建议使用XDelBox删除以下文件
复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,重启删除
c:\docume~1\admini~1\locals~1\temp\msdll.dat
c:\windows\fonts\3efeaf36.fon
c:\windows\fonts\9zvbgjurkk.fon
c:\windows\fonts\cespvp8fqd.fon
c:\windows\fonts\cn2bsk5wje.fon
c:\windows\fonts\crrp2mdp.fon
c:\windows\fonts\d7019b3b.fon
c:\windows\fonts\dpgu7zke.fon
c:\windows\fonts\dpmkwru3m.fon
c:\windows\fonts\fnfkvyvnt2.fon
c:\windows\fonts\gpwrf8rwxb.fon
c:\windows\fonts\ntkrm2essn.fon
c:\windows\fonts\sjbqjty7bc.fon
c:\windows\fonts\x7s7xgtp.fon
c:\windows\fonts\ypzqq3n27q.fon
c:\windows\system32\1957817a.dll
c:\windows\system32\704c3595.dll
c:\windows\system32\76b9ba7a.dll
c:\windows\system32\bbmidmfa.dll
c:\windows\system32\bobnkpkd.dll
c:\windows\system32\difibkfo.dll
c:\windows\system32\dljgidpe.dll
c:\windows\system32\fhemhgic.dll
c:\windows\system32\fkopkdfb.dll
c:\windows\system32\gjnigkod.dll
c:\windows\system32\hbndkpac.dll
c:\windows\system32\iahagnjh.dll
c:\windows\system32\ibgpjkfe.dll
c:\windows\system32\icnnlcbm.dll
c:\windows\system32\jcljlpgn.dll
c:\windows\system32\jegkdcmj.dll
c:\windows\system32\jkijddbo.dll
c:\windows\system32\jllioeoa.dll
c:\windows\system32\kcnfggng.dll
c:\windows\system32\kkhbpjcm.dll
c:\windows\system32\lmfddalp.dll
c:\windows\system32\mlfplglc.dll
c:\windows\system32\pfcbpcim.dll
c:\windows\system32\rbwn2dra.dll
c:\windows\system32\skj9prhxkpy.dll
c:\windows\winsscoo.exe
c:\docume~1\admini~1\locals~1\temp\~1d6a9.tmp
c:\docume~1\admini~1\locals~1\temp\25120
c:\docume~1\admini~1\locals~1\temp\24493
c:\docume~1\admini~1\locals~1\temp\102379
c:\windows\system32\cc80f0b4.dll
c:\windows\system32\msexe.exe
c:\docume~1\admini~1\locals~1\temp\~63307b.tmp
从正常系统拷贝文件 替换 c:\windows\system32\userinit.exe
2.删除重启后使用SREng修复下面各项: 修复映影像劫持
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
<IFEO[avp.exe]><services.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><services.exe> [(Verified)Microsoft Windows Component Publisher]
启动项目 -- 注册表之如下项删除:
[{B70A8AAD-F18A-465E-8240-184DD5845D2D}] <C:\WINDOWS\fonts\X7s7xgtP.fon>
[{1E322963-355E-422F-BE2E-8C4667E31D10}] <C:\WINDOWS\fonts\NtkRM2essN.fon>
[{D7019B3B-ABF8-4D55-AB50-95A110373D54}] <C:\WINDOWS\Fonts\D7019B3B.fon>
[{3E090A14-E55E-4BA3-97C2-505907EAC7A7}] <C:\WINDOWS\fonts\Dpgu7ZKe.fon>
[{1957817A-94B2-4CAC-B113-A331809B5730}] <C:\WINDOWS\system32\1957817A.dll>
[{ADB08D88-8CE7-48C8-AE21-18DCBB5CF263}] <C:\WINDOWS\fonts\CN2BSk5wje.fon>
[{2544F5DD-9B14-4F4E-A901-45D7FED27005}] <C:\WINDOWS\fonts\YpZQq3n27Q.fon>
[{704C3595-DB85-40F6-A601-8D6F346907BD}] <C:\WINDOWS\system32\704C3595.dll>
[{76B9BA7A-81D0-4979-8598-8471F2AB5186}] <C:\WINDOWS\system32\76B9BA7A.dll>
[{C43CA401-3F92-4D50-BF66-69AE01F7B648}] <C:\WINDOWS\fonts\fnFkVYVNt2.fon>
[{AE8813B0-61B3-4F6D-8F9A-7AF223E2C46E}] <C:\WINDOWS\system32\SKj9pRhxKPy.dll>
[{3EFEAF36-B081-4454-9DE0-9023F21B2263}] <C:\WINDOWS\fonts\3EFEAF36.fon>
[{0127FA15-17DA-4FA3-9675-49BB9CF57053}] <C:\WINDOWS\fonts\gPwRF8Rwxb.fon>
[{FC8F4603-4AB2-4A0D-B17F-886CC8AAAFD2}] <C:\WINDOWS\fonts\CESPVP8FQd.fon>
[{49762F37-EF1F-447D-A27A-967C9520A3F8}] <C:\WINDOWS\fonts\sJbQjtY7bc.fon>
[{47018D3A-8682-4D30-AC5E-F74B84189AB3}] <C:\WINDOWS\fonts\crrp2mDP.fon>
[{3E52FA6E-D83E-4811-8FB5-1D54C0687227}] <C:\WINDOWS\fonts\dPmKwRu3m.fon>
[msexe.exe] <C:\WINDOWS\system32\msexe.exe>
注意该项[AppInit_DLLs]修改:把<C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,ibgpjkfe.dll,lmfddalp.dll,fhemhgic.dll,kmon.dll,gjnigkod.dll,hbndkpac.dll,dljgidpe.dll,bbmidmfa.dll,bobnkpkd.dll,pfcbpcim.dll,jcljlpgn.dll>修改为<>即清空
[{CC80F0B4-04D7-44D0-8DB9-9109B5B72141}] <C:\WINDOWS\system32\CC80F0B4.dll>
[{54F6A1F0-18CD-4A8E-B08B-6A5203AADE30}] <C:\Program Files\Internet Explorer\StringJz.ask>
启动项目 -- 服务-- 驱动程序之如下项禁用:
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService] <system32\drivers\ADIHdAud.sys>
