删除注册表项目
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<HomePage><C:\WINDOWS\wuacult.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wsttrs><C:\WINDOWS\wsttrs.exe> [N/A]
<msccrt><C:\WINDOWS\msccrt.exe> [N/A]
<mppds><C:\WINDOWS\mppds.exe> [N/A]
<ZSSnp211><C:\WINDOWS\ZSSnp211.exe> [ZSMCSNAP]
<Domino><C:\WINDOWS\Domino.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
<WinlogonNotify: cryptimg><cryptig.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [N/A]

删除服务
[5D23DA21 / 5D23DA21][Stopped/Auto Start]
<C:\WINDOWS\system32\5D23DA21.EXE -service><Microsoft Corporation>
[Std cles Service / cles][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\xdwu\hqje.dll,Service -s><Microsoft Corporation>

删除驱动服务
[ast / ast][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[ffpbek / ffpbek][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ffpbek.sys><N/A>


重启删除
C:\WINDOWS\Domino.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\wuacult.exe
C:\PROGRA~1\COMMON~1\xdwu\hqje.dll
C:\WINDOWS\system32\drivers\ast.sys
C:\WINDOWS\system32\4c36cfsb.dll
C:\WINDOWS\system32\4a18ntos.dll
[C:\WINDOWS\system32\cryptimg.dll] [N/A, N/A]
[C:\WINDOWS\system32\winlib .dll] [N/A, N/A]
[C:\WINDOWS\inf\Insert.dll] [N/A, N/A]
C:\PROGRA~1\COMMON~1\xdwu\hqje.dll
C:\WINDOWS\system32\11713452751.exe
cryptnet.dll(搜索下)
cryptig.dll(搜索下)
C:\WINDOWS\system32\drivers\ffpbek.sys