
[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP10.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP14.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP25.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP26.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP27.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP2D.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP34.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP38.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3A.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3B.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3BC.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3C.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3C2.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3C4.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3C8.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP3E.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP41.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP46.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP5A.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP5E.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMPA.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMPF.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F10.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F12.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F14.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F15.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F19.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F20.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F27.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F32.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F34.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F35.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F3A.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F3AA.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F3B1.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F3B4.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F3BE.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F4.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F5.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F51.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~F58.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~FC.TMP
C:\WINDOWS\SYSTEM32\CVNGHK.DLL
C:\WINDOWS\SYSTEM32\DFGWAG.DLL
C:\WINDOWS\SYSTEM32\DFXH.DLL
C:\WINDOWS\SYSTEM32\FGHDD.DLL
C:\WINDOWS\SYSTEM32\HRAFH.DLL
C:\WINDOWS\SYSTEM32\JOLIOM.DLL
C:\WINDOWS\SYSTEM32\NMSDJH.DLL
C:\WINDOWS\SYSTEM32\VFDH.DLL
C:\WINDOWS\SYSTEM32\WKLSDD.DLL
C:\WINDOWS\SYSTEM32\XDHUK.DLL
C:\WINDOWS\SYSTEM32\ZDFGF.DLL
C:\WINDOWS\SYSTEM32\ZYCDEX.DLL

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[7939/9505]
HKEY_CLASSES_ROOT\CLSID\{54EBD53A-9BC1-480B-966A-843A333CA162}
HKEY_CLASSES_ROOT\THUNDERBHONEW3.THUNDER5BHO
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{54EBD53A-9BC1-480B-966A-843A333CA162}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{54EBD53A-9BC1-480B-966A-843A333CA162}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[CmdLineExt]
C:\WINDOWS\SYSTEM32\CMDLINEEXT03.DLL
HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}
HKEY_CLASSES_ROOT\CMDLINEEXT.CMDLINECONTEXTMENU
HKEY_CLASSES_ROOT\CMDLINEEXT.CMDLINECONTEXTMENU.1
HKEY_CLASSES_ROOT\EXEFILE\SHELLEX\CONTEXTMENUHANDLERS\CMDLINEEXT
HKEY_CLASSES_ROOT\TYPELIB\{9869EFA6-18E9-11D3-A837-00104B9E30B5}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CMDLINEEXT.CMDLINECONTEXTMENU
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CMDLINEEXT.CMDLINECONTEXTMENU.1
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{9869EFA6-18E9-11D3-A837-00104B9E30B5}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[nwiuu/dfssvrTrojan Horse]
C:\WINDOWS\UUSEE.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[reporter/roreg]
C:\WINDOWS\201.BMP

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Adware.Bizmd]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FFB3D068-F8DA-4370-A71E-83B1C959CDD6}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.RaXx.XxPri]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MS_2FAX

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[万能搜索变种]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\MS_2FAX
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\EVENTLOG\APPLICATION\MS_2FAX
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_MS_2FAX
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MS_2FAX

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.psw.avx]
C:\WINDOWS\INF\PLUGSLIST.DAT
C:\WINDOWS\SYSTEM32\MIDIMAPTL.DAT
C:\WINDOWS\SYSTEM32\MIDIMAPWD.DAT
C:\WINDOWS\SYSTEM32\MIDIMAPWL.DAT
C:\WINDOWS\SYSTEM32\MIDIMAPZX.DAT
C:\WINDOWS\SYSTEM32\RFDSWC.DLL
C:\WINDOWS\SYSTEM32\TDGGRZ.DLL
C:\WINDOWS\TWISYS.INI
HKEY_CLASSES_ROOT\CLSID\{33512378-9874-5641-1025-985420368733}
HKEY_CLASSES_ROOT\CLSID\{4C648541-1025-9650-9057-6541258720C4}
HKEY_CLASSES_ROOT\CLSID\{4F4F0064-71E0-4F0D-0004-708476C7815F}
HKEY_CLASSES_ROOT\CLSID\{4F4F0064-71E0-4F0D-0017-708476C7815F}
HKEY_CLASSES_ROOT\CLSID\{4F4F0064-71E0-4F0D-0018-708476C7815F}
HKEY_CLASSES_ROOT\CLSID\{5E907A48-400E-4EA8-9792-FFAE052D59E9}
HKEY_CLASSES_ROOT\CLSID\{6C8D1401-A58D-A81C-CD24-A5915C4517C6}
HKEY_CLASSES_ROOT\CLSID\{B29583D8-033A-4B9F-8553-7C5458F3FB8E}
HKEY_CLASSES_ROOT\CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{17AC9076-C898-B098-D098-A18319080971}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{33512378-9874-5641-1025-985420368733}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4C648541-1025-9650-9057-6541258720C4}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6C8D1401-A58D-A81C-CD24-A5915C4517C6}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{81954FAC-1023-154F-895A-1458258AD818}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{33512378-9874-5641-1025-985420368733}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4C648541-1025-9650-9057-6541258720C4}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F4F0064-71E0-4F0D-0004-708476C7815F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F4F0064-71E0-4F0D-0017-708476C7815F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F4F0064-71E0-4F0D-0018-708476C7815F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5E907A48-400E-4EA8-9792-FFAE052D59E9}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6C8D1401-A58D-A81C-CD24-A5915C4517C6}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B29583D8-033A-4B9F-8553-7C5458F3FB8E}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\MIDIMAPTL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\MIDIMAPWD
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\MIDIMAPWL
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\MIDIMAPZX

