Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.PornPopUp


  • This topic is locked This topic is locked
2 replies to this topic

#1 laksjdfh

laksjdfh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 07 July 2010 - 12:08 AM

Hi,

Win32.PornPopUp showed up on a spybot scan I did a couple weeks ago (in addition to the right media that always shows up). Since then, every couple of days or so, it shows up. I read about ComboFix and decided to try it. It didn't solve the problem I was looking at, but it did find a bunch of stuff related to something called stormII and put it in a vault. Then I realized my media player was gone. I downloaded a codec allowing me to play avi files in windows media player. My computer then started taking a long time to shut down, telling me to wait while it did something and not to manually shut it down. I can't be more specific because the message that it gave me, and most of the messages it gives me, are in Chinese, and my Chinese isn't that great. I ran ComboFix again. After that, when I tried to play poker on Full Tilt, I constantly got disconnected. I pressed ctrl/alt/del and looked at the second tab. The system idle was at 0%. Even now, as I write this, with nothing else running, system idle is fluctuating between 37% and 78%. And still, when I shut my computer down, it doesn't want to. I used ComboFix without bring asked to and this may have caused some problems. There were often problems with connectivity while playing both on Full Tilt and Absolute Poker before I started these scans, though, and eventually, this is the problem I would really like to get sorted out.

BELOW ARE THE TWO COMBOFIX SCAN LOGS, BACK TO BACK. aS i WRI

ComboFix 10-06-30.03 - Administrator -07-02 星期五 1:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.2047.1592 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
AV: 江民杀毒软件KV2009 *On-access scanning disabled* (Updated) {C10C7F2B-62BC-4a8e-95E4-509FA2393860}
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\StormII
c:\program files\StormII\baofeng.swf
c:\program files\StormII\BfOptDll.dll
c:\program files\StormII\BFThumbs.dll
c:\program files\StormII\Box\BoxLog.dll
c:\program files\StormII\Box\HttpServer.dll
c:\program files\StormII\Box\MovieBoxCore.dll
c:\program files\StormII\Box\MovieBoxPS.dll
c:\program files\StormII\Box\Skin\MovieBox.zip
c:\program files\StormII\Box\Stline.exe
c:\program files\StormII\Box\UILib.dll
c:\program files\StormII\Box\UiManager.dll
c:\program files\StormII\Box\UiPlay.dll
c:\program files\StormII\Box\UitvWrapper_dll.dll
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\aasc32.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\ACDV.dll
c:\program files\StormII\codec\acelpdec.ax
c:\program files\StormII\codec\asusasv1.dll
c:\program files\StormII\codec\asusasv2.dll
c:\program files\StormII\codec\ativcr2.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\avidavicodec.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cdxareader.ax
c:\program files\StormII\codec\ChpSrcFilter.ax
c:\program files\StormII\codec\CinemasterAudio.DLL
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLNavX.ax
c:\program files\StormII\codec\CLRVIDDC.DLL
c:\program files\StormII\codec\clrviddd.dll
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVSD.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUVCcodc.dll
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\DSMSplitter.ax
c:\program files\StormII\codec\dxvadec.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\frapsvid.dll
c:\program files\StormII\codec\GeoCodec.dll
c:\program files\StormII\codec\i263_32.drv
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\kdh4.dll
c:\program files\StormII\codec\kdm4.dll
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\l3codecx.ax
c:\program files\StormII\codec\LCodcCMP.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\libmpeg2_ff.dll
c:\program files\StormII\codec\libmplayer.dll
c:\program files\StormII\codec\LMVRGBxf.dll
c:\program files\StormII\codec\LMVYUVxf.dll
c:\program files\StormII\codec\lsvxdec.dll
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\Microsoft.VC90.CRT.manifest
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\MP3DMOD.DLL
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\mp43dmod.dll
c:\program files\StormII\codec\MP4Demux.ax
c:\program files\StormII\codec\mp4sdmod.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\MpaDecFilter.ax
c:\program files\StormII\codec\MpaSplitter.ax
c:\program files\StormII\codec\mpcvideodec.ax
c:\program files\StormII\codec\Mpeg2DecFilter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg2splt.ax
c:\program files\StormII\codec\mpg4dmod.dll
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\MPlayer.exe
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\msvcr90.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\Plugins\nppl3260.dll
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\nprpjplug.dll
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\pvmjpg21.dll
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\QTSystem\QuickTime.qtp
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv1.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\rv10.dll
c:\program files\StormII\codec\Real\Codecs\rv20.dll
c:\program files\StormII\codec\Real\Codecs\rv30.dll
c:\program files\StormII\codec\Real\Codecs\rv40.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\Real\Common\objb3201.dll
c:\program files\StormII\codec\Real\Common\pnen3260.dll
c:\program files\StormII\codec\Real\Common\pngu3267.dll
c:\program files\StormII\codec\Real\Common\pnrs3260.dll
c:\program files\StormII\codec\Real\Common\rppr3260.dll
c:\program files\StormII\codec\Real\Plugins\audplin.dll
c:\program files\StormII\codec\Real\Plugins\authmgr.dll
c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
c:\program files\StormII\codec\Real\Plugins\clntxres.dll
c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs
c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
c:\program files\StormII\codec\Real\Plugins\hxxml.dll
c:\program files\StormII\codec\Real\Plugins\imgrender.dll
c:\program files\StormII\codec\Real\Plugins\memfsys.dll
c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
c:\program files\StormII\codec\Real\Plugins\mp3render.dll
c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
c:\program files\StormII\codec\Real\Plugins\pacplin.dll
c:\program files\StormII\codec\Real\Plugins\plusplin.dll
c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
c:\program files\StormII\codec\Real\Plugins\ramrender.dll
c:\program files\StormII\codec\Real\Plugins\rarender.dll
c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
c:\program files\StormII\codec\Real\Plugins\rtrender.dll
c:\program files\StormII\codec\Real\Plugins\rvrender.dll
c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
c:\program files\StormII\codec\Real\Plugins\security.dll
c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
c:\program files\StormII\codec\Real\Plugins\smlrender.dll
c:\program files\StormII\codec\Real\Plugins\smmrender.dll
c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
c:\program files\StormII\codec\Real\Plugins\vidplin.dll
c:\program files\StormII\codec\Real\Plugins\vidsite.dll
c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll
c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
c:\program files\StormII\codec\RenderFilter.ax
c:\program files\StormII\codec\rmoc3260.dll
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\Sc726dec.ax
c:\program files\StormII\codec\scsource.ax
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\SonicLicenseManager9.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\TomsMoComp_ff.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vmnc.dll
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\wmpasf.dll
c:\program files\StormII\codec\wmsdmod.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\Config.dll
c:\program files\StormII\corelog.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\GAT.dll
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\gifParser.dll
c:\program files\StormII\jscript.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\media2.dll
c:\program files\StormII\mediainfo.dll
c:\program files\StormII\medialib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\Option.dll
c:\program files\StormII\playlist.smpl
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\server.ecs
c:\program files\StormII\Skin\暴风1经典.zip
c:\program files\StormII\Skin\暴风2经典.zip
c:\program files\StormII\Skin\见龙卸甲.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\stMgr.exe
c:\program files\StormII\storm.exe
c:\program files\StormII\StormDebug.exe
c:\program files\StormII\StormExcept.log
c:\program files\StormII\stormliv.exe
c:\program files\StormII\stormpop.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\StormSkinRes.dll
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\swDirScaner.dll
c:\program files\StormII\Tips.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\windows\system32\肥皂泡泡.scr

