Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect and ads window pop up


  • This topic is locked This topic is locked
38 replies to this topic

#1 newmystery

newmystery

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 02 December 2009 - 11:52 AM

I got this "Google search redirect and ads window pop up" problem too. I browsed through some topic here and looks like every case is different. So I will not try any risky things myself then. I run the Malwarebytes' Anti-Malware already and problem is still there.

I download some tools from some suggestions in other topic but haven't run any yet, just the HijackThis. Here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:28, on 2009-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\1435_Fiberlink\Fgrd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\SmartSVN 6\bin\statuscached.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Applications\eclipse\eclipse.exe
C:\Program Files\JetBrains\IntelliJ IDEA 7.0.3\bin\idea.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 osawarepro2009.microsoft.com
O1 - Hosts: 91.212.127.227 osawarepro2009.com
O1 - Hosts: 91.212.127.227 www.osawarepro2009.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live μ?????3D - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\cheng01\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BGInfo] C:\WINDOWS\System32\BGInfo\BGInfo.exe C:\WINDOWS\System32\BGInfo\logon.bgi /TIMER:0
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [RegMediaPlayerFix] C:\windows\Media_Player_key.vbs
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\StormII\Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: D′???? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: ? Windows Live Writer ?DD′????(&:( - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://ybnet.corp.ybusa.net
O15 - Trusted Zone: http://www.toyotausa.com
O15 - Trusted Zone: http://*.ybkopsms02
O15 - Trusted Zone: http://www.toyotausa.com (HKLM)
O15 - Trusted Zone: http://*.ybkopsms02 (HKLM)
O15 - Trusted Zone: corp.ybusa.net (HKLM)
O15 - Trusted IP range: http://10.5.19.186
O15 - Trusted IP range: http://10.5.19.186 (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com (HKLM)
O16 - DPF: iLO 2 Remote Console Applet - https://dmzkopwrrp01i/dvc.cab
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://ybcdrcnt01.corp.ybusa.net/SiteRoots...raUpdaterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205427587468
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} (ERPageAddin Class) - http://ybcdrerm01/eRoomSetup/client.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl12.igame.sina.com.cn/downloader.cab
O16 - DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} (Filetran Control) - http://www.bluesky.cn/download/filetran.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ybusa.net
O17 - HKLM\Software\..\Telephony: DomainName = corp.ybusa.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ybusa.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.ybusa.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.ybusa.net
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/html - {3ceb2daa-dd28-49f9-af80-84a140ebf050} - (no file)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FGR Service - Fiberlink Communications Corporation - C:\Program Files\1435_Fiberlink\Fgrd.exe
O23 - Service: Google Update Service (gupdate1ca072ddfa3fa0e) (gupdate1ca072ddfa3fa0e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: SmartSVN Status Cache (statuscached) - Unknown owner - C:\Program Files\SmartSVN 6\bin\statuscached.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 16247 bytes

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 02 December 2009 - 04:33 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste al logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.
==========

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Exehelper.txt
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 03 December 2009 - 12:13 AM

Thank you very much for your help. Here are the logs:

exeHelper by Raktor
Build 20091122
Run at 22:14:33 on 12/02/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

ComboFix 09-12-02.05 - cheng01 2009-12-02 23:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.3582.3015 [GMT -5:00]
执行位置: c:\documents and settings\cheng01\Desktop\thcbytes.exe
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {7D098DD7-0B8B-470E-ACAD-263F61EFB47D}
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cheng01\Application Data\BITS\BITS.ini
c:\documents and settings\cheng01\Application Data\BITS\DHTTable.dat
c:\documents and settings\cheng01\Application Data\BITS\pl.dat
c:\documents and settings\cheng01\Application Data\BITS\ProxyList.ini
c:\documents and settings\cheng01\Application Data\BITS\UPnP.ini
c:\documents and settings\cheng01\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\cheng01\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\cheng01\Application Data\FlashGetBHO\GetUrl.htm
c:\program files\Common
c:\program files\Common\_helper.sig
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\backup_list.swf
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\key_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\load_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\nodes.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\preferencesKad.dat
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\src_index.dat
c:\program files\FlashGet Network\FlashGet 3\config\staticservers.dat
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\01.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_1237455589.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_17922_1237455666.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\03DE4EAB_3591_0BA7_E49A_59DF75D6B715.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\05034405_F111_C90C_DED7_AF0F23B08EE6.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\189BE5EE_B2DC_6B5E_CE4C_BEDA1C359E6A.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1D37605B_1E73_76E8_3EF6_F826F3223F76.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\26105169_44A8_4FC6_72A7_4929B680FD0A.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3F98576D_E580_238A_EF8A_8FAC0E94AD21.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\467A033F_0882_0B63_527E_CCF07C413A6B.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4efc428ddc18af92894ed4d544c0d489.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\534F6709_496A_C1CF_DE60_1E35FA5339E5.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\542A0C90_26B5_8F1B_E06B_AA1A3A6F2F82.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\643033EC_1765_D84E_9598_20717E231631.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\64FC9CBE_6212_69A5_1A24_F2BE80E55D7A.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\82B2D924_0822_690B_2CA5_1ECC5BC2B487.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\94A0F8AB_38BE_F07C_70D1_635322EE1BD0.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\AB049FE7_3A8B_7D34_BD35_4CDDC182A61A.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\D3DD8C62_FA06_6806_8DF3_9DC87A395BAD.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\DFC617BC_F11D_651B_9AEC_7A476805BC79.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E246F6E9_DA0F_9BC5_A33D_C7B297B8F653.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\fg34info.bmp
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_red3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\css\lightbox.css
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_1.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_2.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_3.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\js\builder.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\js\effects.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\js\lightbox.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\js\prototype.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\data\js\scriptaculous.js
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector\lang\l.chs.xml
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGet3_Flash.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGetAdProcess.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\id3lib.dll
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\LICENSE.TXT
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\statusbar_ad_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\statusbar_ad_bk_long.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\Thumbs.db
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\default\Thumbs.db
c:\program files\FlashGet Network\FlashGet 3\skin\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\tray_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\default\tray_icon.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\unrar.dll
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\program files\Shared
c:\program files\StormII
c:\program files\StormII\BFThumbs.dll
c:\program files\StormII\Box\BoxLog.dll
c:\program files\StormII\Box\cache\readme.txt
c:\program files\StormII\Box\HttpServer.dll
c:\program files\StormII\Box\InstallInfo.ini
c:\program files\StormII\Box\MovieBoxCore.dll
c:\program files\StormII\Box\MovieBoxPS.dll
c:\program files\StormII\Box\Skin\MovieBox.bfsk
c:\program files\StormII\Box\Skin\与国同庆盒子.bfsk
c:\program files\StormII\Box\Skin\幽蓝墨韵盒子.bfsk
c:\program files\StormII\Box\Skin\深宇之夜盒子.bfsk
c:\program files\StormII\Box\Stline.exe
c:\program files\StormII\Box\UILib.dll
c:\program files\StormII\Box\UiManager.dll
c:\program files\StormII\Box\UiPlay.dll
c:\program files\StormII\Box\UitvWrapper_dll.dll
c:\program files\StormII\BugReport.exe
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\atidvcr.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avdevice.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avssplitter.ax
c:\program files\StormII\codec\avsvideo.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\binkw32.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVsd.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUDA_Filter.ax
c:\program files\StormII\codec\davsts.ax
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\DEC_StdMpeg4.dll
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\dxvadec.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\EmzAMRNBDec.dll
c:\program files\StormII\codec\EmzMp4Source.dll
c:\program files\StormII\codec\EzdAMRWBDec.dll
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_vfw.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffavisynth.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\FFDShowAPI.dll
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\ffSpkCfg.dll
c:\program files\StormII\codec\Flash.ocx
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\H264VDEC.dll
c:\program files\StormII\codec\HikAudioDec.ax
c:\program files\StormII\codec\HikDataDump.ax
c:\program files\StormII\codec\HikFileSource.ax
c:\program files\StormII\codec\HikFileSplitter.ax
c:\program files\StormII\codec\HikH264Dec.ax
c:\program files\StormII\codec\HikMpeg4Dec.ax
c:\program files\StormII\codec\HikPSDemux.ax
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\ir50_32.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\MatroskaSplitter.ax
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\Microsoft.VC90.CRT.manifest
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\MPlayer.exe
c:\program files\StormII\codec\msvcp71.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\msvcr90.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\NeSplitter.ax
c:\program files\StormII\codec\nvcuvid.dll
c:\program files\StormII\codec\nvviddec.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\RadGtSplitter.ax
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\RenderFilter.ax
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\smackw32.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vc1wp.ax
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xavsdec.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\Config.dll
c:\program files\StormII\CoreLog.dll
c:\program files\StormII\DXVACheck.dll
c:\program files\StormII\DXVAMgr.dll
c:\program files\StormII\FilterInfo.dll
c:\program files\StormII\game.ico
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\GifParser.dll
c:\program files\StormII\HD\ATI UVD解决方案(Vista_Win7).xml
c:\program files\StormII\HD\ATI UVD解决方案.xml
c:\program files\StormII\HD\ATI UVD解决方案2.xml
c:\program files\StormII\HD\Intel解决方案(Vista_Win7).xml
c:\program files\StormII\HD\Intel解决方案.xml
c:\program files\StormII\HD\MPEG-2解决方案.xml
c:\program files\StormII\HD\NVidia CUDA解决方案.xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案(Vista_Win7).xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案.xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案2.xml
c:\program files\StormII\HD\PowerDVD解决方案.xml
c:\program files\StormII\HD\VIA解决方案.xml
c:\program files\StormII\HD\微软解决方案(Vista_Win7).xml
c:\program files\StormII\HD\暴风影音解决方案.xml
c:\program files\StormII\jscript.dll
c:\program files\StormII\kcheck2.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\mcntr.dll
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\MediaInfo.dll
c:\program files\StormII\MediaLib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\minfo\MediaInfo2.dll
c:\program files\StormII\minfo\MInfo.dll
c:\program files\StormII\MovieInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\Option.dll
c:\program files\StormII\QvodBand.dll
c:\program files\StormII\QvodUpdate.exe
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\Skin\与国同庆.bfsk
c:\program files\StormII\Skin\幽蓝墨韵.bfsk
c:\program files\StormII\Skin\深宇之夜.bfsk
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\Storm.exe
c:\program files\StormII\StormBox.ico
c:\program files\StormII\stormpop.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\StormSkinRes.dll
c:\program files\StormII\Stormtray.exe
c:\program files\StormII\StormUpdate.dll
c:\program files\StormII\StormUpdate.exe
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\swDirScaner.dll
c:\program files\StormII\Tips.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\program files\StormII\web\Error.html
c:\program files\StormII\web\images\box_bg.jpg
c:\program files\StormII\web\images\box_li.jpg
c:\program files\StormII\web\images\cancel.jpg
c:\program files\StormII\web\images\cancellation.jpg
c:\program files\StormII\web\images\cid.jpg
c:\program files\StormII\web\images\downloads.jpg
c:\program files\StormII\web\images\false.jpg
c:\program files\StormII\web\images\false_0906707.jpg
c:\program files\StormII\web\images\line.jpg
c:\program files\StormII\web\images\link_bg.jpg
c:\program files\StormII\web\images\link_out.jpg
c:\program files\StormII\web\images\loading.gif
c:\program files\StormII\web\images\star.gif
c:\program files\StormII\web\images\star_bg.gif
c:\program files\StormII\web\Loading.html
c:\program files\StormII\win7Taskbar.dll
c:\windows\AegisP.inf
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wiaserviv.log

发现受感染 c:\windows\system32\DRIVERS\atapi.sys 并且成功解毒
从 - Kitty ate it :( 恢复原来档案
找不到 。。。 "c:\windows\system32\proquota.exe"!!

.
((((((((((((((((((((((((( 2009-11-03 至 2009-12-03 的新的档案 )))))))))))))))))))))))))))))))
.

