1.建议使用XDelBox删除以下文件:
http://www.dodudou.com/down/download.php?fname=./01.原创软件/XDelBox1.6.rar使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
c:\windows\fonts\syn00-18-f3-7c-e8-cf\system\smss.exe
c:\windows\fonts\jsqxbyc.dll
c:\windows\fonts\swrcgzc.dll
c:\windows\fonts\swjqdzc.dll
c:\windows\system32\gjcscyc.dll
c:\windows\fonts\kawdjzy.dll
c:\windows\fonts\raqjmpi.dll
c:\windows\fonts\wsmsfzx.dll
c:\windows\fonts\gjfhbyc.dll
c:\windows\fonts\rarjfpi.dll
c:\windows\system32\avwghmn.dll
c:\windows\system32\avzxmmn.dll
c:\windows\fonts\kapjizy.dll
c:\windows\system32\rsmyjpm.dll
c:\windows\vistadrive\vsdrv.exe
net
c:\windows\system32\drivers\comint32.sys
c:\docume~1\admini~1\locals~1\temp\tmp1c.tmp
c:\ntldr.exe
c:\autorun.inf
d:\ntldr.exe
d:\autorun.inf
e:\ntldr.exe
e:\autorun.inf
F:\ntldr.exe
F:\autorun.inf
2.删除重启后使用SREng修复下面各项: 启动项目 -- 注册表之如下项删除:
[{2D098345-9012-8750-8910-9128098134D2}] <C:\WINDOWS\Fonts\jsqxbyc.dll>
[{878A7521-FA87-34AB-34C2-4893F3AD34C8}] <C:\WINDOWS\Fonts\swrcgzc.dll>
[{44909874-8982-F344-A322-7898787FA744}] <C:\WINDOWS\Fonts\swjqdzc.dll>
[{9963387B-212E-4643-B207-82DAEA0E713D}] <>
[{3FA10261-B890-F432-A453-69F1023513F3}] <C:\WINDOWS\system32\gjcscyc.dll>
[{A8907901-1416-3389-9981-37217856998A}] <C:\WINDOWS\Fonts\kawdjzy.dll>
[{D4783410-4F90-34A0-7820-3230ACD05F4D}] <C:\WINDOWS\Fonts\raqjmpi.dll>
[{892FADFA-BCDE-ACDF-CDEF-21054865CBA8}] <C:\WINDOWS\Fonts\wsmsfzx.dll>
[{2D908534-AD45-920F-AC89-4024FA9D26D2}] <C:\WINDOWS\Fonts\gjfhbyc.dll>
[{6598FF45-DA60-F48A-BC43-10AC47853D56}] <C:\WINDOWS\Fonts\rarjfpi.dll>
[{8A1247C1-53DA-FF43-ABD3-345F323A48D8}] <C:\WINDOWS\system32\avwghmn.dll>
[{D859245F-345D-BC13-AC4F-145D47DA34FD}] <C:\WINDOWS\system32\avzxmmn.dll>
[{9A321487-4977-D98A-C8D5-6488257545A9}] <C:\WINDOWS\Fonts\kapjizy.dll>
[{AE32FA58-3453-FA2D-BC49-F340348ACCEA}] <C:\WINDOWS\system32\rsmyjpm.dll>
[TBMonEx] <C:\WINDOWS\Fonts\syn00-18-F3-7C-E8-CF\system\smss.exe>
[Vistadrv] <C:\WINDOWS\Vistadrive\vsdrv.exe>
[IFEO[360rpt.exe]] <net>
[IFEO[360Safe.exe]] <net>
[IFEO[360tray.exe]] <net>
[IFEO[ACKWIN32.EXE]] <net>
[IFEO[ANTI-TROJAN.EXE]] <net>
[IFEO[APVXDWIN.EXE]] <net>
[IFEO[AUTODOWN.EXE]] <net>
[IFEO[AVCONSOL.EXE]] <net>
[IFEO[AVE32.EXE]] <net>
[IFEO[AVGCTRL.EXE]] <net>
[IFEO[AVKSERV.EXE]] <net>
[IFEO[AVNT.EXE]] <net>
[IFEO[AVP.EXE]] <net>
[IFEO[AVP32.EXE]] <net>
[IFEO[AVPCC.EXE]] <net>
[IFEO[AVPDOS32.EXE]] <net>
[IFEO[AVPM.EXE]] <net>
[IFEO[AVPTC32.EXE]] <net>
[IFEO[AVPUPD.EXE]] <net>
[IFEO[AVSCHED32.EXE]] <net>
[IFEO[AVWIN95.EXE]] <net>
[IFEO[AVWUPD32.EXE]] <net>
[IFEO[BLACKD.EXE]] <net>
[IFEO[BLACKICE.EXE]] <net>
[IFEO[CFIADMIN.EXE]] <net>
[IFEO[CFIAUDIT.EXE]] <net>
[IFEO[CFINET.EXE]] <net>
[IFEO[CFINET32.EXE]] <net>
[IFEO[CLAW95.EXE]] <net>
[IFEO[CLAW95CF.EXE]] <net>
[IFEO[CLEANER.EXE]] <net>
[IFEO[CLEANER3.EXE]] <net>
[IFEO[DVP95.EXE]] <net>
[IFEO[DVP95_0.EXE]] <net>
