删除启动项
<System><C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<tyygnu64><%systemroot%\system32\Rundll32.exe %systemroot%\system32\tyygnu64.dll,DllUnregisterServer> [N/A]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll> [北京三七二一科技有限公司]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [(Verified)YAHOO Corporation Limited]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellService
ObjectDelayLoad]
<WebSecurity><C:\WINDOWS\system32\PvSec.dll> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\PROGRA~1\KV2006\KVSCRK~1.SCR> [N/A]已经装有江民吧,没卸干净..还有驱动都在.一并干掉吧
启动文件夹 打印机随机启动干嘛呀.去掉吧
[EPSON Online Register]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Online Register.lnk --> C:\PROGRA~1\EPSON\ONLINE~1\ONLINE~1.EXE []><N>
删除服务项
[Help and Support / helpsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Spectrum24 Events Monitor / IPRIP][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\acss.dll><N/A>
[NetMeeting Remote Desktop Agent / Nwsapagent][Others/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\Nwsapagent.dll><LINKMEDIA Tech>
[QoS Service / WIDETS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\BJKEW.DLL,Export 1087><N/A>
[Windows NT Service32 / Windows NT Service32][Stopped/Auto Start]
<"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start><Microsoft Corporation>
删除驱动服务
[KRegEx / KRegEx][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\KRegEx.sys><N/A>
[KvMemon / KvMemon][Stopped/Manual Start]
<\??\C:\PROGRA~1\KV2006\KvMemon.sys><N/A>
[lcmfljp / lcmfljp][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lcmfljp.sys><N/A>
[mguy / mguym][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\mguym.sys><N/A>
[msqmx / msqmx][Stopped/Boot Start]
<\SystemRoot\system32\drivers\msqmx.sys><N/A>
[PProtect / PProtect][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\PProtect.sys><N/A>
[parcls / parcls][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\parcls.sys><N/A>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>
[tyygnu6 / tyygnu64][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\tyygnu64.sys><N/A>
结束此病毒进程
[PID: 3504][C:\Program Files\Common Files\System\Updaterun.exe] [N/A, N/A]
删除以下文件
C:\Program Files\Common Files\System\Updaterun.exe
%systemroot%\system32\tyygnu64.dll
C:\WINDOWS\system32\PvSec.dll
C:\PROGRA~1\KV2006 整个文件
%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
C:\WINDOWS\system32\acss.dll
C:\WINDOWS\system32\Nwsapagent.dll
C:\WINDOWS\SYSTEM32\WBEM\BJKEW.DLL
C:\WINDOWS\system32\NTService32.dll
SystemRoot\System32\drivers\lcmfljp.sys
SystemRoot\System32\DRIVERS\mguym.sys
\SystemRoot\system32\drivers\msqmx.sys
C:\PROGRA~1\KV2006\PProtect.sys
C:\WINDOWS\system32\drivers\parcls.sys
C:\WINDOWS\system32a2.sys
SystemRoot\System32\DRIVERS\tyygnu64.sys
以上有东西删除不掉的可下载冰刃删除 或安全模式下
下载地址:http://www.blogcn.com/user17/pjf/blog/44570897.html
你电脑里有好多流氓软件. 下载360安全卫士清理吧不多说了.
