手工吧
这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。
http://dl.filseclab.com/down/powerrmv.zip删除:
C:\WINDOWS\gwsmhxuq.exe
C:\WINDOWS\system32\SysDaJHv.dll
C:\WINDOWS\system32\msosfmsq00.dll
C:\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\msosdohs01.dll
C:\WINDOWS\system32\msoscqit00.dll
C:\WINDOWS\system32\nicozftp00.dll
C:\WINDOWS\system32\fmsiocps.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\msosjtio00.dll
C:\WINDOWS\system32\msosptfs00.dll
C:\WINDOWS\system32\wipicdec.dll
C:\WINDOWS\system32\msosping00.dll
C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys
C:\WINDOWS\system32\75D23BE4.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3.tmp
C:\WINDOWS\system32\IEBHO.dll
C:\WINDOWS\system32\IETool.dll
C:\WINDOWS\system32\rzysdhbx.dll
不论删除结果如何继续下面操作。
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里面找下面项目删除:
启动项目
注册表
<igzwzslm><C:\WINDOWS\gwsmhxuq.exe> []
<{398C9B84-4EF7-47B5-9862-DE29543B3C42}><C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys> []
<IFEO[avp.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[Rav.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[RavStub.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows XP Publisher]
<IFEO[RavTask.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[rfwcfg.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[rfwmain.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[rfwProxy.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[rfwsrv.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[rfwstub.exe]><TASKMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IFEO[runiep.exe]><TASKMAN.EXE> [(Verified)Microsoft Corporation]
————————————————————————————————————
在扫日志的SRENG工具》启动项目》注册表》里将下面项目置空(就是选择“编辑”)这必须关闭杀毒软件的监控,否则改不了可能。
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><SysDaJHv.dll,msosfmsq00.dll,msosmhfp00.dll,msosdohs01.dll,msoscqit00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,msosjtio00.dll,msosptfs00.dll,wipicdec.dll,msosping00.dll> [Microsoft Corporation]
就是将<AppInit_DLLs><SysDaJHv.dll,msosfmsq00.dll,msosmhfp00.dll,msosdohs01.dll,msoscqit00.dll,nicozftp00.dll,fmsiocps.dll,msosmnsf00.dll,msosjtio00.dll,msosptfs00.dll,wipicdec.dll,msosping00.dll> [Microsoft Corporation]的“值”项编辑置空为:
<AppInit_DLLs><> [Microsoft Corporation]
你可以选择其中一个红色项,然后编辑时你可能看不到什么,只需要在值项里输入任意一个字母或数字即可。
—————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》Win32服务应用程序》里面找下面项删除,
==================================
服务
[B302EC43 / B302EC43][Stopped/Auto Start]
<C:\WINDOWS\system32\75D23BE4.EXE -d><N/A>
————————————————————————————————————
在扫日志的SRENG工具》启动项目》服务》驱动程序》里面找下面项删除,
==================================
驱动程序
[cqit / cqit][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpB.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp9.tmp><N/A>
[IIS Manager / IIS Manager ][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpF.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[ping / ping][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp><N/A>
[ptfs / ptfs][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11.tmp><N/A>
[zftp / zftp][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp3.tmp><N/A>
—————————————————————————————
在扫日志的SRENG工具》系统修复》浏览器加载项》里面找下面删除
==================================
浏览器加载项
[]
{398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys, N/A>
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[快捷工具条3.21]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, >
[]
{398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\DosSys16.Sys, N/A>
[快捷工具条3.21]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, >
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
—————————————————————————————————————
用下载的“清理临时文件工具ATF-Cleaner-cn”,全选所有项目,点击“立即清理”
下载:
http://www.atribune.org/public-beta/ATF-Cleaner.exe用W i n d o w s 清理助手 ,清理你那系统。
W i n d o w s 清理助手 下载:
http://www.arswp.com/————————————————————————————————————
再重启电脑,反复检查,操作的结果,
————————————————————————————————————
再重启电脑,
升级杀毒软件至最新版本全盘杀毒。
下载卡卡助手,清理你那系统。
记得打打系统漏洞补丁