2009-12-02 14:24 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-01 00:37 . 2009-12-02 14:11 52065 ----a-w- c:\windows\system32\nvModes.dat
2009-11-30 20:30 . 2009-12-03 02:15 2865 ----a-w- c:\windows\system32\cid_store.dat
2009-11-30 20:30 . 2009-12-03 02:15 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-11-29 19:28 . 2009-11-29 19:28 18944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe
2009-11-29 19:27 . 2009-11-29 19:27 18944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe
2009-11-29 19:27 . 2009-11-29 19:27 18944 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe
2009-11-25 20:49 . 2009-12-03 04:27 -------- d-----w- c:\documents and settings\cheng01\Application Data\BITS
2009-11-23 19:15 . 2009-11-23 19:18 -------- d-----w- c:\documents and settings\cheng01\.jprofiler6
2009-11-23 19:12 . 2009-11-23 19:13 -------- d-----w- c:\program files\jprofiler6
2009-11-19 05:00 . 2008-02-21 15:08 38656 ----a-w- c:\windows\system32\drivers\Capt9052.sys
2009-11-19 05:00 . 2008-02-21 15:08 25216 ----a-w- c:\windows\system32\drivers\Camd9052.sys
2009-11-19 04:59 . 2009-11-19 05:00 -------- d-----w- c:\program files\Disney Micro
2009-11-19 04:57 . 2007-05-18 16:41 37760 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2009-11-19 04:57 . 2007-04-28 15:25 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2009-11-19 04:57 . 2009-11-19 04:59 -------- d-----w- c:\program files\DB CIF Cam
2009-11-19 04:57 . 2009-11-19 04:57 -------- d-----w- c:\documents and settings\cheng01\Application Data\InstallShield
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Disney Pix Micro Downloader
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 01:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 01:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 19:22 . 2009-11-18 19:22 -------- d-----w- C:\erpm
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Application Data\syntevo
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Cisco
2009-11-15 04:47 . 2009-11-15 04:47 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Apple Computer
2009-11-15 02:43 . 2009-11-15 02:43 -------- d-----w- c:\documents and settings\cheng01\Application Data\PPLive
2009-11-15 01:12 . 2009-11-15 02:43 -------- d-----w- c:\program files\PPLive
2009-11-12 00:58 . 2009-11-12 00:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Tencent
2009-11-11 22:58 . 2009-11-17 02:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Temp
2009-11-11 16:54 . 2009-11-11 16:54 -------- d-----w- c:\documents and settings\cheng01\Application Data\AdobeUM
2009-11-11 16:52 . 2009-11-30 18:32 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Adobe
2009-11-11 14:25 . 2009-11-11 14:25 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Mozilla
2009-11-11 12:47 . 2009-11-11 12:47 53464 ----a-w- c:\documents and settings\cheng01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 12:46 . 2009-11-11 12:46 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Winternals
2009-11-11 05:29 . 2009-12-02 05:09 -------- d-----w- c:\documents and settings\cheng01\Application Data\gtk-2.0
2009-11-11 04:50 . 2009-11-13 14:57 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Google
2009-11-10 20:14 . 2009-11-10 20:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 20:12 . 2009-11-10 20:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 20:10 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-10 20:10 . 2009-11-10 20:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 20:06 . 2009-11-10 20:06 -------- d-----w- c:\program files\Microsoft
2009-11-10 20:05 . 2009-11-10 20:13 -------- d-----w- c:\program files\Windows Live
2009-11-07 18:27 . 2009-11-07 18:27 -------- d-----w- c:\documents and settings\cheng01\.thumbnails
2009-11-07 16:42 . 2009-12-02 05:21 -------- d-----w- c:\documents and settings\cheng01\.gimp-2.6
2009-11-07 16:41 . 2009-11-07 16:41 -------- d-----w- c:\program files\GIMP-2.0
2009-11-03 05:30 . 2009-11-03 05:30 -------- d-----w- C:\MDT

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 04:27 . 2009-09-24 02:26 -------- d-----w- c:\documents and settings\cheng01\Application Data\FlashGetBHO
2009-12-02 05:51 . 2008-05-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-12-01 23:06 . 2008-09-08 13:21 -------- d-----w- c:\documents and settings\cheng01\Application Data\Skype
2009-12-01 21:05 . 2008-09-08 14:05 -------- d-----w- c:\documents and settings\cheng01\Application Data\skypePM
2009-11-30 20:37 . 2008-04-03 18:31 -------- d-----w- c:\program files\Trend Micro
2009-11-30 20:00 . 2009-02-17 20:36 86016 ----a-w- c:\documents and settings\cheng01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\specialhook.dll
2009-11-30 20:00 . 2009-02-17 20:36 158720 ----a-w- c:\documents and settings\cheng01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\audiofunc.dll
2009-11-19 04:59 . 2008-04-03 18:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 01:06 . 2009-01-21 01:35 -------- d-----w- c:\program files\qqqtv
2009-11-10 22:00 . 2008-04-22 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 01:58 . 2009-10-16 15:20 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 13:19 . 2009-10-21 13:19 53464 ----a-w- c:\documents and settings\cheng01a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 03:06 . 2009-10-18 03:05 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-15 03:15 . 2009-06-07 17:43 31048 ------w- c:\documents and settings\cheng01\Application Data\Tencent\QQ\SafeBase\selfupdate.exe
2009-09-24 02:23 . 2009-09-24 02:22 8700840 ----a-w- c:\documents and settings\cheng01\Application Data\FlashgetSetup\flashget_17922_1.exe
2003-07-08 19:13 . 2008-04-03 18:42 50862 ----a-w- c:\program files\yellowbookfingers.ico
.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"BGInfo"="c:\windows\System32\BGInfo\BGInfo.exe" [2004-09-22 741421]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"RegMediaPlayerFix"="c:\windows\Media_Player_key.vbs" [2007-07-24 531]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-09-11 356429]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-23 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-08-23 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-10 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ccosm"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\酷6网\\极速酷6\\Ku6SpeedUpper.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2701:TCP"= 2701:TCP:SMSRemoteTools
"23:TCP"= 23:TCP:Telnet
"12345:TCP"= 12345:TCP:TrendBHMUNIKOPIRVCDRProd
"58127:TCP"= 58127:TCP:TrendBHMTest1
"27106:TCP"= 27106:TCP:TrendBHMTest2
"61320:TCP"= 61320:TCP:TrendEFFProd
"63113:TCP"= 63113:TCP:TrendWICProd
"61077:TCP"= 61077:TCP:TrendSNDProd
"50000:TCP"= 50000:TCP:MassTransit
"21:TCP"= 21:TCP:FTP
"25253:TCP"= 25253:TCP:PatchlinkPDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R2 FGR Service;FGR Service;c:\program files\1435_Fiberlink\Fgrd.exe [2003-03-03 57344]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [2007-12-05 20400]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2005-11-09 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2005-11-09 36368]
S0 zsuqesna;zsuqesna;c:\windows\system32\drivers\jrgijvxt.sys --> c:\windows\system32\drivers\jrgijvxt.sys [?]
S2 gupdate1ca072ddfa3fa0e;Google Update Service (gupdate1ca072ddfa3fa0e);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
S2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6\bin\statuscached.exe [2009-08-22 215040]
S3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\drivers\cvpopflt.sys [2008-06-27 1507104]
S3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\drivers\Cvuvc.sys [2008-06-27 1924128]
S3 cvuvcflt;UVC Filter Service (Cisco);c:\windows\system32\drivers\cvuvcflt.sys [2008-06-27 22432]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2009-11-19 38656]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<LCS]
Regedit.exe /s "c:\program files\Desktop Engineering\LCS\LCSUSERSETTINGS.reg"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>YBSet]
c:\windows\UserSetup.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Communicator2007_Settings]
"c:\adminfolder\Communicator2007_Settings.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E02E48F-1C41-425D-A165-FCCCBC16F234}]
msiexec /fou {0E02E48F-1C41-425D-A165-FCCCBC16F234} /qb
.
计划任务 文件夹 里的内容

2009-12-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 21:36]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://ybnet.corp.ybusa.net
mStart Page = hxxp://ybnet.corp.ybusa.net
uInternet Settings,ProxyServer = ybkopisa01:8080
uInternet Settings,ProxyOverride = <local>
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: ybusa.net\corp
DPF: iLO 2 Remote Console Applet - hxxps://dmzkopwrrp01i/dvc.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://ybcdrcnt01.corp.ybusa.net/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://ybcdrerm01/eRoomSetup/client.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl12.igame.sina.com.cn/downloader.cab
DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} - hxxp://www.bluesky.cn/download/filetran.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\cheng01\Application Data\Mozilla\Firefox\Profiles\s0ywta2k.default\
FF - prefs.js: network.proxy.ftp - ybkopisa01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - ybkopisa01
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - ybkopisa01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - ybkopisa01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - ybkopisa01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.config.filename","netscape.jsc");.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QuickTime Task - c:\program files\StormII\Codec\qttask.exe
HKU-Default-Run-msiexec.exe - msiconf.exe
AddRemove-GameHouse - c:\program files\RealArcade\Installer\bin\gameinstaller.exe c:\program files\RealArcade\Installer\installerMain.clf
AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-storm2 - c:\program files\StormII\uninst.exe
AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\program files\Apoint\Uninstap.exe ADDREMOVE
AddRemove-{{598D99F7-B97C-424F-B899-69B339336411}} - c:\program files\InstallShield Installation Information\{{598D99F7-B97C-424F-B899-69B339336411}}\setup.exe
AddRemove-快车(FlashGet)3.2 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-02 23:33
Windows 5.1.2600 Service Pack 2 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。


c:\docume~1\cheng01\LOCALS~1\Temp\catchme.dll


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,b0,a2,34,
42,52,1d,ca,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="c:\\Program Files\\腾讯游戏\\QQGAME\\Uninstall.EXE"
"Publisher"="腾讯公司"
"DisplayIcon"="c:\\Program Files\\腾讯游戏\\QQGAME\\QQGame.EXE"
"DisplayVersion"="2.3.105.13"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\netprovcredman.dll
.
完成时间: 2009-12-02 23:38
ComboFix-quarantined-files.txt 2009-12-03 04:37
ComboFix2.txt 2008-09-10 03:21

Pre-Run: 43,645,116,416 bytes free
Post-Run: 43,698,065,408 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 650BD135FB7DBEDEB14FBFC3B6E769A8


Looks like a lot of files are deleted. I will let you know if I still have any problem with the redirect. Thanks again!!

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 03 December 2009 - 12:48 AM

We are not done! You are still infected. I will let you know when your computer is clean.

Please note...

I see you have run Combofix unsupervised.....this is ill advised!!

:( This is a complex and powerful tool that should not be used except under the supervision and direction of a malware expert. It can and will render your computer unbootable permanently!! Also realize that in most circumstances a single run of Combofix is ineffective. Specialized scripts will be written specifically directing this program to clean-up based on your logs!! :(

I would like to see your most recent CF log that preceeded the most recent run.

I would like to see....

C:\ComboFix.txt
C:\Qoobox\ComboFix-quarantined-files.txt


Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 03 December 2009 - 09:40 PM

Thanks. Do you mean I should run Combofix again? I am not clear what do you mean 'run Combofix unsupervised'. If I run it now, is it supervised?
Here is the ComboFix-quarantined-files.txt and ComboFix2.txt in the Qoobox directory:

ComboFix-quarantined-files.txt:

