WORM_KILLAV.AB

Wird möglicherweise von anderer Malware/Grayware/Spyware von externen Sites heruntergeladen. Wird möglicherweise unwissentlich von einem Benutzer beim Besuch bösartiger Websites heruntergeladen.

Ändert Registrierungseinträge, um System- und schreibgeschützte Dateien zu verbergen. Erstellt bestimmte Registrierungseinträge, um Sicherheitsanwendungen zu deaktivieren.

Schleust Kopien von sich selbst in Wechsellaufwerke ein. Diese eingeschleusten Kopien verwenden als Dateinamen die Namen der Ordner auf den betroffenen Laufwerken.

Ändert die HOSTS-Datei des betroffenen Systems. Dadurch können Benutzer nicht mehr auf bestimmte Websites zugreifen.

Übertragungsdetails

Wird möglicherweise von anderer Malware/Grayware/Spyware von externen Sites heruntergeladen.

Wird möglicherweise unwissentlich von einem Benutzer beim Besuch bösartiger Websites heruntergeladen.

Installation

Schleust folgende Komponentendateien ein:

• %Program Files%\Common Files\BOSC.dll - detected as SPYW_SPYMYPC

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Schleust folgende nicht bösartigen Dateien ein:

• %All Users%\Desktop\Intennet Exploner.lnk
• %All Users%\Desktop\¸Ä±äÄãµÄÒ»Éú.url
• %All Users%\Desktop\ÌÔ±¦¹ºÎïA.url
• %All Users%\Desktop\Ãâ·ÑµçÓ°C.url
• %User Profile%\Favorites\&çÍ·×ÍøÖ·µ¼º½&.url

(Hinweis: %User Profile% ist der Ordner für Benutzerprofile des aktuellen Benutzers, normalerweise C:\Windows\Profile\{Benutzername} unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername} unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername} unter Windows 2000, XP und Server 2003.)

Schleust die folgenden Eigenkopien in das betroffene System ein:

• %System Root%\VSPS\VSPS.exe
• %Startup%\juahwcsweo.exe
• %System%\qdlajbhqqq\explorer.exe
• %System%\mohquqcbsv\smss.exe

(Hinweis: %System Root% ist der Stammordner, normalerweise C:\. Dort befindet sich auch das Betriebssystem.. %System% ist der Windows Systemordner. Er lautet in der Regel C:\Windows\System unter Windows 98 und ME, C:\WINNT\System32 unter Windows NT und 2000 sowie C:\Windows\System32 unter Windows XP und Server 2003.)

Erstellt die folgenden Ordner:

• %System%\qdlajbhqqq
• %System Root%\VSPS
• %System%\mohquqcbsv

(Hinweis: %System% ist der Windows Systemordner. Er lautet in der Regel C:\Windows\System unter Windows 98 und ME, C:\WINNT\System32 unter Windows NT und 2000 sowie C:\Windows\System32 unter Windows XP und Server 2003.. %System Root% ist der Stammordner, normalerweise C:\. Dort befindet sich auch das Betriebssystem.)

Andere Systemänderungen

Fügt die folgenden Registrierungseinträge als Teil der Installationsroutine hinzu:

HKEY_CLASSES_ROOT\exefile
NeverShowExt = 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
HideDesktopIcons\NewStartPanel
{871C5380-42A0-1069-A2EA-08002B30309D} = 1

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Associations
ModRiskFileTypes = ".exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\StorageDevicePolicies
WriteProtect = 0

Fügt die folgenden Registrierungsschlüssel als Teil der Installationsroutine hinzu:

HKEY_CLASSES_ROOT\CLSID\{F986CC17-37C0-4585-B7D9-15F2161F0584}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Desktop\NameSpace\{F986CC17-37C0-4585-B7D9-15F2161F0584}

Ändert die folgenden Registrierungseinträge, um System- und schreibgeschützte Dateien zu verbergen:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
ShowSuperHidden = 0

(Note: The default value data of the said registry entry is 1.)

