游客:  注册 | 登录 | 会员 | 搜索 | 形象 | 照相 | 在线查毒 | 宠物 | 游戏 | 电影 | 搞笑 | 娱乐功能 | 帮助
时尚   美食   居家   旅游   爱车   贴士   靓影   灌水   心情   原创   婚姻   教育   道德   电脑   电子   手机   影音   八卦   贴图   体坛   笑话   脑筋   游戏   动画   永定   动态   供求   办公 
添加马甲
请在下面输入您的马甲帐号信息, 然后点击 "添加" 按钮. 马甲信息添加后不能修改, 如果您修改了马甲的密码或安全提问, 请删除这个马甲并重新添加.
注意,每添加一个马甲收取工本费 200 论坛币

用户名
密码
 
安全提问
回答
 
附加设置  
 

生活小站论坛 » 电脑网络 » 病毒、恶意软件 » Trojan.DL.Script.JS.Agent.bu免疫方法

广告招租 网易游戏推广(无忧、自由人、老朋友、大荒)广告招租广告招租
广告招租XL软件发布基地 广告招租广告招租

 19  2/2 ‹‹12
 
打印 | 推荐 | 订阅 | 收藏
标题: [【原创】] Trojan.DL.Script.JS.Agent.bu免疫方法
  本主题由 admin 于 2008-7-15 09:46 加入精华 
admin
Rank: 9Rank: 9Rank: 9



Q
Q
管理员
封号 天生我才必有用
呢称 秋天不回来
配偶 罐子和盖子
家族 test - 族长
功勋 30已发72185篇咯水龙王非你莫属
性别 帅哥
状态 离线


现在有更新,若出问题,请重复下载host





分享是一種快樂,回貼是一種美德!生活小站歡迎您!小站因您而精彩!
顶部
dm778
Rank: 8Rank: 8



Q
Q
论坛元老
封号 大侠
呢称 十大杰出青年
配偶 薇儿
家族 無与倫吡 - 经理
功勋 16已发3094篇咯快17级咯
性别 帅哥
状态 离线
荣誉勋章
金点子奖 特殊贡献奖 灌水天才奖 新人进步奖 幽默大师奖 贵宾勋章 在线王勋章 优秀会员奖勋章 积极分子勋章 特别鸣谢勋章 特邀嘉宾勋章
不用Win的IE用AV浏览器~





一直以为,隐身了别人就找不到我。没有用!像我这样拉风的男人,无论在哪里,都像夜色中的萤火虫那样的鲜明,那样的出众。那忧郁的眼神,稀嘘的胡喳,还有,那杯82年的Martini和发哥给的牙签都深深的出卖了我
顶部
admin
Rank: 9Rank: 9Rank: 9



Q
Q
管理员
封号 天生我才必有用
呢称 秋天不回来
配偶 罐子和盖子
家族 test - 族长
功勋 30已发72185篇咯水龙王非你莫属
性别 帅哥
状态 离线
今天把病毒源弄出来了
安装antiARP5.0.1试用版
装完后会提示路由信息.有一个是网关.有一个就是病毒的.
然后用arswp2来杀.查到18个
然后再用瑞星最新版杀了十几个.
就这样解决了
下面把arswp2扫到的信息贴出来大家参考
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3.TMP
C:\WINNT\APPPATCH\ACXTRNEL.BPL
C:\WINNT\SYSTEM32\DRIVERS\CDRALW.SYS
C:\WINNT\SYSTEM32\WKLSDD.DLL
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_CDRALW
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\SERVICES\CDRALW
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_CDRALW
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\SERVICES\CDRALW
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_CDRALW
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\SERVICES\CDRALW
木马类程序

C:\WINNT\DOWNLOADED PROGRAM FILES\THUNDERADVISE.DLL
HKEY_CLASSES_ROOT,CLSID\{97421D0D-E07F-40DF-8F07-99597B9585AD}
HKEY_CLASSES_ROOT,THUNDERADVISE.THUNDERHLPOBJ
HKEY_CLASSES_ROOT,THUNDERADVISE.THUNDERHLPOBJ.1
HKEY_CLASSES_ROOT,TYPELIB\{6D4C7E08-E021-414C-A42D-AB15A2302196}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{97421D0D-E07F-40DF-8F07-99597B9585AD}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\TYPELIB\{6D4C7E08-E021-414C-A42D-AB15A2302196}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{97421D0D-E07F-40DF-8F07-99597B9585AD}
Adware.Bizmd

HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFEBOX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADAM.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AGENTSVR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ANTIARP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPSVC32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNS.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONSOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.COM
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCSVCHST.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FILEDSTY.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FTCLEANERSHELL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ISPWDSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KABALOAD.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASCRSCN.SCR
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASMAIN.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASTASK.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAV32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVDX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVPF.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVPFW.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSETUP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISLNCHR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMFILTER.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREPAIR.COM
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSLOADER.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVCENTER.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVDETECT.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFWMCL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP_1.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOLSELF.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVREPORT.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSCAN.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSTUB.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVUPLOAD.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH9X.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCHX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAGICSET.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCCONSOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMQCZJ.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPW32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPFMNTOR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OLLYDBG.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OLLYICE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFW.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFWLIVEUPDATE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QHSET.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQDOCTOR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQKAV.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAS.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMON.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTASK.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGCLEAN.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGTOOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAUPD.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFEBANK.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFEBOXTRAY.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFELIVE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCAN32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHCFG32.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMARTUP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SRENG.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYMLCSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSSAFE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANDETECTOR.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANWALL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJDIE.KXP
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UIHOST.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXAGENT.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXATTACHMENT.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXCFG.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXFWHLP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXPOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UPLIVE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINDBG.EXE
Trojan.meex.avt
C:\WINNT\APPPATCH\ACPLUGIN.DLL
C:\WINNT\LINKINFO.DLL
Trojan.nvmini.rt
C:\WINNT\APPPATCH\ACSPECF.DLL
C:\WINNT\SYSTEM32\DRIVERS\ETH8023.SYS
C:\WINNT\SYSTEM32\FSRGEB.DLL
C:\WINNT\SYSTEM32\JDSAEX.DLL
C:\WINNT\SYSTEM32\JGGTSR.DLL
C:\WINNT\SYSTEM32\TDGGRZ.DLL
HKEY_CLASSES_ROOT,CLSID\{B29583D8-033A-4B9F-8553-7C5458F3FB8E}
HKEY_CLASSES_ROOT,CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_CLASSES_ROOT,CLSID\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{B29583D8-033A-4B9F-8553-7C5458F3FB8E}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQSC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{B29583D8-033A-4B9F-8553-7C5458F3FB8E}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\SERVICES\ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\SERVICES\IAS
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\SERVICES\ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\SERVICES\IAS
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\SERVICES\ETH8023
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\SERVICES\IAS
Trojan.psw.avx
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONSOL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVPF.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVAPW32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NPFMNTOR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQKAV.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UPLIVE.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VSSTAT.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WEBSCANX.EXE,DEBUGGER
Trojan.myst.rds
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PROCEXP.EXE,DEBUGGER
hijack.mmc

HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ADAM.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AGENTSVR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPSVC32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AUTORUNS.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.COM,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCENTER.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCSVCHST.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FILEDSTY.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FTCLEANERSHELL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ICESWORD.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IPARMOR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ISPWDSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KABALOAD.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASCRSCN.SCR,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASMAIN.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KASTASK.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAV32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVDX.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVPFW.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSETUP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSTART.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISLNCHR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMAILMON.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KMFILTER.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFW32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREGEX.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KREPAIR.COM,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KSLOADER.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVCENTER.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVDETECT.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFWMCL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVMONXP_1.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOLSELF.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVREPORT.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSCAN.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSTUB.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVUPLOAD.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH9X.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCHX.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAGICSET.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCCONSOL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMQCZJ.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFW.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFWLIVEUPDATE.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QHSET.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAS.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMON.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTASK.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGCLEAN.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWMAIN.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAUPD.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFELIVE.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCAN32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SHCFG32.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMARTUP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SRENG.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYMLCSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSSAFE.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANDETECTOR.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANWALL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJDIE.KXP,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UIHOST.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXAGENT.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXATTACHMENT.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXCFG.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXFWHLP.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UMXPOL.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTICLEAN.EXE,DEBUGGER
Trojan.avkiller.b
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QQDOCTOR.EXE,DEBUGGER
wormdown.Brontok.ber
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS,APPINIT_DLLS,REG_SZ00
不正确的AppInit_Dlls默认参数

C:\WINNT\SYSTEM32\ATIELF.DAT
恶意软件C留项

HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ATI2EVXX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSVC.EXE,DEBUGGER
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSVCUI.EXE,DEBUGGER
Trojan Files
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ESAFE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KAVSVCUI.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFW.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTIMER.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RISING.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VSSTAT.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WEBSCANX.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WOPTICLEAN.EXE
Trojan.C0nime
C:\WINNT\SYSTEM32\HHRDXD.DLL
C:\WINNT\SYSTEM32\MFDESY.DLL
C:\WINNT\SYSTEM32\SGREFG.DLL
HKEY_CLASSES_ROOT,CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_CLASSES_ROOT,CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_CLASSES_ROOT,CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_CLASSES_ROOT,CLSID\{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}
HKEY_CLASSES_ROOT,CLSID\{DC3D30AE-0380-4151-8934-EE98A34B0370}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{DC3D30AE-0380-4151-8934-EE98A34B0370}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{DC3D30AE-0380-4151-8934-EE98A34B0370}
TROJAN FILES 2