2009-12-03 04:36:00 . 2009-12-03 04:36:00 896 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-快车(FlashGet)3.2.reg.dat
2009-12-03 04:36:00 . 2009-12-03 04:36:00 1,004 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{{598D99F7-B97C-424F-B899-69B339336411}}.reg.dat
2009-12-03 04:36:00 . 2009-12-03 04:36:00 544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}.reg.dat
2009-12-03 04:36:00 . 2009-12-03 04:36:00 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-storm2.reg.dat
2009-12-03 04:36:00 . 2009-12-03 04:36:00 1,236 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RealPlayer 6.0.reg.dat
2009-12-03 04:35:59 . 2009-12-03 04:35:59 504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RealJukebox 1.0.reg.dat
2009-12-03 04:35:59 . 2009-12-03 04:35:59 826 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-NVIDIA Drivers.reg.dat
2009-12-03 04:35:59 . 2009-12-03 04:35:59 832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-GameHouse.reg.dat
2009-12-03 04:35:32 . 2009-12-03 04:35:32 111 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKU-Default-Run-msiexec.exe.reg.dat
2009-12-03 04:35:30 . 2009-12-03 04:35:30 162 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-QuickTime Task.reg.dat
2009-12-03 04:25:25 . 2009-12-03 04:25:25 12,206 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-12-03 03:21:07 . 2009-12-03 04:10:01 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-25 21:13:21 . 2009-11-25 21:13:21 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\BITS\ProxyList.ini.vir
2009-11-25 21:13:20 . 2009-11-25 21:13:20 240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat.vir
2009-11-25 21:04:19 . 2009-11-25 21:13:21 1,549 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\BITS\DHTTable.dat.vir
2009-11-25 20:49:53 . 2009-11-25 20:49:55 11,140 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\fg34info.bmp.vir
2009-11-25 20:49:39 . 2009-11-25 21:13:21 501 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\BITS\pl.dat.vir
2009-11-25 20:49:30 . 2009-11-25 20:49:30 368 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\BITS\UPnP.ini.vir
2009-11-25 20:49:13 . 2009-11-25 21:13:21 3,546 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\BITS\BITS.ini.vir
2009-11-19 05:50:42 . 2009-11-19 05:50:43 214,067 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\uninst.exe.vir
2009-10-28 05:43:56 . 2009-10-28 05:43:56 141,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Config.dll.vir
2009-10-28 05:43:50 . 2009-10-28 05:43:50 612,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\splayers.dll.vir
2009-10-28 02:58:50 . 2009-10-28 02:58:50 3,554,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.vir
2009-10-27 08:18:20 . 2009-10-27 08:18:20 125,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\rndrmgr.dll.vir
2009-10-27 04:30:02 . 2009-10-27 04:30:02 1,087,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mps.dll.vir
2009-10-27 04:30:00 . 2009-10-27 04:30:00 1,767,520 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Storm.exe.vir
2009-10-26 08:12:36 . 2009-10-26 08:12:36 7,019 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\Skin\深宇之夜盒子.bfsk.vir
2009-10-26 06:56:14 . 2009-10-26 06:56:14 325,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\stormpop.exe.vir
2009-10-26 06:19:10 . 2009-10-26 06:19:10 71,776 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\MovieBoxPS.dll.vir
2009-10-26 06:19:10 . 2009-10-26 06:19:10 874,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\Stline.exe.vir
2009-10-26 06:19:04 . 2009-10-26 06:19:04 759,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\UILib.dll.vir
2009-10-26 06:19:02 . 2009-10-26 06:19:02 239,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\UitvWrapper_dll.dll.vir
2009-10-26 06:19:00 . 2009-10-26 06:19:00 632,928 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\MovieBoxCore.dll.vir
2009-10-26 06:18:58 . 2009-10-26 06:18:58 215,136 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\HttpServer.dll.vir
2009-10-26 06:18:54 . 2009-10-26 06:18:54 305,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\BoxLog.dll.vir
2009-10-26 06:18:50 . 2009-10-26 06:18:50 1,153,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\subdecoder.dll.vir
2009-10-23 07:35:32 . 2009-10-23 07:35:32 521,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MP4Splitter.ax.vir
2009-10-23 06:57:04 . 2009-10-23 06:57:04 1,009,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormSkinRes.dll.vir
2009-10-23 06:57:02 . 2009-10-23 06:57:02 268,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Option.dll.vir
2009-10-23 06:56:54 . 2009-10-23 06:56:54 247,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\meedb.dll.vir
2009-10-23 02:53:48 . 2009-10-23 02:53:48 87,295 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\与国同庆.bfsk.vir
2009-10-23 02:53:30 . 2009-10-23 02:53:30 61,616 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\深宇之夜.bfsk.vir
2009-10-23 02:53:00 . 2009-10-23 02:53:00 71,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Skin\幽蓝墨韵.bfsk.vir
2009-10-22 07:47:20 . 2009-10-22 07:47:20 501,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mcntr.dll.vir
2009-10-21 04:14:50 . 2009-10-21 04:14:50 2,234,464 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Stormtray.exe.vir
2009-10-19 08:42:50 . 2009-12-02 05:50:38 44 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\toff.ini.vir
2009-10-19 08:42:24 . 2009-12-02 05:50:38 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.ini.vir
2009-10-19 08:42:24 . 2009-12-02 05:50:38 577 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\others.xml.vir
2009-10-19 08:42:24 . 2009-11-27 05:51:28 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.ini.vir
2009-10-19 08:42:24 . 2009-12-01 22:37:23 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.ini.vir
2009-10-19 08:10:02 . 2009-12-01 22:00:02 5,803 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_style_list.xml.vir
2009-09-27 07:07:16 . 2009-09-27 07:07:16 645,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Tips.dll.vir
2009-09-27 01:26:06 . 2009-09-27 01:26:06 16,718 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\Skin\与国同庆盒子.bfsk.vir
2009-09-27 01:25:46 . 2009-09-27 01:25:46 27,275 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\Skin\幽蓝墨韵盒子.bfsk.vir
2009-09-27 01:25:20 . 2009-09-27 01:25:20 40,225 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\Skin\MovieBox.bfsk.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 17,964 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\05034405_F111_C90C_DED7_AF0F23B08EE6.swf.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 107,719 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\189BE5EE_B2DC_6B5E_CE4C_BEDA1C359E6A.swf.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 37,276 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\542A0C90_26B5_8F1B_E06B_AA1A3A6F2F82.swf.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 64,642 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\82B2D924_0822_690B_2CA5_1ECC5BC2B487.swf.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 29,681 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\AB049FE7_3A8B_7D34_BD35_4CDDC182A61A.swf.vir
2009-09-25 08:50:04 . 2009-09-25 03:32:00 7,434 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E246F6E9_DA0F_9BC5_A33D_C7B297B8F653.gif.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 7,083 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\03DE4EAB_3591_0BA7_E49A_59DF75D6B715.gif.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 22,510 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1D37605B_1E73_76E8_3EF6_F826F3223F76.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 14,852 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\26105169_44A8_4FC6_72A7_4929B680FD0A.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 25,554 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3F98576D_E580_238A_EF8A_8FAC0E94AD21.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 20,140 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\467A033F_0882_0B63_527E_CCF07C413A6B.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 25,247 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\534F6709_496A_C1CF_DE60_1E35FA5339E5.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 31,273 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\643033EC_1765_D84E_9598_20717E231631.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 31,451 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\64FC9CBE_6212_69A5_1A24_F2BE80E55D7A.gif.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 30,308 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\94A0F8AB_38BE_F07C_70D1_635322EE1BD0.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 29,471 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\D3DD8C62_FA06_6806_8DF3_9DC87A395BAD.swf.vir
2009-09-25 08:50:02 . 2009-09-25 03:32:00 7,409 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\DFC617BC_F11D_651B_9AEC_7A476805BC79.gif.vir
2009-09-25 03:27:03 . 2009-09-25 03:27:06 511,069 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4efc428ddc18af92894ed4d544c0d489.zip.vir
2009-09-25 02:22:34 . 2009-09-25 02:22:34 20,653 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\mee.db.vir
2009-09-24 12:51:51 . 2009-11-25 21:13:21 160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\perf.ini.vir
2009-09-24 12:51:51 . 2009-11-25 21:13:21 292 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\pstat.dat.vir
2009-09-24 12:51:50 . 2009-11-25 21:13:20 20 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini.vir
2009-09-24 05:30:53 . 2009-11-25 20:50:37 598 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\pup.dat.vir
2009-09-24 02:31:43 . 2009-11-25 21:13:20 3,316 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg.vir
2009-09-24 02:27:55 . 2009-03-19 17:37:08 2,799 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\directui\01.png.vir
2009-09-24 02:27:55 . 2009-03-19 17:41:06 1,922 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\directui\client_1237455589.jpg.vir
2009-09-24 02:27:50 . 2009-11-25 21:13:19 15,757 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini.vir
2009-09-24 02:27:49 . 2009-04-14 05:01:47 6,117 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\directui\directui_17922_1237455666.zip.vir
2009-09-24 02:27:48 . 2009-06-02 03:13:53 33,710 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_red3.png.vir
2009-09-24 02:27:48 . 2009-06-02 03:13:53 37,930 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue3.png.vir
2009-09-24 02:27:47 . 2009-06-02 03:13:53 49,796 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png.vir
2009-09-24 02:27:43 . 2009-09-24 02:27:52 968,595 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip.vir
2009-09-24 02:27:29 . 2009-11-25 21:13:22 3,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak.vir
2009-09-24 02:27:29 . 2009-11-25 21:13:22 3,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db.vir
2009-09-24 02:27:27 . 2009-11-25 21:13:21 233 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\P2PCfg.ini.vir
2009-09-24 02:27:07 . 2009-09-24 02:27:07 110,210 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\uninst.exe.vir
2009-09-17 08:53:36 . 2009-09-17 08:53:36 117,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_tremor.dll.vir
2009-09-17 08:53:36 . 2009-09-17 08:53:36 95,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_unrar.dll.vir
2009-09-17 08:53:34 . 2009-09-17 08:53:34 216,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libdts.dll.vir
2009-09-17 08:53:32 . 2009-09-17 08:53:32 126,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_liba52.dll.vir
2009-09-17 08:53:32 . 2009-09-17 08:53:32 176,640 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_samplerate.dll.vir
2009-09-17 08:53:30 . 2009-09-17 08:53:30 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmad.dll.vir
2009-09-17 08:53:26 . 2009-09-17 08:53:26 338,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libfaad2.dll.vir
2009-09-17 08:53:26 . 2009-09-17 08:53:26 98,304 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_wmv9.dll.vir
2009-09-17 08:53:22 . 2009-09-17 08:53:22 149,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_realaac.dll.vir
2009-09-16 05:07:58 . 2009-09-16 05:07:58 243,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\MediaLib.dll.vir
2009-09-16 04:18:04 . 2009-09-16 04:18:04 74,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\win7Taskbar.dll.vir
2009-09-16 04:18:02 . 2009-09-16 04:18:02 96,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\BugReport.exe.vir
2009-09-14 04:34:16 . 2009-09-14 04:34:16 157,792 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\DXVAMgr.dll.vir
2009-09-14 04:34:14 . 2009-09-14 04:34:14 657,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormUpdate.dll.vir
2009-09-14 04:33:54 . 2009-09-14 04:33:54 137,312 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\CoreLog.dll.vir
2009-09-14 04:33:52 . 2009-09-14 04:33:52 137,312 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\MediaInfo.dll.vir
2009-09-14 03:00:58 . 2009-09-14 03:00:58 1,132,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\dxvadec.ax.vir
2009-09-11 11:06:34 . 2009-09-11 11:06:34 64,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLT_ffdshow.dll.vir
2009-09-11 11:06:24 . 2009-09-11 11:06:24 53,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffavisynth.dll.vir
2009-09-11 11:05:34 . 2009-09-11 11:05:34 85,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_vfw.dll.vir
2009-09-11 11:04:36 . 2009-09-11 11:04:36 2,624,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libavcodec.dll.vir
2009-09-11 11:04:36 . 2009-09-11 11:04:36 2,624,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\libavcodec.dll.vir
2009-09-11 11:04:02 . 2009-09-11 11:04:02 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffSpkCfg.dll.vir
2009-09-11 11:03:58 . 2009-09-11 11:03:58 297,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmplayer.dll.vir
2009-09-11 11:03:24 . 2009-09-11 11:03:24 93,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_libmpeg2.dll.vir
2009-09-11 11:03:14 . 2009-09-11 11:03:14 159,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_theora.dll.vir
2009-09-11 11:02:48 . 2009-09-11 11:02:48 896,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_xvidcore.dll.vir
2009-09-11 11:02:04 . 2009-09-11 11:02:04 4,102,144 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_TomsMoComp.dll.vir
2009-09-11 11:01:42 . 2009-09-11 11:01:42 2,091,008 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ff_kernelDeint.dll.vir
2009-09-11 09:57:26 . 2009-09-11 09:57:26 5,435 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\Intel解决方案.xml.vir
2009-09-11 09:57:14 . 2009-09-11 09:57:14 5,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\Intel解决方案(Vista_Win7).xml.vir
2009-09-11 09:57:02 . 2009-09-11 09:57:02 5,676 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\NVidia PureVideoHD解决方案(Vista_Win7).xml.vir
2009-09-11 09:56:52 . 2009-09-11 09:56:52 5,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\ATI UVD解决方案(Vista_Win7).xml.vir
2009-09-11 09:56:42 . 2009-09-11 09:56:42 5,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\微软解决方案(Vista_Win7).xml.vir
2009-09-11 09:56:32 . 2009-09-11 09:56:32 5,470 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\暴风影音解决方案.xml.vir
2009-09-11 09:56:20 . 2009-09-11 09:56:20 5,425 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\ATI UVD解决方案2.xml.vir
2009-09-11 09:56:08 . 2009-09-11 09:56:08 6,282 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\NVidia CUDA解决方案.xml.vir
2009-09-11 09:55:56 . 2009-09-11 09:55:56 5,429 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\VIA解决方案.xml.vir
2009-09-11 09:55:44 . 2009-09-11 09:55:44 5,474 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\PowerDVD解决方案.xml.vir
2009-09-11 09:55:32 . 2009-09-11 09:55:32 5,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\NVidia PureVideoHD解决方案.xml.vir
2009-09-11 09:55:18 . 2009-09-11 09:55:18 5,471 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\NVidia PureVideoHD解决方案2.xml.vir
2009-09-11 09:54:40 . 2009-09-11 09:54:40 5,493 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\MPEG-2解决方案.xml.vir
2009-09-11 09:54:24 . 2009-09-11 09:54:24 5,436 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\HD\ATI UVD解决方案.xml.vir
2009-09-11 08:00:28 . 2009-09-11 08:00:28 68,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FFDShowAPI.dll.vir
2009-09-09 09:15:00 . 2009-09-09 09:15:00 61,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\DXVACheck.dll.vir
2009-09-09 03:42:10 . 2009-09-09 03:42:10 379,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\AviSplitter.ax.vir
2009-09-02 07:11:54 . 2009-09-02 07:11:54 135,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CUDA_Filter.ax.vir
2009-09-02 03:56:34 . 2009-09-02 03:56:34 86,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1wp.ax.vir
2009-08-31 12:39:56 . 2009-08-31 12:39:56 404,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MpegSplitter.ax.vir
2009-08-31 08:21:44 . 2009-08-31 08:21:44 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffsource.ax.vir
2009-08-27 03:25:20 . 2009-08-27 03:25:20 75,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormUpdate.exe.vir
2009-08-27 02:55:40 . 2009-08-27 02:55:40 30,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\kcheck2.dll.vir
2009-08-26 07:20:10 . 2009-08-26 07:20:10 151,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsLanguage_en.dll.vir
2009-08-21 10:02:34 . 2009-08-21 10:02:34 239,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FlashGet3_Flash.exe.vir
2009-08-21 10:01:52 . 2009-08-21 10:01:52 177,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FlashGetAdProcess.exe.vir
2009-08-21 10:01:32 . 2009-08-21 10:01:32 144,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\SysOptimize.exe.vir
2009-08-21 10:00:22 . 2009-08-21 10:00:22 300,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\BugReport.exe.vir
2009-08-21 10:00:02 . 2009-08-21 10:00:02 353,840 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\FlashGetBHO\FlashGetBHO3.dll.vir
2009-08-21 10:00:02 . 2009-08-21 10:00:02 353,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll.vir
2009-08-21 09:59:36 . 2009-08-21 09:59:36 2,074,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe.vir
2009-08-21 09:21:04 . 2009-08-21 09:21:04 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\componentskrnl.dll.vir
2009-08-21 09:20:56 . 2009-08-21 09:20:56 192,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsSkinX.dll.vir