c:\windows\system32\srsvc.dll . . . 受感染!!

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
-------\Legacy_ccosm
-------\Legacy_ccosm
-------\Service_ccosm
-------\Service_ccosm


((((((((((((((((((((((((( 2010-06-01 至 2010-07-01 的新的档案 )))))))))))))))))))))))))))))))
.

2010-06-30 17:14 . 2010-06-30 17:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-27 16:45 . 2010-06-30 17:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-23 14:27 . 2010-06-27 17:26 -------- d-----w- c:\windows\BDOSCAN8
2010-06-20 19:08 . 2010-04-22 20:23 71472 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\member_stat.dll
2010-06-20 19:08 . 2010-04-22 20:23 65840 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xlpfmc.dll
2010-06-20 19:08 . 2010-04-22 20:23 431920 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldcsubtask.dll
2010-06-20 19:08 . 2010-04-22 20:23 386864 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldcagent.dll
2010-06-20 19:08 . 2010-04-22 20:23 214832 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\dphubt.dll
2010-06-20 19:08 . 2010-04-22 20:23 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xl_mole.dll
2010-06-20 19:08 . 2010-04-22 20:23 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\sl.dll
2010-06-20 19:08 . 2010-04-22 20:23 137008 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldc.dll
2010-06-20 19:08 . 2010-04-22 20:23 132912 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\bd.dll
2010-06-20 19:08 . 2010-04-22 20:23 124720 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xl_stat.dll
2010-06-20 19:08 . 2010-04-22 20:23 116528 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\emule_id.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 18:04 . 2010-02-28 09:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-07-01 16:55 . 2009-07-15 01:45 -------- d-s---w- c:\program files\JiangMin
2010-07-01 16:55 . 2009-07-15 01:45 1995 ---ha-w- c:\windows\system32\accredit_1001.dat
2010-07-01 16:55 . 2009-07-15 01:45 1995 ---ha-w- c:\windows\system32\accredit.dat
2010-06-30 21:09 . 2010-05-26 15:05 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-30 17:14 . 2010-04-28 15:59 -------- d-----w- c:\program files\Absolute Poker
2010-06-29 08:56 . 2010-01-08 13:05 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2010-06-27 18:24 . 2009-02-21 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-27 11:07 . 2008-12-24 05:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\SogouPY
2010-06-20 19:05 . 2009-01-12 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2010-06-14 08:28 . 2008-12-24 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2010-05-31 11:25 . 2009-11-12 06:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 14:02 . 2010-05-30 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-30 05:24 . 2010-05-30 05:24 -------- d-----w- c:\program files\AVG
2010-05-25 19:18 . 2010-05-25 19:18 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 19:18 . 2010-05-25 19:18 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\msvcp71.dll
2010-05-25 19:18 . 2010-05-25 19:18 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\jmc.dll
2010-05-25 19:18 . 2010-05-25 19:18 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\msvcr71.dll
2010-05-25 19:18 . 2010-05-25 19:18 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-580dcd55-n\decora-sse.dll
2010-05-25 19:18 . 2010-05-25 19:18 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-580dcd55-n\decora-d3d.dll
2010-05-25 19:17 . 2009-02-14 05:01 -------- d-----w- c:\program files\Java
2010-05-15 09:02 . 2010-05-15 09:02 90112 ----a-w- c:\windows\system32\atl71.dll
2010-05-15 09:02 . 2010-05-15 09:02 503808 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-15 09:02 . 2010-05-15 09:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-29 15:23 . 2010-04-29 15:23 73728 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\83xjzwll.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
2010-04-29 07:17 . 2009-01-12 11:00 294240 ----a-w- c:\windows\system32\cid_store.dat
2010-04-29 07:16 . 2009-01-12 11:00 26 ----a-w- c:\windows\system32\xlhcc.dat
2010-04-28 17:52 . 2010-04-28 17:52 147456 ----a-w- c:\documents and settings\Administrator\Application Data\Absolute Poker\DownLoadInst\liveupdate.exe
2010-04-12 09:29 . 2010-05-25 19:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-08 10:56 . 2009-11-08 10:56 1981 ----a-w- c:\program files\http_imgload.cgi.jpeg
2009-10-17 08:06 . 2009-10-17 08:06 20950 ----a-w- c:\program files\123.gif
2010-04-21 06:21 . 2010-04-29 07:19 79664 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[-] 2008-12-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 440EDA2420CFA1B3B2AB4725FC33825D . 493056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe


[-] 2008-12-24 . 383E6F87C667E41C9691575A2CB4BD38 . 1573376 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


c:\windows\System32\srsvc.dll ... 遗失 !!
c:\windows\System32\regsvc.dll ... 遗失 !!
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}]
2010-04-14 08:55 198352 ----a-w- c:\program files\Thunder Network\Thunder\Program\EmbedDetectNow.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
2010-05-16 11:35 2515552 ----a-w- c:\program files\Mario_Forever\tbMar0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{707DB484-2428-402D-AFB5-D85B387544C7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Dangerous File Control]
@="{21EE6A6C-A71F-45A4-A9DF-3901253D4051}"
[HKEY_CLASSES_ROOT\CLSID\{21EE6A6C-A71F-45A4-A9DF-3901253D4051}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Process Execution Control]
@="{7225D8F0-564A-4DFC-9DF6-717FB2569922}"
[HKEY_CLASSES_ROOT\CLSID\{7225D8F0-564A-4DFC-9DF6-717FB2569922}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Suspicious File Control]
@="{EBA3B46C-9894-4583-AF20-C5E4A6826E4A}"
[HKEY_CLASSES_ROOT\CLSID\{EBA3B46C-9894-4583-AF20-C5E4A6826E4A}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-01 25296680]
"Thunder"="c:\program files\Thunder Network\Thunder\Program\Thunder.exe" [2010-04-21 2672432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"KVMON"="c:\program files\JiangMin\Antivirus\KVMonXP.kxp" [2010-05-20 521744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-07 128512]
"_nltide_3"="advpack.dll" [2009-03-07 128512]

c:\documents and settings\Administrator\「开始」菜单\程序\启动\
QQ游戏启动加速程序.lnk - c:\program files\腾讯游戏\QQGAME\Accel.exe [2009-4-24 43464]

c:\documents and settings\All Users\「开始」菜单\程序\启动\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0kvnative.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 00:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-11-17 08:08 17676288 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-19 05:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Backup\\QQ\\QQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Backup\\QQ\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\360Safe\\modules\\360upp.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\ThunderS\\ThunderS.exe"=
"d:\\Backup\\QQ\\QQPet\\QQPetAgent.exe"=
"d:\\360safe\\LiveUpdate360.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\腾讯游戏\\QQGAME\\QQGameDl.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\LiteUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.71\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.71\\XLBugReport.exe"=
"c:\\Program Files\\JiangMin\\AntiVirus\\KVSrvXP.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\XLBugReport.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SysGuard;Jiangmin AntiVirus Software - System Guard;c:\windows\system32\drivers\SysGuard.sys [2009-7-15 9:45 199584]
R1 BsDeamon;BsDeamon;c:\program files\JiangMin\AntiVirus\BsDeamon.sys [2009-7-15 9:45 26272]
R1 KSysCall;Jiangmin Antivirus Software - SysCall Services;c:\program files\JiangMin\common\KSysCall.sys [2009-7-15 9:45 200352]
R1 KSysMon;Jiangmin Antivirus Software - System Monitor;c:\program files\JiangMin\AntiVirus\KSysMon.sys [2009-7-15 9:45 253888]
R1 KSysTrace;Jiangmin Antivirus Software - File Tracer;c:\program files\JiangMin\AntiVirus\KSysTrace.sys [2009-7-15 9:45 116928]
R1 KVREDIR;KVREDIR;c:\program files\JiangMin\AntiVirus\KVRedir.sys [2009-7-15 9:45 15872]
R2 {E95FC660-AFD8-48E4-A1B7-EAF21D59A40D};KVSrvXP-{E95FC660-AFD8-48E4-A1B7-EAF21D59A40D};c:\program files\JiangMin\AntiVirus\KVSrvXP.exe [2009-7-15 9:45 356944]
R2 KRegEx;KRegEx;c:\program files\JiangMin\AntiVirus\KRegEx.sys [2009-7-15 9:45 25544]
R3 KVFileGuard;KVFileGuard From Jiangmin;c:\program files\JiangMin\AntiVirus\KVFG.sys [2009-7-15 9:45 49408]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-1-12 18:53 11696]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 20:49 227232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WUAUSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
计划任务 文件夹 里的内容

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant =
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
Name-Space Handler: http\jiangmin-handler - {B6036904-73C2-45C5-BC78-D47D7EA0C52D} - c:\program files\JiangMin\AntiVirus\UrlGuard.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\83xjzwll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\83xjzwll.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(807).dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Windows Media Player\np-mswmp.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-aliim - c:\program files\AliWangWang\aliim.exe
HKCU-Run-WangWang - c:\program files\Alisoft\WangWang\WangWang.exe
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-storm2 - c:\program files\StormII\uninst.exe
AddRemove-阿里旺旺(淘宝版) - c:\program files\Alisoft\WangWang\Unwise.exe
AddRemove-阿里旺旺2009 Beta1 - c:\program files\AliWangWang\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 02:05
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

c:\program files\JiangMin\AntiVirus\KVSrvXP.exe [1180] 0x888E8440

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_]
"PositionInfo-Monitor1"=hex:d7,00,00,00,cb,00,00,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_\File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_\View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\~伅?nb\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\~伅媜忲N\Q*Q*;Su]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,12,d6,13,
80,59,e6,c9,01,07,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="c:\\Program Files\\腾讯游戏\\QQGAME\\Uninstall.EXE"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(268)
c:\windows\system32\WININET.dll
c:\windows\system32\KVInstall.dll
c:\program files\JiangMin\common\KvTrustInit.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
.
**************************************************************************
.
完成时间: 2010-07-02 02:25:50 - 电脑已重新启动
ComboFix-quarantined-files.txt 2010-07-01 18:25

Pre-Run: 7,132,241,920 可用字节
Post-Run: 7,079,739,392 可用字节

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\mxldr=MaxDOS 工具?

- - End Of File - - 0CF952765829C9FFEC2831DC085FCA1A











SECOND COMBOFIX

ComboFix 10-06-30.03 - Administrator -07-06 星期二 0:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.2047.1583 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
AV: 江民杀毒软件KV2009 *On-access scanning disabled* (Updated) {C10C7F2B-62BC-4a8e-95E4-509FA2393860}
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\srsvc.dll . . . 受感染!!

.
((((((((((((((((((((((((( 2010-06-05 至 2010-07-05 的新的档案 )))))))))))))))))))))))))))))))
.

