[b]1.建议使用XDelBox删除以下文件[/b]:(Xdelbox1.7下载地址:http://www.qispace.com.cn/read.php/1.htm 的工具19) 使用说明:[b]先勾选抑制再生[/b],[color=red]删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键,选择立刻重启删除[/color],电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。 C:\windows\system32\hbmhly.dll c:\windows\system32\tscfgwmijxsj.dll c:\windows\system32\aepnrimv.dll c:\windows\system32\imgutilhx2.dll c:\windows\system32\avicapwm.dll c:\windows\system32\bootvidgj.dll c:\windows\system32\certmgrkd.dll c:\windows\system32\adsntzt.dll c:\windows\system32\cliconfgzx.dll c:\windows\system32\lweurqhx.dll c:\windows\system32\hbinject.exe c:\windows\system32\mtewdh.dll c:\windows\system32\mfdesy.dll c:\windows\system32\mpwdeapi.dll c:\windows\system32\yzztlmsn.dll c:\windows\system32\tdffdl.dll c:\windows\system32\zxmsdwin.dll c:\windows\system32\nhmxcjkl.dll c:\windows\system32\zycbdime.dll c:\windows\system32\sgdewg.dll c:\windows\system32\ptjhehlp.dll c:\windows\system32\mndshsrv.dll c:\windows\system32\mndhfdwd.dll c:\windows\system32\zyzxjime.dll c:\windows\system32\ypcqghlp.dll c:\windows\system32\yxcschlp.dll c:\windows\system32\apzhctde.dll c:\windows\system32\hhrdxd.dll c:\windows\system32\ypdjgbmp.dll c:\windows\system32\tisqatyu.dll c:\windows\system32\pqzfajke.dll c:\windows\system32\zywlcime.dll c:\windows\system32\pjjxedwd.dll c:\windows\system32\jkhxaklo.dll c:\windows\system32\skqncbib.dll c:\windows\system32\ozfyebyt.dll c:\windows\system32\ietzbpaq.dll c:\windows\system32\fgfsbkuy.dll c:\windows\system32\zxptejpg.dll c:\windows\system32\arjreler.dll c:\windows\system32\lofsdjbo.dll c:\windows\system32\akjsdkaq.dll c:\windows\system32\ijdyapaw.dll c:\program files\internet explorer\plugins\unixsys08.sys c:\windows\system32\mnmhgsrv.dll c:\windows\system32\hdf453d.dll c:\windows\system32\zptlcsys.dll c:\windows\system32\apsggjba.dll c:\windows\system32\oohxdbyt.dll c:\windows\system32\wklsdd.dll c:\windows\system32\zefdst.dll c:\windows\system32\ddserh.dll c:\windows\system32\zgxfdx.dll c:\windows\system32\rfdswc.dll c:\windows\system32\cdwqfs.dll c:\windows\system32\zgrjdx.dll c:\windows\system32\wrqszl.dll c:\windows\system32\jdsaex.dll c:\windows\system32\wyrsdj.dll c:\windows\system32\fmcvxy.dll c:\windows\system32\tdggrz.dll c:\windows\system32\pedadt.dll c:\windows\system32\jggtsr.dll c:\windows\system32\nhmxdjkl.dll c:\windows\system32\zxmsewin.dll c:\windows\system32\msobjstl.dll c:\windows\system32\akjsfkaq.dll c:\windows\system32\fd233ds4f3.dll c:\windows\system32\zywmgime.dll c:\program files\internet explorer\plugins\windows64.sys c:\windows\system32\dpvvoxmh.dll c:\70fde73cdfe840bd.dat c:\docume~1\admini~1\locals~1\temp\tmpd.tmp c:\windows\system32\drivers\ttvovfg.sys c:\windows\system32\drivers\quakedrv.sys c:\docume~1\admini~1\locals~1\temp\tmp1b.tmp c:\docume~1\admini~1\locals~1\temp\tmp1d.tmp c:\docume~1\admini~1\locals~1\temp\tmp17.tmp c:\windows\system32\drivers\ljpu.sys c:\docume~1\admini~1\locals~1\temp\tmp19.tmp c:\program files\rising\rav\hookapi.sys c:\windows\system32\drivers\hbkernel.sys c:\docume~1\admini~1\locals~1\temp\tmp13.tmp c:\docume~1\admini~1\locals~1\temp\tmp15.tmp c:\docume~1\admini~1\locals~1\temp\tmp11.tmp c:\docume~1\admini~1\locals~1\temp\cdiskdun.sys c:\program files\common files\microsoft shared\msinfo\system76.ins %systemroot%\system32\mshtml.dll c:\windows\system32\promote.dll [b]2.删除重启后使用SREng修复下面各项:[/b] 启动项目 -- 注册表之如下项删除: [tscfgwmijxsj.dll] [aepnrimv.dll] [imgutilhx2.dll] [avicapwm.dll] [bootvidgj.dll] [certmgrkd.dll] [adsntzt.dll] [cliconfgzx.dll] [erribuin.dll] [lweurqhx.dll] [{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}] [{00300030-0030-0030-0030-00300030BB15}] [{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}] [{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}] [{D3112B69-A745-4805-874E-ABD480EA1299}] [{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}] [{00050005-0005-0005-0005-00050005BB15}] [{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}] [{71A78CD4-E470-4a18-8457-E0E0283DD507}] [color=red]注意该项[AppInit_DLLs]修改:[/color]把修改为<>即清空 [HBService] [{189F087F-4378-405F-85FA-37D955AD7A8C}] [{DC3D30AE-0380-4151-8934-EE98A34B0370}] [{55694105-5108-9405-3695-954187462155}] [{B490415F-65F8-B5C5-D8BA-9405FB12054B}] [{C0595A7E-2E2F-4B34-A83A-019270A0A464}] [{7A041F13-A111-12A3-B0CF-F99818AA68A7}] [{37AC9076-C898-B098-D098-A18319080973}] [{4A698102-5904-AFD0-20DF-CD1A65829CA4}] [{8C41B7F7-3168-400D-A702-0E7EFE0BA304}] [{528DF602-9541-A985-210A-984A698C6F25}] [{87FD640A-158F-48AC-FD14-1597F14A9778}] [{6C648541-1025-9650-9057-6541258720C6}] [{AA59145F-315D-BC23-AC1F-145DF81A34AA}] [{80AF1289-F140-A140-D012-C1458759FC08}] [{35671234-7890-ABCD-CDEF-567801237653}] [{3D698451-2015-6358-9871-2015987452D3}] [{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}] [{91954FAC-1023-154F-895A-1458258AD819}] [{18093456-9012-4568-9076-908765467181}] [{60A345CD-ABCD-EFAB-CDEF-ABCD01020306}] [{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}] [{54FAE856-AD58-20CB-A025-CD4895FA6E45}] [{14698742-2059-3025-9058-954023874141}] [{32023698-6984-8541-9654-698745012523}] [{5A069845-2036-6084-9054-6087502480A5}] [{29109876-7619-9101-7012-901938475192}] [{6E091341-6715-2098-51F0-178367AE53E6}] [{91698482-6555-3666-1222-954784129019}] [{7C69034A-F45F-D34D-A33A-C33C4D324FC7}] [{470165F1-9F65-569F-F895-F14F58F41074}] [{4A908760-8000-4000-A000-9000322145A4}] [{1A698452-C5D8-C584-C256-C264C987C5A1}] [{74381DEC-D78B-43E4-BA5D-5244F669EBE4}] [{7C8D1401-A58D-A81C-CD24-A5915C4517C7}] [{B629FF4F-ACDB-5C90-A098-FACB3456A26B}] [{50940F85-F015-14F1-A05F-F69858AC6D05}] [{7FD45A54-9875-698F-E56E-65102358FDF7}] [{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}] [{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}] [{28EB3777-3E23-4E72-8449-A992D09D24C3}] [{A9895933-6636-4281-BC58-EE6DE2AF96E3}] [{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}] [{461D2AB4-29A5-45C2-9134-D52272D3DE38}] [{011DB9B9-44B4-44D9-B17E-BC7608F2E549}] [{45AADFAA-DD36-42AB-83AD-0521BBF58C24}] [{F99DEFDD-200B-4410-B572-E90883D527D2}] [{B29583D8-033A-4B9F-8553-7C5458F3FB8E}] [{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}] [{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}] [{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}] [{5E907A48-400E-4EA8-9792-FFAE052D59E9}] [{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}] [{47AC9076-C898-B098-D098-A18319080974}] [{8A041F13-A111-12A3-B0CF-F99818AA68A8}] [{C490415F-65F8-B5C5-D8BA-9405FB12054C}] [{00170017-0017-0017-0017-00170017BB15}] [{6A908760-8000-4000-A000-9000322145A6}] [{7C954872-1230-6541-9548-6541025884C7}] [{7319A1F1-9410-9654-3201-345FFA349137}] [{4372FE4D-E2C2-45FE-A893-E2B1691A7DD0}] [{00070007-0007-0007-0007-00070007BB15}] 启动项目 -- 服务-- 驱动程序之如下项禁用: [70fde73cdfe840bd / 70fde73cdfe840bd] <\??\C:\70fde73cdfe840bd.dat> [zftp / zftp] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpD.tmp> [ttvovfg / ttvovfg] <\SystemRoot\system32\drivers\ttvovfg.sys> [QuakeDRV / QuakeDRV] <\SystemRoot\system32\DRIVERS\quakedrv.sys> [ptfs / ptfs] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1B.tmp> [ping / ping] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1D.tmp> [mnsf / mnsf] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp17.tmp> [ljp / ljpu] <\SystemRoot\System32\DRIVERS\ljpu.sys> [jtio / jtio] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp19.tmp> [HOOKAPI / HOOKAPI] <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys> [HBKernel Driver / HBKernel] <\SystemRoot\system32\DRIVERS\HBKernel.sys> [fmsq / fmsq] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp13.tmp> [dohs / dohs] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp15.tmp> [cqit / cqit] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp11.tmp> [cdiskdun / cdiskdun] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdiskdun.sys> 系统修复-- 浏览器加载项之如下项删除: [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [HTML Document] <%SystemRoot%\system32\mshtml.dll> [] [] [] [Promote Class] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [] [Promote Class] 附件去映像劫持项