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Uncorrect AppInit_DLLs]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Risk.PictureShow]
D:\PROGRAM FILES\PICTURESHOW\
D:\PROGRAM FILES\PICTURESHOW\CONFIG.INI
D:\PROGRAM FILES\PICTURESHOW\FILEEXT.INF
D:\PROGRAM FILES\PICTURESHOW\PICTURESHOW.EXE
D:\PROGRAM FILES\PICTURESHOW\POCO_TOOLS.EXE
D:\PROGRAM FILES\PICTURESHOW\UNINSTALL.EXE
D:\PROGRAM FILES\PICTURESHOW\UPDATE.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.T1Dll]
C:\WINDOWS\SYSTEM32\411.DLL

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Adware.yasl.luckyie]
HKEY_CLASSES_ROOT\IEHPR.INVOKE
HKEY_CLASSES_ROOT\IEHPR.INVOKE.1

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Risk program]
C:\WINDOWS\D39.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[TROJAN FILES 2]
C:\WINDOWS\SYSTEM32\FMCVXY.DLL
C:\WINDOWS\SYSTEM32\HHRDXD.DLL
C:\WINDOWS\SYSTEM32\MFDESY.DLL
HKEY_CLASSES_ROOT\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_CLASSES_ROOT\CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_CLASSES_ROOT\CLSID\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}
HKEY_CLASSES_ROOT\CLSID\{84143967-B645-4BFF-B873-DA1DC886E9A7}
HKEY_CLASSES_ROOT\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_CLASSES_ROOT\CLSID\{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}
HKEY_CLASSES_ROOT\CLSID\{DC3D30AE-0380-4151-8934-EE98A34B0370}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{84143967-B645-4BFF-B873-DA1DC886E9A7}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DC3D30AE-0380-4151-8934-EE98A34B0370}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DC3D30AE-0380-4151-8934-EE98A34B0370}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.microsfots(*).aiizr]
C:\WINDOWS\SYSTEM32\MYWEHIT.INI
C:\WINDOWS\SYSTEM32\MYWEHIT.INI.TMP
C:\_UNINSEP.BAT