2009-08-21 09:20:44 . 2009-08-21 09:20:44 258,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsScheduler.dll.vir
2009-08-21 09:20:28 . 2009-08-21 09:20:28 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsStatistics.dll.vir
2009-08-21 09:20:16 . 2009-08-21 09:20:16 462,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsArchive.dll.vir
2009-08-21 09:19:52 . 2009-08-21 09:19:52 229,376 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsDirectuix.dll.vir
2009-08-21 09:19:52 . 2009-08-21 09:19:52 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsSecurity.dll.vir
2009-08-21 09:19:44 . 2009-08-21 09:19:44 430,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\commonlib.dll.vir
2009-08-21 09:19:44 . 2009-08-21 09:19:44 200,704 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\fnsLanguage.dll.vir
2009-08-21 09:18:12 . 2009-08-21 09:18:12 413,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\VodCore.dll.vir
2009-08-19 07:18:08 . 2009-08-19 07:18:08 227,707 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\swscale.dll.vir
2009-08-19 07:17:58 . 2009-08-19 07:17:58 11,444 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avdevice.dll.vir
2009-08-19 07:17:58 . 2009-08-19 07:17:58 639,291 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avformat.dll.vir
2009-08-19 07:17:56 . 2009-08-19 07:17:56 5,393,652 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avcodec.dll.vir
2009-08-19 07:17:56 . 2009-08-19 07:17:56 99,372 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avutil.dll.vir
2009-08-18 04:15:46 . 2009-08-18 04:15:46 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RMSplt.ax.vir
2009-08-17 09:09:16 . 2009-08-17 09:09:16 1,642,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\btcoreu.dll.vir
2009-08-17 08:29:42 . 2009-08-17 08:29:42 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ac3filter.ax.vir
2009-08-17 05:28:20 . 2009-08-17 05:28:20 2,490,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\libem.dll.vir
2009-08-17 04:07:36 . 2009-08-17 04:07:36 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\corestat.dll.vir
2009-08-17 04:07:06 . 2009-08-17 04:07:06 303,104 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\P2PCore.dll.vir
2009-08-17 04:06:18 . 2009-08-17 04:06:18 507,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\P2SCore.dll.vir
2009-08-17 03:44:04 . 2009-11-25 21:13:21 1,970 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\server.met.vir
2009-08-17 03:43:38 . 2009-08-17 03:43:38 262,144 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\ckcore.dll.vir
2009-08-15 02:15:30 . 2009-08-15 02:15:30 3,850 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tmp.reg.vir
2009-08-15 02:15:02 . 2008-10-10 12:58:08 82,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\o4Patch.exe.vir
2009-08-15 02:15:02 . 2008-10-10 12:58:08 82,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.C.exe.vir
2009-08-15 02:15:02 . 2008-08-18 16:19:03 82,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\404Fix.exe.vir
2009-08-15 02:15:02 . 2008-10-01 19:51:40 87,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\VACFix.exe.vir
2009-08-15 02:15:02 . 2008-05-19 01:40:35 82,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\IEDFix.exe.vir
2009-08-15 02:15:01 . 2007-09-06 04:22:23 289,144 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\VCCLSID.exe.vir
2009-08-15 02:15:01 . 2007-10-04 04:36:46 25,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\WS2Fix.exe.vir
2009-08-15 02:15:01 . 2004-07-31 22:50:36 51,200 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dumphive.exe.vir
2009-08-15 02:15:01 . 2006-04-27 21:49:30 288,417 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SrchSTS.exe.vir
2009-08-15 02:15:01 . 2003-06-06 01:13:00 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Process.exe.vir
2009-08-14 09:58:08 . 2009-08-14 09:58:08 6,074 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\clients.met.bak.vir
2009-08-14 09:58:08 . 2009-11-25 21:13:21 1,314 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\clients.met.vir
2009-08-14 09:58:08 . 2009-11-25 21:13:21 5 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\emfriends.met.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 28 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\key_index.dat.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 5 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\known.met.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 12 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\load_index.dat.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:20 61 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\preferences.dat.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 2,956 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\preferences.ini.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 23 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\preferencesKad.dat.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 12 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\src_index.dat.vir
2009-08-14 09:58:06 . 2009-11-25 21:13:21 5 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\upload.met.vir
2009-08-06 10:52:42 . 2009-08-06 10:52:42 1,312,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\empgdmx.ax.vir
2009-08-06 02:19:48 . 2009-08-06 02:19:48 39,636 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FlashGet3.xpi.vir
2009-08-04 07:23:48 . 2009-08-04 07:23:48 1,772 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\lst_tz.bin.vir
2009-08-04 07:23:48 . 2009-11-25 21:06:16 1,970 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\server_met.old.vir
2009-08-04 06:22:20 . 2009-08-04 06:22:20 110,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\adns.dll.vir
2009-08-04 04:32:28 . 2009-08-04 04:32:28 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avsvideo.ax.vir
2009-07-31 13:28:26 . 2009-07-31 13:28:26 234,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\FilterInfo.dll.vir
2009-07-31 03:31:50 . 2009-07-31 03:31:50 165,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xavsdec.dll.vir
2009-07-29 08:36:02 . 2009-07-29 08:36:02 36,107 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\skin.xml.vir
2009-07-29 08:36:02 . 2009-07-29 08:36:02 3,339 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\tray_bk.png.vir
2009-07-29 08:36:02 . 2009-07-29 08:36:02 1,365 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\tray_icon.png.vir
2009-07-29 08:36:02 . 2009-07-29 08:36:02 299,385 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\skin.png.vir
2009-07-29 08:36:02 . 2009-07-29 08:36:02 3,663 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\statusbar_ad_bk_long.png.vir
2009-07-29 03:00:16 . 2009-07-29 03:00:16 1,953,792 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\atidvcr.dll.vir
2009-07-23 02:34:56 . 2009-07-23 02:34:56 2,094 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\Error.html.vir
2009-07-23 01:52:12 . 2009-07-23 01:52:12 933 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\cancel.jpg.vir
2009-07-23 01:52:12 . 2009-07-23 01:52:12 488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\line.jpg.vir
2009-07-14 18:54:00 . 2009-07-14 18:54:00 2,189,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\nvcuvid.dll.vir
2009-07-10 03:46:10 . 2009-07-10 03:46:10 1,701 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\Loading.html.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 318 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\box_bg.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 345 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\box_li.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 963 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\cancellation.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 1,391 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\cid.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 853 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\downloads.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 1,404 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\false.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 1,489 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\false_0906707.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 328 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\link_bg.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 364 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\link_out.jpg.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 10,620 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\loading.gif.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 551 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\star.gif.vir
2009-07-08 07:30:54 . 2009-07-08 07:30:54 549 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\web\images\star_bg.gif.vir
2009-06-19 16:14:24 . 2009-03-19 17:41:06 4,641 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 479,232 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\FGResDetector.exe.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,823 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\default.htm.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 1,698 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\css\lightbox.css.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 10,487 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\banner.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 49 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\bullet.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 222 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\close.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\closelabel.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 1,151 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\download-icon.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 1,039 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\explorer.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,745 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 4,217 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_1.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,037 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_2.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 9,391 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\ftp_3.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,926 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 29,604 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_1.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 9,955 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_2.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 34,205 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\image_3.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 4,610 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\introTextBg.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,767 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\loading.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 315 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\nextlabel.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 311 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\prevlabel.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,938 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 12,314 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_1.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,890 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_2.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 5,532 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\software_3.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,711 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 4,759 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_1.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 32,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_2.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 4,693 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\images\vod_3.gif.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 4,906 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\js\builder.js.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 40,108 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\js\effects.js.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 18,878 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\js\lightbox.js.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 130,352 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\js\prototype.js.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,711 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\data\js\scriptaculous.js.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 14,376 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\about.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\ftplist_tree_icon.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,533 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\option_icon.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,401 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\quickop_hide.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,405 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\quickop_show.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,827 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\statusbar_bk.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 3,051 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\tasktab_close.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 5,709 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_back.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 2,891 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_bk.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 8,230 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_close.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 5,570 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_forward.png.vir
2009-06-16 07:13:44 . 2009-06-16 07:13:44 7,931 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\image\toolbar_refresh.png.vir
2009-06-15 07:29:30 . 2009-06-15 07:29:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvid.ax.vir
2009-06-15 07:11:00 . 2009-06-15 07:11:00 10,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\Thumbs.db.vir
2009-06-15 07:09:20 . 2009-06-15 07:09:20 54,055 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\topmain.png.vir
2009-06-15 07:08:54 . 2009-06-15 07:08:54 7,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\Thumbs.db.vir
2009-06-12 12:47:26 . 2009-11-27 06:02:18 10,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\stcon.ini.vir
2009-06-05 02:52:38 . 2009-06-05 02:52:38 111,286 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormBox.ico.vir
2009-06-03 01:16:18 . 2009-06-03 01:16:18 51,231 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\preview.png.vir
2009-05-31 21:44:58 . 2009-05-31 21:44:58 394,752 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\OggSplitter.ax.vir
2009-05-31 21:44:32 . 2009-05-31 21:44:32 349,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\FLVSplitter.ax.vir
2009-05-29 16:47:04 . 2009-05-29 16:47:04 881,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\xvidcore.dll.vir
2009-05-29 14:30:08 . 2009-05-29 14:30:08 1,798,144 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\minfo\MediaInfo2.dll.vir
2009-05-15 01:56:44 . 2009-05-15 01:56:44 296,232 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NeSplitter.ax.vir
2009-05-12 01:50:30 . 2009-11-25 21:13:21 4,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\nodes.dat.vir
2009-05-01 21:02:22 . 2009-05-01 21:02:22 729,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\divxdec.ax.vir
2009-04-30 01:49:28 . 2009-04-30 01:49:28 7,025 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\FGResDetector\lang\l.chs.xml.vir
2009-04-21 03:13:50 . 2009-04-21 03:13:50 434,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MatroskaSplitter.ax.vir
2009-04-20 11:49:58 . 2009-04-20 11:49:58 13,942 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\game.ico.vir
2009-04-20 06:12:50 . 2009-04-20 06:12:50 365 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\cryptkey.dat.vir
2009-04-20 06:12:50 . 2009-04-20 06:12:50 1 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\known2_64.met.vir
2009-04-16 09:24:02 . 2009-04-16 09:24:02 22,486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\game.ico.vir
2009-04-16 03:04:02 . 2009-04-16 03:04:02 610,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\storage.dll.vir
2009-04-16 03:04:02 . 2009-04-16 03:04:02 163,328 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\unrar.dll.vir
2009-04-16 03:04:02 . 2009-04-16 03:04:02 53,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\zlib.dll.vir
2009-04-16 03:04:02 . 2009-04-16 03:04:02 231 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\config\staticservers.dat.vir
2009-04-16 03:04:00 . 2009-04-16 03:04:00 278,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\pncrt.dll.vir
2009-04-16 03:04:00 . 2009-04-16 03:04:00 32,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\RdOldDb.dll.vir
2009-04-16 03:04:00 . 2009-04-16 03:04:00 311,296 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax.vir
2009-04-16 03:04:00 . 2009-04-16 03:04:00 704,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\SnapShot.dll.vir
2009-04-16 03:03:54 . 2009-04-16 03:03:54 577,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\id3lib.dll.vir
2009-04-16 03:03:52 . 2009-04-16 03:03:52 1,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\FlashGetBHO\GetAllUrl.htm.vir
2009-04-16 03:03:52 . 2009-04-16 03:03:52 3,550 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\cheng01\Application Data\FlashGetBHO\GetUrl.htm.vir
2009-04-16 03:03:52 . 2009-04-16 03:03:52 1,072 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\GetAllUrl.htm.vir
2009-04-16 03:03:46 . 2009-04-16 03:03:46 213,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\dbghelp.dll.vir
2009-04-16 03:03:44 . 2009-04-16 03:03:44 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\BugReport.dll.vir
2009-04-16 03:03:42 . 2009-04-16 03:03:42 155,568 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\backup_list.swf.vir
2009-04-13 05:37:38 . 2009-04-13 05:37:38 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\davsts.ax.vir
2009-04-13 05:37:04 . 2009-04-13 05:37:04 315,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\avssplitter.ax.vir