Erstellt die folgenden Registrierungseinträge, um Sicherheitsanwendungen zu deaktivieren:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvDetect.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvfwMcl.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP_1.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvol.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvolself.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvReport.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVScan.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVSrvXP.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVStub.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvupload.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvwsc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP_1.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch9x.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatchX.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWSMain.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kwstray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWSUpd.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
loaddll.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
logogo.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MagicSet.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcconsol.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmqczj.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmsk.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapsvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapw32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
NAVSetup.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
niu.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32krn.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32kui.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
NPFMntor.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
pagefile.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
pagefile.pif
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
pfserver.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFW.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFWLiveUpdate.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
qheart.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QHSET.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQDoctor.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQDoctorMain.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQDoctorRtp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQKav.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCMgr.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCRTP.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCSmashFile.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCTray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQSC.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
qsetup.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Ras.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rav.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ravcopy.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMon.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMonD.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavStub.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavTask.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RegClean.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwcfg.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwmain.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwProxy.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwsrv.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsAgent.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rsaupd.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rsnetsvr.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsTray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rstrui.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
runiep.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
safeboxTray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
safelive.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
scan32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ScanFrm.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ScanU3.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SDGames.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SelfUpdate.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
servet.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
shcfg32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SmartUp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
sos.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SREng.EXE
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SREngPS.EXE
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
stormii.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
sxgame.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
symlcsvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SysSafe.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
tmp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TNT.Exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojanDetector.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Trojanwall.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojDie.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TxoMoU.Exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UFO.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UIHost.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAgent.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360rpt.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360Safe.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360safebox.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360sd.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360sdrun.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360tray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
799d.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
adam.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AgentSvr.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AntiU.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AoYun.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
appdllman.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AppSvc32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ArSwp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ArSwp2.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ArSwp3.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AST.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
atpup.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
auto.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AutoRun.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
autoruns.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
av.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvastU3.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avconsol.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgrssvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvMonitor.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.com
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvU3Launcher.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
CCenter.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ccSvcHst.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
cross.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Discovery.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
DSMain.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
EGHOST.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FileDsty.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
filmst.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FTCleanerShell.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FYFireWall.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ghost.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
guangd.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
HijackThis.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
IceSword.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
iparmo.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Iparmor.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
irsetup.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
isPwdSvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
jisu.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kabaload.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KaScrScn.SCR
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASMain.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASTask.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAV32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVDX.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPF.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPFW.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVSetup.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kavstart.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kernelwind32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KISLnchr.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kissvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMailMon.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMFilter.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsd.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsdave.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsdtray.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32X.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPfwSvc.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRegEx.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRepair.com
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KsLoader.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KSWebShield.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVCenter.kxp
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAttachment.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxCfg.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxFwHlp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxPol.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
upiea.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UpLive.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
USBCleaner.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vsstat.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
wbapp.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
webscanx.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
WoptiClean.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Wsyscheck.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
XDelBox.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
XP.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
zhudongfangyu.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
zjb.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
zxsweep.exe
Debugger = "ntsd -d"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
~.exe
Debugger = "ntsd -d"

Löscht die folgenden Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Minimal\
{4D36E967-E325-11CE-BFC1-08002BE10318}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\SafeBoot\Network\
{4D36E967-E325-11CE-BFC1-08002BE10318}

Verbreitung

Schleust Kopien von sich selbst in Wechsellaufwerke ein. Diese eingeschleusten Kopien verwenden als Dateinamen die Namen der Ordner auf den betroffenen Laufwerken.

Änderung der HOSTS-Datei

Ändert die HOSTS-Datei des betroffenen Systems, damit Benutzer nicht mehr auf die folgenden Websites zugreifen können:

