【回复“情况”的帖子】
1、用XDELBOX删除下列文件(XDELBOX的下载及使用例子参考:http://forum.ikaka.com/topic.asp?board=28&artid=8381032):
C:\WINDOWS\system32\mxcdcsrv16_080329.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dat2F.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp64.tmp
C:\WINDOWS\system32\tdffdl.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\gwsmhxuq.exe
2、重启后,用SRENG删除下列注册表内容:
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<zsmstc><rundll32.exe C:\WINDOWS\system32\mxcdcsrv16_080329.dll start> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{7FA4A83B-F99A-4bfc-A8E2-6A62B05D2C82}><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dat2F.tmp> [N/A]
<{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll> [N/A]
<{84143967-B645-4BFF-B873-DA1DC886E9A7}><C:\WINDOWS\system32\cedafb.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<igzwzslm><; C:\WINDOWS\gwsmhxuq.exe> [N/A]
驱动程序
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp52.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp64.tmp><N/A>