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.FakeSkype]
C:\WINDOWS\SYSTEM32\SKYPE.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.msosiocp.dosjisn]
HKEY_CLASSES_ROOT\CLSID\{19109876-7619-9101-7012-901938475191}
HKEY_CLASSES_ROOT\CLSID\{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00723EB0-3450-4D7B-8356-E3FD0E48E020}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{19109876-7619-9101-7012-901938475191}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D698451-2015-6358-9871-2015987452D2}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{35671234-7890-ABCD-CDEF-567801237653}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4A069845-2036-6084-9054-6087502480A4}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6A041F13-A111-12A3-B0CF-F99818AA68A6}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{91698482-6555-3666-1222-954784129019}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{19109876-7619-9101-7012-901938475191}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.Winsp.tdffdl]
HKEY_CLASSES_ROOT\CLSID\{4F4F0064-71E0-4F0D-0022-708476C7815F}
HKEY_CLASSES_ROOT\CLSID\{875E07B1-0614-43D9-A76E-D76A28AB3D7B}
HKEY_CLASSES_ROOT\CLSID\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F4F0064-71E0-4F0D-0022-708476C7815F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{875E07B1-0614-43D9-A76E-D76A28AB3D7B}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A9895933-6636-4281-BC58-EE6DE2AF96E3}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.wrqszl.zgxfdx]
C:\WINDOWS\SYSTEM32\JFRWDH.DLL
C:\WINDOWS\SYSTEM32\WRQSZL.DLL
HKEY_CLASSES_ROOT\CLSID\{28EB3777-3E23-4E72-8449-A992D09D24C3}
HKEY_CLASSES_ROOT\CLSID\{841529CB-7F77-4B99-A895-B5441E0D302F}
HKEY_CLASSES_ROOT\CLSID\{F99DEFDD-200B-4410-B572-E90883D527D2}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{28EB3777-3E23-4E72-8449-A992D09D24C3}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{841529CB-7F77-4B99-A895-B5441E0D302F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F99DEFDD-200B-4410-B572-E90883D527D2}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{841529CB-7F77-4B99-A895-B5441E0D302F}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F99DEFDD-200B-4410-B572-E90883D527D2}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.FakeThunder]
HKEY_CLASSES_ROOT\CLSID\{EA2FCCA9-F44F-43DD-9724-9339950D103C}
HKEY_CLASSES_ROOT\THUNDERHELPER32.THUNDER5HELPER
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EA2FCCA9-F44F-43DD-9724-9339950D103C}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{EA2FCCA9-F44F-43DD-9724-9339950D103C}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.midimapzx.nyuser]
HKEY_CLASSES_ROOT\CLSID\{18093456-9012-4568-9076-908765467181}
HKEY_CLASSES_ROOT\CLSID\{4F4F0064-71E0-4F0D-0005-708476C7815F}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{18093456-9012-4568-9076-908765467181}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{18093456-9012-4568-9076-908765467181}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4F4F0064-71E0-4F0D-0005-708476C7815F}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Trojan.Hdv32.MMHX]
HKEY_CLASSES_ROOT\CLSID\{461D2AB4-29A5-45C2-9134-D52272D3DE38}
HKEY_CLASSES_ROOT\CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{461D2AB4-29A5-45C2-9134-D52272D3DE38}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{461D2AB4-29A5-45C2-9134-D52272D3DE38}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Unknown Trojan Horse/Virus]
C:\WINDOWS\ABQU.EXE
C:\WINDOWS\BQGI.EXE
C:\WINDOWS\BRHH.EXE
C:\WINDOWS\HHLO.EXE
C:\WINDOWS\MHJY.EXE
C:\WINDOWS\SYSTEM32\DNDSAF.DLL
C:\WINDOWS\SYSTEM32\TDFHEX.DLL
C:\WINDOWS\SZHU.EXE
C:\WINDOWS\VIYZ.EXE
HKEY_CLASSES_ROOT\CLSID\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_CLASSES_ROOT\CLSID\{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Infected System File,Can not Delete!]
System Important File,Can not delete,Try Replace:C:\WINDOWS\EXPLORER.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:48
[Must Safe Reboot to Delete!]
C:\WINDOWS\.VBE
C:\WINDOWS\SYSTEM32\.VBE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:52
[Unknown Trojan Horse/Virus]
C:\WINDOWS\CWMZ.EXE
C:\WINDOWS\JHMZ.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:52
[Infected System File,Can not Delete!]
System Important File,Can not delete,Try Replace:C:\WINDOWS\EXPLORER.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:57
[SeaBar]
C:\WINDOWS\SYSTEM32\IECFG.INI
C:\WINDOWS\SYSTEM32\UP.INI
HKEY_CLASSES_ROOT\CLSID\{BE830FD4-E393-417F-9F4B-CC70ABB3384C}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE830FD4-E393-417F-9F4B-CC70ABB3384C}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F08555AF-9CC3-11D2-AA8E-000000000000}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F08555B0-9CC3-11D2-AA8E-000000000000}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BE830FD4-E393-417F-9F4B-CC70ABB3384C}

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 02:57
[Infected System File,Can not Delete!]
System Important File,Can not delete,Try Replace:C:\WINDOWS\EXPLORER.EXE

[2.7.1.8.0621 - 2.7.39.8.0710]
2008-07-13 03:00
[Infected System File,Can not Delete!]
System Important File,Can not delete,Try Replace:C:\WINDOWS\EXPLORER.EXE