• iq123.com
• yijidh.com
• 250dh.cn
• 223.la
• kuku123.com
• 930930.com
• 9123.com
• hao123e.com
• 020.com
• youxi777.com
• 1616.net
• 1188.com
• urldh.com
• daohang.la
• pp55.com
• 9605.com
• 05505.cn
• 7055.net
• 0056.com
• 6655.com
• 1166.com
• 5kip.com
• 114xia.com
• 265dh.com
• 3567.com
• 6565.cn
• 666t.com
• 9223.com
• dduu.com
• hao123.cn
• 5snow.com
• 2523.com
• 5599.net
• tt98.com
• zhaodao123.com
• kuhao123.com
• 5151la.net
• 6h.com.cn
• zeibi.com
• 6e8e.com
• th123.com
• 9991.com
• hao123ol.com
• wu123.com
• t220.cn
• ttver.net
• 188HI.com
• go2000.com
• 5igb.com
• bb2000.net
• 9wa.com
• qq5.com
• 365j.com
• 7345.com
• 2760.com
• 361la.com
• haojs.com
• 5zd.com
• i8866.com
• 100wz.com
• 114hi.com
• 234.la
• 657.com
• 339.la
• 365wz.net
• 7792.com
• 9495.com
• dazuimao.com
• 71314.com
• 265.com
• gouwo.com
• huai456.com
• ku256.com
• my180.com
• 2522.cn
• 405.cn
• 44244.com
• 111dh.com
• 115ku.com
• 13387.com
• 163yes.com
• 256s.com
• 2676.com
• 3355.net
• 365lo.com
• 4168.com
• 4545.cn
• 4688.com
• 566.net
• 5666.net
• 5733.com
• 6461.cn
• 7356.com
• 800186.com
• 85851.com
• asp51.com
• 361dh.com
• 5566.net
• yulinweb.com
• 6296.com.cn
• mianfeia.com
• ai1234.com
• k369.com
• msncn.com
• ss256.com
• min513.com
• 88-888.com
• lggg.cn
• 7771.cn
• leeboo.com
• jjol.cn
• 5566.com
• 9166.net
• hao253.com
• 7b.com.cn
• haoei.com
• 77114.com
• 21310.cn
• weiduomei.net
• kk3000.cn
• 7241.cn
• 44384.com
• daohang1234.com
• 131.cc
• 223224.com
• 537.com
• 9348.cn
• bju123.cn
• i4455.com
• jia123.com
• 0666.com.cn
• 553.la
• 5566.org
• 37021.com
• 88488.com
• 99986.net
• 37021.net
• k986.com
• cc62.com
• 5518.cn
• 55620.com
• 52416.com
• 7357.cn
• 8c8c.net
• 9999q.com
• 123shi123.com
• yl234.cn
• 3322.com
• hao222.com
• 6313.com
• f127.com
• 5599cn.cn
• 99499.com
• 2548.cn
• 133.net
• ie30.com
• 8751.com
• se:home
• haidaowan.net
• 160dh.com
• 114115.com
• 1322.cn
• hh361.com
• 2800.cc
• 52daohang.com
• 186.me
• diyidh.com
• zaodezhu.com
• 7832.com
• 3073.com
• 2058.cc
• 3456.cc
• 7771.com
• q6789.com
• 7k.cc
• dianzi88.com
• 7802.com
• xinbut.com
• 59688.com
• gjj.cc
• youla.com
• ok1616.com
• i2345.cn
• gg8000.com
• daohang12345.cn
• inina.cn
• dowei.com
• 1515.net
• 41119.cn
• 21230.cn
• 97youku.com
• fast35.net
• m32.cn
• tom155.cn
• 668yo.com
• online.cq.cn
• shagua.cn
• 007247.cn
• 603467.cn
• 197326.cn
• wwwoj.cn
• xp22.cn
• 84022.cn
• 520593.cn
• 448789.cn
• 141321.cn
• 36gggg.cn
• 427842.cn
• niubihao123.cn
• ovooo.cn
• rtys520.net
• rtxzw.com
• uurenti.cc
• bo.dy288.com
• renti11.com
• 123.cd
• 336655.com
• 9978.net
• 520.com
• 6l.cn
• 420.cn
• v989.com
• 16551.com
• 2tvv.com
• m4455.com
• mylovewebs.com
• 5987.net
• 7999.com
• caipopo.com
• wndhw.com
• henku123.com
• qu123.com
• 94176.com
• u526.com
• haokan123.com
• uusee.net
• 9733.com
• 173com
• qnrwz.com
• 999w.com
• h935.com
• 33250.com
• tz911.net
• 639e.com
• 920xx.cn