2009-03-30 06:31:10 . 2009-03-30 06:31:10 23,391 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\top_logotitle.gif.vir
2009-03-27 03:17:50 . 2009-03-27 03:17:50 24,114 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\sound\loginsucc.wav.vir
2009-03-27 03:17:50 . 2009-03-27 03:17:50 5,740 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\sound\msgnotify.wav.vir
2009-03-27 03:17:50 . 2009-03-27 03:17:50 12,508 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\sound\notify.wav.vir
2009-03-27 03:17:48 . 2009-03-27 03:17:48 22,486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\torrent.ico.vir
2009-03-27 03:17:48 . 2009-03-27 03:17:48 7,155 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\userinfo_head.png.vir
2009-03-27 03:17:48 . 2009-03-27 03:17:48 7,734 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\VistaStyleListItems.bmp.vir
2009-03-27 03:17:48 . 2009-03-27 03:17:48 14,958 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\sound\loginfailed.wav.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 5,512 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\SuspendNoLogo.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 3,142 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_left.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 2,902 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_middle.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 3,166 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbarbutton_right.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 8,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_backgrand.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,713 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_cancle.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,735 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_catgroy.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,513 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_group.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_new.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_open.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,953 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_option.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,416 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_pause.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,925 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_recly.png.vir
2009-03-27 03:17:46 . 2009-03-27 03:17:46 6,667 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\toolbar_start.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 15,086 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\desktoplink.ico.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 2,995 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\login_line.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 18,132 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\menu_icon.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 3,133 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\option_line.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 2,941 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\option_page_line.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 3,607 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\statusbar_ad_bk.png.vir
2009-03-27 03:17:44 . 2009-03-27 03:17:44 7,314 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\SuspendLogo.png.vir
2009-03-27 03:17:42 . 2009-03-27 03:17:42 18,716 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\BarSet.png.vir
2009-03-27 03:17:42 . 2009-03-27 03:17:42 4,683 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\btn_check.png.vir
2009-03-27 03:17:42 . 2009-03-27 03:17:42 4,515 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\btn_normal.png.vir
2009-03-27 03:17:42 . 2009-03-27 03:17:42 4,969 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\skin\default\image\btn_radio.png.vir
2009-03-19 19:17:23 . 2009-03-19 23:36:27 66,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common\_helper.sig.vir
2009-03-12 05:45:18 . 2009-03-12 05:45:18 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikPSDemux.ax.vir
2009-03-03 01:20:48 . 2009-03-03 01:20:48 1,730,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\gdiplus.dll.vir
2009-02-27 10:44:10 . 2009-02-27 10:44:10 122,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RenderFilter.ax.vir
2009-02-27 10:35:22 . 2009-02-27 10:35:22 92,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\BFThumbs.dll.vir
2009-02-27 06:08:10 . 2009-02-27 06:08:10 232,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\coreavc.ax.vir
2009-02-26 05:45:22 . 2009-02-26 05:45:22 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSource.ax.vir
2009-02-26 03:44:38 . 2009-02-26 03:44:38 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikMpeg4Dec.ax.vir
2009-02-25 08:25:30 . 2009-02-25 08:25:30 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikH264Dec.ax.vir
2009-02-25 08:13:50 . 2009-02-25 08:13:50 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikAudioDec.ax.vir
2009-02-25 02:45:50 . 2009-02-25 02:45:50 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikFileSplitter.ax.vir
2009-02-24 06:00:06 . 2009-02-24 06:00:06 755,200 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ir50_32.dll.vir
2009-02-19 05:38:26 . 2009-02-19 05:38:26 3,930 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\LICENSE.TXT.vir
2009-02-12 01:51:16 . 2009-02-12 01:51:16 206,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe.vir
2009-02-09 07:30:22 . 2009-02-09 07:30:22 714,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse.dll.vir
2009-02-09 07:30:14 . 2009-02-09 07:30:14 832,880 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse3.dll.vir
2009-02-09 07:30:06 . 2009-02-09 07:30:06 828,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dsse2.dll.vir
2009-02-09 07:30:00 . 2009-02-09 07:30:00 718,192 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264dmmx.dll.vir
2009-02-09 07:29:54 . 2009-02-09 07:29:54 763,248 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\264be.dll.vir
2009-02-09 07:29:42 . 2009-02-09 07:29:42 91,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pthreadVC2.dll.vir
2009-02-09 07:29:30 . 2009-02-09 07:29:30 484,720 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cl264dec.ax.vir
2009-02-03 02:07:18 . 2009-02-03 02:07:18 3,866,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Flash.ocx.vir
2009-01-21 01:49:32 . 2009-01-21 01:49:32 59,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DEC_StdMpeg4.dll.vir
2009-01-19 02:05:04 . 2009-01-19 02:05:04 897,104 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVsd.ax.vir
2009-01-14 07:17:28 . 2009-01-14 07:17:28 15,265,280 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\MPlayer.exe.vir
2009-01-10 22:17:32 . 2009-01-10 22:17:32 163,840 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ts.dll.vir
2009-01-10 22:17:14 . 2009-01-10 22:17:14 536,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\splitter.ax.vir
2009-01-10 22:16:56 . 2009-01-10 22:16:56 148,480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkx.dll.vir
2009-01-10 22:16:14 . 2009-01-10 22:16:14 141,312 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mp4.dll.vir
2009-01-10 22:15:54 . 2009-01-10 22:15:54 120,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ogm.dll.vir
2009-01-10 22:14:08 . 2009-01-10 22:14:08 79,360 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkzlib.dll.vir
2009-01-10 22:14:06 . 2009-01-10 22:14:06 23,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mkunicode.dll.vir
2009-01-07 08:24:18 . 2009-01-07 08:24:18 1,160,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\UiPlay.dll.vir
2009-01-05 10:12:48 . 2009-01-05 10:12:48 300,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\UiManager.dll.vir
2008-12-24 09:44:16 . 2008-12-24 09:44:16 2,689,120 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\StormRes.dll.vir
2008-12-20 21:33:34 . 2008-12-20 21:35:09 1,826,959 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\QvodUpdate.exe.vir
2008-12-16 01:59:10 . 2008-12-16 01:59:10 75,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\spfa.dll.vir
2008-12-16 01:42:50 . 2008-12-16 01:42:50 292,968 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Media2.dll.vir
2008-12-12 08:54:06 . 2008-12-12 08:54:06 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\minfo\MInfo.dll.vir
2008-11-28 07:32:10 . 2008-11-28 07:32:10 174,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\unrar.dll.vir
2008-11-26 04:43:26 . 2008-11-26 04:43:26 0 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.flv.vir
2008-11-21 13:37:24 . 2008-11-21 13:37:24 1,054,080 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\CLVc1Dec.ax.vir
2008-11-21 13:37:20 . 2008-11-21 13:37:20 497,008 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dc.dll.vir
2008-11-21 13:37:20 . 2008-11-21 13:37:20 497,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dmmx.dll.vir
2008-11-21 13:37:20 . 2008-11-21 13:37:20 472,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse.dll.vir
2008-11-21 13:37:20 . 2008-11-21 13:37:20 460,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vc1dsse2.dll.vir
2008-11-13 05:51:50 . 2008-11-13 05:51:50 208,896 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\EmzAMRNBDec.dll.vir
2008-11-13 05:50:00 . 2008-11-13 05:50:00 409,600 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\EmzMp4Source.dll.vir
2008-11-13 05:49:10 . 2008-11-13 05:49:10 204,800 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\EzdAMRWBDec.dll.vir
2008-11-12 04:14:43 . 2009-01-26 03:58:58 28 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wiaserviv.log.vir
2008-11-07 02:28:26 . 2008-11-07 02:28:26 118,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\H264VDEC.dll.vir
2008-11-03 10:25:52 . 2008-11-03 10:25:52 244,224 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\RadGtSplitter.ax.vir
2008-10-31 10:47:46 . 2008-10-31 10:47:46 81,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\QvodBand.dll.vir
2008-09-16 11:35:18 . 2008-09-16 11:35:18 81,816 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\swDirScaner.dll.vir
2008-09-04 10:08:00 . 2008-09-04 10:08:00 22,486 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\cd1.ico.vir
2008-08-26 03:12:46 . 2008-08-26 03:12:46 450,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\jscript.dll.vir
2008-08-26 03:12:46 . 2008-08-26 03:12:46 413,696 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msvcp60.dll.vir
2008-07-14 04:12:39 . 2008-07-14 04:12:39 13,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\AegisP.inf.vir
2008-07-08 12:18:42 . 2008-07-08 12:18:42 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\skinsres.dll.vir
2008-07-02 01:48:28 . 2008-07-02 01:48:28 5 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\InstallInfo.ini.vir
2008-07-01 03:16:22 . 2008-07-01 03:16:22 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\GifParser.dll.vir
2008-06-21 15:49:10 . 2008-06-21 15:49:10 54 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\video_material_list.xml.vir
2008-06-13 01:48:30 . 2008-06-13 01:48:30 110,649 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\HikDataDump.ax.vir
2008-06-11 08:37:32 . 2008-06-11 08:37:32 1,712,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\GdiPlus.dll.vir
2008-04-28 09:33:34 . 2008-04-28 09:33:34 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\MovieInfo.dll.vir
2008-04-03 10:51:04 . 2008-04-03 10:51:04 0 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\Box\cache\readme.txt.vir
2008-03-25 00:01:49 . 2008-06-18 07:24:33 71,008 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\COUPON~1.OCX.vir
2008-03-16 13:30:52 . 2008-03-16 13:30:52 688,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mmamrdmx.ax.vir
2008-03-09 09:31:40 . 2008-03-09 09:31:40 245,760 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\DCBassSource.ax.vir
2008-03-05 12:13:20 . 2008-03-05 12:13:20 516,096 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\clvsdx.ax.vir
2008-02-20 09:19:48 . 2008-02-20 09:19:48 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffmpeg.dll.vir
2008-02-12 03:41:00 . 2008-02-12 03:41:00 439,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\NDParser.ax.vir
2008-01-14 03:37:28 . 2008-01-14 03:37:28 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\msscript.ocx.vir
2007-11-07 09:19:34 . 2007-11-07 09:19:34 655,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcr90.dll.vir
2007-11-07 04:24:10 . 2007-11-07 04:24:10 524 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Microsoft.VC90.CRT.manifest.vir
2007-08-08 03:45:34 . 2007-08-08 03:45:34 581,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\nvviddec.ax.vir
2007-07-11 04:03:04 . 2007-07-11 04:03:04 547 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\ffdshow.ax.manifest.vir
2007-07-04 21:33:22 . 2007-07-04 21:33:22 892,928 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\iconv.dll.vir
2007-06-13 07:48:48 . 2007-06-13 07:48:48 895,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\wmvdmod.dll.vir
2007-06-13 07:48:32 . 2007-06-13 07:48:32 396,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMADMOD.dll.vir
2007-05-21 10:13:54 . 2007-05-21 10:13:54 36 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\empty.swf.vir
2007-05-21 10:13:54 . 2007-05-21 10:13:54 95 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\def\def.ini.vir
2007-05-17 02:11:10 . 2007-05-17 02:11:10 119,335 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\media4in1.swf.vir
2007-05-17 02:11:10 . 2007-05-17 02:11:10 117,683 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\media\mediabp.swf.vir
2007-03-30 09:52:18 . 2007-03-30 09:52:18 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\PmpSplt.ax.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 92,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 150,520 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_aac.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 12,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_alac.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 33,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_ape.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 23,616 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_flac.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 18,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_mpc.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 8,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_tta.dll.vir
2007-02-01 23:19:46 . 2007-02-01 23:19:46 28,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\bass_wv.dll.vir
2006-11-14 18:56:12 . 2006-11-14 18:56:12 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\tsccvid.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 102,400 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 241,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 552,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 57,344 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll.vir
2006-10-18 23:05:24 . 2006-10-18 23:05:24 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\atrc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 65,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\cook.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 176,128 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drv2.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\drvc.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 552,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\raac.dll.vir
2006-10-18 15:05:24 . 2006-10-18 15:05:24 106,496 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\sipr.dll.vir
2006-10-18 13:47:22 . 2006-10-18 13:47:22 1,543,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\WMVDECOD.dll.vir
2006-10-18 13:47:18 . 2006-10-18 13:47:18 211,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\qasf.dll.vir
2006-10-18 13:47:14 . 2006-10-18 13:47:14 212,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mfplat.dll.vir
2006-07-17 16:00:00 . 2006-07-17 16:00:00 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcr71.dll.vir
2006-03-24 09:01:36 . 2006-03-24 09:01:36 630,784 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp7vfw.dll.vir
2005-11-25 20:13:28 . 2005-11-25 20:13:28 266,240 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\cddareader.ax.vir
2005-01-19 10:00:06 . 2005-01-19 10:00:06 847,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpeg2dmx.ax.vir
2004-12-10 02:03:02 . 2004-12-10 02:03:02 438,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\vp6vfw.dll.vir
2004-08-18 15:39:18 . 2004-08-18 15:39:18 98,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll.vir
2004-08-18 15:39:18 . 2004-08-18 15:39:18 57,383 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 98,343 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\14_43260.dll.vir
2004-08-18 07:39:18 . 2004-08-18 07:39:18 57,383 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\28_83260.dll.vir
2004-08-17 12:00:00 . 2004-08-17 12:00:00 262,144 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\mpg4ds32.ax.vir
2004-08-10 20:49:38 . 2004-08-10 20:49:38 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll.vir
2004-08-10 12:49:38 . 2004-08-10 12:49:38 155,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\ralf.dll.vir
2004-08-03 22:59:44 . 2004-08-04 03:59:44 95,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
2004-05-14 04:59:12 . 2004-05-14 04:59:12 5,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pndx5032.dll.vir
2004-05-14 04:59:10 . 2004-05-14 04:59:10 278,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\pncrt.dll.vir
2004-04-05 02:31:02 . 2004-04-05 02:31:02 499,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\msvcp71.dll.vir
2004-01-10 10:11:10 . 2004-01-10 10:11:10 480 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\keys.dat.vir
2003-04-16 11:19:58 . 2003-04-16 11:19:58 375,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\binkw32.dll.vir
2002-07-24 18:35:00 . 2002-07-24 18:35:00 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll.vir
2002-07-24 18:35:00 . 2002-07-24 18:35:00 20,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll.vir
2002-07-24 10:35:00 . 2002-07-24 10:35:00 20,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\Real\Codecs\dnet3260.dll.vir
2002-05-31 09:40:12 . 2002-05-31 09:40:12 96,256 ----a-w- C:\Qoobox\Quarantine\C\Program Files\StormII\codec\smackw32.dll.vir