[IFEO[ECENGINE.EXE]] <net>
[IFEO[EGHOST.EXE]] <net>
[IFEO[ESAFE.EXE]] <net>
[IFEO[EXPWATCH.EXE]] <net>
[IFEO[F-AGNT95.EXE]] <net>
[IFEO[F-PROT.EXE]] <net>
[IFEO[F-PROT95.EXE]] <net>
[IFEO[F-STOPW.EXE]] <net>
[IFEO[FESCUE.EXE]] <net>
[IFEO[FINDVIRU.EXE]] <net>
[IFEO[FP-WIN.EXE]] <net>
[IFEO[FPROT.EXE]] <net>
[IFEO[FRW.EXE]] <net>
[IFEO[IAMAPP.EXE]] <net>
[IFEO[IAMSERV.EXE]] <net>
[IFEO[IBMASN.EXE]] <net>
[IFEO[IBMAVSP.EXE]] <net>
[IFEO[ICLOAD95.EXE]] <net>
[IFEO[ICLOADNT.EXE]] <net>
[IFEO[ICMON.EXE]] <net>
[IFEO[ICSUPP95.EXE]] <net>
[IFEO[ICSUPPNT.EXE]] <net>
[IFEO[IFACE.EXE]] <net>
[IFEO[IOMON98.EXE]] <net>
[IFEO[Iparmor.exe]] <net>
[IFEO[JEDI.EXE]] <net>
[IFEO[KAV32.exe]] <net>
[IFEO[KAVPFW.EXE]] <net>
[IFEO[KAVsvc.exe]] <net>
[IFEO[KAVSvcUI.exe]] <net>
[IFEO[KVFW.EXE]] <net>
[IFEO[KVMonXP.exe]] <net>
[IFEO[KVMonXP.kxp]] <net>
[IFEO[KVSrvXP.exe]] <net>
[IFEO[KVwsc.exe]] <net>
[IFEO[KvXP.kxp]] <net>
[IFEO[KWatchUI.EXE]] <net>
[IFEO[LOCKDOWN2000.EXE]] <net>
[IFEO[Logo1_.exe]] <net>
[IFEO[Logo_1.exe]] <net>
[IFEO[LOOKOUT.EXE]] <net>
[IFEO[LUALL.EXE]] <net>
[IFEO[MAILMON.EXE]] <net>
[IFEO[MOOLIVE.EXE]] <net>
[IFEO[MPFTRAY.EXE]] <net>
[IFEO[N32SCANW.EXE]] <net>
[IFEO[Navapsvc.exe]] <net>
[IFEO[Navapw32.exe]] <net>
[IFEO[NAVLU32.EXE]] <net>
[IFEO[NAVNT.EXE]] <net>
[IFEO[navw32.EXE]] <net>
[IFEO[NAVWNT.EXE]] <net>
[IFEO[NISUM.EXE]] <net>
[IFEO[NMain.exe]] <net>
[IFEO[NORMIST.EXE]] <net>
[IFEO[NUPGRADE.EXE]] <net>
[IFEO[NVC95.EXE]] <net>
[IFEO[PAVCL.EXE]] <net>
[IFEO[PAVSCHED.EXE]] <net>
[IFEO[PAVW.EXE]] <net>
[IFEO[PCCWIN98.EXE]] <net>
[IFEO[PCFWALLICON.EXE]] <net>
[IFEO[PERSFW.EXE]] <net>
[IFEO[PFW.EXE]] <net>
[IFEO[Rav.exe]] <net>
[IFEO[RAV7.EXE]] <net>
[IFEO[RAV7WIN.EXE]] <net>
[IFEO[RAVmon.exe]] <net>
[IFEO[RAVmonD.exe]] <net>
[IFEO[RAVtimer.exe]] <net>
[IFEO[Rising.exe]] <net>
[IFEO[SAFEWEB.EXE]] <net>
[IFEO[SCAN32.EXE]] <net>
[IFEO[SCAN95.EXE]] <net>
[IFEO[SCANPM.EXE]] <net>
[IFEO[SCRSCAN.EXE]] <net>
[IFEO[SERV95.EXE]] <net>
[IFEO[SMC.EXE]] <net>
[IFEO[SPHINX.EXE]] <net>
[IFEO[SWEEP95.EXE]] <net>
[IFEO[TBSCAN.EXE]] <net>
[IFEO[TCA.EXE]] <net>
[IFEO[TDS2-98.EXE]] <net>
[IFEO[TDS2-NT.EXE]] <net>
[IFEO[THGUARD.EXE]] <net>
[IFEO[TrojanHunter.exe]] <net>
[IFEO[VET95.EXE]] <net>
[IFEO[VETTRAY.EXE]] <net>
[IFEO[VSCAN40.EXE]] <net>
[IFEO[VSECOMR.EXE]] <net>
[IFEO[VSHWIN32.EXE]] <net>
[IFEO[VSSTAT.EXE]] <net>
[IFEO[WEBSCANX.EXE]] <net>
[IFEO[WFINDV32.EXE]] <net>
[IFEO[ZONEALARM.EXE]] <net>
[IFEO[_AVP32.EXE]] <net>
[IFEO[_AVPCC.EXE]] <net>
[IFEO[_AVPM.EXE]] <net>
[IFEO[修复工具.exe]] <net>
启动项目 -- 服务-- 驱动程序之如下项删除:
[RAS Asynchronous Media Driver / AsyncMac] <system32\DRIVERS\comint32.sys>
[WM / WM] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1C.tmp>
把启动文件夹删除:启动文件夹
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Stardock
ObjectDock.lnk --> C:\WINDOWS\
OBJECT~1\
OBJECT~1.EXE
最好在安全模式下删除,处理时断网,处理后升级杀软,全盘扫描。