• 13393.com
• tncdh.com
• sou185.com
• 3566.cc
• 580so.com
• 2001.cc
• hnhao123.com
• zz5.net.cn
• abc123.name
• ekan123.com
• 1266.cc
• hao123.cc
• 126.cc
• ie1788.com
• 58daohang.com
• 6dh.com
• 991.cn
• 114la.me
• 1133.cc
• ads8.com
• haoz.com
• jsing.net
• 123.sogou.com
• 3321.com
• 1155.cc
• hao123.com
• hao123.net
• 6700.cn
• 168.com
• uu881.com
• 6264.cn
• 606600.com
• 2345.com
• 5607.cn
• 1111116.com
• v7799.com
• ie7.com.cn
• 365t.cc
• 89679.com
• se:blank
• 35029.com
• 8d9a.cn
• 400zm.com
• 58816.com
• 727dh.cn
• hao123w.com
• 114td.com
• 28101.cn
• 03336.cn
• 79001.cn
• 133132.com
• 3434.com.cn
• 828dh.cn
• 64500.cn
• 22q.cc
• jj77.com
• vvyy.net
• ie567.com
• 5d5e.com
• 212dh.cn
• 911g.cn
• 1616.la
• tomatolei.com
• 96nn.com
• 5543.com
• 2288.org
• 3322.org
• 9966.org
• 8800.org
• 8866.org
• 7766.org
• 22409.com
• se-se.info
• 26043.com
• 34414.com
• gaoav1.info
• 0558114.com
• 3333dh.cn
• zjialin.com
• 22dao.com
• soupay.com
• langlangdoor.com
• 99cu.com
• 5555dh.cn
• wang123.net
• hxdlink
• haaoo123.com
• 3645.com
• hao123q.com
• tvsooo.com
• gaituba.com
• 45566.net
• 2298.cn
• iexx.com
• dh115.com
• 97sp.cn
• 39r.cn
• f8f8.cn
• 391kk.cn
• 266.cc
• jysoso.net
• wg510.cn
• 114d.org
• ie3721.com
• 2142.cn
• go2000.cc
• go2000.cn
• 99521.com
• yeooo.com
• haha123.com
• hao.360.cn
• 07707.cn
• yy2000.net
• 1111118.com
• 26281.com
• 960dh.cn
• 300.cc
• 163333333.com.cn
• kz300.cn
• i3525.cn
• 67881.net
• t2t2.net
• mm4000.cn
• 669dh.cn
• k58n.com
• haoha123.com
• ab99.com
• i2255.com
• 054.cc
• fffggqq.cn
• k2345.net
• vv33.com
• tuku6.com
• mmpp654.com
• 228dh.cn
• seibb.com
• 14164.com
• 552dh.cn
• hao969.com
• lalamao.com
• 21225.cn
• 5k5.net
• 65630.cn
• at46.cn
• 98928.cn
• ads.eorezo.com
• 661dh.cn
• 6320.com
• henbianjie.com
• xiushe.com
• 5mqxmq.com
• 989228.com
• i8844.cn
• g1476.cn
• 4j4j.cn
• 1777zzw5.com
• 989228.cn
• henbucuo.com
• 886dh.cn
• 2255.net
• 160yes.com
• u8s.cn
• 16711.com
• 626dh.cn
• rfwow.cn
• baiyici.cn
• lalamao.cn
• 136s.com
• huhuyy.cn
• 8diq.com
• d2fs.cn
• 0229.com
• yy4000.com
• 9934.cn
• 3883.net
• 151dh.com
• 26dh.cn
• kkwwxx.com
• t67.net
• 29dao.cn
• 58ju.com
• dnc8.net
• yl177.com.cn
• xj.cn
• 950990.cn
• 114.com.cn
• xxxip.cn
• 3628.com
• 265.cc
• 26.la
• 5654.com
• zg115.com
• 969dh.cn
• 111555.com.cn
• pic.jinti.com
• kk8000.com
• wokaokao.cn
• duoxxppmmkoo.com
• kanlink.cn
• 91youa.com
• shinia.cn
• pp9pp9.cn
• ma80.com
• 556dh.cn
• bu4.cn
• 8555.com
• e23.la
• flash678.cn
• yy4000.cn
• wo333.com
• mv700.com
• xcwhgx.cn
• 3s11.cn
• sp16888.com
• k7k7.com
• zzw5.com
• okdianying.com
• 789bb.com
• antuoo.com
• so06.com
• 665532.cn
• 7f7f.com
• k261.com
• fanbaidu.org.cn
• iu888.cn
• 977k.com
• 93w.com
• 68566.com.cn
• zhidao163.cn
• it958.cn
• lx8000.cn
• sc.cn
• ucuc.cc
• kkdowns.com
• 189189.com
• 0002.com
• 4737.cn
• 226dh.cn
• bb115.cn
• 06000.cn
• u87.cn
• sohao123.com
