这毒中的
删除启动项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下的以下分支及<>内文件
<{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINDOWS\system32\mfdesy.dll> []
<{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINDOWS\system32\wklsdd.dll> []
<{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll> [File is missing]
<{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll> []
<{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> []
<{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll> [File is missing]
<{461D2AB4-29A5-45C2-9134-D52272D3DE38}><C:\WINDOWS\system32\rfdswc.dll> []
<{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll> []
<{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll> []
<{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINDOWS\system32\jdsaex.dll> [File is missing]
<{7914E0AA-ECCB-4311-B584-C49538227824}><C:\WINDOWS\system32\jhfrxz.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
下的分支及<>内文件
<cliconfgzx.dll><> [N/A]
<dpvvoxmh.dll><> [N/A]
<kbdswjr.dll><C:\WINDOWS\system32\kbdswjr.dll> [File is missing]
<catsrvwl.dll><> [N/A]
<adsntzt.dll><> [N/A]
<ksuserfy.dll><C:\WINDOWS\system32\ksuserfy.dll> [File is missing]
<tscfgwmijxsj.dll><> [N/A]
<midimappt><> [N/A]
<msobjstl.dll><C:\WINDOWS\system32\msobjstl.dll> [File is missing]
<imgutilhx2.dll><C:\WINDOWS\system32\imgutilhx2.dll> [File is missing]
删除驱动
SystemRoot\System32\DRIVERS\2gkf67.sys
C:\9dcf4a6429e9a9fc.dat
C:\WINDOWS\system32\drivers\bpqcxby.sys
C:\WINDOWS\system32\drivers\byoprxa.sys
C:\WINDOWS\system32\drivers\cabyopr.sys
C:\WINDOWS\system32\drivers\cxbyqpr.sys
C:\WINDOWS\system32\drivers\cxyqr.sys
C:\WINDOWS\system32\drivers\qrxabzp.sys
C:\DOCUME~1\Owner\LOCALS~1\Temp\_tmp.bat
