打开sreng (就是你扫日志的软件)
启动项目 注册表 删除如下项目
<{AE32FA58-3453-FA2D-BC49-F340348ACCEA}><C:\WINDOWS\system32\rsmyjpm.dll> [N/A]
<{7A321487-4977-D98A-C8D5-6488257545A7}><C:\WINDOWS\system32\kapjgzy.dll> [N/A]
<{1D908534-AD45-920F-AC89-4024FA9D26D1}><C:\WINDOWS\system32\gjfhayc.dll> [N/A]
<{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll> [N/A]
<{D859245F-345D-BC13-AC4F-145D47DA34FD}><C:\WINDOWS\system32\avzxmmn.dll> [N/A]
<{8960356A-458E-DE24-BD50-268F589A56A8}><C:\WINDOWS\system32\avwlhmn.dll> [N/A]
<{5598FF45-DA60-F48A-BC43-10AC47853D55}><C:\WINDOWS\system32\rarjepi.dll> [N/A]
<{792FADFA-BCDE-ACDF-CDEF-21054865CBA7}><C:\WINDOWS\system32\wsmsezx.dll> [N/A]
<{A8907901-1416-3389-9981-37217856998A}><C:\WINDOWS\Fonts\kawdjzy.dll> [N/A]
<{3FA10261-B890-F432-A453-69F1023513F3}><C:\WINDOWS\system32\gjcscyc.dll> [N/A]
<{9963387B-212E-4643-B207-82DAEA0E713D}><C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys> [N/A]
<{1C098A56-F90F-A789-901F-8906546720C1}><C:\WINDOWS\system32\gjtmayc.dll> [N/A]
<{24909874-8982-F344-A322-7898787FA742}><C:\WINDOWS\system32\swjqbzc.dll> [N/A]
<{4A57CAD1-412F-9547-713F-9641FA3FC7A4}><C:\WINDOWS\system32\okmhdzy.dll> [N/A]
<{778A7521-FA87-34AB-34C2-4893F3AD34C7}><C:\WINDOWS\system32\swrcfzc.dll> [N/A]
<{2D098345-9012-8750-8910-9128098134D2}><C:\WINDOWS\Fonts\jsqxbyc.dll> [N/A]
<{8A321487-4977-D98A-C8D5-6488257545A8}><C:\WINDOWS\Fonts\kapjhzy.dll> [N/A]
<{2D908534-AD45-920F-AC89-4024FA9D26D2}><C:\WINDOWS\Fonts\gjfhbyc.dll> [N/A]
<{6598FF45-DA60-F48A-BC43-10AC47853D56}><C:\WINDOWS\Fonts\rarjfpi.dll> [N/A]
<{878A7521-FA87-34AB-34C2-4893F3AD34C8}><C:\WINDOWS\Fonts\swrcgzc.dll> [N/A]
<{E159854F-6971-3456-6941-10235412974E}><C:\WINDOWS\Fonts\hookhelp.dll> [N/A]
<{9A321487-4977-D98A-C8D5-6488257545A9}><C:\WINDOWS\Fonts\kapjizy.dll> [N/A]
<{44909874-8982-F344-A322-7898787FA744}><C:\WINDOWS\Fonts\swjqdzc.dll> [N/A]
<{6A57CAD1-412F-9547-713F-9641FA3FC7A6}><C:\WINDOWS\Fonts\okmhfzy.dll> [N/A]
<{C4783410-4F90-34A0-7820-3230ACD05F4C}><C:\WINDOWS\Fonts\raqjlpi.dll> [N/A]
<{FD561258-45F3-A451-F908-A258458226DF}><C:\WINDOWS\Fonts\kvdxsoma.dll> [N/A]
<{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll> [N/A]
<{DB681598-AD5F-BC8C-77DC-748FAC8D3FBD}><C:\WINDOWS\Fonts\kafymzy.dll> [N/A]
<{E859245F-345D-BC13-AC4F-145D47DA34FE}><C:\WINDOWS\Fonts\avzxnmn.dll> [N/A]
<{892FADFA-BCDE-ACDF-CDEF-21054865CBA8}><C:\WINDOWS\Fonts\wsmsfzx.dll> [N/A]
<{B960356A-458E-DE24-BD50-268F589A56AB}><C:\WINDOWS\Fonts\avwlkmn.dll> [N/A]
<WSockDrv32><C:\WINDOWS\xkiygq.exe> [N/A]
以及所有红色的Image File Execution Options项目 诸如
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE]
<IFEO[ACKWIN32.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE]
<IFEO[ANTI-TROJAN.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\APVXDWIN.EXE]
<IFEO[APVXDWIN.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AUTODOWN.EXE]
<IFEO[AUTODOWN.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE]
<IFEO[AVCONSOL.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVE32.EXE]
<IFEO[AVE32.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE]
<IFEO[AVGCTRL.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE]
<IFEO[AVKSERV.EXE]><net> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVNT.EXE] ...