• k887.com
• hao602.com
• t7t7.net
• ku4000.cn
• v6677.cn
• hong666.com
• 4000a.com
• kk4000.cn
• 7767.com
• 11227.cn
• u9u9.net
• 28113.cn
• rr55.com
• a4000.cn
• yunfujkw.cn
• 886.com
• 2800.cer.cn
• zyyu.com
• 49la.com
• hi3000.cn
• sogouliulanqi.com
• 888ge.com
• 00333.cn
• 29wz.com
• soso126.com
• 180wan.com
• kan888.com
• 4929.cn
• v2233.com
• m345.cn
• tt265.net
• 18ttt.com
• 153.cc
• 00664.cn
• gugogo.com
• kk4000.com
• 185b.com
• uuent.com
• 6666dh.cn
• 25dao.com
• shangla.com
• 77177.cn
• about:blank
• haoq123.com
• baiduo.org
• lejiu.net
• dianxin.cn
• u7758.com
• dao234.com
• 85692.com
• xiaosb.com
• soso313.cn
• 939dh.com
• 85952.com
• 31346.com
• 71528.com
• 788dh.com
• 91695.com
• 5566x.com
• 131u.com
• 1149.cn
• 9281.net
• my115.net
• 4119.cn
• 9m1.net
• dh818.com
• iehwz.com
• wa200.com
• hao234.cc
• 6781.com
• 652dh.com
• 16811.com
• zhongshu.net
• 992k.com
• 71628.com
• 6701.com
• diyou.net
• iehao123.com
• laidao123.com
• yinfen.net
• wz4321.com
• shangqu.info
• 5121.net
• 668g.com
• 51150.com
• 53ff.com
• dada123.com
• you2000.com
• 884599.cn
• kuaijiong.com
• 398.cn
• 32387.com
• 82vv.com
• 09tao.com
• 977dh.com
• 598.net
• 211dh.com
• 9365.info
• wblive.com
• e722.com
• v232.com
• 7400.net
• 62106.com
• ll4xi.com
• 3932.com
• puZeng.com
• 97199.com
• 447.cc
• 0749.com
• 6656.net
• niebai.com
• 447.com
• uuchina.net
• hao123cn.info
• dao666.com
• 9813.org
• 91kk.com
• freedh.info
• yidaba.com
• 161111111.com
• 009dh.com
• qsxx.cn
• geyuan.net
• 8t8.net
• xorg.pl
• bij.pl
• qqnz.com
• srpkw.com
• gggdu.com
• baiduo.com
• wys99.com
• leilei.cc
• 3633.net
• fjta.com
• so11.cn
• 522dh.com
• 9249.com
• 3110.cn
• 300cc.com
• 7669.cn
• 5c6.com
• 7993.cn
• 8336.cn
• 03m.net
• ou33.com
• bv0.net
• 163333333.cn
• 45575.com
• 2637.cn
• skyhouse.com.cn
• 98453.com
• 65642.net
• 776la.com
• 256.CC
• 114king.cn
• yyyqq.com
• huhu123.com
• gyyx.cn
• 2888.me
• 4444dh.cn
• 191pk.com
• 118.com
• 57xswz.com
• how18.cn
• sohu12333333.com
• xz26.com
• 654v.com
• 280580.cn
• fjgqw.com
• 49558.cn
• pp8000.cn
• 265it.com
• soolaa.com
• 9899.cn
• 18143.com
• haoxyz.com
• 4555.net
• 10du.net
• 528988.com
• wahahaha123.com
• c256.cn
• chinaih.com
• mnv.cn
• 633dh.com
• ncjxx.com
• 51721.net
• 556w.com
• 114cc.net
• 5go.com.cn
• pp4000.com
• 8844.com
• dd335.cn
• qu163.net
• itwenba.cn
• dou2game.cn
• h220.com
• neng123.com
• pleoc.cn
• 6006.cc
• 987654.com
• 39903.com
• ddoowwnn.cn
• 788111.com
• zhidao001.com
• 5hao123.com
• 978.la
• 135968.cn
• bb112.com
• r220.cn
• 365kong.com
• woainame.cn
• okgouwu.cn
• hao006.com
• jipinla.com
• 99467.com
• wawamm.cn
• qian14.cn
• ip27.cn
• 56dh.cn
• 2966.com
• game333.net
• kukuwz.com
• 1-xiu.cn
• 92hao123.com
• lian9.cn
• 222q.cn
• jj98.com
• 73vv.com
• mubanw.com
• t262.com
• x1258.cn
• weishi66.cn
• hao990.com
• 68la.com
• sowang123.cn
• 3929.cn
• 5665.cn
• 81sf.com
• kz123.cn
• qq806.cn
• ffwyt.com