删除注册表项目
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<knvrxd78><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\knvrxd78.dll",Start> []
<ayzgmc25><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\ayzgmc25.dll",Start> []
删除服务
[DHCP SEC Server / DHCPSEC][Running/Auto Start]
<C:\Windows\system32\YEMTBIPWEKSZ.EXE><N/A>
[Std pmtx Service / pmtx][Running/Auto Start]
<C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\hels\urvc.dll,Service -s><Microsoft Corporation>
[RestoreService / RestoreService][Stopped/Auto Start]
<C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><N/A>
[服务名 / svcname][Running/Auto Start]
<C:\WINDOWS\system32\051.exe><N/A>
删除驱动服务
[bghbdbij / bghbdbij][Stopped/Boot Start]
<\SystemRoot\system32\drivers\bghbdbij.sys><N/A>
重启后删除
C:\WINDOWS\system32\051.exe
C:\Windows\system32\YEMTBIPWEKSZ.EXE
\system32\drivers\bghbdbij.sys
C:\PROGRA~1\COMMON~1\hels\urvc.dll
C:\WINDOWS\system32\drivers\restore.dll
<C:\WINDOWS\system32\4281cfsb.dll
C:\WINDOWS\system32\424bntos.dll
C:\WINDOWS\system32\4126ntos.dll
C:\WINDOWS\system32\4bb1cfsb.dll
C:\WINDOWS\system32\40c1cfsb.dll
C:\WINDOWS\system32\461cntos.dl
C:\WINDOWS\system32\47a9cfsb.dll
<C:\WINDOWS\system32\4f23ntos.dll
C:\WINDOWS\system32\4281cfsb.dll,
C:\WINDOWS\system32\4302cfsb.dll
<C:\WINDOWS\system32\498antos.dll, N/A>
<C:\WINDOWS\system32\4828ntos.dll, N/A>
<C:\WINDOWS\system32\41e3ntos.dll, N/A>
<C:\WINDOWS\system32\424bntos.dll, N/A>
C:\WINDOWS\system32\42c5cfsb.dll, N/A>
C:\WINDOWS\system32\4431cfsb.dll, N/A>
C:\WINDOWS\system32\4207cfsb.dll, N/A>
C:\WINDOWS\system32\4722ntos.dLL
C:\WINDOWS\system32\4e49cfsb.dll
C:\WINDOWS\system32\424bntos.dll
C:\WINDOWS\system32\442bntos.dll
C:\WINDOWS\system32\ayzgmc25.dll
C:\WINDOWS\system32\knvrxd78.dll
右键硬盘打开删除
X:\Autorun.inf
X:\UCaCe.exe(x=d e f)
