[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
<IFEO[ANTIARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE]
<IFEO[AutoRunKiller.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
<IFEO[Frameworkservice.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
<IFEO[GFUpd.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
<IFEO[GuardField.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
<IFEO[KASARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
<IFEO[VPC32.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
<IFEO[VPTRAY.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
<IFEO[WOPTILITIES.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
<IFEO[Your Image File Name Here without a path]><ntsd -d> [N/A]
IFEO劫持Autorun.inf
[C:\]
[AutoRun]
shell\open=打开(&O)
shell\open\Command=MSDOS.EXE
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\command=MSDOS.EXE
[D:\]
[AutoRun]
shell\open=打开(&O)
shell\open\Command=MSDOS.EXE
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\command=MSDOS.EXE
[E:\]
[AutoRun]
shell\open=打开(&O)
shell\open\Command=MSDOS.EXE
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\command=MSDOS.EXE
[F:\]
[AutoRun]
shell\open=打开(&O)
shell\open\Command=MSDOS.EXE
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\command=MSDOS.EXE
C、D、E、F有MSDOS.EXE病毒 学习中~~~~