C:\WINDOWS\system\llwzjy081006.exe
C:\WINDOWS\system32\8566F82E.dll
C:\WINDOWS\system32\tbkyhpkf.dll
C:\WINDOWS\system32\svlhsutm.dll
C:\WINDOWS\system32\aovxzfzu.dll
C:\WINDOWS\system32\7ADC2AB1.dll
C:\WINDOWS\system32\kbxbyfmq.dll
C:\WINDOWS\system32\ksuserfy.dll
C:\WINDOWS\system32\C56BCC10.dll
C:\WINDOWS\system32\53360697.dll
C:\Program Files\Internet Explorer\53u1ttMe.2ys
C:\WINDOWS\system32\369774CA.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\fkprbuqt.dll
C:\WINDOWS\system32\DRIVERS\HBKernel32.sys
复制上面所有要删除的文件，打开XDelBox,在待删除列表点 右键==>选择 剪贴版导入不检查路径==>点 右键==>选择==>立刻重启执行删除


注册表中
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBmhly.dll,HBXY2.dll,HBSO2.dll,HBKDXY.dll,HBWOW.dll,HBBO.dll,HBQQSG.dll,HBQQFFO.dll>  [File is missing]
上面这项，请把<AppInit_DLLs>后面<>中的内容全部清空
删除[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下面的
   
    <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll>  [N/A]
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\tbkyhpkf.dll>  [File is missing]
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\svlhsutm.dll>  [File is missing]
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\aovxzfzu.dll>  [File is missing]
    <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll>  [N/A]
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\kbxbyfmq.dll>  [File is missing]
    <{C4C78494-4D05-4614-8CF2-03F1C4276C8A}><C:\WINDOWS\system32\ksuserfy.dll>  [File is missing]
    <{C56BCC10-503E-43AB-B208-3CD37FCFCE40}><C56BCC10.dll>  [N/A]
    <{53360697-E270-4F80-AD5D-6FB518F03D24}><53360697.dll>  [N/A]
    <{F6A454AE-156A-415E-9F89-3795677A8A91}><C:\Program Files\Internet Explorer\53u1ttMe.2ys>  [File is missing]
    <{369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B}><369774CA.dll>  [N/A]
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A]
    <{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\fkprbuqt.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]下的
    <gmggqwfz.dll><C:\WINDOWS\system32\svlhsutm.dll>  [File is missing]
    <tbkyhpkf.dll><C:\WINDOWS\system32\tbkyhpkf.dll>  [File is missing]
    <aovxzfzu.dll><C:\WINDOWS\system32\aovxzfzu.dll>  [File is missing]
    <kbxbyfmq.dll><C:\WINDOWS\system32\kbxbyfmq.dll>  [File is missing]
    <ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll>  [File is missing]
    <svlhsutm.dll><C:\WINDOWS\system32\svlhsutm.dll>  [File is missing]
    <fkprbuqt.dll><C:\WINDOWS\system32\fkprbuqt.dll>  [File is missing]


删除下面驱动
[8882fa1 / 8882fa1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\8882fa1.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[c56bcc1 / c56bcc1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\c56bcc1.sys><N/A>
[d346bus / d346bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d346prt.sys><>
[d4f876 / d4f876][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\d4f876.sys><N/A>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel32.sys><N/A>
打开sreng，启动项目，服务，驱动程序，勾选 隐藏已认证的微软项目，选中要删除的驱动，点删除服务，点设置，点否


下载映像劫持批量检测工具修复映像劫持
以上工具下载http://yezi135.ys168.com/




下面的两个服务很诡异，不太理解，请高手解答
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Remote Procedure Call (RPC) / RpcSs][Others/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>

用XdelBox 删除以下

c:\windows\system.exe
c:\windows\system32\system.exe     
C:\WINDOWS\system32\Cache\SysSafe.exe
C:\WINDOWS\system\llwzjy081006.exe
C:\WINDOWS\system32\svlhsutm.dll
C:\WINDOWS\system32\tbkyhpkf.dll
C:\WINDOWS\system32\aovxzfzu.dll
C:\WINDOWS\system32\ksuserfy.dll
C:\WINDOWS\system32\kbxbyfmq.dll
C:\WINDOWS\system32\svlhsutm.dll
C:\WINDOWS\system32\fkprbuqt.dll
C:\Program Files\snav\Snav.dll
C:\Program Files\Internet Explorer\53u1ttMe.2ys
C:\WINDOWS\system32\8882fa1.sys
C:\WINDOWS\system32\NaviHelper.dll
c:\windows\system32\DRIVERS\HBKernel32.sys
C:\WINDOWS\system32\d4f876.sys
C:\WINDOWS\system32\c56bcc1.sys
c:\windows\system32\drivers\ADProt.sys
c:\windows\system32\drivers\BDGuard.SYS
C:\Documents and Settings\ye\「开始」菜单\程序\启动\dfjje.exe



