[2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Trojan.psw.avx] HKEY_CLASSES_ROOT\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_CLASSES_ROOT\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_CLASSES_ROOT\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673} HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{BA7EDF54-8408-4B21-B351-7B447B344BA4} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D7C79813-9233-4AE0-832C-99B2E8019673} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Uncorrect AppInit_DLLs] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00 [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Eyiruanjian Canliu] C:\WINDOWS\SYSTEM32\122B901E.CFG C:\WINDOWS\SYSTEM32\13DED518.CFG C:\WINDOWS\SYSTEM32\198FF3D8.CFG C:\WINDOWS\SYSTEM32\2EF0D734.CFG C:\WINDOWS\SYSTEM32\4FBFD5A4.CFG C:\WINDOWS\SYSTEM32\56BC86C7.CFG C:\WINDOWS\SYSTEM32\9CA963CA.CFG C:\WINDOWS\SYSTEM32\A1A6BC2E.CFG C:\WINDOWS\SYSTEM32\AAC70E2B.CFG C:\WINDOWS\SYSTEM32\BA7EDF54.CFG C:\WINDOWS\SYSTEM32\D7C79813.CFG C:\WINDOWS\SYSTEM32\DA63E650.CFG C:\WINDOWS\SYSTEM32\DFB3DAC5.CFG C:\WINDOWS\SYSTEM32\E0D39066.CFG C:\WINDOWS\SYSTEM32\E1384213.CFG C:\WINDOWS\SYSTEM32\E4814792.CFG C:\WINDOWS\SYSTEM32\E783C505.CFG C:\WINDOWS\SYSTEM32\SH05013.INI C:\WINDOWS\SYSTEM32\SH09015.INI C:\WINDOWS\SYSTEM32\SH09017.INI C:\WINDOWS\SYSTEM32\SH14026.INI C:\WINDOWS\SYSTEM32\SH14028.INI C:\WINDOWS\SYSTEM32\SH28007.INI C:\WINDOWS\SYSTEM32\SH28008.INI HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\THUNDER5.EXE [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [TROJAN FILES 2] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RFWSTUB.EXE [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Trojan.msosiocp.dosjisn] HKEY_CLASSES_ROOT\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_CLASSES_ROOT\CLSID\{AAC70E2B-C79A-4717-A2E1-3563EAB93ECC} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{AAC70E2B-C79A-4717-A2E1-3563EAB93ECC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{AAC70E2B-C79A-4717-A2E1-3563EAB93ECC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32 [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Trojan.ytewcxzsw.wrew2ds] C:\PROGRAM FILES\INTERNET EXPLORER\UNIX_SG.JMP C:\WINDOWS\SYSTEM32\08223B03.CFG HKEY_CLASSES_ROOT\CLSID\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_CLASSES_ROOT\CLSID\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FECF558B-7141-45D9-BD23-1B0E391BA01B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{FECF558B-7141-45D9-BD23-1B0E391BA01B} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ALIIMZ HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ALIIMZ HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALIIMZ [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Trojan.upnpsrv] HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_CLASSES_ROOT\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DA63E650-537C-4042-87BB-9D19D844680B} [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [TROJAN FILES 3] HKEY_CLASSES_ROOT\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_CLASSES_ROOT\CLSID\{E0D39066-96D7-4891-8527-488ADAFCD60F} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E0D39066-96D7-4891-8527-488ADAFCD60F} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E0D39066-96D7-4891-8527-488ADAFCD60F} [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Trojan.mmhtml.error386] HKEY_CLASSES_ROOT\CLSID\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_CLASSES_ROOT\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} [2.8.2.8.1115 - 2.8.50.8.1230] 2009-01-02 23:00 [Unknown Trojan Horse/Virus] HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\B1A18A3E HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\B1A18A3E HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\B1A18A3E