2010-07-05 10:20 . 2010-07-05 10:20 -------- d-----w- c:\program files\MSXML 4.0
2010-07-05 08:39 . 2010-05-06 10:31 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-05 08:39 . 2010-05-06 10:31 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-05 08:39 . 2010-05-06 10:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-05 05:59 . 2010-07-05 05:59 -------- d-----w- c:\program files\iPod
2010-07-05 05:59 . 2010-07-05 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-05 05:59 . 2010-07-05 06:01 -------- d-----w- c:\program files\iTunes
2010-07-05 05:53 . 2008-12-04 13:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-05 05:53 . 2010-07-05 05:53 -------- d-----w- c:\program files\Xvid
2010-07-05 05:53 . 2008-12-04 13:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-05 05:51 . 2010-07-05 05:54 -------- d-----w- c:\program files\QuickTime
2010-07-05 05:42 . 2010-07-05 05:42 -------- d-----w- c:\program files\Bonjour
2010-07-05 05:35 . 2010-07-05 05:35 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-05 05:30 . 2010-07-05 05:30 -------- d-----w- c:\program files\Safari
2010-07-05 05:27 . 2010-07-05 05:27 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-30 17:14 . 2010-06-30 17:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-06-27 16:46 . 2010-06-27 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-27 16:45 . 2010-06-30 17:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-23 14:27 . 2010-06-27 17:26 -------- d-----w- c:\windows\BDOSCAN8
2010-06-20 19:08 . 2010-04-22 20:23 71472 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\member_stat.dll
2010-06-20 19:08 . 2010-04-22 20:23 65840 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xlpfmc.dll
2010-06-20 19:08 . 2010-04-22 20:23 431920 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldcsubtask.dll
2010-06-20 19:08 . 2010-04-22 20:23 386864 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldcagent.dll
2010-06-20 19:08 . 2010-04-22 20:23 214832 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\dphubt.dll
2010-06-20 19:08 . 2010-04-22 20:23 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xl_mole.dll
2010-06-20 19:08 . 2010-04-22 20:23 153392 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\sl.dll
2010-06-20 19:08 . 2010-04-22 20:23 137008 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xldc.dll
2010-06-20 19:08 . 2010-04-22 20:23 132912 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\bd.dll
2010-06-20 19:08 . 2010-04-22 20:23 124720 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\xl_stat.dll
2010-06-20 19:08 . 2010-04-22 20:23 116528 ----a-w- c:\documents and settings\All Users\Application Data\Thunder Network\Thunder_A30B0AF7-D81B-464e-B4E4-4B6DF996FB46_\Components\DownloadLibDll\md_p_1.0.26\emule_id.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 16:37 . 2010-02-28 09:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-07-05 16:28 . 2010-04-28 15:59 -------- d-----w- c:\program files\Absolute Poker
2010-07-05 07:23 . 2010-05-26 15:05 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-05 06:10 . 2009-01-14 13:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-07-05 05:58 . 2009-01-14 13:53 -------- d-----w- c:\program files\Common Files\Apple
2010-07-04 16:53 . 2008-12-24 05:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\SogouPY
2010-07-01 16:55 . 2009-07-15 01:45 -------- d-s---w- c:\program files\JiangMin
2010-07-01 16:55 . 2009-07-15 01:45 1995 ---ha-w- c:\windows\system32\accredit_1001.dat
2010-07-01 16:55 . 2009-07-15 01:45 1995 ---ha-w- c:\windows\system32\accredit.dat
2010-06-29 08:56 . 2010-01-08 13:05 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2010-06-27 18:24 . 2009-02-21 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-20 19:05 . 2009-01-12 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2010-06-14 08:28 . 2008-12-24 05:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2010-05-31 11:25 . 2009-11-12 06:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 14:02 . 2010-05-30 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-30 05:24 . 2010-05-30 05:24 -------- d-----w- c:\program files\AVG
2010-05-25 19:18 . 2010-05-25 19:18 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 19:18 . 2010-05-25 19:18 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\msvcp71.dll
2010-05-25 19:18 . 2010-05-25 19:18 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\jmc.dll
2010-05-25 19:18 . 2010-05-25 19:18 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7ff297eb-n\msvcr71.dll
2010-05-25 19:18 . 2010-05-25 19:18 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-580dcd55-n\decora-sse.dll
2010-05-25 19:18 . 2010-05-25 19:18 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-580dcd55-n\decora-d3d.dll
2010-05-25 19:17 . 2009-02-14 05:01 -------- d-----w- c:\program files\Java
2010-05-18 08:35 . 2010-05-18 08:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 08:35 . 2010-05-18 08:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 08:35 . 2010-05-18 08:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-15 09:02 . 2010-05-15 09:02 90112 ----a-w- c:\windows\system32\atl71.dll
2010-05-15 09:02 . 2010-05-15 09:02 503808 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-15 09:02 . 2010-05-15 09:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-06 10:31 . 2008-12-24 04:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:30 . 2008-12-24 04:53 1859968 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 15:23 . 2010-04-29 15:23 73728 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\83xjzwll.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
2010-04-29 07:17 . 2009-01-12 11:00 294240 ----a-w- c:\windows\system32\cid_store.dat
2010-04-29 07:16 . 2009-01-12 11:00 26 ----a-w- c:\windows\system32\xlhcc.dat
2010-04-28 17:52 . 2010-04-28 17:52 147456 ----a-w- c:\documents and settings\Administrator\Application Data\Absolute Poker\DownLoadInst\liveupdate.exe
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 09:29 . 2010-05-25 19:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-11-08 10:56 . 2009-11-08 10:56 1981 ----a-w- c:\program files\http_imgload.cgi.jpeg
2009-10-17 08:06 . 2009-10-17 08:06 20950 ----a-w- c:\program files\123.gif
2010-04-21 06:21 . 2010-04-29 07:19 79664 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[-] 2008-12-24 . A1E5F364CBF3DFD4CA276774E29DF896 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-23 . 440EDA2420CFA1B3B2AB4725FC33825D . 493056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe


[-] 2008-12-24 . 383E6F87C667E41C9691575A2CB4BD38 . 1573376 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll


c:\windows\System32\srsvc.dll ... 遗失 !!
c:\windows\System32\regsvc.dll ... 遗失 !!
.
((((((((((((((((((((((((((((( SnapShot@2010-07-01_18.04.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-05 16:36 . 2010-07-05 16:36 16384 c:\windows\Temp\Perflib_Perfdata_268.dat
+ 2009-08-06 11:24 . 2009-08-06 11:24 44768 c:\windows\system32\wups2.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 35552 c:\windows\system32\wups.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 53472 c:\windows\system32\wuauclt.exe
+ 2008-04-14 12:00 . 2009-06-25 08:41 54272 c:\windows\system32\wdigest.dll
+ 2008-12-24 04:53 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2009-06-15 11:08 74240 c:\windows\system32\tlntsess.exe
+ 2008-04-14 12:00 . 2009-06-15 10:43 85504 c:\windows\system32\telnet.exe
+ 2009-08-30 12:58 . 2009-05-26 11:40 15224 c:\windows\system32\spmsg.dll
+ 2010-07-03 14:29 . 2009-08-06 11:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2009-02-03 19:57 56832 c:\windows\system32\secur32.dll
+ 2008-04-14 12:00 . 2009-06-25 08:41 56832 c:\windows\system32\secur32.dll
+ 2008-04-14 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\raschap.dll
+ 2008-04-13 03:13 . 2009-11-27 17:12 17920 c:\windows\system32\msyuv.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 28672 c:\windows\system32\msvidc32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 11264 c:\windows\system32\msrle32.dll
+ 2009-03-07 20:31 . 2010-05-06 10:31 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-07 20:31 . 2009-03-07 20:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\msasn1.dll
- 2008-04-14 12:00 . 2009-04-30 21:13 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2010-05-06 10:31 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-13 03:13 . 2009-11-27 16:07 47616 c:\windows\system32\iyuv_32.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2010-07-05 05:43 . 2010-04-19 12:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-05 05:43 . 2010-04-19 12:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2010-07-05 06:02 . 2009-05-18 05:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2008-04-14 12:00 . 2009-06-24 10:28 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-01-14 13:55 . 2009-05-18 05:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-06-11 16:04 . 2010-05-06 10:31 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-11 16:04 . 2009-04-30 21:13 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-01-12 10:56 . 2009-06-25 08:41 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-01-12 10:56 . 2009-06-15 11:08 74240 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-01-12 10:56 . 2009-06-15 10:43 85504 c:\windows\system32\dllcache\telnet.exe
- 2009-01-12 10:56 . 2009-02-03 19:57 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-01-12 10:56 . 2009-06-25 08:41 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-01-12 10:56 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2009-01-12 10:56 . 2008-04-14 12:00 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-01-12 10:55 . 2009-11-27 17:12 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-01-12 10:55 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-01-12 10:55 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
- 2009-01-12 10:55 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2010-07-05 08:39 . 2010-05-06 10:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-01-12 10:55 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-01-12 10:55 . 2009-06-24 10:28 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-01-12 10:55 . 2010-05-06 10:31 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-12 10:55 . 2009-04-30 21:13 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-12 10:55 . 2009-11-27 16:07 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-01-12 10:55 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-01-12 10:55 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2008-04-14 12:00 . 2009-08-06 11:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2009-01-12 10:55 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-01-12 10:55 . 2008-04-14 12:00 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-01-12 10:55 . 2009-07-17 19:02 58880 c:\windows\system32\dllcache\atl.dll
- 2009-01-12 10:55 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-01-12 10:55 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2008-04-14 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2008-04-14 12:00 . 2009-08-06 11:24 96480 c:\windows\system32\cdm.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 84992 c:\windows\system32\avifil32.dll
+ 2008-04-14 12:00 . 2009-11-27 16:07 84992 c:\windows\system32\avifil32.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 58880 c:\windows\system32\atl.dll
+ 2008-04-14 12:00 . 2009-07-17 19:02 58880 c:\windows\system32\atl.dll
+ 2008-04-14 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\asycfilt.dll
+ 2010-07-03 14:29 . 2008-04-14 12:00 32256 c:\windows\LastGood\system32\wups.dll
+ 2010-07-05 06:02 . 2008-04-17 05:12 15464 c:\windows\LastGood\system32\DRIVERS\GEARAspiWDM.sys
+ 2010-07-03 14:29 . 2008-04-14 12:00 66560 c:\windows\LastGood\system32\cdm.dll
+ 2008-07-29 09:27 . 2008-07-29 09:27 93184 c:\windows\Installer\b3b8c2.msi
+ 2010-07-05 10:20 . 2010-07-05 10:20 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2010-07-05 10:28 . 2009-04-30 21:13 12800 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-07-05 10:28 . 2009-03-07 20:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-07-05 10:28 . 2009-04-30 21:13 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2010-07-05 08:53 . 2009-11-27 17:12 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-07-05 08:50 . 2009-11-27 16:07 47616 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2001-08-31 00:03 . 2009-11-27 16:07 8704 c:\windows\system32\tsbyuv.dll
+ 2009-01-12 10:56 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-07-05 08:50 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 209632 c:\windows\system32\wuweb.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 327896 c:\windows\system32\wucltui.dll
+ 2008-12-24 05:20 . 2009-08-06 11:23 575704 c:\windows\system32\wuapi.dll
+ 2008-12-16 01:49 . 2009-04-01 15:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-18 14:47 . 2008-06-24 10:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-18 14:47 . 2006-10-18 14:47 295936 c:\windows\system32\wmpeffects.dll
+ 2008-12-16 01:49 . 2009-07-13 15:43 286208 c:\windows\system32\wmpdxm.dll
+ 2008-12-16 01:49 . 2008-06-17 21:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2008-12-16 01:49 . 2007-10-25 01:28 222720 c:\windows\system32\wmasf.dll
- 2008-04-14 12:00 . 2008-04-17 04:50 134144 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2009-06-10 06:17 134144 c:\windows\system32\wkssvc.dll
+ 2008-04-14 12:00 . 2009-12-24 06:59 176640 c:\windows\system32\wintrust.dll
- 2008-12-24 04:53 . 2009-03-07 20:33 420352 c:\windows\system32\vbscript.dll
+ 2008-12-24 04:53 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
+ 2008-04-14 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2008-12-24 04:53 . 2009-08-26 08:00 246814 c:\windows\system32\strmdll.dll
- 2008-12-24 04:53 . 2008-12-24 04:53 246814 c:\windows\system32\strmdll.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 473088 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:00 . 2009-12-08 09:23 473088 c:\windows\system32\shlwapi.dll
+ 2008-04-14 12:00 . 2009-06-25 08:41 147456 c:\windows\system32\schannel.dll
+ 2006-08-24 08:15 . 2006-08-24 08:15 150808 c:\windows\system32\rgb9rast_2.dll
+ 2008-04-14 12:00 . 2009-10-12 13:38 148480 c:\windows\system32\rastls.dll
+ 2008-04-14 12:00 . 2010-05-06 10:31 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 268288 c:\windows\system32\oakley.dll
+ 2008-04-14 12:00 . 2009-10-13 10:32 268288 c:\windows\system32\oakley.dll
+ 2008-04-14 12:00 . 2009-08-05 08:59 201728 c:\windows\system32\mswebdvd.dll
+ 2008-04-14 12:00 . 2009-09-11 14:14 136704 c:\windows\system32\msv1_0.dll
- 2008-04-14 12:00 . 2009-03-07 20:32 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-05-06 10:31 611840 c:\windows\system32\mstime.dll
+ 2008-12-16 01:49 . 2006-12-04 08:21 414720 c:\windows\system32\msscp.dll
+ 2008-12-24 05:19 . 2009-12-17 07:40 332288 c:\windows\system32\mspaint.exe
- 2008-12-24 05:19 . 2008-04-14 12:00 332288 c:\windows\system32\mspaint.exe
+ 2009-03-07 20:32 . 2010-05-06 10:31 599040 c:\windows\system32\msfeeds.dll
+ 2010-07-05 03:04 . 2010-07-05 03:04 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
+ 2010-07-05 03:04 . 2010-07-05 03:04 311760 c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.dll
+ 2008-04-14 12:00 . 2009-06-26 07:11 707584 c:\windows\system32\lsasrv.dll
+ 2008-12-16 01:49 . 2008-06-17 17:09 100864 c:\windows\system32\logagent.exe
- 2008-12-16 01:49 . 2006-10-18 13:03 100864 c:\windows\system32\logagent.exe
+ 2008-04-14 12:00 . 2009-06-25 08:41 301568 c:\windows\system32\kerberos.dll
- 2008-12-24 04:53 . 2009-03-07 20:33 726528 c:\windows\system32\jscript.dll
+ 2008-12-24 04:53 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
+ 2008-12-24 05:20 . 2010-01-29 14:59 691712 c:\windows\system32\inetcomm.dll
- 2008-12-24 05:20 . 2008-12-24 04:53 691712 c:\windows\system32\inetcomm.dll
+ 2008-04-14 12:00 . 2010-05-06 10:31 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-05-06 10:31 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
+ 2009-01-14 13:55 . 2008-04-17 04:12 107368 c:\windows\system32\GEARAspi.dll
- 2009-01-14 13:55 . 2008-04-17 05:12 107368 c:\windows\system32\GEARAspi.dll
+ 2008-12-24 05:15 . 2010-07-05 13:15 124520 c:\windows\system32\FNTCACHE.DAT
- 2008-12-24 05:15 . 2009-06-11 16:07 124520 c:\windows\system32\FNTCACHE.DAT
+ 2010-07-05 06:02 . 2008-04-17 04:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2008-12-24 04:53 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2008-12-24 04:53 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys
+ 2008-12-24 04:53 . 2010-02-24 13:11 455680 c:\windows\system32\drivers\mrxsmb.sys
+ 2008-12-24 05:20 . 2009-08-06 11:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2008-12-24 05:20 . 2009-08-06 11:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2008-12-24 05:20 . 2009-08-06 11:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-01-12 10:56 . 2009-04-01 15:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-01-12 10:56 . 2009-07-13 15:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-01-12 10:56 . 2008-06-17 21:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2009-01-12 10:56 . 2007-10-25 01:28 222720 c:\windows\system32\dllcache\wmasf.dll
- 2009-01-12 10:56 . 2008-04-17 04:50 134144 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-01-12 10:56 . 2009-06-10 06:17 134144 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-01-12 10:55 . 2009-12-24 06:59 176640 c:\windows\system32\dllcache\wintrust.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-01-12 10:55 . 2009-03-07 20:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-01-12 10:55 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2009-01-12 10:55 . 2007-06-27 08:17 314368 c:\windows\system32\dllcache\unregmp2.exe
- 2009-01-12 10:56 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\TRIEDIT.DLL