删除完毕后：

用 SREng 修复以下 项



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HBService32><System.exe>  [File is missing]
<SysSafe><C:\WINDOWS\system32\Cache\SysSafe.exe>  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <dlnajjbdfa><C:\WINDOWS\system\llwzjy081006.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBmhly.dll,HBXY2.dll,HBSO2.dll,HBKDXY.dll,HBWOW.dll,HBBO.dll,HBQQSG.dll,HBQQFFO.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll>
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\tbkyhpkf.dll>
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\svlhsutm.dll>
    <{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}><C:\WINDOWS\system32\aovxzfzu.dll>
    <{7ADC2AB1-5C6A-4178-82DA-94863354AF7C}><7ADC2AB1.dll>
    <{F0930A2F-D971-4828-8209-B7DFD266ED44}><C:\WINDOWS\system32\kbxbyfmq.dll>
    <{C4C78494-4D05-4614-8CF2-03F1C4276C8A}><C:\WINDOWS\system32\ksuserfy.dll> 
    <{C56BCC10-503E-43AB-B208-3CD37FCFCE40}><C56BCC10.dll>
    <{53360697-E270-4F80-AD5D-6FB518F03D24}><53360697.dll>
    <{F6A454AE-156A-415E-9F89-3795677A8A91}><C:\Program Files\Internet Explorer\53u1ttMe.2ys>
    <{369774CA-7CB4-4A3F-A9A9-77D6BC53CB3B}><369774CA.dll>
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>
    <{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6}><C:\WINDOWS\system32\fkprbuqt.dll> 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <gmggqwfz.dll><C:\WINDOWS\system32\svlhsutm.dll>  [File is missing]
    <tbkyhpkf.dll><C:\WINDOWS\system32\tbkyhpkf.dll>  [File is missing]
    <aovxzfzu.dll><C:\WINDOWS\system32\aovxzfzu.dll>  [File is missing]
    <kbxbyfmq.dll><C:\WINDOWS\system32\kbxbyfmq.dll>  [File is missing]
    <ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll>  [File is missing]
    <svlhsutm.dll><C:\WINDOWS\system32\svlhsutm.dll>  [File is missing]
    <fkprbuqt.dll><C:\WINDOWS\system32\fkprbuqt.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[dfjje]
  <C:\Documents and Settings\ye\「开始」菜单\程序\启动\dfjje.exe -->  [File is missing]><N>
==================================
服务  （暂时别动）
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[
[Remote Procedure Call (RPC) / RpcSs][Others/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>

==================================
驱动部分

C:\WINDOWS\system32\8882fa1.sys
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS>
[c56bcc1 / c56bcc1][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\c56bcc1.sys>
[d4f876 / d4f876][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\d4f876.sys>
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel32.sys>



==================================
浏览器加载项
[IESuper]
  {1A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <E:\IESuper\iesuper.dll, N/A>
[SearchHook Class]
  {635A7AFA-FB22-4A4E-8AB8-C85CFAB14626} <C:\Program Files\snav\Snav.dll, >

{F6A454AE-156A-415E-9F89-3795677A8A91} <C:\Program Files\Internet Explorer\53u1ttMe.2ys, N/A>

[NaviHelperObj Class]
  {3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>

切记 一定用Xdelbox  删， 别去手动 你也删不掉的。
用XdelBox 删除 后 先，先别SREng 修复 ，再扫一份日志看下。
删除完毕 在用4楼工具修复下、

我只会用XdelBox删除，删除以后我也用了映象劫持，重起后在选择操作系统画面多出了ＧOXDE BOX TODEL FILES的东西,选择XP系统后依然要点击多次任务管理器才能看到图标,然后会跳出两个SYSTEM.EXE的窗口,还有一个DFJJE.EXE的窗口,都是空白窗口.不能上网.,但任务管理器已经可以打开,杀毒软件也可以用了,在VSITA任务栏下面多了'链接'的文字,我重新扫了一个XP的日志给你看

hosts文件被改了.

进入SReng--host--重置--保存

应该没什么大问题了..

楼主怎么了？

出现了什么情况？

用XdelBox删除，删除以后我也用了映象劫持，重起后在选择操作系统画面多出了ＧOXDE BOX TODEL FILES的东西,选择XP系统后依然要点击多次任务管理器才能看到图标,然后会跳出两个SYSTEM.EXE的窗口,还有一个DFJJE.EXE的窗口,都是空白窗口.不能上网.,但任务管理器已经可以打开,杀毒软件也可以用了,在VSITA任务栏下面多了'链接'的文

是
GO XDE BOX TO DEL FILES吧....

上文是说去XDE方块删除文件

那该怎么办