运行SREng,删除如下注册表启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Intel Chipset Monitor><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\63057520.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<RavRuneip><C:\WINDOWS\system32\RacvSvc.EXE yhcnsyvyig.dll,HFanMa> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1859245F-345D-BC13-AC4F-145D47DA34F1}><C:\WINDOWS\system32\avzxamn.dll> [N/A]
<{1598FF45-DA60-F48A-BC43-10AC47853D51}><C:\WINDOWS\system32\rarjapi.dll> []
<{2C87A354-ABC3-DEDE-FF33-3213FD7447C2}><C:\WINDOWS\system32\kvdxbma.dll> [N/A]
<{E3F426F6-8634-42A5-A29E-BC694A88FB7D}><C:\WINDOWS\system32\xyupri0.dll> []
<{29FA4178-7749-A8D9-F5C8-886455257692}><C:\WINDOWS\system32\kashbzy.dll> []
<{1E32FA58-3453-FA2D-BC49-F340348ACCE1}><C:\WINDOWS\system32\rsmyapm.dll> [N/A]
<{D12BC423-3713-224D-3F55-32B35C62B11D}><C:\WINDOWS\system32\WinFormA9.dll> []
编辑AppInit_DLLs 键值为空
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kashbzy.dll> []
用SREng禁用如下驱动:
CdaC15BA / CdaC15BA
重起进入安全模式,显示隐藏文件之后删除下面的文件(删除不掉的或者查看不到的用冰刃查看并删除):
C:\WINDOWS\system32\avzxamn.dll> [N/A]
C:\WINDOWS\system32\rarjapi.dll> []
C:\WINDOWS\system32\kvdxbma.dll> [N/A]
C:\WINDOWS\system32\xyupri0.dll> []
C:\WINDOWS\system32\kashbzy.dll> []
C:\WINDOWS\system32\rsmyapm.dll> [N/A]
C:\WINDOWS\system32\WinFormA9.dll> []
C:\WINDOWS\system32\yhcnsyvyig.dll
C:\WINDOWS\system32\RacvSvc.EXE
清空IE临时文件夹及其这个文件夹:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
全盘杀毒。
冰刃下载地址:
http://www.crsky.com/soft/6947.html
