[2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMSETUP.DLL C:\WINDOWS\TEMP\QQ_UPDATE.CAB [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [command] C:\WINDOWS\UPDATE.DLL [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [uusee] C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\UUSEE C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\UUSEE\UNINSTALL.LNK C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\UUSEE\UUSEE 网络电视.LNK C:\PROGRAM FILES\COMMON FILES\UUSEE C:\PROGRAM FILES\COMMON FILES\UUSEE\ARMP.OCX C:\PROGRAM FILES\COMMON FILES\UUSEE\ARMPD.DLL C:\PROGRAM FILES\COMMON FILES\UUSEE\CHECK_CMD.EXE C:\PROGRAM FILES\COMMON FILES\UUSEE\FLVPLAYER.SWF C:\PROGRAM FILES\COMMON FILES\UUSEE\IN_PSP.DLL C:\PROGRAM FILES\COMMON FILES\UUSEE\MULTIVMR9.DLL C:\PROGRAM FILES\COMMON FILES\UUSEE\OUT_MMSHTTP.DLL C:\PROGRAM FILES\COMMON FILES\UUSEE\RMSP011.AX C:\PROGRAM FILES\COMMON FILES\UUSEE\U264DEC.AX C:\PROGRAM FILES\COMMON FILES\UUSEE\UFDEMUX.AX C:\PROGRAM FILES\COMMON FILES\UUSEE\UNINST.EXE C:\PROGRAM FILES\COMMON FILES\UUSEE\UPDATEC2.OCX C:\PROGRAM FILES\COMMON FILES\UUSEE\UUPLAYER.OCX C:\PROGRAM FILES\COMMON FILES\UUSEE\UUSEEAUDIODEC.AX C:\PROGRAM FILES\COMMON FILES\UUSEE\UUSEE_VIDEO.DLL C:\PROGRAM FILES\COMMON FILES\UUSEE\UUUPGRADE.EXE C:\PROGRAM FILES\COMMON FILES\UUSEE\UUUPGRADE.INI C:\PROGRAM FILES\COMMON FILES\UUSEE\UUUPGRADE.OCX C:\PROGRAM FILES\COMMON FILES\UUSEE\VERMINI.INI C:\PROGRAM FILES\COMMON FILES\UUSEE\VERMINI_X.INI C:\PROGRAM FILES\COMMON FILES\UUSEE\VERMINI_X1.INI C:\WINDOWS\SYSTEM32\GTAPI.DLL HKEY_CLASSES_ROOT\.UCF HKEY_CLASSES_ROOT\ARMP.ARMPCTRL.1 HKEY_CLASSES_ROOT\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4} HKEY_CLASSES_ROOT\CLSID\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D} HKEY_CLASSES_ROOT\CLSID\{70A2E5FE-981E-4518-83C7-9324DC957DA4} HKEY_CLASSES_ROOT\CLSID\{77435D56-534E-46A8-B8DF-201A82DD3886} HKEY_CLASSES_ROOT\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81} HKEY_CLASSES_ROOT\CLSID\{82D539C0-1730-4D26-B1DC-B4D5A906606E} HKEY_CLASSES_ROOT\CLSID\{8BBB5505-250D-486D-BB49-F74141880490} HKEY_CLASSES_ROOT\CLSID\{A37BD130-3C8A-4950-9672-8636DE983871} HKEY_CLASSES_ROOT\CLSID\{BB22E7B6-54E1-4C4D-ABF7-99193550A3F4} HKEY_CLASSES_ROOT\CLSID\{BDA4644D-9506-4F80-BC24-74411342F24E} HKEY_CLASSES_ROOT\CLSID\{C384681A-6F8B-4A20-B0FC-BDB080F51603} HKEY_CLASSES_ROOT\CLSID\{CE8ED243-0078-41A2-B56C-EC9CF0E887C2} HKEY_CLASSES_ROOT\CLSID\{D5CD69C4-F983-46E2-AF79-455E892729FA} HKEY_CLASSES_ROOT\CLSID\{DC7094C6-8F61-42ED-AECE-63F5EEF647C5} HKEY_CLASSES_ROOT\CLSID\{F0E7BAF1-655E-4899-ACD4-10D055414CFB} HKEY_CLASSES_ROOT\INTERFACE\{03536919-5F7D-4506-80DF-144C74CB5B45} HKEY_CLASSES_ROOT\INTERFACE\{19D850BA-629D-4604-B0D2-259E812C7ACF} HKEY_CLASSES_ROOT\INTERFACE\{308F2914-9768-402C-A974-79BD2D7D7F71} HKEY_CLASSES_ROOT\INTERFACE\{66E3F94C-8C8D-4BEE-A254-E6B14B38F5E9} HKEY_CLASSES_ROOT\INTERFACE\{7A8B28FF-7226-40F6-B1E4-DF95D7D2FA01} HKEY_CLASSES_ROOT\INTERFACE\{B9587E96-9349-4F58-A7D5-77E53811BDFD} HKEY_CLASSES_ROOT\INTERFACE\{E9475D64-4461-4A22-BD58-132AF1D7D565} HKEY_CLASSES_ROOT\INTERFACE\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C} HKEY_CLASSES_ROOT\MEDIA TYPE\EXTENSIONS\.UCF HKEY_CLASSES_ROOT\TYPELIB\{310AAB21-342C-4C3F-BDF4-05E68B224974} HKEY_CLASSES_ROOT\TYPELIB\{41E77C38-9383-404C-BC49-EDF2AEA4E163} HKEY_CLASSES_ROOT\TYPELIB\{BC85539C-48EA-4222-B6EE-8DA6897175DA} HKEY_CLASSES_ROOT\TYPELIB\{D6452F23-F10F-4EA3-B03F-56ACDCC3511C} HKEY_CLASSES_ROOT\UPDATEC2.UPDATEC2CTRL.1 HKEY_CLASSES_ROOT\UUPLAYEROCX.UUPLAYEROCXCTRL.1 HKEY_CLASSES_ROOT\UUSEE HKEY_CLASSES_ROOT\UUSEE.UCF HKEY_CLASSES_ROOT\UUSEEREC HKEY_CLASSES_ROOT\UUUPGRADE.UUUPGRADECTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ARMP.ARMPCTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{28966B43-B5D0-4694-9E79-F5B4099F02D4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{48CF8992-4161-49D6-9A9B-F1FDB3BAE74D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{70A2E5FE-981E-4518-83C7-9324DC957DA4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{77435D56-534E-46A8-B8DF-201A82DD3886} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{77910CD3-5447-4CCB-92DE-35BA8198BE81} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{82D539C0-1730-4D26-B1DC-B4D5A906606E} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8BBB5505-250D-486D-BB49-F74141880490} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A37BD130-3C8A-4950-9672-8636DE983871} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BB22E7B6-54E1-4C4D-ABF7-99193550A3F4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BDA4644D-9506-4F80-BC24-74411342F24E} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C384681A-6F8B-4A20-B0FC-BDB080F51603} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CE8ED243-0078-41A2-B56C-EC9CF0E887C2} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D5CD69C4-F983-46E2-AF79-455E892729FA} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