----------------------------------------------------
3.0.7.9.0803 - 3.0.43.9.0823(1710) - 43
2009-08-27 10:35:33
----------------------------------------------------

[7FFFFFF8 - 系统重要文件被替换，需替换修复!]
C:\WINDOWS\system32\comres.dll

[7FFFFFF1 - 未知的风险软件]
C:\WINDOWS\47C.exe (Delete File)
C:\WINDOWS\47M.exe (Delete File)
C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll (Delete File)

[00000AFC - Trojan.olpddk.ncwqe]
HKEY_CLASSES_ROOT\CLSID\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED} (Delete RegValue)

[00000AF5 - Troj.bingd.ringsig]
C:\WINDOWS\SYSTEM32\2exJW3dsaTgWrf5uAPadmHN.dll (Delete File)
C:\WINDOWS\SYSTEM32\a4rxQxCvNBMNnpqs.dll (Delete File)
C:\WINDOWS\SYSTEM32\EmfVcSFcRkARFbbTQW5V5.dll (Delete File)
C:\WINDOWS\SYSTEM32\emHnPuBAaF7XjuXBbdxSg.dll (Delete File)
C:\WINDOWS\SYSTEM32\mFr9FPruEFZ9VNdrveJunw3.dll (Delete File)
C:\WINDOWS\SYSTEM32\Q9q2MHJ3uTBErM7wc.dll (Delete File)
C:\WINDOWS\SYSTEM32\w7uds3zyayg9.dll (Delete File)
C:\WINDOWS\FONTS\zEfE48cw9EmcFaR.fon (Delete File)
HKEY_CLASSES_ROOT\CLSID\{0220FBE7-F757-4C74-B246-D6703DCF1087}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0220FBE7-F757-4C74-B246-D6703DCF1087}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0220FBE7-F757-4C74-B246-D6703DCF1087} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{108DA6C0-CFBF-41D4-9A09-C4D06AE6FFD2}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{108DA6C0-CFBF-41D4-9A09-C4D06AE6FFD2}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{108DA6C0-CFBF-41D4-9A09-C4D06AE6FFD2} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87DE8A1A-96C5-4420-B222-EF998F697CE7}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{87DE8A1A-96C5-4420-B222-EF998F697CE7} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{9AD1DE62-196C-4C01-9A2F-0BEDEF727C59}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AD1DE62-196C-4C01-9A2F-0BEDEF727C59}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9AD1DE62-196C-4C01-9A2F-0BEDEF727C59} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{E3531A16-FFEA-416F-82DF-32FEDE02EABF}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3531A16-FFEA-416F-82DF-32FEDE02EABF}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E3531A16-FFEA-416F-82DF-32FEDE02EABF} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{D6129F8A-6F6E-41D7-BBC9-AC7426759CED} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{762D618C-E2CB-4217-8275-03302A93073F}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762D618C-E2CB-4217-8275-03302A93073F}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{762D618C-E2CB-4217-8275-03302A93073F} (Delete RegValue)
C:\Documents and Settings\BLACK MI\Local Settings\Temp\~119389578.tmpe (Delete File)

[00000AF3 - Trojan.updatenf.ias]
C:\WINDOWS\SYSTEM32\WcCtgJ4zcxHF.dll (Delete File)
HKEY_CLASSES_ROOT\CLSID\{427E02E6-39DB-4424-A49C-7553CD1331F5}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427E02E6-39DB-4424-A49C-7553CD1331F5}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{427E02E6-39DB-4424-A49C-7553CD1331F5} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{A761BE8E-C15A-4DDD-A777-2C683E9E96C8} (Delete RegValue)

[00000AE9 - Trojan.ersvc.flym]
C:\WINDOWS\Downloaded Program Files\ktEDQzfuNZk2SUAMgyAZz.cur (Delete File)
C:\WINDOWS\system32\rKPbzUHze58GK2VWcYUCt.inf (Delete File)

[00000A9F - Trojan.kxsws.ntd1l]
HKEY_CLASSES_ROOT\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{704C3595-DB85-40F6-A601-8D6F346907BD} (Delete RegValue)

[00000A15 - Trojan.upnpsrv]
HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} (Delete RegValue)

[000009A0 - Trojan.ytewcxzsw.wrew2ds]
C:\WINDOWS\SYSTEM32\122B901E.DLL (Delete File)
HKEY_CLASSES_ROOT\CLSID\{762D618C-E2CB-4217-8275-03302A93073F}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{762D618C-E2CB-4217-8275-03302A93073F}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{762D618C-E2CB-4217-8275-03302A93073F} (Delete RegValue)
HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC} (Delete RegValue)

[00000947 - Trojan.msosiocp.dosjisn]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE\ (Delete RegKey)

[000007E4 - 不正确的AppInit_DLLs默认参数]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS !=  (REG_SZ:C:\WINDOWS\system32\a4rxQxCvNBMNnpqs.dll,) (Restore RegValue)

[000007A2 - Trojan.myst.rds]
C:\WINDOWS\SYSTEM32\704C3595.DLL (Delete File)
HKEY_CLASSES_ROOT\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD}\ (Delete RegKey)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{704C3595-DB85-40F6-A601-8D6F346907BD} (Delete RegValue)