楼主中了大量木马.比较麻烦.详情请看:
1. 杀毒前关闭系统还原(Win2000系统可以忽略):右键 我的电脑 ,属性,系统还原,在所有驱动器上关闭系统还原 打勾即可。
清除IE的临时文件:打开IE 点工具-->Internet选项 : Internet临时文件,点“删除文件”按钮 ,将 删除所有脱机内容 打勾,点确定删除。
关闭QQ等应用程序。进行如下操作前,请不要进行任何双击打开磁盘的操作。所有下载的工具都直接放桌面上。
2.建议使用XDelBox删除以下文件:(XDelBox1.7下载)
http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入不检查路径,导入后在要删除文件上点击右键
,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\WINDOWS\yjabfpbs.exe
C:\WINDOWS\mfchlp64.exe
C:\WINDOWS\WINSvr64.exe
C:\WINDOWS\yuiabct.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2C.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp12.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp54.tmp
C:\WINDOWS\system32\Drivers\PauseDrv.sys
C:\WINDOWS\system32\msosdohs00.dll
C:\WINDOWS\system32\msosdrop00.dll
C:\WINDOWS\system32\msosjtio00.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\jyjlt.dll
C:\WINDOWS\system32\fjyjy.dll
C:\WINDOWS\system32\ethsh.dll
C:\WINDOWS\system32\fdght.dll
C:\WINDOWS\system32\jwlah.dll
C:\WINDOWS\system32\njritc.dll
C:\WINDOWS\system32\drghszd.dll
C:\WINDOWS\system32\yzztdmsn.dll
C:\WINDOWS\system32\mfdesy.dll
C:\WINDOWS\system32\ttFKKFKK1065.dll
C:\WINDOWS\system32\ptjhchlp.dll
C:\WINDOWS\system32\msosiocp.dll
C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll
C:\Program Files\Media Player Classic\Codecs\mkunicode.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\tmp5xz.dll
C:\WINDOWS\system32\zxmsawin.dll
C:\WINDOWS\system32\oohxbbyt.dll
C:\WINDOWS\system32\ixcdzo.dll
C:\WINDOWS\system32\ypcqchlp.dll
C:\WINDOWS\system32\yxcsbhlp.dll
C:\WINDOWS\system32\sperls.dll
C:\WINDOWS\system32\zywmcime.dll
C:\WINDOWS\system32\pctztp.dll
C:\WINDOWS\system32\ypdjebmp.dll
C:\WINDOWS\system32\SysWlaD.dll
C:\WINDOWS\system32\pilrrg.dll
C:\WINDOWS\system32\ozfycbyt.dll
C:\WINDOWS\system32\yuiabct.dll
C:\WINDOWS\system32\jtchjx.dll
C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys
C:\WINDOWS\system32\jdsaex.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\ttDXYDXY1014.dll
C:\WINDOWS\system32\vmvreg32.dll
C:\WINDOWS\system32\ozfycbyt.dll
C:\WINDOWS\system32\oohxbbyt.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\ypcqchlp.dll
C:\WINDOWS\system32\yzztdmsn.dll
C:\WINDOWS\system32\zxmsawin.dll
C:\WINDOWS\system32\rtvekkwddpbwm.dll
C:\WINDOWS\system32\ypdjebmp.dll
C:\WINDOWS\system32\yxcsbhlp.dll
C:\WINDOWS\system32\ptjhchlp.dll
C:\WINDOWS\system32\zywmcime.dll
C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys
C:\WINDOWS\system32\ozfycbyt.dll
C:\WINDOWS\system32\oohxbbyt.dll
C:\WINDOWS\system32\zptlbsys.dll
C:\WINDOWS\system32\ypcqchlp.dll
C:\WINDOWS\system32\yzztdmsn.dll
C:\WINDOWS\system32\zxmsawin.dll
C:\WINDOWS\system32\rtvekkwddpbwm.dll
C:\WINDOWS\system32\ypdjebmp.dll
3.删除重启后使用SREng修复下面各项:
SREng详细操作方法:
http://hi.baidu.com/peaset/blog/item/3114a7fb17dd19224e4aeadf.html 启动项目 -- 注册表之如下项删除:
<{40940F85-F015-14F1-A05F-F69858AC6D04}><C:\WINDOWS\system32\zptlbsys.dll> []
<{4490415F-65F8-B5C5-D8BA-9405FB120544}><C:\WINDOWS\system32\yzztdmsn.dll> []
<{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> []
<{4A041F13-A111-12A3-B0CF-F99818AA68A4}><C:\WINDOWS\system32\zxmsawin.dll> []
<{3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3}><C:\WINDOWS\system32\oohxbbyt.dll> []
<{1056d15f-1810-43a2-aec7-6a9e082b30f2}><C:\WINDOWS\system32\ttFKKFKK1065.dll> []
<{40AF1289-F140-A140-D012-C1458759FC04}><C:\WINDOWS\system32\ypcqchlp.dll> []
<{3319A1F1-9410-9654-3201-345FFA349133}><C:\WINDOWS\system32\zywmcime.dll> []
<{71954FAC-1023-154F-895A-1458258AD817}><C:\WINDOWS\system32\ypdjebmp.dll> []