DC7094C6-8F61-42ED-AECE-63F5EEF647C5} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F0E7BAF1-655E-4899-ACD4-10D055414CFB} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{03536919-5F7D-4506-80DF-144C74CB5B45} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{19D850BA-629D-4604-B0D2-259E812C7ACF} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{308F2914-9768-402C-A974-79BD2D7D7F71} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{66E3F94C-8C8D-4BEE-A254-E6B14B38F5E9} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{7A8B28FF-7226-40F6-B1E4-DF95D7D2FA01} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{B9587E96-9349-4F58-A7D5-77E53811BDFD} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E9475D64-4461-4A22-BD58-132AF1D7D565} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{F39804DC-F2B5-4E8B-92F1-45F7B5349C4C} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{310AAB21-342C-4C3F-BDF4-05E68B224974} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{41E77C38-9383-404C-BC49-EDF2AEA4E163} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{BC85539C-48EA-4222-B6EE-8DA6897175DA} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{D6452F23-F10F-4EA3-B03F-56ACDCC3511C} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UPDATEC2.UPDATEC2CTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UUPLAYEROCX.UUPLAYEROCXCTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UUSEE HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\UUUPGRADE.UUUPGRADECTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UUSEE_BASE HKEY_LOCAL_MACHINE\SOFTWARE\UUSEE HKEY_LOCAL_MACHINE\SOFTWARE\UUSEEUPDATE [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Adware.Bizmd] C:\WINDOWS\DOWNLOADED PROGRAM FILES\THUNDERADVISE.DLL HKEY_CLASSES_ROOT\CLSID\{97421D0D-E07F-40DF-8F07-99597B9585AD} HKEY_CLASSES_ROOT\THUNDERADVISE.THUNDERHLPOBJ HKEY_CLASSES_ROOT\THUNDERADVISE.THUNDERHLPOBJ.1 HKEY_CLASSES_ROOT\TYPELIB\{6D4C7E08-E021-414C-A42D-AB15A2302196} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{97421D0D-E07F-40DF-8F07-99597B9585AD} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{97421D0D-E07F-40DF-8F07-99597B9585AD} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{6D4C7E08-E021-414C-A42D-AB15A2302196} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{97421D0D-E07F-40DF-8F07-99597B9585AD} [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.meex.avt] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVDETECT.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFWMCL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOLSELF.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVUPLOAD.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCHX.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOADDLL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAGICSET.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCCONSOL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMQCZJ.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFW.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFWLIVEUPDATE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QHSET.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAS.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMON.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTASK.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGCLEAN.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWCFG.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAGENT.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAUPD.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFELIVE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCAN32.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SRENG.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYMLCSVC.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSSAFE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANDETECTOR.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANWALL.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJDIE.KXP [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.NvMini.Rt] C:\WINDOWS\LINKINFO.DLL C:\WINDOWS\SYSTEM32\DRIVERS\NVMINI.SYS HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NVMINI HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NVMINI HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\ENUM\ROOT\LEGACY_NVMINI HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NVMINI HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_NVMINI HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NVMINI [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.psw.avx] C:\WINDOWS\SYSTEM32\2EF0D734.DLL C:\WINDOWS\SYSTEM32\3D144530.DLL C:\WINDOWS\SYSTEM32\4FBFD5A4.DLL C:\WINDOWS\SYSTEM32\66AFCB56.DLL C:\WINDOWS\SYSTEM32\BA7EDF54.DLL C:\WINDOWS\SYSTEM32\F8E07BB2.DLL C:\WINDOWS\SYSTEM32\HBMHLY.DLL C:\WINDOWS\TEMP\WMSETUP.DLL HKEY_CLASSES_ROOT\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_CLASSES_ROOT\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_CLASSES_ROOT\CLSID\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_CLASSES_ROOT\CLSID\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8} HKEY_CLASSES_ROOT\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_CLASSES_ROOT\CLSID\{F8E07BB2-7A19-4057-80F1-E14646E630B4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F8E07BB2-7A19-4057-80F1-E14646E630B4} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AST.