll
C:\WINDOWS\system32\avzxdmn.dll
C:\WINDOWS\system32\rsmydpm.dll
C:\WINDOWS\system32\kvdxcma.dll
C:\WINDOWS\IEnet.exe
C:\WINDOWS\system32\playasp.ex
C:\WINDOWS\ssystem32\DRIVERS\quakedrv.sys
C:\WINDOWS\sSystem32\DRIVERS\rfvevcn7.sys
C:\WINDOWS\system32\drivers\xocwwo.sys
2、重启后用SRENG删除下列注册表内容:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<MsPrint32D><C:\WINDOWS\MsPrint32D.exe> []
<GenProtect><C:\WINDOWS\GenProtect.exe> [N/A]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDCG32 ><LYLeador.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe jshelp.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kvdxcma.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins> [N/A]
<{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}><C:\Program Files\Internet Explorer\PLUGINS\WinSys74.Sys> [N/A]
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> []
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> []
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> []
<{5D83AD9C-3BFC-43F5-979D-2904DBC54A8E}><C:\Program Files\common~1\system\..\system\WinSys64.Sys> []
<{4D47B341-43DF-4563-753F-345FFA3157D4}><C:\WINDOWS\system32\kvmxdma.dll> [N/A]
<{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\system32\avwlbmn.dll> []
<{57D81718-1314-5200-2597-587901018075}><C:\WINDOWS\system32\kaqhezy.dll> []
<{E418E9ED-9221-4661-B1F3-4AA35BD83832}><C:\Program Files\Internet Explorer\PLUGINS\WinSys88.Sys> []
<{5D47B341-43DF-4563-753F-345FFA3157D5}><C:\WINDOWS\system32\kvmxema.dll> []
<{4859245F-345D-BC13-AC4F-145D47DA34F4}><C:\WINDOWS\system32\avzxdmn.dll> []
<{4E32FA58-3453-FA2D-BC49-F340348ACCE4}><C:\WINDOWS\system32\rsmydpm.dll> []
<{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\system32\kvdxcma.dll> []
服务
[IENET / IENEY][Stopped/Auto Start]
<C:\WINDOWS\IEnet.exe><N/A>
[ServiceJsHelp / ServiceJsHelp][Running/Auto Start]
<C:\WINDOWS\system32\playasp.exe><>
驱动程序
[QuakeDRV / QuakeDRV][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[rfvevcn / rfvevcn7][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\rfvevcn7.sys><N/A>
[xocwwo / xocwwo][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\xocwwo.sys><N/A>