+ 2009-01-12 10:56 . 2009-06-21 21:43 153088 c:\windows\system32\dllcache\triedit.dll
+ 2009-01-12 10:56 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-01-12 10:56 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-01-12 10:55 . 2009-08-26 08:00 246814 c:\windows\system32\dllcache\strmdll.dll
- 2009-01-12 10:55 . 2008-12-24 04:53 246814 c:\windows\system32\dllcache\strmdll.dll
+ 2009-01-12 10:56 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-01-12 10:56 . 2008-04-14 12:00 473088 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-12 10:56 . 2009-12-08 09:23 473088 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-12 10:55 . 2009-06-25 08:41 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-01-12 10:56 . 2009-10-12 13:38 148480 c:\windows\system32\dllcache\rastls.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-01-12 10:55 . 2009-10-13 10:32 268288 c:\windows\system32\dllcache\oakley.dll
- 2009-01-12 10:55 . 2008-04-14 12:00 268288 c:\windows\system32\dllcache\oakley.dll
+ 2009-01-12 10:55 . 2009-08-05 08:59 201728 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-01-12 10:55 . 2009-09-11 14:14 136704 c:\windows\system32\dllcache\msv1_0.dll
- 2009-01-12 10:55 . 2009-03-07 20:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-12 10:55 . 2006-12-04 08:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2009-01-12 10:55 . 2009-12-17 07:40 332288 c:\windows\system32\dllcache\mspaint.exe
- 2009-01-12 10:55 . 2008-04-14 12:00 332288 c:\windows\system32\dllcache\mspaint.exe
+ 2010-07-05 08:39 . 2010-05-06 10:31 599040 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-12 10:55 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-01-12 10:55 . 2009-06-26 07:11 707584 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-01-12 10:55 . 2008-06-17 17:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2009-01-12 10:55 . 2006-10-18 13:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-01-12 10:55 . 2009-06-25 08:41 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-01-12 10:55 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-01-12 10:55 . 2009-03-07 20:33 726528 c:\windows\system32\dllcache\jscript.dll
- 2009-01-12 10:55 . 2008-12-24 04:53 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-01-12 10:55 . 2010-01-29 14:59 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-06-11 16:04 . 2010-05-06 10:31 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-01-12 10:55 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-12 10:55 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-01-12 10:55 . 2010-04-20 05:30 285696 c:\windows\system32\dllcache\atmfd.dll
- 2009-01-12 10:55 . 2008-04-14 12:00 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2009-01-12 10:55 . 2009-11-21 15:54 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-01-12 10:55 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2008-04-14 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2010-07-03 14:29 . 2008-04-14 12:00 120320 c:\windows\LastGood\system32\wuweb.dll
+ 2010-07-03 14:29 . 2008-04-14 12:00 109568 c:\windows\LastGood\system32\wucltui.dll
+ 2010-07-03 14:29 . 2008-04-14 12:00 108032 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-07-03 14:29 . 2008-04-14 12:00 426496 c:\windows\LastGood\system32\wuapi.dll
+ 2010-07-05 06:02 . 2008-04-17 05:12 107368 c:\windows\LastGood\system32\GEARAspi.dll
+ 2010-07-05 10:20 . 2010-07-05 10:20 431616 c:\windows\Installer\e8bb15.msi
+ 2008-07-29 09:37 . 2008-07-29 09:37 911360 c:\windows\Installer\b3b8ca.msp
+ 2008-07-29 09:33 . 2008-07-29 09:33 506368 c:\windows\Installer\b3b8c9.msp
+ 2008-07-29 09:35 . 2008-07-29 09:35 553472 c:\windows\Installer\b3b8c7.msp
+ 2010-07-05 05:29 . 2010-07-05 05:29 807424 c:\windows\Installer\831a4e.msi
+ 2010-07-05 05:30 . 2010-07-05 05:30 897024 c:\windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe
+ 2010-07-05 06:02 . 2010-07-05 06:02 372736 c:\windows\Installer\{7AB3A249-FB81-416B-917A-A2A10E74C503}\iTunesIco.exe
+ 2008-12-16 01:49 . 2007-06-27 08:17 314368 c:\windows\inf\unregmp2.exe
+ 2010-07-05 10:28 . 2009-05-13 05:02 915456 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-07-05 10:28 . 2010-02-22 14:20 339320 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-07-05 10:28 . 2008-07-08 12:59 224632 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-07-05 10:28 . 2009-03-07 20:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-07-05 10:28 . 2009-03-07 20:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-07-05 10:28 . 2009-03-07 20:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-07-05 10:28 . 2009-04-30 21:13 246272 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-07-05 10:28 . 2009-03-07 20:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-07-05 10:28 . 2009-03-07 20:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-07-05 10:28 . 2009-04-30 21:13 385536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-07-05 10:28 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-07-05 10:23 . 2009-03-07 20:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-07-05 10:23 . 2009-05-26 11:40 339320 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-07-05 10:23 . 2009-05-26 11:40 224632 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-07-05 10:40 . 2008-07-08 12:59 339320 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-07-05 10:40 . 2008-07-08 12:59 224632 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-07-05 10:40 . 2009-06-22 06:45 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-07-05 10:20 . 2008-07-08 12:59 339320 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-07-05 10:20 . 2008-07-08 12:59 224632 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-07-05 10:20 . 2009-03-07 20:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-07-05 08:44 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-04-14 12:00 . 2009-11-21 15:54 471552 c:\windows\AppPatch\aclayers.dll
+ 2010-07-05 08:45 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2009-07-20 16:03 . 2009-07-20 16:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-12-24 05:20 . 2009-08-06 11:23 1929952 c:\windows\system32\wuaueng.dll
+ 2008-12-16 01:49 . 2010-04-05 20:52 2462720 c:\windows\system32\WMVCore.dll
+ 2008-12-24 04:53 . 2010-05-06 10:31 1209344 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2009-07-17 16:16 1421824 c:\windows\system32\query.dll
- 2008-04-14 12:00 . 2008-04-14 12:00 1421824 c:\windows\system32\query.dll
+ 2008-12-24 04:53 . 2010-02-05 18:25 1273856 c:\windows\system32\quartz.dll
+ 2008-12-24 04:53 . 2010-02-16 18:58 2145792 c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 13:20 . 2010-02-16 18:58 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2008-12-24 04:53 . 2009-07-31 02:02 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-20 16:10 . 2009-07-20 16:10 1348432 c:\windows\system32\msxml4.dll
+ 2008-12-24 04:53 . 2009-07-31 04:32 1172480 c:\windows\system32\msxml3.dll
+ 2008-12-24 05:19 . 2009-06-10 01:19 2066432 c:\windows\system32\mstscax.dll
+ 2008-12-24 04:53 . 2010-05-06 10:31 5950976 c:\windows\system32\mshtml.dll
+ 2009-03-07 20:32 . 2010-05-06 10:31 1985536 c:\windows\system32\iertutil.dll
+ 2010-07-05 05:43 . 2010-04-19 12:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-05 05:43 . 2010-04-19 12:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2008-12-24 05:20 . 2009-08-06 11:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-01-12 10:56 . 2010-04-05 20:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-01-12 10:56 . 2010-05-02 05:30 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-12 10:55 . 2010-05-06 10:31 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-12 10:56 . 2009-07-17 16:16 1421824 c:\windows\system32\dllcache\query.dll
- 2009-01-12 10:56 . 2008-04-14 12:00 1421824 c:\windows\system32\dllcache\query.dll
+ 2009-01-12 10:56 . 2010-02-05 18:25 1273856 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-12 10:55 . 2010-02-16 18:58 2189696 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-07-08 13:13 . 2010-02-16 18:58 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-12 10:55 . 2010-02-16 18:58 2066560 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-07-08 13:13 . 2010-02-16 18:58 2145792 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-12 10:55 . 2009-07-31 02:02 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2009-01-12 10:55 . 2009-07-31 04:32 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2009-01-12 10:55 . 2009-06-10 01:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2009-01-12 10:55 . 2010-01-29 12:29 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2009-01-12 10:55 . 2010-05-06 10:31 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-11 16:04 . 2010-05-06 10:31 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-07-03 14:29 . 2008-04-14 12:00 1135616 c:\windows\LastGood\system32\wuaueng.dll
+ 2008-07-29 09:31 . 2008-07-29 09:31 6083072 c:\windows\Installer\b3b8cb.msp
+ 2008-07-29 09:43 . 2008-07-29 09:43 1013248 c:\windows\Installer\b3b8c8.msp
+ 2008-07-29 09:39 . 2008-07-29 09:39 3403264 c:\windows\Installer\b3b8c6.msp
+ 2008-07-29 09:41 . 2008-07-29 09:41 6487040 c:\windows\Installer\b3b8c5.msp
+ 2008-07-29 09:29 . 2008-07-29 09:29 2926080 c:\windows\Installer\b3b8c4.msp
+ 2008-07-29 09:45 . 2008-07-29 09:45 2543616 c:\windows\Installer\b3b8c3.msp
+ 2010-07-05 06:02 . 2010-07-05 06:02 4820480 c:\windows\Installer\8324f1.msi
+ 2010-07-05 05:53 . 2010-07-05 05:53 9472000 c:\windows\Installer\8321c7.msi
+ 2010-07-05 05:43 . 2010-07-05 05:43 3089408 c:\windows\Installer\831aa7.msi
+ 2010-07-05 05:42 . 2010-07-05 05:42 1984000 c:\windows\Installer\831a73.msi
+ 2010-07-05 05:30 . 2010-07-05 05:30 3094528 c:\windows\Installer\831a57.msi
+ 2010-07-05 10:28 . 2009-04-30 21:13 1207808 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-07-05 10:28 . 2009-05-13 05:02 5936128 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-07-05 10:28 . 2009-04-30 21:13 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2009-02-10 11:12 . 2010-02-16 18:58 2189696 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-07-08 13:13 . 2010-02-16 18:58 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-07-08 13:13 . 2010-02-16 18:58 2066560 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-07-08 13:13 . 2010-02-16 18:58 2145792 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-12-16 01:49 . 2009-07-13 15:43 10841088 c:\windows\system32\wmp.dll
+ 2009-03-07 20:39 . 2010-05-06 10:31 11076096 c:\windows\system32\ieframe.dll
+ 2009-01-12 10:56 . 2009-07-13 15:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2009-06-11 16:04 . 2010-05-06 10:31 11076096 c:\windows\system32\dllcache\ieframe.dll
+ 2010-07-05 10:28 . 2009-04-30 21:13 11064832 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}]
2010-04-14 08:55 198352 ----a-w- c:\program files\Thunder Network\Thunder\Program\EmbedDetectNow.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707db484-2428-402d-afb5-d85b387544c7}]
2010-05-16 11:35 2515552 ----a-w- c:\program files\Mario_Forever\tbMar0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{707db484-2428-402d-afb5-d85b387544c7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{707DB484-2428-402D-AFB5-D85B387544C7}"= "c:\program files\Mario_Forever\tbMar0.dll" [2010-05-16 2515552]