ComboFix 08-09-05.12 - cheng01 2008-09-09 23:08:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2593 [GMT -4:00]
Running from: C:\Documents and Settings\cheng01\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\comui.dll

----- BITS: Possible infected sites -----

http://YBKOPSCCM03.CORP.YBUSA.NET:80
.
((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
.

2008-09-09 09:44 . 2008-09-09 09:44 <DIR> d-------- C:\Python25
2008-09-08 17:04 . 2008-09-08 17:04 2,656 --a------ C:\WINDOWS\system32\history.aaw
2008-09-08 16:53 . 2008-09-08 16:53 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\QQUpdate
2008-09-08 16:52 . 2008-09-08 16:52 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\QQ
2008-09-08 13:12 . 2008-09-08 13:12 1,566,632 --a------ C:\Temp\bluesky.exe
2008-09-08 10:18 . 2008-09-08 10:18 <DIR> d-------- C:\Documents and Settings\cheng01\.smartsvn
2008-09-08 10:15 . 2008-09-08 10:15 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\Subversion
2008-09-08 10:06 . 2008-09-08 10:06 <DIR> d-------- C:\Documents and Settings\cheng01\.IntelliJIdea70
2008-09-08 10:05 . 2008-09-09 08:39 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\skypePM
2008-09-08 09:25 . 2008-09-08 09:25 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\Malwarebytes
2008-09-08 09:21 . 2008-09-09 23:13 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\Skype
2008-09-08 09:20 . 2008-03-13 12:59 <DIR> d--hs---- C:\Documents and Settings\cheng01\UserData
2008-09-08 09:20 . 2008-03-13 12:58 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\OfficeUpdate12
2008-09-08 09:20 . 2008-04-03 14:45 <DIR> d-------- C:\Documents and Settings\cheng01\Application Data\Intel
2008-09-08 09:20 . 2008-09-08 13:00 <DIR> d-------- C:\Documents and Settings\cheng01
2008-09-08 09:18 . 2008-09-08 09:18 <DIR> d-------- C:\Documents and Settings\geek01a\Application Data\Skype
2008-09-08 09:15 . 2008-03-13 12:59 <DIR> d---s---- C:\Documents and Settings\geek01a\UserData
2008-09-08 09:15 . 2008-03-13 12:58 <DIR> d-------- C:\Documents and Settings\geek01a\Application Data\OfficeUpdate12
2008-09-08 09:15 . 2008-04-03 14:45 <DIR> d-------- C:\Documents and Settings\geek01a\Application Data\Intel
2008-09-08 09:15 . 2008-09-08 09:20 <DIR> d-------- C:\Documents and Settings\geek01a
2008-09-08 08:49 . 2008-09-08 09:07 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-09-06 23:31 . 2008-09-06 23:31 <DIR> d-------- C:\Program Files\CCleaner
2008-09-06 23:30 . 2008-09-06 23:30 2,928,600 --a------ C:\Temp\ccsetup211.exe
2008-09-05 10:06 . 2008-09-05 10:06 1,602,877 --a------ C:\Temp\ProcessExplorer.zip
2008-09-05 09:05 . 2008-09-08 09:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 09:05 . 2008-09-05 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 09:05 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 09:05 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 20:30 . 2008-08-25 18:03 <DIR> d-------- C:\house
2008-08-21 20:17 . 2008-08-21 20:46 275 --a------ C:\WINDOWS\pdf2word.INI
2008-08-21 20:16 . 2008-08-21 20:16 <DIR> d-------- C:\Program Files\UltiConverters
2008-08-21 15:04 . 2008-08-21 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-21 14:49 . 2008-08-21 14:49 <DIR> d-------- C:\Program Files\InfraRecorder
2008-08-21 10:25 . 2008-08-21 10:28 <DIR> d-------- C:\Program Files\Inkscape
2008-08-20 02:00 . 2008-08-20 02:00 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-08-15 00:00 . 2008-08-26 23:56 <DIR> d-------- C:\Temp\myfaces-examples
2008-08-11 16:40 . 2008-08-11 16:40 <DIR> d-------- C:\wbur
2008-08-11 15:16 . 2008-09-08 09:33 <DIR> d-------- C:\TDDOWNLOAD
2008-08-10 23:10 . 2008-08-10 23:10 <DIR> d-------- C:\Temp\SopCast
2008-08-10 22:39 . 2008-08-10 22:39 <DIR> d-------- C:\WINDOWS\system32\PPLive
2008-08-10 22:39 . 2008-08-10 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PPLive
2008-08-10 22:39 . 2008-08-10 22:39 1,073,741,824 --a------ C:\pfsvoddata.bbv
2008-08-10 22:38 . 2008-08-10 22:52 <DIR> d-------- C:\Program Files\PPLive
2008-08-10 22:38 . 2008-08-10 22:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Jlcm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 13:44 94,208 ----a-r C:\WINDOWS\Installer\{6B976ADF-8AE8-434E-B282-A06C7F624D2F}\python_icon.exe
2008-09-09 12:37 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-22 14:12 --------- d-----w C:\Program Files\Yahoo!
2008-08-11 15:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\yellowbookweb\3a8544bc\dc3e98f7\assembly\dl3\f82fc657\a076ac13_e1e1c801\WhiteWeb.DLL
2008-08-11 15:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\yellowbookweb\3a8544bc\dc3e98f7\assembly\dl3\9fe9e5de\b0bba713_e1e1c801\AmbWeb.DLL
2008-08-11 15:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\yellowbookweb\3a8544bc\dc3e98f7\assembly\dl3\0d7d61b6\b02caa13_e1e1c801\MFInstWeb.DLL
2008-08-11 15:10 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\yellowbookweb\3a8544bc\dc3e98f7\assembly\dl3\48c49931\90bb1714_e1e1c801\YB.GeoFunctions.DLL
2008-08-10 14:14 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-09 02:40 64,792 ----a-w C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll
2008-08-03 02:17 --------- d-----w C:\Program Files\StormII
2008-07-31 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-23 19:33 312,006 ----a-r C:\WINDOWS\Installer\{85A401AE-5EAA-4728-8F75-B078C7D558A4}\ARPPRODUCTICON.exe
2008-07-23 19:33 --------- d-----w C:\Program Files\PatchLink
2008-07-23 01:37 --------- d-----w C:\Program Files\Google
2008-07-20 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 20:30 --------- d-----w C:\Program Files\HooTech
2008-07-16 13:27 2,349 ----a-w C:\WINDOWS\system32\CCM\Cache\YB100019.2.System\FullSoftHardIn.vbs
2008-07-15 13:16 --------- d-----w C:\Program Files\SonicWALL
2008-07-14 04:12 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-14 04:12 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-14 04:12 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-07-14 04:11 --------- d-----w C:\Program Files\Intel
2008-07-11 16:17 10,134 ----a-r C:\WINDOWS\Installer\{9D4B411F-42F9-4566-9621-13D3A969F871}\ARPPRODUCTICON.exe
2008-07-09 18:00 548,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\keywordtoolinsertion\dbfd1bc5\243b2964\assembly\dl3\3abe09fc\c07c6dd5_e2e1c801\netchartdir.DLL
2008-07-09 18:00 1,904,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\keywordtoolinsertion\dbfd1bc5\243b2964\assembly\dl3\1b3ffdf9\006b84d6_e2e1c801\AjaxControlToolkit.DLL
2008-07-07 20:32 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
2008-07-07 20:23 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
2008-07-07 20:06 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
2008-07-03 20:10 4,158 ----a-w C:\WINDOWS\system32\CCM\Cache\YB100017.1.System\SCCM_DataHarvest.vbs
2008-06-27 16:22 10,134 ----a-r C:\WINDOWS\Installer\{B232CC8B-A796-4944-9ABF-00B06E58124D}\ARPPRODUCTICON.exe
2008-06-27 16:19 65,536 ----a-r C:\WINDOWS\Installer\{12AAA33E-36A2-4D97-96BA-3DF2760D1448}\ARPPRODUCTICON.exe
2008-06-24 16:53 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
2008-06-24 16:28 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
2008-06-24 16:23 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 14:57 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 16:01 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-06-23 09:20 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-23 08:23 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
2008-06-23 08:23 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
2008-06-23 08:23 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
2008-06-21 05:23 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
2008-06-21 03:11 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 19:22 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 19:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
2008-06-20 17:46 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
2008-06-20 17:43 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
2008-06-20 17:43 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
2008-06-20 17:41 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
2008-06-20 17:36 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
2008-06-20 14:35 8,192 ----a-w C:\WINDOWS\system32\spool\pm\spool\pm\LPDSVC.reg
2008-06-20 14:35 8,192 ----a-w C:\WINDOWS\system32\spool\pm\spool\pm\LoclMon.reg
2008-06-20 11:59 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:48 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
2008-06-20 11:16 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
2008-06-18 14:23 65,536 ----a-r C:\WINDOWS\Installer\{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}\ARPPRODUCTICON.exe
2008-06-13 13:10 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
2008-06-13 11:27 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
2008-06-13 09:52 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
2008-04-08 15:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2003-07-08 19:13 50,862 ----a-w C:\Program Files\yellowbookfingers.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 81920]
"BGInfo"="C:\WINDOWS\System32\BGInfo\BGInfo.exe" [2004-09-22 741421]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"RegMediaPlayerFix"="C:\windows\Media_Player_key.vbs" [2007-07-24 531]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-05-05 356429]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"WinVNC"="C:\WINDOWS\system32\rc\winvnc.exe" [2002-09-20 319488]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-05-26 255472]
"PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe" [2007-10-18 425984]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 158208]
"nwiz"="nwiz.exe" [2007-08-23 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-08-23 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Unified Video Advantage.lnk - C:\Program Files\Cisco Systems\Cisco Unified Video Advantage\VideoAdvantage.exe [2008-01-08 4538368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=YBStartup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ccosm"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\StormII\\Storm.exe"=
"C:\\Program Files\\StormII\\stormliv.exe"=
"C:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2701:TCP"= 2701:TCP:SMSRemoteTools
"23:TCP"= 23:TCP:Telnet
"12345:TCP"= 12345:TCP:TrendBHMUNIKOPIRVCDRProd
"58127:TCP"= 58127:TCP:TrendBHMTest1
"27106:TCP"= 27106:TCP:TrendBHMTest2
"61320:TCP"= 61320:TCP:TrendEFFProd
"63113:TCP"= 63113:TCP:TrendWICProd
"61077:TCP"= 61077:TCP:TrendSNDProd
"50000:TCP"= 50000:TCP:MassTransit
"21:TCP"= 21:TCP:FTP
"25253:TCP"= 25253:TCP:PatchlinkPDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R1 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2007-09-27 101528]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2008-05-20 757792]
R2 FGR Service;FGR Service;C:\Program Files\1435_Fiberlink\Fgrd.exe [2003-03-03 57344]
R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\ndiscdp.sys [2007-12-05 20400]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2008-05-20 23584]
R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
R3 smsmdd;smsmdd;C:\WINDOWS\system32\DRIVERS\smsmdm.sys [2008-04-08 12448]
S3 cvpopflt;Cisco POP Suppression Filter;C:\WINDOWS\system32\DRIVERS\cvpopflt.sys [2007-05-09 1507104]
S3 CVUVC;Cisco VT Camera II(UVC);C:\WINDOWS\system32\DRIVERS\cvuvc.sys [2007-05-09 1924128]
S3 cvuvcflt;UVC Filter Service (Cisco);C:\WINDOWS\system32\DRIVERS\cvuvcflt.sys [2007-05-09 22432]
S3 smstsmgr;SMS Task Sequence Agent;C:\WINDOWS\system32\CCM\TSManager.exe [2008-05-20 249888]
S3 VSPerfDrv;Performance Tools Driver;c:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464]
S4 ccosm;Contrl Center of Storm Media;C:\Program Files\StormII\stormliv.exe [2008-05-28 475136]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<LCS]
Regedit.exe /s "C:\Program Files\Desktop Engineering\LCS\LCSUSERSETTINGS.reg"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>YBSet]
C:\Windows\UserSetup.CMD
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{0324CC94-250C-41FA-9466-BCAAACFBF210} - C:\WINDOWS\system32\comui.dll
BHO-{140F6F63-FF09-467B-93FC-AF4E8171F8CC} - C:\WINDOWS\system32\comui.dll
BHO-{429BF9B0-61DB-49A5-86E2-18C1725FD8D6} - C:\WINDOWS\system32\comui.dll
BHO-{5A0F6B45-7392-41C1-AB8B-60F9AED3AE31} - C:\WINDOWS\system32\comui.dll
BHO-{5AF7515F-F325-4063-B729-951A7EFDECBA} - C:\WINDOWS\system32\comui.dll
BHO-{5BE7CC95-974F-415B-A3FD-B3A3AE3E3EBF} - C:\WINDOWS\system32\comui.dll
BHO-{610161C1-B0B4-4838-8696-93CD962B62F2} - C:\WINDOWS\system32\comui.dll
BHO-{6586022A-4062-475B-A71C-44316A15D6E7} - C:\WINDOWS\system32\comui.dll
BHO-{70C6670E-9889-41B2-8C75-693E692CC2CA} - C:\WINDOWS\system32\comui.dll
BHO-{7E2158B7-798C-43E2-AC10-DA283535A465} - C:\WINDOWS\system32\comui.dll
BHO-{923570D5-5CF7-40F7-994B-099EEB8779DB} - C:\WINDOWS\system32\comui.dll
BHO-{94B91830-FA11-4438-A294-829BB2987B9D} - C:\WINDOWS\system32\comui.dll
BHO-{99BBD18E-212E-45BB-A29C-A7A6AF4C7D97} - C:\WINDOWS\system32\comui.dll
BHO-{A7FF188C-11F8-4FA5-AF1B-759C86D06D5A} - C:\WINDOWS\system32\comui.dll
BHO-{B03E3B25-9C4C-423E-AF23-E86B31249118} - C:\WINDOWS\system32\comui.dll
BHO-{C2E1DCBE-ADB9-472C-BA8C-FC0AE0B11B26} - C:\WINDOWS\system32\comui.dll
BHO-{D307EF16-029B-4C80-B4B3-31E6B070CDE3} - C:\WINDOWS\system32\comui.dll
BHO-{DEEA5E92-2639-4E15-A00B-054907730343} - C:\WINDOWS\system32\comui.dll
BHO-{E30F40BF-E496-43C5-81D1-A0E5D5C6F151} - C:\WINDOWS\system32\comui.dll
BHO-{E7A1E36D-7AA6-4CA2-83B4-86151A2921D4} - C:\WINDOWS\system32\comui.dll
BHO-{F6CED86D-D637-4018-A658-340DBEACB87B} - C:\WINDOWS\system32\comui.dll
HKLM-Explorer_Run-HS43LUetjX - C:\Documents and Settings\All Users\Application Data\mvyxutsf\yhovwhod.exe
MSConfigStartUp-infohlpact - C:\WINDOWS\system32\uxetilwx.exe
MSConfigStartUp-lphctgvj0enbr - C:\WINDOWS\system32\lphctgvj0enbr.exe
MSConfigStartUp-SMrhcpgvj0enbr - C:\Program Files\rhcpgvj0enbr\rhcpgvj0enbr.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\cheng01\Application Data\Mozilla\Firefox\Profiles\s0ywta2k.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPJPI142_12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_12\bin\NPOJI610.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
.
------- File Associations (Beta) -------
.
chm.file="hh.exe" %1
txtfile=C:\WINDOWS\notepad.exe %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 23:13:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
Completion time: 2008-09-09 23:21:47
ComboFix-quarantined-files.txt 2008-09-10 03:21:45

Pre-Run: 81,658,761,216 bytes free
Post-Run: 81,911,984,128 bytes free

311

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 03 December 2009 - 11:08 PM

Oh my! :)
You have been seriously infected for a long time!
I see that you ran Combofix once before a long time ago.

Please note....

One or more of the identified infections is a Backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If after careful consideration you have decided to move forward with cleanup then please proceed as I have outlined below.