C:\WINNT\SYSTEM32\DRIVERS\MSOSMSFPFIS64.SYS
C:\WINNT\SYSTEM32\MSOSDROP.DAT
C:\WINNT\SYSTEM32\MSOSDROP00.DLL
C:\WINNT\SYSTEM32\ZGRJDX.DLL
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IDAG.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KACCORE.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KISSVC.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPPMAIN.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTOOL.EXE
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXEFYFIREWALL.EXE
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MSFPFIS64
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET001\SERVICES\MSFPFIS64
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_MSFPFIS64
HKEY_LOCAL_MACHINE,SYSTEM\CONTROLSET002\SERVICES\MSFPFIS64
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_MSFPFIS64
HKEY_LOCAL_MACHINE,SYSTEM\CURRENTCONTROLSET\SERVICES\MSFPFIS64
Trojan.msosiocp.dosjisn
HKEY_CLASSES_ROOT,CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
Trojan.Hdv32.MMHX

C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.COM
C:\WINNT\SYSTEM32\MTEWDH.DLL
C:\WINNT\SYSTEM32\XCVAVER0.DLL
HKEY_CLASSES_ROOT,CLSID\{189F087F-4378-405F-85FA-37D955AD7A8C}
HKEY_CLASSES_ROOT,CLSID\{C3D16072-2E1B-450B-B843-50EADDC8EB63}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{189F087F-4378-405F-85FA-37D955AD7A8C}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{C3D16072-2E1B-450B-B843-50EADDC8EB63}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{189F087F-4378-405F-85FA-37D955AD7A8C}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS,{C3D16072-2E1B-450B-B843-50EADDC8EB63}
Trojan.ytewcxzsw.wrew2ds
C:\WINNT\APPPATCH\ACLLAYER.DLL
C:\WINNT\APPPATCH\DESKTOPWIN.DLL
HKEY_CLASSES_ROOT,CLSID\{DA191DE0-AA86-4ED0-4B87-292A3D48BE99}
HKEY_LOCAL_MACHINE,SOFTWARE\CLASSES\CLSID\{DA191DE0-AA86-4ED0-4B87-292A3D48BE99}
HKEY_LOCAL_MACHINE,SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD,DESKTOPWIN
Trojan.Desktopwin

顶部
admin
Rank: 9Rank: 9Rank: 9



Q
Q
管理员
封号 天生我才必有用
呢称 秋天不回来
配偶 罐子和盖子
家族 test - 族长
功勋 30已发72185篇咯水龙王非你莫属
性别 帅哥
状态 离线


[点击复制内容到剪贴板] [ - ]
代码:
2008-07-18,10:04:38
System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)]
    <E:\wry><E:\wry\ctrl.exe>  [File is missing]
    <E:\闽福建材(水泥)><E:\闽福建材(水泥)\ctrl.exe>  [湖南力合科技发展有限公司]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)]
    <xTouchMon><e:\TouchKit\xTouchMon.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology
Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosdrop00.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C3D16072-2E1B-450B-B843-50EADDC8EB63}><C:\WINNT\system32\xcvaver0.dll>  []
    <{DC3D30AE-0380-4151-8934-EE98A34B0370}><C:\WINNT\system32\mfdesy.dll>  []
    <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}><C:\WINNT\system32\wklsdd.dll>  []
    <{189F087F-4378-405F-85FA-37D955AD7A8C}><C:\WINNT\system32\mtewdh.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINNT\system32\zgrjdx.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINNT\system32\sgrefg.dll>  []
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINNT\system32\hhrdxd.dll>  []
    <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINNT\system32\tdggrz.dll>  []
    <{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}><C:\WINNT\system32\jggtsr.dll>  []
    <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}><C:\WINNT\system32\jdsaex.dll>  []
    <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINNT\system32\fsrgeb.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology
Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <ThunderAdvise><C:\WINNT\Downloaded Program Files\ThunderAdvise.dll>  [Thunder Networking Technologies,LTD]
    <DesktopWin><C:\WINNT\AppPatch\DesktopWin.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File
is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
    <IFEO[AntiArp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ati2evxx.exe]
    <IFEO[ati2evxx.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
    <IFEO[avconsol.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe]
    <IFEO[esafe.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idag.exe]
    <IFEO[idag.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
    <IFEO[kaccore.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
    <IFEO[KAVPF.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe]
    <IFEO[kavstart.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
    <IFEO[kavsvc.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvcUI.exe]
    <IFEO[KAVsvcUI.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\WINNT\system32\svchost.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
    <IFEO[kissvc.exe]><