[HKEY_CLASSES_ROOT\clsid\{707db484-2428-402d-afb5-d85b387544c7}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Dangerous File Control]
@="{21EE6A6C-A71F-45A4-A9DF-3901253D4051}"
[HKEY_CLASSES_ROOT\CLSID\{21EE6A6C-A71F-45A4-A9DF-3901253D4051}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Process Execution Control]
@="{7225D8F0-564A-4DFC-9DF6-717FB2569922}"
[HKEY_CLASSES_ROOT\CLSID\{7225D8F0-564A-4DFC-9DF6-717FB2569922}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Kv Suspicious File Control]
@="{EBA3B46C-9894-4583-AF20-C5E4A6826E4A}"
[HKEY_CLASSES_ROOT\CLSID\{EBA3B46C-9894-4583-AF20-C5E4A6826E4A}]
2009-04-14 03:24 427328 ----a-w- c:\program files\JiangMin\AntiVirus\KsPec.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-01 25296680]
"Thunder"="c:\program files\Thunder Network\Thunder\Program\Thunder.exe" [2010-04-21 2672432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"KVMON"="c:\program files\JiangMin\Antivirus\KVMonXP.kxp" [2010-05-20 521744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-07 128512]
"_nltide_3"="advpack.dll" [2009-03-07 128512]