==========

Do you purposely have a proxy with Yellowbook?

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe

Folder::
c:\documents and settings\cheng01\Application Data\BITS

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]

Driver::
zsuqesna

Rootkit::
c:\windows\system32\drivers\jrgijvxt.sys

DDS::
E: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

With your next post please provide:

* Are you still getting redirected?
* Do you purposely have a proxy with Yellowbook?
* Combofix.txt
* Kaspersky log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 04 December 2009 - 10:03 AM

Thanks for your help. I haven't got any redirects now. But I limited my usage of this machine, so it is not sure. The proxy with yellowbook is intentional. I run the combofix again. but got blue screen during the run. there is no combofix.txt saved. I will run it tonight again. Thanks.

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 04 December 2009 - 12:17 PM

Hello,

I run the combofix again. but got blue screen during the run. there is no combofix.txt saved. I will run it tonight again.

STOP!!!

Remember my 1st post to you!

Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it.


Please re-read my instructions! Do not do anything other than what I have instructed you to do. If you are unable to complete my instructions STOP and tell me about it!

Do this instead.....

( I changed the script)

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe

Folder::
c:\documents and settings\cheng01\Application Data\BITS

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]

Driver::
zsuqesna

Rootkit::
c:\windows\system32\drivers\jrgijvxt.sys

DDS::
E: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Perform an online scan with Kaspersky WebScanner. This can take a long time so please be patient.

If you have troubles getting it to run.... - STOP - and tell me about it!

(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image

==========

With your next post please provide:

* Combofix.txt
* Kaspersky log
* How is your computer running?

Kind regards,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 06 December 2009 - 08:42 AM

The computer is running better. Here is the two reports. Sorry it tooks a long time to get it.

ComboFix 09-12-02.05 - cheng01 2009-12-05 10:31.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.3582.2788 [GMT -5:00]
执行位置: c:\documents and settings\cheng01\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\cheng01\Desktop\CFScript.txt
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {7D098DD7-0B8B-470E-ACAD-263F61EFB47D}

FILE ::
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe"
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- 早前运行的结果 -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe
c:\program files\Thunder Network\Thunder\Program\getallurl.htm

-- 早前运行的结果 --

找不到 。。。 "c:\windows\system32\proquota.exe"!!

--------

找不到 。。。 "c:\windows\system32\proquota.exe"!!

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_zsuqesna


((((((((((((((((((((((((( 2009-11-05 至 2009-12-05 的新的档案 )))))))))))))))))))))))))))))))
.

2009-12-04 21:37 . 2009-12-04 21:44 -------- d-----w- c:\program files\Opt-In Software
2009-12-04 20:56 . 2009-12-04 20:58 -------- d-----w- c:\program files\Proxy Vampire
2009-12-04 20:23 . 2009-12-04 20:23 -------- d-----w- c:\program files\ProxyFinder
2009-12-04 19:47 . 2009-12-04 20:15 -------- d-----w- c:\program files\ProxyWay
2009-12-03 03:21 . 2009-12-03 04:38 -------- d-----w- C:\thcbytes
2009-12-02 14:24 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-01 00:37 . 2009-12-02 14:11 52065 ----a-w- c:\windows\system32\nvModes.dat
2009-11-30 20:30 . 2009-12-04 01:11 2529 ----a-w- c:\windows\system32\cid_store.dat
2009-11-30 20:30 . 2009-12-04 01:10 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-11-23 19:15 . 2009-11-23 19:18 -------- d-----w- c:\documents and settings\cheng01\.jprofiler6
2009-11-23 19:12 . 2009-11-23 19:13 -------- d-----w- c:\program files\jprofiler6
2009-11-19 05:00 . 2008-02-21 15:08 38656 ----a-w- c:\windows\system32\drivers\Capt9052.sys
2009-11-19 05:00 . 2008-02-21 15:08 25216 ----a-w- c:\windows\system32\drivers\Camd9052.sys
2009-11-19 04:59 . 2009-11-19 05:00 -------- d-----w- c:\program files\Disney Micro
2009-11-19 04:57 . 2007-05-18 16:41 37760 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2009-11-19 04:57 . 2007-04-28 15:25 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2009-11-19 04:57 . 2009-11-19 04:59 -------- d-----w- c:\program files\DB CIF Cam
2009-11-19 04:57 . 2009-11-19 04:57 -------- d-----w- c:\documents and settings\cheng01\Application Data\InstallShield
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Disney Pix Micro Downloader
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 01:42 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 01:42 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 01:42 . 2009-11-19 01:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 19:22 . 2009-11-18 19:22 -------- d-----w- C:\erpm
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Application Data\syntevo
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Cisco
2009-11-15 04:47 . 2009-11-15 04:47 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Apple Computer
2009-11-15 02:43 . 2009-11-15 02:43 -------- d-----w- c:\documents and settings\cheng01\Application Data\PPLive
2009-11-15 01:12 . 2009-11-15 02:43 -------- d-----w- c:\program files\PPLive
2009-11-12 00:58 . 2009-11-12 00:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Tencent
2009-11-11 22:58 . 2009-11-17 02:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Temp
2009-11-11 16:54 . 2009-11-11 16:54 -------- d-----w- c:\documents and settings\cheng01\Application Data\AdobeUM
2009-11-11 16:52 . 2009-11-30 18:32 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Adobe
2009-11-11 14:25 . 2009-11-11 14:25 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Mozilla
2009-11-11 12:47 . 2009-11-11 12:47 53464 ----a-w- c:\documents and settings\cheng01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 12:46 . 2009-11-11 12:46 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Winternals
2009-11-11 05:29 . 2009-12-02 05:09 -------- d-----w- c:\documents and settings\cheng01\Application Data\gtk-2.0
2009-11-11 04:50 . 2009-11-13 14:57 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Google
2009-11-10 20:14 . 2009-11-10 20:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 20:12 . 2009-11-10 20:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 20:10 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-10 20:10 . 2009-11-10 20:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 20:06 . 2009-11-10 20:06 -------- d-----w- c:\program files\Microsoft
2009-11-10 20:05 . 2009-11-10 20:13 -------- d-----w- c:\program files\Windows Live
2009-11-07 18:27 . 2009-11-07 18:27 -------- d-----w- c:\documents and settings\cheng01\.thumbnails
2009-11-07 16:42 . 2009-12-02 05:21 -------- d-----w- c:\documents and settings\cheng01\.gimp-2.6
2009-11-07 16:41 . 2009-11-07 16:41 -------- d-----w- c:\program files\GIMP-2.0

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-03 21:33 . 2008-09-08 13:21 -------- d-----w- c:\documents and settings\cheng01\Application Data\Skype
2009-12-03 19:31 . 2008-09-08 14:05 -------- d-----w- c:\documents and settings\cheng01\Application Data\skypePM
2009-12-02 05:51 . 2008-05-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-11-30 20:37 . 2008-04-03 18:31 -------- d-----w- c:\program files\Trend Micro
2009-11-19 04:59 . 2008-04-03 18:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 01:06 . 2009-01-21 01:35 -------- d-----w- c:\program files\qqqtv
2009-11-10 22:00 . 2008-04-22 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-02 01:58 . 2009-10-16 15:20 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 13:19 . 2009-10-21 13:19 53464 ----a-w- c:\documents and settings\cheng01a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-07-08 19:13 . 2008-04-03 18:42 50862 ----a-w- c:\program files\yellowbookfingers.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-12-03_04.33.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-05 15:44 . 2009-12-05 15:44 4608 c:\windows\temp\e4j7.tmp_dir10246\i4jdel.exe
+ 2008-12-04 20:32 . 2008-12-04 20:32 2346 c:\windows\system32\CCM\Cache\YB100250.1.System\hardwaresoftwareforce.vbs
+ 2009-12-05 15:44 . 2008-09-11 17:48 176195 c:\windows\temp\JMFBF9.EXE
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"BGInfo"="c:\windows\System32\BGInfo\BGInfo.exe" [2004-09-22 741421]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"RegMediaPlayerFix"="c:\windows\Media_Player_key.vbs" [2007-07-24 531]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-09-11 356429]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-23 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-08-23 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-10 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ccosm"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\酷6网\\极速酷6\\Ku6SpeedUpper.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2701:TCP"= 2701:TCP:SMSRemoteTools
"23:TCP"= 23:TCP:Telnet
"12345:TCP"= 12345:TCP:TrendBHMUNIKOPIRVCDRProd
"58127:TCP"= 58127:TCP:TrendBHMTest1
"27106:TCP"= 27106:TCP:TrendBHMTest2
"61320:TCP"= 61320:TCP:TrendEFFProd
"63113:TCP"= 63113:TCP:TrendWICProd
"61077:TCP"= 61077:TCP:TrendSNDProd
"50000:TCP"= 50000:TCP:MassTransit
"21:TCP"= 21:TCP:FTP
"25253:TCP"= 25253:TCP:PatchlinkPDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R2 FGR Service;FGR Service;c:\program files\1435_Fiberlink\Fgrd.exe [2003-03-03 57344]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [2007-12-05 20400]
R2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6\bin\statuscached.exe [2009-08-22 215040]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2005-11-09 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2005-11-09 36368]
S2 gupdate1ca072ddfa3fa0e;Google Update Service (gupdate1ca072ddfa3fa0e);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
S3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\drivers\cvpopflt.sys [2008-06-27 1507104]
S3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\drivers\Cvuvc.sys [2008-06-27 1924128]
S3 cvuvcflt;UVC Filter Service (Cisco);c:\windows\system32\drivers\cvuvcflt.sys [2008-06-27 22432]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2009-11-19 38656]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<LCS]
Regedit.exe /s "c:\program files\Desktop Engineering\LCS\LCSUSERSETTINGS.reg"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>YBSet]
c:\windows\UserSetup.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Communicator2007_Settings]
"c:\adminfolder\Communicator2007_Settings.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E02E48F-1C41-425D-A165-FCCCBC16F234}]
msiexec /fou {0E02E48F-1C41-425D-A165-FCCCBC16F234} /qb
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://ybnet.corp.ybusa.net
mStart Page = hxxp://ybnet.corp.ybusa.net
uInternet Settings,ProxyServer = ybkopisa01:8080
uInternet Settings,ProxyOverride = <local>
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: ybusa.net\corp
DPF: iLO 2 Remote Console Applet - hxxps://dmzkopwrrp01i/dvc.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://ybcdrcnt01.corp.ybusa.net/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://ybcdrerm01/eRoomSetup/client.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl12.igame.sina.com.cn/downloader.cab
DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} - hxxp://www.bluesky.cn/download/filetran.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\cheng01\Application Data\Mozilla\Firefox\Profiles\s0ywta2k.default\
FF - prefs.js: network.proxy.ftp - ybkopisa01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - ybkopisa01
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - ybkopisa01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - ybkopisa01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - ybkopisa01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.config.filename","netscape.jsc");.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ProxyWay - c:\program files\ProxyWay\proxyway.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 10:46
Windows 5.1.2600 Service Pack 2 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'explorer.exe'(3908)
c:\program files\SmartSVN 6\lib\shellext32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\StacSV.exe
c:\program files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
c:\windows\TEMP\JMFBF9.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Trend Micro\OfficeScan Client\Pop3Trap.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\CCM\SMSCliUI.exe
.
**************************************************************************
.
完成时间: 2009-12-05 11:57 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-12-05 16:57
ComboFix2.txt 2009-12-03 04:38
ComboFix3.txt 2008-09-10 03:21

Pre-Run: 41,929,551,872 bytes free
Post-Run: 41,909,465,088 bytes free

- - End Of File - - 59356B2C0F8076C4E181DF6DAC1D7A69

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, December 6, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, December 05, 2009 16:52:21
Records in database: 3333384
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 761659
Threats found: 16
Infected objects found: 60
Suspicious objects found: 0
Scan duration: 16:45:37


File name / Threat / Threats count
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\87D5BABCd01 Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\87D5BABCd01 Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\8eZHvT8p.zip.part Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\8eZHvT8p.zip.part Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0055569.exe Infected: Backdoor.Win32.Frauder.aie 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\A0060877.dll Infected: Rootkit.Win32.Small.ra 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\b.exe Infected: Trojan-Downloader.Win32.Small.jeh 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\bgl.exe Infected: Backdoor.Win32.Frauder.aie 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\ChkDisk.dll Infected: Rootkit.Win32.Small.ra 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\EFF833F3d01 Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\EFF833F3d01 Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\ms.dll Infected: Rootkit.Win32.Small.ra 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\protect.dll Infected: Rootkit.Win32.Small.ra 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai26.exe Infected: not-a-virus:AdWare.Win32.Shopper.v 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai26_8b8.VIR Infected: not-a-virus:AdWare.Win32.Shopper.v 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai26_8d4.VIR Infected: not-a-virus:AdWare.Win32.Shopper.v 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28.tmp Infected: not-a-virus:AdWare.Win32.Shopper.ar 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28.tmp Infected: not-a-virus:AdWare.Win32.Shopper.l 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28.tmp Infected: not-a-virus:AdWare.Win32.HotBar.ck 6
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28.tmp Infected: not-a-virus:WebToolbar.Win32.Zango.bd 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c0.VIR Infected: not-a-virus:AdWare.Win32.Shopper.ar 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c0.VIR Infected: not-a-virus:AdWare.Win32.Shopper.l 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c0.VIR Infected: not-a-virus:AdWare.Win32.HotBar.ck 6
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c0.VIR Infected: not-a-virus:WebToolbar.Win32.Zango.bd 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c8.VIR Infected: not-a-virus:AdWare.Win32.Shopper.ar 2
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c8.VIR Infected: not-a-virus:AdWare.Win32.Shopper.l 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c8.VIR Infected: not-a-virus:AdWare.Win32.HotBar.ck 6
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sai28_8c8.VIR Infected: not-a-virus:WebToolbar.Win32.Zango.bd 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\SwDv.exe Infected: Trojan.Win32.Small.bvb 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\winvsnet.tmp Infected: Trojan.Win32.Midgare.tjc 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\wpepro09x.zip Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\wpepro09x.zip Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\wpv341229768718.cpx Infected: Trojan-Downloader.Win32.Agent.auhc 1
C:\Program Files\Trend Micro\OfficeScan Client\VSS9UL07.01F Infected: Backdoor.Win32.BlackHole.doi 1
C:\Program Files\Trend Micro\OfficeScan Client\VSSC1UGF.018 Infected: Backdoor.Win32.BlackHole.doi 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{190F2C94-6788-9E4A-7307-150D0C2D1681}-winupdate86.exe.vir Infected: Packed.Win32.Krap.ah 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{78F12063-8CE6-A419-672B-1F53E08AB337}-winupdate86.exe.vir Infected: Packed.Win32.Krap.ah 1
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{D02799FC-C17E-26A8-C8A8-90A43396ED1F}-winupdate86.exe.vir Infected: Packed.Win32.Krap.ah 1
C:\WINDOWS\system32\rc\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

Selected area has been scanned.