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F8E07BB2-7A19-4057-80F1-E14646E630B4} [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.avkiller.b] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360RPT.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360SAFE.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360TRAY.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVMONITOR.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KPFWSVC.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVDETECT.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFWMCL.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOL.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVOLSELF.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVSRVXP.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVUPLOAD.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVWSC.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCH.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KWATCHX.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LOADDLL.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAGICSET.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MCCONSOL.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMQCZJ.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MMSK.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NAVSETUP.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KRN.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NOD32KUI.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFW.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PFWLIVEUPDATE.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\QHSET.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAS.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAV.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMON.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVMOND.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTUB.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVTASK.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\REGCLEAN.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWCFG.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSRV.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAGENT.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSAUPD.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNIEP.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAFELIVE.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SCAN32.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SRENG.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYMLCSVC.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSSAFE.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANDETECTOR.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJANWALL.EXE\DEBUGGER HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\TROJDIE.KXP\DEBUGGER [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Uncorrect AppInit_DLLs] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00 [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.c0nime] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KVFW.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\修复工具.EXE [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [TROJAN FILES 2] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWPROXY.EXE [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.Driver Exden] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ARVMON.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KILLHIDEPID.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVSTORE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RAVT08.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SRENGPS.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSCHECK2.EXE [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.msosiocp.dosjisn] C:\WINDOWS\SYSTEM32\HBQQFFO.DLL HKEY_CLASSES_ROOT\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32 [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.xpserve.lsoss] C:\WINDOWS\SYSTEM32\9CA963CA.CFG C:\WINDOWS\SYSTEM32\9CA963CA.DLL [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.ytewcxzsw.wrew2ds] C:\WINDOWS\SYSTEM32\08223B03.CFG C:\WINDOWS\SYSTEM32\08223B03.DLL C:\WINDOWS\SYSTEM32\122B901E.DLL C:\WINDOWS\SYSTEM32\5934EA2B.DLL C:\WINDOWS\SYSTEM32\C8FFD223.DLL C:\WINDOWS\SYSTEM32\DA63E650.DLL C:\WINDOWS\SYSTEM32\E0D39066.DLL C:\WINDOWS\SYSTEM32\E4814792.DLL