打开<Shell> 编辑<Shell><内容为<Explorer.exe>即删除 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\explorei.exe> C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dat90.tmp"

删除注册表项目
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<MSDEG32><LYLoader.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> []
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins> []
<{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys> []
<{E25C29AB-12B9-4523-A53C-324B5FBA648C}><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dat90.tmp> []

安全模式下删除
清空C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\所有文件
C:\WINDOWS\system32\LYMANGR.DLL
C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys
<TIMHost><C:\WINDOWS\TIMHost.exe> []
LYLoader.exe>
LYLoadbr.exe>
LYLeador.exe>
LYLoador.exe>
LYLoadar.exe>
LYLoadhr.exe>
LYLoadqr.exe>
C:\WINDOWS\system32\netsrvcs.dll
E:\Autorun.inf

无法删除的文件可以尝试用unclocker,XDelBox1.3删除(enao.ys168.com 下载)

关掉服务

[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
删除驱动

[BdGuard / BdGuard][Running/Boot Start]
<\SystemRoot\system32\drivers\BDGuard.SYS><>

[Help and Support / helpsvc][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A
这个没问题。。本来就是禁用的。。。