#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 06 December 2009 - 04:12 PM

Do you have your Windows XP install disc?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 06 December 2009 - 07:57 PM

No, I don't have Windows XP install disc. Anything I can get from the web? Thanks very much for your help.

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 07 December 2009 - 12:08 AM

You have an infected critical system file. I will see if your computer has a replacement.

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Mia::
c:\windows\system32\proquota.exe

SRPeek::
c:\windows\system32\proquota.exe

DDS::
uStart Page = hxxp://ybnet.corp.ybusa.net
mStart Page = hxxp://ybnet.corp.ybusa.net
uInternet Settings,ProxyServer = ybkopisa01:8080
uInternet Settings,ProxyOverride =
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Firefox::
FF - prefs.js: network.proxy.ftp - ybkopisa01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - ybkopisa01
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - ybkopisa01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - ybkopisa01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - ybkopisa01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

===========

With your next post please provide:

* Combofix.txt
* MBAM log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 07 December 2009 - 12:56 PM

Thanks for your help. I will run these tonight.

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 AM

Posted 07 December 2009 - 05:08 PM

:(
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 newmystery

newmystery
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:18 AM

Posted 08 December 2009 - 12:33 PM

Here are the log files. I still can find a suspicuous process running from Task Manager, and every time with different name, eg. HY783.dll
Malwarebytes' Anti-Malware can not find anything.

ComboFix 09-12-02.05 - cheng01 2009-12-08 1:26.5.2 - x86
执行位置: c:\documents and settings\cheng01\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\cheng01\Desktop\CFScript.txt
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {7D098DD7-0B8B-470E-ACAD-263F61EFB47D}
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Thunder Network\Thunder\Program\geturl.htm

找不到 。。。 "c:\windows\system32\proquota.exe"!!

找不到 。。。 "c:\windows\system32\proquota.exe"!!

.
((((((((((((((((((((((((( 2009-11-08 至 2009-12-08 的新的档案 )))))))))))))))))))))))))))))))
.

2009-12-08 06:02 . 2009-12-08 06:02 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 17:25 . 2009-12-05 17:25 152576 ----a-w- c:\documents and settings\cheng01\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 17:24 . 2009-12-05 17:24 79488 ----a-w- c:\documents and settings\cheng01\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-04 21:37 . 2009-12-04 21:44 -------- d-----w- c:\program files\Opt-In Software
2009-12-04 20:56 . 2009-12-04 20:58 -------- d-----w- c:\program files\Proxy Vampire
2009-12-04 20:23 . 2009-12-04 20:23 -------- d-----w- c:\program files\ProxyFinder
2009-12-04 19:47 . 2009-12-04 20:15 -------- d-----w- c:\program files\ProxyWay
2009-12-03 03:21 . 2009-12-03 04:38 -------- d-----w- C:\thcbytes
2009-12-02 14:24 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-01 00:37 . 2009-12-02 14:11 52065 ----a-w- c:\windows\system32\nvModes.dat
2009-11-30 20:30 . 2009-12-08 06:16 3235 ----a-w- c:\windows\system32\cid_store.dat
2009-11-30 20:30 . 2009-12-08 03:36 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-11-23 19:15 . 2009-11-23 19:18 -------- d-----w- c:\documents and settings\cheng01\.jprofiler6
2009-11-23 19:12 . 2009-11-23 19:13 -------- d-----w- c:\program files\jprofiler6
2009-11-19 05:00 . 2008-02-21 15:08 38656 ----a-w- c:\windows\system32\drivers\Capt9052.sys
2009-11-19 05:00 . 2008-02-21 15:08 25216 ----a-w- c:\windows\system32\drivers\Camd9052.sys
2009-11-19 04:59 . 2009-11-19 05:00 -------- d-----w- c:\program files\Disney Micro
2009-11-19 04:57 . 2007-05-18 16:41 37760 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2009-11-19 04:57 . 2007-04-28 15:25 25216 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2009-11-19 04:57 . 2009-11-19 04:59 -------- d-----w- c:\program files\DB CIF Cam
2009-11-19 04:57 . 2009-11-19 04:57 -------- d-----w- c:\documents and settings\cheng01\Application Data\InstallShield
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Disney Pix Micro Downloader
2009-11-19 04:56 . 2009-11-19 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-19 01:42 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-19 01:42 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-19 01:42 . 2009-12-08 06:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 19:22 . 2009-11-18 19:22 -------- d-----w- C:\erpm
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Application Data\syntevo
2009-11-18 14:59 . 2009-11-18 14:59 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Cisco
2009-11-15 04:47 . 2009-11-15 04:47 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Apple Computer
2009-11-15 02:43 . 2009-11-15 02:43 -------- d-----w- c:\documents and settings\cheng01\Application Data\PPLive
2009-11-15 01:12 . 2009-11-15 02:43 -------- d-----w- c:\program files\PPLive
2009-11-12 00:58 . 2009-11-12 00:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Tencent
2009-11-11 22:58 . 2009-11-17 02:58 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Temp
2009-11-11 16:54 . 2009-11-11 16:54 -------- d-----w- c:\documents and settings\cheng01\Application Data\AdobeUM
2009-11-11 16:52 . 2009-11-30 18:32 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Adobe
2009-11-11 14:25 . 2009-11-11 14:25 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Mozilla
2009-11-11 12:47 . 2009-11-11 12:47 53464 ----a-w- c:\documents and settings\cheng01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 12:46 . 2009-11-11 12:46 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Winternals
2009-11-11 05:29 . 2009-12-02 05:09 -------- d-----w- c:\documents and settings\cheng01\Application Data\gtk-2.0
2009-11-11 04:50 . 2009-11-13 14:57 -------- d-----w- c:\documents and settings\cheng01\Local Settings\Application Data\Google
2009-11-10 20:14 . 2009-11-10 20:14 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-10 20:12 . 2009-11-10 20:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 20:10 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-10 20:10 . 2009-11-10 20:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 20:06 . 2009-11-10 20:06 -------- d-----w- c:\program files\Microsoft
2009-11-10 20:05 . 2009-11-10 20:13 -------- d-----w- c:\program files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 06:02 . 2009-12-08 06:02 696832 ----a-w- c:\windows\isRS-000.tmp
2009-12-05 17:26 . 2009-03-29 01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-05 17:26 . 2009-07-25 15:39 -------- d-----w- c:\program files\Java
2009-12-03 21:33 . 2008-09-08 13:21 -------- d-----w- c:\documents and settings\cheng01\Application Data\Skype
2009-12-03 19:31 . 2008-09-08 14:05 -------- d-----w- c:\documents and settings\cheng01\Application Data\skypePM
2009-12-02 05:51 . 2008-05-29 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-11-30 20:37 . 2008-04-03 18:31 -------- d-----w- c:\program files\Trend Micro
2009-11-30 20:00 . 2009-02-17 20:36 86016 ----a-w- c:\documents and settings\cheng01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\specialhook.dll
2009-11-30 20:00 . 2009-02-17 20:36 158720 ----a-w- c:\documents and settings\cheng01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\ciscounifiedaddin6x5\audiofunc.dll
2009-11-19 04:59 . 2008-04-03 18:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 01:06 . 2009-01-21 01:35 -------- d-----w- c:\program files\qqqtv
2009-11-10 22:00 . 2008-04-22 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-07 16:41 . 2009-11-07 16:41 -------- d-----w- c:\program files\GIMP-2.0
2009-11-02 01:58 . 2009-10-16 15:20 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-21 13:19 . 2009-10-21 13:19 53464 ----a-w- c:\documents and settings\cheng01a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 03:15 . 2009-06-07 17:43 31048 ------w- c:\documents and settings\cheng01\Application Data\Tencent\QQ\SafeBase\selfupdate.exe
2009-09-24 02:23 . 2009-09-24 02:22 8700840 ----a-w- c:\documents and settings\cheng01\Application Data\FlashgetSetup\flashget_17922_1.exe
2003-07-08 19:13 . 2008-04-03 18:42 50862 ----a-w- c:\program files\yellowbookfingers.ico
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((( SnapShot@2009-12-03_04.33.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-04 20:32 . 2008-12-04 20:32 2346 c:\windows\system32\CCM\Cache\YB100250.1.System\hardwaresoftwareforce.vbs
+ 2009-12-05 17:27 . 2009-12-05 17:26 149280 c:\windows\system32\javaws.exe
+ 2009-12-05 17:27 . 2009-12-05 17:26 145184 c:\windows\system32\javaw.exe
+ 2009-12-05 17:27 . 2009-12-05 17:26 145184 c:\windows\system32\java.exe
+ 2009-12-05 17:26 . 2009-12-05 17:26 537600 c:\windows\Installer\5dd531.msi
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2009-08-22 14:01 249856 ----a-w- c:\program files\SmartSVN 6\lib\shellext32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"BGInfo"="c:\windows\System32\BGInfo\BGInfo.exe" [2004-09-22 741421]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"RegMediaPlayerFix"="c:\windows\Media_Player_key.vbs" [2007-07-24 531]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-09-11 356429]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-08-23 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2007-08-23 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-10 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ccosm"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\酷6网\\极速酷6\\Ku6SpeedUpper.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2701:TCP"= 2701:TCP:SMSRemoteTools
"23:TCP"= 23:TCP:Telnet
"12345:TCP"= 12345:TCP:TrendBHMUNIKOPIRVCDRProd
"58127:TCP"= 58127:TCP:TrendBHMTest1
"27106:TCP"= 27106:TCP:TrendBHMTest2
"61320:TCP"= 61320:TCP:TrendEFFProd
"63113:TCP"= 63113:TCP:TrendWICProd
"61077:TCP"= 61077:TCP:TrendSNDProd
"50000:TCP"= 50000:TCP:MassTransit
"21:TCP"= 21:TCP:FTP
"25253:TCP"= 25253:TCP:PatchlinkPDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)

R2 FGR Service;FGR Service;c:\program files\1435_Fiberlink\Fgrd.exe [2003-03-03 57344]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [2007-12-05 20400]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [2005-11-09 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2005-11-09 36368]
S2 gupdate1ca072ddfa3fa0e;Google Update Service (gupdate1ca072ddfa3fa0e);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
S2 statuscached;SmartSVN Status Cache;c:\program files\SmartSVN 6\bin\statuscached.exe [2009-08-22 215040]
S3 cvpopflt;Cisco POP Suppression Filter;c:\windows\system32\drivers\cvpopflt.sys [2008-06-27 1507104]
S3 CVUVC;Cisco VT Camera II(UVC);c:\windows\system32\drivers\Cvuvc.sys [2008-06-27 1924128]
S3 cvuvcflt;UVC Filter Service (Cisco);c:\windows\system32\drivers\cvuvcflt.sys [2008-06-27 22432]
S3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2009-11-19 38656]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 54464]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<LCS]
Regedit.exe /s "c:\program files\Desktop Engineering\LCS\LCSUSERSETTINGS.reg"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>YBSet]
c:\windows\UserSetup.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Communicator2007_Settings]
"c:\adminfolder\Communicator2007_Settings.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0E02E48F-1C41-425D-A165-FCCCBC16F234}]
msiexec /fou {0E02E48F-1C41-425D-A165-FCCCBC16F234} /qb
.
.
------- 而外的扫描 -------
.
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: toyotausa.com\www
Trusted Zone: ybkopsms02
Trusted Zone: ybusa.net\corp
DPF: iLO 2 Remote Console Applet - hxxps://dmzkopwrrp01i/dvc.cab
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://ybcdrcnt01.corp.ybusa.net/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} - hxxp://ybcdrerm01/eRoomSetup/client.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl12.igame.sina.com.cn/downloader.cab
DPF: {88734439-46D0-42C0-A13F-7E881EE550CF} - hxxp://www.bluesky.cn/download/filetran.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\cheng01\Application Data\Mozilla\Firefox\Profiles\s0ywta2k.default\
FF - prefs.js: network.proxy.ftp - ybkopisa01
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - ybkopisa01
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - ybkopisa01
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - ybkopisa01
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - ybkopisa01
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("general.config.filename","netscape.jsc");.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 01:41
Windows 5.1.2600 Service Pack 2 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(1248)
c:\windows\system32\netprovcredman.dll
.
完成时间: 2009-12-08 06:44
ComboFix-quarantined-files.txt 2009-12-08 11:44
ComboFix2.txt 2009-12-05 16:57
ComboFix3.txt 2009-12-03 04:38
ComboFix4.txt 2008-09-10 03:21

Pre-Run: 40,891,383,808 bytes free
Post-Run: 41,070,600,192 bytes free

- - End Of File - - 5B43BFB68A24BBF545C7489D02745A89

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2009-12-08 08:37:57
mbam-log-2009-12-08 (08-37-57).txt

Scan type: Quick Scan
Objects scanned: 144641
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users