HKEY_CLASSES_ROOT\CLSID\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} HKEY_CLASSES_ROOT\CLSID\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} HKEY_CLASSES_ROOT\CLSID\{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9} HKEY_CLASSES_ROOT\CLSID\{E0D39066-96D7-4891-8527-488ADAFCD60F} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E0D39066-96D7-4891-8527-488ADAFCD60F} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C8FFD223-C0FB-40C5-94A0-FD7891AC18E9} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E0D39066-96D7-4891-8527-488ADAFCD60F} [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.framdee.msgmr] C:\PROGRAM FILES\MESSENGER\MSGMR.DLL C:\WINDOWS\FONTS\FRAMDEE.TTF HKEY_CLASSES_ROOT\CLSID\{DA191DE0-AA86-4ED0-4B87-293D48B2AE99} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA191DE0-AA86-4ED0-4B87-293D48B2AE99} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\MSNMSG [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.bndmss.wmel32] HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HBKERNEL32 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\HBKERNEL32 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HBKERNEL32 [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.upnpsrv] HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_CLASSES_ROOT\CLSID\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} HKEY_CLASSES_ROOT\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DA63E650-537C-4042-87BB-9D19D844680B} [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Trojan.htxvimes] C:\WINDOWS\SYSTEM32\4D023DE9.DLL [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Unknown Trojan Horse/Virus] C:\WINDOWS\SYSTEM32\01AFE3DC.DLL C:\WINDOWS\SYSTEM32\1FD51F1F.DLL C:\WINDOWS\SYSTEM32\201476D0.DLL C:\WINDOWS\SYSTEM32\29EA67E0.DLL C:\WINDOWS\SYSTEM32\56BC86C7.DLL C:\WINDOWS\SYSTEM32\950D1600.DLL C:\WINDOWS\SYSTEM32\A1A6BC2E.DLL C:\WINDOWS\SYSTEM32\A55F538E.DLL C:\WINDOWS\SYSTEM32\B6E23E89.DLL C:\WINDOWS\SYSTEM32\D9C002DD.DLL C:\WINDOWS\SYSTEM32\DFB3DAC5.DLL C:\WINDOWS\SYSTEM32\FFAE967F.DLL HKEY_CLASSES_ROOT\CLSID\{01AFE3DC-2242-436E-9B44-6DD1C664E828} HKEY_CLASSES_ROOT\CLSID\{1FD51F1F-97E4-498C-AB12-93332EEAD266} HKEY_CLASSES_ROOT\CLSID\{201476D0-2B18-462E-AB9F-3E2B0CC8732B} HKEY_CLASSES_ROOT\CLSID\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} HKEY_CLASSES_ROOT\CLSID\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_CLASSES_ROOT\CLSID\{950D1600-DE4A-448D-93B4-7BAE5A7A8052} HKEY_CLASSES_ROOT\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} HKEY_CLASSES_ROOT\CLSID\{A55F538E-9E65-4706-9458-852BF6592063} HKEY_CLASSES_ROOT\CLSID\{B6E23E89-C925-4BF7-92EB-77EFDF8C58A6} HKEY_CLASSES_ROOT\CLSID\{D9C002DD-EA51-43A2-9009-54EAAAF031A4} HKEY_CLASSES_ROOT\CLSID\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_CLASSES_ROOT\CLSID\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{01AFE3DC-2242-436E-9B44-6DD1C664E828} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1FD51F1F-97E4-498C-AB12-93332EEAD266} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{201476D0-2B18-462E-AB9F-3E2B0CC8732B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{950D1600-DE4A-448D-93B4-7BAE5A7A8052} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A55F538E-9E65-4706-9458-852BF6592063} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B6E23E89-C925-4BF7-92EB-77EFDF8C58A6} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D9C002DD-EA51-43A2-9009-54EAAAF031A4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{01AFE3DC-2242-436E-9B44-6DD1C664E828} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{1FD51F1F-97E4-498C-AB12-93332EEAD266} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{201476D0-2B18-462E-AB9F-3E2B0CC8732B} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{29EA67E0-9EE5-4D1A-A056-5B7BDAC4CF97} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{950D1600-DE4A-448D-93B4-7BAE5A7A8052} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A55F538E-9E65-4706-9458-852BF6592063} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{B6E23E89-C925-4BF7-92EB-77EFDF8C58A6} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D9C002DD-EA51-43A2-9009-54EAAAF031A4} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418} [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Maybe Useless object] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MIGSNI.SYS C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SVCHOST.EXE C:\WINDOWS\SYSTEM32A2.SYS C:\WINDOWS\SYSTEM32\DRIVERS\EASYDOWNS.SYS C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS C:\WINDOWS\SYSTEM32\DRIVERS\JSPHELP.SYS C:\WINDOWS\SYSTEM32\DRIVERS\PCIDUMP.SYS C:\WINDOWS\SYSTEM32\DRIVERS\WINSAWIDS.SYS [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Access deny Object] C:\WINDOWS\SYSTEM32\SYSTEM.EXE [2.8.2.8.1115 - 2.8.30.8.1115] 2008-12-13 20:39 [Infected System File,Can not Delete!] System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\ACTXPRXY.DLL