Cách diệt VBS.Runauto.G
admin Dũng
2009-10-10T00:30:45-04:00
2009-10-10T00:30:45-04:00
http://suachuamaytinh.vn/Kien-thuc-tin-hoc/Cach-diet-VBSRunautoG-30.html
http://suachuamaytinh.vn/uploads/news/2009_10/1255149045.nv.jpg
SỬA MACBOOK SỬA CHỮA MACBOOK IMAC MAC PRO CHỮA LAPTOP HÀ NỘI
http://suachuamaytinh.vn/uploads/shop-cong-nghe-vdc.png
Thứ bảy - 10/10/2009 00:30
I)Mô Tả Phát hiện: 24 tháng 08 năm 2009 Cập nhật: 24 tháng 08 năm 2009 1:26:17 PM Kiểu : Sâu Kích thước:152,018 Bytes (minimum) Mức độ nguy hiểm: Trung bình Hệ thống bị ảnh hưởng : Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 Những chỉ dẫn sau đây gắn liền với mọi sản phẩm diệt virut của Symantec hiện thời và gần đây, bao gồm chương trình diệt virut Symantec và những sản phẩm dịêt virus của Norton 1 Tắt chế độ System Restore (Windows Me/XP) 2 Cập nhật chương trình diệt virus mới 3 Scan toàn bộ hệ thống 4 Xoá các giá trị được ghi vào Registry
II)Cách diệt 1 Click Start > Run 2 Đánh Regedit 3 Click chọn OK 4 Tìm và xoá các giá trị được ghi vào Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ANTS.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“APVXDWIN.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AVCONSOL.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AVENGINE.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AVP32.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AVPCC.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AVPM.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Adobe Gamma Loader.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Anti-Trojan.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“AvastSS.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Avciman.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“BDSurvey.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVCmd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVCtx.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVRep.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVRid.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVSCons.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CAVSubmit.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CEmRep.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CMain.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavAUD.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavApp.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavEmSrv.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavMUD.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavQ.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavSn.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavSub.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavUMAS.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“CavUserUpd.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Cavmr.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Cavoar.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Cavvl.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“DF5Serv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“FPAVServer.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“FPWin.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“FProtTray.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“FRW.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“FrzState2k.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ICLOAD95.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ICLOADNT.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ICMON.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ICSUPP95.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ICSUPPNT.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“IEShow.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“IFACE.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Identity.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“InstLsp.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“InstallCAVS.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“MSConfig.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“McShield.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“McVSEscn.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Mcdetect.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“MooLive.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“NAVAPW32.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“NAVW32.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“OnAccessInstaller.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“PAVSRV51.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“PSHost.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“PavFnSvr.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“PsCtrlS.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“PsImSvc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“Sphinx.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“TPSrv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“UPSDbMaker.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“UUpd.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“VSECOMR.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“VSHWIN32.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“VSSTAT.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“VetMsg.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“VisthAux.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“WEBPROXY.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“WEBSCANX.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“WrAdmin.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“WrCtrl.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“_AVP32.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“_AVPCC.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“_AVPM.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“a2cmd.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“a2free.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“a2service.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“a2upd.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashDisp.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashEnhcd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashLogV.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashMaiSv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashPopWz.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashQuick.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashServ.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashSkPcc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashUpd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ashWebSv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“aswBoot.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“aswRegSvr.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“aswUpdSv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avadmin.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avcenter.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avconfig.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgcc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgemc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avginet.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgnt.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgrssvc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgscan.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avguard.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgupsvc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avgw.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avmailc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avnotify.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avp.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“avscan.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“bdagent.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“bdsubwiz.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“blackd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“blackice.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“caiss.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“caissdt.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“cauninst.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“cavasm.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“cavse.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“cleaner.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“cleaner3.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“drwtsn32.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“dwwin.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“fpscan.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“fptrayproc.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“fssf.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“guardgui.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“iSafInst.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“iSafe.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“iamapp.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“iamserv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“licmgr.ex” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“licreg.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“lockdown2000.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“logon.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcagent.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcappins.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcdash.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcinfo.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcinsupd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcmnhdlr.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcregwiz.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcupdmgr.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcupdui.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcvsftsn.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mcvsmap.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“mghtml.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“naiavfin.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“nod32.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“nod32krn.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“nod32kui.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“oasclnt.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“preupd.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“realsched.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“rstrui.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“sched.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“scrnsave.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“seccenter.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ss3dfo.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssbezier.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssflwbox.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssmarque.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssmypics.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssmyst.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“sspipes.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“ssstars.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“sstext3d.scr” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“tca.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“uiscan.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“unp_test.EXE” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“update.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“userdump.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“vsmon.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“vsserv.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“wscntfy.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“wsctool.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\“zonealarm.exe” = “%Windir%\win.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"CTFMON" = "C:\WINDOWS\win.exe" HKEY_CLASSES_ROOT\exefile\shell\Open application HKEY_CLASSES_ROOT\exefile\shell\Scan for virus,s 5 Khôi phục lại các giá trị mặc định HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\"DisplayLogo" = "0" HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\"Timeout" = "0" HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\"DisplayLogo" = "0" HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\"Timeout" = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe, wscript.exe /E:vbs %Windir%\system32\regedit.sys" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"SuperHidden" = "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "0" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDriveTypeAutoRun" = "0" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"lnternet" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"winboot" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"MS32DLL" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"MessengerPlus" 6 Thoát khỏi Registra