<{328DF602-9541-A985-210A-984A698C6F23}><C:\WINDOWS\system32\ptjhchlp.dll> []
<{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll> []
<{0027E12E-BC47-4525-9B7D-4D7FBE662D57}><C:\WINDOWS\system32\tmp5xz.dll> []
<{25671234-7890-ABCD-CDEF-567801237652}><C:\WINDOWS\system32\yxcsbhlp.dll> []
<{5fd0c12b-da0b-4446-82fd-b8041a46492b}><C:\WINDOWS\system32\ttDXYDXY1014.dll> []
<{3A069845-2036-6084-9054-6087502480A3}><C:\WINDOWS\system32\ozfycbyt.dll> []
<{E17997A6-EA8F-4FAC-877F-038A51317EEE}><C:\WINDOWS\system32\jtchjx.dll> []
<{398C9B84-4EF7-47B5-9862-DE29543B3C42}><C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys> []
<{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> []
<{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll> []
注意该项[AppInit_DLLs]修改:把
<ghynjr.dll,dgxsrr.dll,dfhtrhy.dll,ghjkdr.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.
dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,
njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,dgxsrr.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dl
l,ydgn.dll,dbfb.dll,fjnbv.dll,ghjdtry.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,
bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wf
hyt.dll,rgghjj.dll,fdght.dll,,msosdohs00.dll,msosmnsf00.dll,msosdrop00.dll> 修改为<>,即清空
启动项目 -- 服务-- 驱动程序之如下项删除:
[drop / drop][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp2C.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp12.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp33.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[snpshot / snpshot][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\23.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp54.tmp><N/A>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
系统修复-- 浏览器加载项之如下项删除:
[]
{25671234-7890-ABCD-CDEF-567801237652} <C:\WINDOWS\system32\yxcsbhlp.dll, N/A>
[]
{328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
{3319A1F1-9410-9654-3201-345FFA349133} <C:\WINDOWS\system32\zywmcime.dll, N/A>
[]
{398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
{3A069845-2036-6084-9054-6087502480A3} <C:\WINDOWS\system32\ozfycbyt.dll, N/A>
[]
{3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
{40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
{40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
{4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
[]
{4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3} <C:\WINDOWS\system32\rtvekkwddpbwm.dll, N/A>
[]
{71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
[]
{25671234-7890-ABCD-CDEF-567801237652} <C:\WINDOWS\system32\yxcsbhlp.dll, N/A>
[]
{328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
{3319A1F1-9410-9654-3201-345FFA349133} <C:\WINDOWS\system32\zywmcime.dll, N/A>
[]
{398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
{3A069845-2036-6084-9054-6087502480A3} <C:\WINDOWS\system32\ozfycbyt.dll, N/A>
[]
{3B1AEF69-DDAE-FDAD-DCAB-698F026ABDB3} <C:\WINDOWS\system32\oohxbbyt.dll, N/A>
[]
{40940F85-F015-14F1-A05F-F69858AC6D04} <C:\WINDOWS\system32\zptlbsys.dll, N/A>
[]
{40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
{4490415F-65F8-B5C5-D8BA-9405FB120544} <C:\WINDOWS\system32\yzztdmsn.dll, N/A>
[]
{4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[]
{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3} <C:\WINDOWS\system32\rtvekkwddpbwm.dll, N/A>
[]
{71954FAC-1023-154F-895A-1458258AD817} <C:\WINDOWS\system32\ypdjebmp.dll, N/A>
引用:
清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe 用金山清理专家清理恶意软件
http://client.download.duba.net/KASSetup_10_1.EXE下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip