1、这里下载手工清理木马群工具包,并解压至C盘任意文件夹里。(全部工具内附操作说明):
http://bbs.ikaka.com/attachment.aspx?attachmentid=4806892、下载“usp10和psapi文件简易清理器”
http://bbs.ikaka.com/attachment.aspx?attachmentid=484723断网操作:用工具包内的“XDELBOX删除文件工具”去删除病毒文件。工具包必须全部解压至C盘后应用。如果XDELBOX工具操作中提示出错,不能操作,可以继续使用工具包内其他SmtDel工具、费尔工具、超级巡警、EasyDelete工具删除病毒文件。(全部内附操作说明图)
c:\windows\system32\hpmdhgmj.dll
c:\windows\system32\eofmmjch.dll
c:\windows\system32\obnbpkff.dll
c:\windows\system32\apanikgb.dll
c:\windows\system32\klgdmnag.dll
c:\windows\system32\bpinclio.dll
c:\windows\system32\aocojobn.dll
c:\windows\system32\apnbdlkb.dll
c:\windows\system32\hbdnfkoh.dll
c:\windows\system32\cmobmlgd.dll
c:\windows\system32\nejdhlek.dll
c:\windows\system32\mjlfknnj.dll
c:\windows\system32\aemmjhkd.dll
c:\windows\system32\gmefcino.dll
c:\windows\system32\peacjmhf.dll
c:\windows\system32\mphfibfj.dll
c:\windows\system32\lniibcfa.dll
c:\windows\system32\lkhgcnbe.dll
c:\windows\system32\anymie360.exe
c:\windows\anymie360.exe
c:\windows\system32\didmfdgi.dll
c:\windows\system32\gnhcnpji.dll
c:\windows\system32\kflnbdjk.dll
c:\windows\system32\aohmopbh.dll
c:\windows\system32\bkdemfek.dll
c:\windows\system32\keiplhdm.dll
c:\windows\system32\didmfdgi.dll
c:\windows\system32\gnhcnpji.dll
c:\windows\system32\kflnbdjk.dll
c:\windows\system32\aohmopbh.dll
c:\windows\system32\bkdemfek.dll
c:\windows\system32\system.exe
c:\windows\system.exe
c:\docume~1\admini~1\locals~1\temp\1171481
c:\windows\system32\gdoicbae.dll
c:\windows\system32\obdjfnfg.dll
c:\windows\system32\agmaagjo.dll
c:\windows\system32\jelbfmpm.dll
c:\windows\system32\dfhjajlk.dll
c:\windows\system32\ppmdbmgh.dll
c:\windows\system32\jbojhbmi.dll
c:\windows\system32\inkepgnd.dll
c:\windows\system32\hgimjjch.dll
c:\windows\system32\gfkmgcma.dll
c:\windows\system32\oglphdjn.dll
c:\windows\system32\gndamaij.dll
c:\windows\system32\njicdago.dll
c:\windows\system32\jobhnpih.dll
c:\windows\system32\fimpdfdo.dll
c:\windows\system32\dcdlaalc.dll
c:\windows\system32\ndjcdfkc.dll
c:\windows\system32\mkebjknb.dll
c:\windows\system32\nkpigljo.dll
c:\windows\system32\pkplfiei.dll
c:\windows\system32\glnhkhbh.dll
c:\windows\system32\pgealmfj.dll
c:\windows\system32\gkplhhmc.dll
c:\windows\system32\mjdiacjc.dll
c:\windows\system32\kfedemln.dll
c:\windows\system32\fdlmbeoh.dll
c:\windoc:\docume~1\admini~1\locals~1\temp\3757301
c:\program files\sogouinput\pinyinup.exe
c:\windows\system32\blacjnfg.dll
c:\docume~1\admini~1\locals~1\temp\wowinitcode.dat
c:\windows\system32\hbmhly.dll
c:\windows\system32\c8cf7463.dat
c:\windows\system32\drivers\msiffei.sys
2.删除重启后使用SREng修复下面各项: 启动项目 -- 注册表之如下项删除:
[196D1063] <C:\WINDOWS\system32\hpmdhgmj.dll>
[E8F663C1] <C:\WINDOWS\system32\eofmmjch.dll>
[8B7B94FF] <C:\WINDOWS\system32\obnbpkff.dll>
[A9A7240B] <C:\WINDOWS\system32\apanikgb.dll>
[450D67A0] <C:\WINDOWS\system32\klgdmnag.dll>
[B927C528] <C:\WINDOWS\system32\bpinclio.dll>
[A8C838B7] <C:\WINDOWS\system32\aocojobn.dll>
[A97BD54B] <C:\WINDOWS\system32\apnbdlkb.dll>
[1BD7F481] <C:\WINDOWS\system32\hbdnfkoh.dll>
[C68B650D] <C:\WINDOWS\system32\cmobmlgd.dll>
[7E3D15E4] <C:\WINDOWS\system32\nejdhlek.dll>
[635F4773] <C:\WINDOWS\system32\mjlfknnj.dll>
[AE66314D] <C:\WINDOWS\system32\aemmjhkd.dll>
[06EFC278] <C:\WINDOWS\system32\gmefcino.dll>
[9EAC361F] <C:\WINDOWS\system32\peacjmhf.dll>
[691F2BF3] <C:\WINDOWS\system32\mphfibfj.dll>
[5722BCFA] <C:\WINDOWS\system32\lniibcfa.dll>
[5410C7BE] <C:\WINDOWS\system32\lkhgcnbe.dll>
[{196D1063-97CD-4555-A947-C5ACCD40F15B}] <C:\WINDOWS\system32\hpmdhgmj.dll>
[{E8F663C1-E915-4D66-8569-0BB40BB0EF8F}] <C:\WINDOWS\system32\eofmmjch.dll>
[{8B7B94FF-E674-4CC8-9FC2-24A622F00908}] <C:\WINDOWS\system32\obnbpkff.dll>
[{A9A7240B-6B43-48CC-9A06-6B6549CDF35E}] <C:\WINDOWS\system32\apanikgb.dll>
[{450D67A0-00FE-4D04-8FED-F428D963C4CD}] <C:\WINDOWS\system32\klgdmnag.dll>
[{B927C528-3D4B-47D8-B115-3B6CACE7B1D4}] <C:\WINDOWS\system32\bpinclio.dll>
[{A8C838B7-DEE2-4E2A-85CA-20911A316F42}] <C:\WINDOWS\system32\aocojobn.dll>
[{A97BD54B-1246-4220-871E-83042B10D4B6}] <C:\WINDOWS\system32\apnbdlkb.dll>
[{1BD7F481-BA9F-4AA0-9AB2-5726694A09CE}] <C:\WINDOWS\system32\hbdnfkoh.dll>
[{C68B650D-E8C5-4E66-A535-7E0B98CE6207}] <C:\WINDOWS\system32\cmobmlgd.dll>
[{7E3D15E4-24E2-4360-8E4D-451F3FDE4457}] <C:\WINDOWS\system32\nejdhlek.dll>
[{635F4773-9B21-4865-81B0-C9F44D2F589D}] <C:\WINDOWS\system32\mjlfknnj.dll>
[{AE66314D-F6D4-41B8-AC22-4FE8408B0DFF}] <C:\WINDOWS\system32\aemmjhkd.dll>
[{06EFC278-5624-421E-A083-59442E39F6B5}] <C:\WINDOWS\system32\gmefcino.dll>
[{9EAC361F-2043-44FD-948C-1C44C9154B01}] <C:\WINDOWS\system32\peacjmhf.dll>
[{691F2BF3-7911-4AD5-9025-623A772A1032}] <C:\WINDOWS\system32\mphfibfj.dll>
[{5722BCFA-E202-4E20-B307-2448B1447997}] <C:\WINDOWS\system32\lniibcfa.dll>
[{5410C7BE-5359-48BB-B597-49C85DC265E6}] <C:\WINDOWS\system32\lkhgcnbe.dll>
注意该项[AppInit_DLLs]修改:把<gdoicbae.dll,obdjfnfg.dll,HBmhly.dll,agmaagjo.dll,jelbfmpm.dll,dfhjajlk.dll,ppmdbmgh.dll,jbojhbmi.dll,inkepgnd.dll,hgimjjch.dll,gfkmgcma.dll,oglphdjn.dll,gndamaij.dll,njicdago.dll,jobhnpih.dll,fimpdfdo.dll,dcdlaalc.dll,ndjcdfkc.dll,mkebjknb.dll,nkpigljo.dll,pkplfiei.dll,glnhkhbh.dll,pgealmfj.dll,gkplhhmc.dll,mjdiacjc.dll,kfedemln.dll,fdlmbeoh.dll,odhkokmd.dll,didmfdgi.dll,gnhcnpji.dll,kflnbdjk.dll,aohmopbh.dll,bkdemfek.dll,keiplhdm.dll,lkhgcnbe.dll,lniibcfa.dll,mphfibfj.dll,peacjmhf.dll,gmefcino.dll,aemmjhkd.dll,mjlfknnj.dll,nejdhlek.dll,cmobmlgd.dll,hbdnfkoh.dll,apnbdlkb.dll,aocojobn.dll,bpinclio.dll,klgdmnag.dll,apanikgb.dll,obnbpkff.dll,eofmmjch.dll,hpmdhgmj.dll>修改为<>即清空
[Alcmtr] <anymie360.exe>
[{D2D6FD02-D7D2-4B44-BC6E-838D44BEE119}] <C:\WINDOWS\system32\didmfdgi.dll>
[{071C7932-BB67-4959-AC86-02B11136C396}] <C:\WINDOWS\system32\gnhcnpji.dll>
[{4F57BD34-AA4D-4A48-B217-91E5349320B9}] <C:\WINDOWS\system32\kflnbdjk.dll>
[{A81689B1-9DD4-4D43-93EF-0586D8FED8D4}] <C:\WINDOWS\system32\aohmopbh.dll>
[{B4DE6FE4-19C1-40EA-AFD5-35B9F5E294BA}] <C:\WINDOWS\system32\bkdemfek.dll>
[{4E2951D6-9FB0-473A-A627-B865D71A8CCA}] <C:\WINDOWS\system32\keiplhdm.dll>
[HBService32] <System.exe>
[svchstt] <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1171481>
[{0D82CBAE-77AB-46D1-933F-40B950A9412F}] <C:\WINDOWS\system32\gdoicbae.dll>
[{8BD3F7F0-13BE-4DB0-8962-1F76F5DAB9F0}] <C:\WINDOWS\system32\obdjfnfg.dll>
[{A06AA038-51DA-4D51-9975-30A4E7F21B56}] <C:\WINDOWS\system32\agmaagjo.dll>
[{3E5BF696-0E43-47E9-9183-F84CB7C8ACA1}] <C:\WINDOWS\system32\jelbfmpm.dll>
[{DF13A354-1DD9-4A7C-9F88-F4C2F6087357}] <C:\WINDOWS\system32\dfhjajlk.dll>
[{996DB601-6079-4980-A03B-99883A702BE5}] <C:\WINDOWS\system32\ppmdbmgh.dll>
[{3B831B62-D203-4666-996E-08904158AFD3}] <C:\WINDOWS\system32\jbojhbmi.dll>
[{274E907D-8B24-440B-A669-BD006643C782}] <C:\WINDOWS\system32\inkepgnd.dll>
[0D82CBAE] <C:\WINDOWS\system32\gdoicbae.dll>
[8BD3F7F0] <C:\WINDOWS\system32\obdjfnfg.dll>
[A06AA038] <C:\WINDOWS\system32\agmaagjo.dll>
[3E5BF696] <C:\WINDOWS\system32\jelbfmpm.dll>
[DF13A354] <C:\WINDOWS\system32\dfhjajlk.dll>
[996DB601] <C:\WINDOWS\system32\ppmdbmgh.dll>
[3B831B62] <C:\WINDOWS\system32\jbojhbmi.dll>
[274E907D] <C:\WINDOWS\system32\inkepgnd.dll>
[102633C1] <C:\WINDOWS\system32\hgimjjch.dll>
[0F460C6A] <C:\WINDOWS\system32\gfkmgcma.dll>
[80591D37] <C:\WINDOWS\system32\oglphdjn.dll>
[07DA6A23] <C:\WINDOWS\system32\gndamaij.dll>
[732CDA08] <C:\WINDOWS\system32\njicdago.dll>
[38B17921] <C:\WINDOWS\system32\jobhnpih.dll>
[F269DFD8] <C:\WINDOWS\system32\fimpdfdo.dll>
[DCD5AA5C] <C:\WINDOWS\system32\dcdlaalc.dll>
[7D3CDF4C] <C:\WINDOWS\system32\ndjcdfkc.dll>
[64EB347B] <C:\WINDOWS\system32\mkebjknb.dll>
[74920538] <C:\WINDOWS\system32\nkpigljo.dll>
[9495F2E2] <C:\WINDOWS\system32\pkplfiei.dll>
[057141B1] <C:\WINDOWS\system32\glnhkhbh.dll>
[90EA56F3] <C:\WINDOWS\system32\pgealmfj.dll>
[0495116C] <C:\WINDOWS\system32\gkplhhmc.dll>
[63D2AC3C] <C:\WINDOWS\system32\mjdiacjc.dll>
[4FEDE657] <C:\WINDOWS\system32\kfedemln.dll>
[FD56BE81] <C:\WINDOWS\system32\fdlmbeoh.dll>
[8D14846D] <C:\WINDOWS\system32\odhkokmd.dll>
[D2D6FD02] <C:\WINDOWS\system32\didmfdgi.dll>
[071C7932] <C:\WINDOWS\system32\gnhcnpji.dll>
[4F57BD34] <C:\WINDOWS\system32\kflnbdjk.dll>
[A81689B1] <C:\WINDOWS\system32\aohmopbh.dll>
[B4DE6FE4] <C:\WINDOWS\system32\bkdemfek.dll>
[4E2951D6] <C:\WINDOWS\system32\keiplhdm.dll>
[{102633C1-4DA5-405D-9666-171858A38630}] <C:\WINDOWS\system32\hgimjjch.dll>
[{0F460C6A-D61B-4DC3-8EF6-BA90F2CB49D6}] <C:\WINDOWS\system32\gfkmgcma.dll>
[{80591D37-12F7-43B1-955C-519B1FC0B114}] <C:\WINDOWS\system32\oglphdjn.dll>
[{07DA6A23-B549-4B57-AF72-5D8E6C6AA6FF}] <C:\WINDOWS\system32\gndamaij.dll>
[{732CDA08-A391-49E6-980C-1D02EFCE58E0}] <C:\WINDOWS\system32\njicdago.dll>
[{38B17921-9BD6-45C0-9F57-A8DA99B9A956}] <C:\WINDOWS\system32\jobhnpih.dll>
[{F269DFD8-BC68-42B9-B137-1070B25EE713}] <C:\WINDOWS\system32\fimpdfdo.dll>
[{DCD5AA5C-2F6B-4F4D-A21E-F95E1B9C6ACA}] <C:\WINDOWS\system32\dcdlaalc.dll>
[{7D3CDF4C-BC9D-47ED-80F8-0F9B282A14E0}] <C:\WINDOWS\system32\ndjcdfkc.dll>
[{64EB347B-0F24-4D00-B4FC-18732A8BB048}] <C:\WINDOWS\system32\mkebjknb.dll>
[{74920538-D4B5-41E5-8B4A-02DCAAE2BF19}] <C:\WINDOWS\system32\nkpigljo.dll>
[{9495F2E2-F652-4A42-9036-5A5753A56E27}] <C:\WINDOWS\system32\pkplfiei.dll>
[{057141B1-CFE9-4779-A82B-9711498D3F90}] <C:\WINDOWS\system32\glnhkhbh.dll>
[{90EA56F3-8B85-4E59-B884-5650C4A225ED}] <C:\WINDOWS\system32\pgealmfj.dll>
[{0495116C-EC62-4A6D-9AE6-240C179E08F3}] <C:\WINDOWS\system32\gkplhhmc.dll>
[{63D2AC3C-BAE7-48F6-AF8A-F5E4B9C234ED}] <C:\WINDOWS\system32\mjdiacjc.dll>
[{4FEDE657-FADB-4E07-B880-E40D57B7322E}] <C:\WINDOWS\system32\kfedemln.dll>
[{FD56BE81-0ABF-4BB7-A9FE-83254F19273D}] <C:\WINDOWS\system32\fdlmbeoh.dll>
[IFEO[Thunder5.exe]] <svchost.exe>
[HBService32] <; System.exe>
启动项目 -- 服务-- 驱动程序之如下项删除:
SREng-在"启动项目->服务->驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后,点"删除服务",点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务)(不能删除的就禁用:启动类型改为disabled,点中修改启动类型,点设置):
zg / zg] <>
[zg / zg] <>
[SafeMon360 / SafeMon1] <\??\C:\WINDOWS\system32\C8CF7463.dat>
[msiffei / msiffei] <System32\Drivers\msiffei.sys>
用下载的“usp10和psapi文件简易清理器”扫描清理你的系统。
用下载的“清理临时文件工具ATF-Cleaner-cn”,全选所有项目,点击“立即清理”
下载:
http://bbs.ikaka.com/attachment.aspx?attachmentid=447126用W i n d o w s 清理助手 ,清理系统。
W i n d o w s 清理助手 下载:
http://www.arswp.com/ LZ做完了这些会很有成就感的
