killya10 - 2006-8-13 22:48:00
病毒名称 处理结果 发现日期 扫描方式 路径
Trojan.DL.Agent.iql 删除成功 2006-06-20 19:09 定时扫描 C:\Documents and Settings\my\Local Settings\Temp\guger1
Trojan.DL.Small.kvk 删除成功 2006-07-02 15:01 定时扫描 C:\Documents and Settings\my\Local Settings\Temp\aua1
Trojan.DL.Direct.aa 删除成功 2006-07-27 17:53 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-07-27 17:53 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-07-27 17:55 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-07-27 17:56 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-01 17:40 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-01 18:10 定时扫描 C:\System Volume Information\_restore{D20A0BFB-836C-416E-8973-960610D5D82E}\RP264
Trojan.DL.Direct.aa 删除成功 2006-08-03 18:41 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-03 19:06 定时扫描 C:\System Volume Information\_restore{D20A0BFB-836C-416E-8973-960610D5D82E}\RP267
Trojan.DL.Direct.aa 删除成功 2006-08-08 17:37 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-08 18:02 定时扫描 C:\System Volume Information\_restore{D20A0BFB-836C-416E-8973-960610D5D82E}\RP271
Trojan.DL.Direct.aa 删除成功 2006-08-09 17:47 定时扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-13 03:29 手动扫描 C:\WINDOWS\system32
Trojan.DL.Direct.aa 删除成功 2006-08-13 04:12 手动扫描 C:\System Volume Information\_restore{D20A0BFB-836C-416E-8973-960610D5D82E}\RP275
killya10 - 2006-8-13 22:51:00
文件监控:
病毒名称 处理结果 发现日期 路径 文件
AdWare.MMS.a 删除成功 2006-06-26 21:20 C:\DOCUME~1\my\LOCALS~1\Temp up_14.tmp
AdWare.MMS.a 删除成功 2006-06-30 02:51 C:\DOCUME~1\my\LOCALS~1\Temp up_23.tmp
AdWare.MMS.a 删除成功 2006-07-01 18:42 C:\DOCUME~1\my\LOCALS~1\Temp up_A.tmp
AdWare.MMS.a 删除成功 2006-07-05 01:02 C:\DOCUME~1\my\LOCALS~1\Temp up_14.tmp
AdWare.MMS.a 删除成功 2006-07-05 17:55 C:\DOCUME~1\my\LOCALS~1\Temp up_C.tmp
AdWare.MMS.a 删除成功 2006-07-06 21:26 C:\DOCUME~1\my\LOCALS~1\Temp up_A.tmp
Trojan.DL.Adload.io 删除成功 2006-07-12 19:49 C:\WINDOWS\TEMP\wincup ~de28.tmp
Trojan.DL.Adload.ip 删除成功 2006-07-12 19:49 C:\WINDOWS\TEMP\aukld ~de33.tmp
Trojan.DL.Adload.iz 删除成功 2006-07-20 17:14 C:\WINDOWS\TEMP\yok666 yok.exe
Trojan.DL.Adload.iz 删除成功 2006-07-22 19:35 C:\WINDOWS\TEMP\yok666 yok.exe
Trojan.DL.Adload.iz 删除成功 2006-07-22 22:38 C:\WINDOWS\TEMP\yok666 yok.exe
Trojan.DL.Adload.iz 删除成功 2006-07-23 16:44 C:\WINDOWS\TEMP\yok666 yok.exe
现在进行时 - 2006-8-13 22:55:00
到安全模式下,清空所有临时文件夹,关闭系统还原。然后再查杀。
killya10 - 2006-8-13 22:56:00
所有注册表操作日志:
进程名称 路径
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\Program Files\Internet Explorer\iexplore.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\DOCUME~1\my\LOCALS~1\Temp\aub1\winaua\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
killya10 - 2006-8-13 22:57:00
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\DOCUME~1\my\LOCALS~1\Temp\A~NSISu_.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
D:\eMule-0.47a-VeryCD0518.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
D:\eMule-0.47a-VeryCD0518.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
D:\eMule-0.47a-VeryCD0518.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
C:\Program Files\eMule\VeryCD_SuperSearch_silent.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\Program Files\Internet Explorer\iexplore.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
D:\StormCodec6.04.08.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\DOCUME~1\my\LOCALS~1\Temp\is-FB415.tmp\GoogleToolbar.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
C:\DOCUME~1\my\LOCALS~1\Temp\is-FB415.tmp\GoogleToolbar.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
C:\DOCUME~1\my\LOCALS~1\Temp\is-FB415.tmp\GoogleToolbar.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\is-FB415.tmp\GoogleToolbar.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\DOCUME~1\my\LOCALS~1\Temp\is-FB415.tmp\GoogleToolbar.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\WINDOWS\system32\Rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
killya10 - 2006-8-13 22:58:00
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\WINDOWS\system32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
killya10 - 2006-8-13 22:58:00
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\Program Files\Ringz Studio\Storm Downloader\TDUpdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\Program Files\Ringz Studio\Storm Downloader\TDUpdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\Program Files\Ringz Studio\Storm Downloader\TDUpdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\Program Files\Ringz Studio\Storm Downloader\TDUpdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\DOCUME~1\my\LOCALS~1\Temp\is-M2KNA.tmp\is-KAULP.tmp HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\WINDOWS\TEMP\insmms\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\WINDOWS\system32\regsvr32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\WINDOWS\system32\Rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\Program Files\Internet Explorer\iexplore.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
killya10 - 2006-8-13 22:59:00
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\Program Files\Thunder Network\ThunderMini\Program\MiniSetupHelper.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\DOCUME~1\my\LOCALS~1\Temp\Rar$EX00.921\assist4.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\Rar$EX00.921\assist4.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\Rar$EX00.921\assist4.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\Rar$EX00.921\assist4.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\6A\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\6A\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\DOCUME~1\my\LOCALS~1\Temp\6A\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\Program Files\CNNIC\Cdn\cdnunins.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\Program Files\CNNIC\Cdn\cdnunins.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\Program Files\CNNIC\Cdn\cdnunins.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\Program Files\CNNIC\Cdn\cdnunins.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
C:\WINDOWS\system32\Rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\WINDOWS\system32\Rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL
C:\WINDOWS\system32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH
D:\3721setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
C:\PROGRA~1\Yahoo!\Assistant\shell\ysp.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
C:\PROGRA~1\Yahoo!\Assistant\shell\ysp.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
killya10 - 2006-8-13 22:59:00
C:\Program Files\Kamun\Kamun.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\DOCUME~1\my\LOCALS~1\Temp\is-ER2LB.tmp\is-PFGB5.tmp HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\Program Files\Internet Explorer\iexplore.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
C:\WINDOWS\TEMP\stdpatch\stdpatch.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
© 2000 - 2026 Rising Corp. Ltd.