taskkill /f /im ipilrws.exe
保存后运行(关闭病毒运行的程序)
x:\autorun.inf
3.打开注册表
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
改回来
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\2222.exe
C:\Program Files\bhpkndi.inf
C:\Program Files\dld.dat
C:\Program Files\meex.exe
C:\Program Files\1a1221.exe
C:\Program Files\Common Files\Microsoft Shared\egrrgdk.inf
C:\Program Files\Common Files\Microsoft Shared\iqwfobe.exe
C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\atmQQ2.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysWFGwd2.dll
C:\Program Files\Common Files\System\egrrgdk.inf
C:\Program Files\Common Files\System\ipilrws.exe
C:\Program Files\Common Files\System\owupxei.exe
C:\WINDOWS\Fonts\rarjfni.dll
C:\WINDOWS\Fonts\rarjfpi.dll
C:\WINDOWS\Fonts\rarjftl.exe
C:\WINDOWS\Fonts\verclsids.exe