删除启动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Vmlist><regsvr32 /s apphelps.dll> [N/A]
<jgfvrjve><D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu> [N/A]
删除服务:
C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\icpb.dll
"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"
删除驱动:
[a7rw / a7rw4][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\a7rw4.sys><N/A>
[qh3 / qh3s][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qh3s.sys><N/A>
[vwapij2 / vwapij28][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\vwapij28.sys><N/A>
[NVIDIA Compatible Windows Miniport Driver / nvmini][Stopped/Auto Start]
<system32\DRIVERS\nvmini.sys><N/A>
重启,安全模式下删除文件:
C:\WINDOWS\system32\mcdsrv16_071119.dll
C:\WINDOWS\system32\mejedsjckplon.dll
C:\WINDOWS\system32\icpb.dll
system32\DRIVERS\nvmini.sys
\SystemRoot\System32\DRIVERS\vwapij28.sys
\SystemRoot\System32\DRIVERS\a7rw4.sys
SystemRoot\System32\DRIVERS\qh3s.sys
C:\WINDOWS\system32\icpb.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe
C:\WINDOWS\System32\icwc.exe(可疑,不认识,就删除了吧)
c:\progra~1\aapd\ggvj.dll
c:\progra~1\aapd\kkzn.dll
c:\progra~1\aapd\nncq.dll
c:\progra~1\aapd\ppes.dll
c:\progra~1\aapd\sshv.dll(如果该文件夹只有这几个文件,请把此文件夹一并删除)
清空临时文件,用卡卡清理插件,升级病毒库全盘查杀
