http://bbs.ikaka.com/showtopic-8561436.aspx参见2楼替换rpcss.dll
1.建议使用XDelBox删除以下文件:(
XDelBox1.8下载)
使用说明:(先勾选抑制再生)删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,(在待删除文件列表里点击右键选择从剪贴板导入不检查路径,)选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
C:\xue.exe
c:\windows\system32\c0nime1.exe
c:\windows\system32\system.exe
c:\windows\system32\anmplcoh.dll
c:\windows\system32\bbbfgiid.dll
c:\windows\system32\cefamecj.dll
c:\windows\system32\denpnohe.dll
c:\windows\system32\fanleibo.dll
c:\windows\system32\gcoplbbd.dll
c:\windows\system32\hbasktao.dll
c:\windows\system32\hbchibi.dll
c:\windows\system32\hbdnf.dll
c:\windows\system32\hbjxsj.dll
c:\windows\system32\hbkdxy.dll
c:\windows\system32\hblyfx.dll
c:\windows\system32\hbmhly.dll
c:\windows\system32\hbqqsg.dll
c:\windows\system32\hbqqxx.dll
c:\windows\system32\hbshq.dll
c:\windows\system32\hbtl.dll
c:\windows\system32\hbtw2.dll
c:\windows\system32\hbw2i.dll
c:\windows\system32\hbwow.dll
c:\windows\system32\hbwulin2.dll
c:\windows\system32\hbyy.dll
c:\windows\system32\hbzg.dll
c:\windows\system32\lekfccao.dll
c:\windows\fonts\jkvxteym.dll
c:\windows\fonts\zuqfaieo.dll
c:\windows\fonts\framdee.ttf
c:\windows\system32\0306438f.dll
c:\windows\system32\06ea0a93.dll
c:\windows\system32\08223b03.dll
c:\windows\system32\122b901e.dll
c:\windows\system32\14f7f80a.dll
c:\windows\system32\1fd51f1f.dll
c:\windows\system32\201476d0.dll
c:\windows\system32\29ea67e0.dll
c:\windows\system32\2ef0d734.dll
c:\windows\system32\34a25f04.dll
c:\windows\system32\3d144530.dll
c:\windows\system32\4d023de9.dll
c:\windows\system32\56bc86c7.dll
c:\windows\system32\66afcb56.dll
c:\windows\system32\7e983c60.dll
c:\windows\system32\8566f82e.dll
c:\windows\system32\93dee065.dll
c:\windows\system32\950d1600.dll
c:\windows\system32\9ca963ca.dll
c:\windows\system32\a1a6bc2e.dll
c:\windows\system32\a55f538e.dll
c:\windows\system32\ad794e6b.dll
c:\windows\system32\b3721c07.dll
c:\windows\system32\b6e23e89.dll
c:\windows\system32\ba7edf54.dll
c:\windows\system32\d9c002dd.dll
c:\windows\system32\da63e650.dll
c:\windows\system32\dfb3dac5.dll
c:\windows\system32\dfec5cb7.dll
c:\windows\system32\e0d39066.dll
c:\windows\system32\e1384213.dll
c:\windows\system32\e4814792.dll
c:\windows\system32\f8e07bb2.dll
c:\windows\system32\ffae967f.dll
c:\windows\system32\silab.dll
c:\windows\system32\6457aed.sys
c:\windows\system32\drivers\hbkernel32.sys
c:\windows\system32\f35ee9e.sys
c:\windows\system32\f28907d.sys
c:\windows\system32\drivers\eth8023.sys
c:\windows\system32\d812a079.sys
c:\windows\system32\b770ca2.sys
c:\windows\system32\b71fe93.sys
c:\windows\system32\b1a18a3e.sys
c:\windows\system32\b160485.sys
2.删除重启后使用SREng修复下面各项:启动项目 -- 注册表之如下项删除:
<360Safetask><C:\WINDOWS\system32\C0NIME1.EXE> []
<HBService32><System.exe> []
<{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll> []
<{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll> []
<{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll> [File is missing]
<{F8E07BB2-7A19-4057-80F1-E14646E630B4}><F8E07BB2.dll> []
<{AD794E6B-90B7-4F9D-8FD6-0C16E3298FF2}><AD794E6B.dll> []
<{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll> []
<{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll> []
<{A55F538E-9E65-4706-9458-852BF6592063}><A55F538E.dll> []
<{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll> []
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll> []
<{93DEE065-EC9B-4505-ADD3-19880AD3C38F}><93DEE065.dll> []
<{E0D39066-96D7-4891-8527-488ADAFCD60F}><E0D39066.dll> []
<{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}><66AFCB56.dll> []
<{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> []
<{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll> []
<{BA7EDF54-8408-4B21-B351-7B447B344BA4}><BA7EDF54.dll> []
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll> []
<{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97}><29EA67E0.dll> []
<{06EA0A93-F850-4155-B819-BD0D9B5F25EE}><06EA0A93.dll> []
<{8566F82E-03A4-416E-AEAC-66600D8881F1}><8566F82E.dll> []
<{7E983C60-EBF5-4A36-BE25-EA26ED55052B}><7E983C60.dll> []
<{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}><3D144530.dll> []
<{01AFE3DC-2242-436E-9B44-6DD1C664E828}><01AFE3DC.dll> [File is missing]
<{1FD51F1F-97E4-498C-AB12-93332EEAD266}><1FD51F1F.dll> []
<{B6E23E89-C925-4BF7-92EB-77EFDF8C58A6}><B6E23E89.dll> []
<{12316E69-4CE5-4CD7-A174-C0BD57529D5A}><12316E69.dll> [File is missing]
<{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9}><C8FFD223.dll> [File is missing]
<{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll> []
<{E1384213-0948-4A60-A9E3-875B191CC2E7}><E1384213.dll> []
<{E783C505-FA27-48BD-9B35-C84E5CEA523F}><E783C505.dll> [N/A]
<{0306438F-7E67-4DDA-8EF2-C0AD040FEBE0}><0306438F.dll> []
<{254A96D8-1E8B-46FD-B085-C9397AFA90C7}><C:\WINDOWS\Fonts\jkvxteym.dll> []
<{2EEEDBE8-79F4-4CAE-B6D9-2E63A7B680FA}><C:\WINDOWS\Fonts\zuqfaieo.dll> []
<{BBBF022D-BA86-4EEE-9DD7-5843B231EFFE}><C:\WINDOWS\system32\bbbfgiid.dll> []
<{FA75E2B8-BD0B-4624-BF6A-C48312B506ED}><C:\WINDOWS\system32\fanleibo.dll> []
<{DE79781E-B92C-43E9-A3C4-4F115DE866CE}><C:\WINDOWS\system32\denpnohe.dll> []
<{CEFA6EC3-49C7-40DE-A9D8-670CF4D0078F}><C:\WINDOWS\system32\cefamecj.dll> []
<{0C895BBD-4CB1-421F-B41B-F56541BE20EA}><C:\WINDOWS\system32\gcoplbbd.dll> []
<{A7695C81-5AC2-4277-ABCD-B02AA3F84C41}><C:\WINDOWS\system32\anmplcoh.dll> []
<{5E4FCCA8-71B2-4247-9017-A9FC080497F9}><C:\WINDOWS\system32\lekfccao.dll> []
<{950D1600-DE4A-448D-93B4-7BAE5A7A8052}><950D1600.dll> []
<{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}><DFEC5CB7.dll> []
<{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}><4D023DE9.dll> []
<{D9C002DD-EA51-43A2-9009-54EAAAF031A4}><D9C002DD.dll> []
<{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><A1A6BC2E.dll> []
<{14F7F80A-0FE7-4A24-83CC-639D42BE410C}><14F7F80A.dll> []
<{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}><FFAE967F.dll> []
<C:\WINDOWS\Fonts\zuqfaieo.dll><C:\WINDOWS\Fonts\zuqfaieo.dll> []
<BBBF022D><C:\WINDOWS\system32\bbbfgiid.dll> []
<FA75E2B8><C:\WINDOWS\system32\fanleibo.dll> []
<DE79781E><C:\WINDOWS\system32\denpnohe.dll> []
<CEFA6EC3><C:\WINDOWS\system32\cefamecj.dll> []
<0C895BBD><C:\WINDOWS\system32\gcoplbbd.dll> []
<A7695C81><C:\WINDOWS\system32\anmplcoh.dll> []
<5E4FCCA8><C:\WINDOWS\system32\lekfccao.dll> []
<AppInit_DLLs><bbbfgiid.dll,lekfccao.dll,anmplcoh.dll,gcoplbbd.dll,cefamecj.dll,denpnohe.dll,fanleibo.dll,HBmhly.dll,HBJXSJ.dll,HBSHQ.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBASKTAO.dll,HBWOW.dll,HBCHIBI.dll,HBDNF.dll,HBTL.dll,HBTW2.dll,HBQQSG.dll,HBYY.dll,HBLYFX.dll,HBQQXX.dll,HBZG.dll> []
改为<>
启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[ilab / ilab] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Silab.dll>
启动项目 -- 服务-- 驱动程序之如下项删除:
(勾选隐藏已认证的微软项目,选中有问题的驱动/服务后,点"删除服务",点"设置"按钮即可。注意弹出的窗口中要点"否"才是确认删除服务)
[6457aed / 6457aed] <\??\C:\WINDOWS\system32\6457aed.sys>
[HBKernel32 Driver / HBKernel32] <\SystemRoot\system32\drivers\HBKernel32.sys>
[f35ee9e / f35ee9e] <\??\C:\WINDOWS\system32\f35ee9e.sys>
[f28907d / f28907d] <\??\C:\WINDOWS\system32\f28907d.sys>
[eth8023 / eth8023] <\SystemRoot\system32\drivers\eth8023.sys>
[d812a079 / d812a079] <\??\C:\WINDOWS\system32\d812a079.sys>
[b770ca2 / b770ca2] <\??\C:\WINDOWS\system32\b770ca2.sys>
[b71fe93 / b71fe93] <\??\C:\WINDOWS\system32\b71fe93.sys>
[b1a18a3e / b1a18a3e] <\??\C:\WINDOWS\system32\b1a18a3e.sys>
[b160485 / b160485] <\??\C:\WINDOWS\system32\b160485.sys>
系统修复-- HOSTS文件--重置
附件清空映像劫持项
