删除 方法见
http://bbs.ikaka.com/showtopic-8442813.aspxc:\windows\system32\cedafb.dll
c:\windows\system32\ddserh.dll
c:\windows\system32\dndsaf.dll
c:\windows\system32\fmcvxy.dll
c:\windows\system32\hhrdxd.dll
c:\windows\system32\jfdses.dll
c:\windows\system32\sgdewg.dll
c:\windows\system32\tdfhex.dll
c:\windows\system32\wrqszl.dll
c:\windows\system32\wyrsdj.dll
c:\windows\system32\wzcfsw.dll
c:\windows\system32\zgtwfx.dll
c:\windows\system32\zycdex.dll
c:\docume~1\admini~1\locals~1\temp\_tmp.bat
2.删除重启后使用SREng修复下面各项: 启动项目 -- 注册表之如下项删除:
[{28766E1C-74B0-4417-8C75-F12AE309EF35}] <C:\WINDOWS\system32\wzcfsw.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}] <C:\WINDOWS\system32\dndsaf.dll>
[{0B846B26-BFE6-4E8E-A948-1DB17B77B483}] <C:\WINDOWS\system32\tdfhex.dll>
[{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}] <C:\WINDOWS\system32\wyrsdj.dll>
[{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}] <C:\WINDOWS\system32\jfdses.dll>
[{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}] <C:\WINDOWS\system32\fmcvxy.dll>
[{006CA8A1-61BC-4774-A54C-F49034270BAD}] <C:\WINDOWS\system32\zgtwfx.dll>
[{F99DEFDD-200B-4410-B572-E90883D527D2}] <C:\WINDOWS\system32\wrqszl.dll>
[{84143967-B645-4BFF-B873-DA1DC886E9A7}] <C:\WINDOWS\system32\cedafb.dll>
[{45AADFAA-DD36-42AB-83AD-0521BBF58C24}] <C:\WINDOWS\system32\zycdex.dll>
[{8C41B7F7-3168-400D-A702-0E7EFE0BA304}] <C:\WINDOWS\system32\sgdewg.dll>
[{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}] <C:\WINDOWS\system32\hhrdxd.dll>
[{A9895933-6636-4281-BC58-EE6DE2AF96E3}] <C:\WINDOWS\system32\ddserh.dll>
启动项目 -- 服务-- 驱动程序之如下项删除:
[yzpqax / yzpqax] <>
[yzpqax / yzpqax] <>
[axboq / axboq] <>
[axboq / axboq] <>
[yoprx / yoprx] <>
[yoprx / yoprx] <>
[xbyopr / xbyopr] <>
[xbyopr / xbyopr] <>
[TesSafe / TesSafe] <>
[TesSafe / TesSafe] <>
[prayz / prayz] <>
[prayz / prayz] <>
[ddabw / ddabw] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_tmp.bat>
[cxbyqp / cxbyqp] <>
[cxbyqp / cxbyqp] <>
附件修复劫持
附件:
机器狗%26映像劫持修复工具.rar