c:\documents and settings\Administrator\「开始」菜单\程序\启动\
QQ游戏启动加速程序.lnk - c:\program files\腾讯游戏\QQGAME\Accel.exe [2009-4-24 43464]

c:\documents and settings\All Users\「开始」菜单\程序\启动\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0kvnative.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 00:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-11-17 08:08 17676288 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-19 05:26 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Backup\\QQ\\QQ.exe"=
"d:\\Backup\\QQ\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\360Safe\\modules\\360upp.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\ThunderS\\ThunderS.exe"=
"d:\\Backup\\QQ\\QQPet\\QQPetAgent.exe"=
"d:\\360safe\\LiveUpdate360.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\腾讯游戏\\QQGAME\\QQGameDl.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\LiteUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.71\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.71\\XLBugReport.exe"=
"c:\\Program Files\\JiangMin\\AntiVirus\\KVSrvXP.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.73\\XLBugReport.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SysGuard;Jiangmin AntiVirus Software - System Guard;c:\windows\system32\drivers\SysGuard.sys [2009-7-15 9:45 199584]
R1 BsDeamon;BsDeamon;c:\program files\JiangMin\AntiVirus\BsDeamon.sys [2009-7-15 9:45 26272]
R1 KSysCall;Jiangmin Antivirus Software - SysCall Services;c:\program files\JiangMin\common\KSysCall.sys [2009-7-15 9:45 200352]
R1 KSysMon;Jiangmin Antivirus Software - System Monitor;c:\program files\JiangMin\AntiVirus\KSysMon.sys [2009-7-15 9:45 253888]
R1 KSysTrace;Jiangmin Antivirus Software - File Tracer;c:\program files\JiangMin\AntiVirus\KSysTrace.sys [2009-7-15 9:45 116928]
R1 KVREDIR;KVREDIR;c:\program files\JiangMin\AntiVirus\KVRedir.sys [2009-7-15 9:45 15872]
R2 {E95FC660-AFD8-48E4-A1B7-EAF21D59A40D};KVSrvXP-{E95FC660-AFD8-48E4-A1B7-EAF21D59A40D};c:\program files\JiangMin\AntiVirus\KVSrvXP.exe [2009-7-15 9:45 356944]
R2 KRegEx;KRegEx;c:\program files\JiangMin\AntiVirus\KRegEx.sys [2009-7-15 9:45 25544]
R3 KVFileGuard;KVFileGuard From Jiangmin;c:\program files\JiangMin\AntiVirus\KVFG.sys [2009-7-15 9:45 49408]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2009-1-12 18:53 11696]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 20:49 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
计划任务 文件夹 里的内容

2009-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\Thunder Network\Thunder\Program\repairimage.htm
Name-Space Handler: http\jiangmin-handler - {B6036904-73C2-45C5-BC78-D47D7EA0C52D} - c:\program files\JiangMin\AntiVirus\UrlGuard.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\83xjzwll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 01:01
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

c:\program files\JiangMin\AntiVirus\KVSrvXP.exe [1168] 0x88887BE0

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,8c,79,5f,0e,df,df,40,9b,58,94,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_]
"PositionInfo-Monitor1"=hex:d7,00,00,00,cb,00,00,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_\File Name MRU]
"Value"=multi:"\00\00"
"Maximum Entries"=dword:0000000a

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Office\11.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_\View]
"Data"=hex:04,16,00,47,28,14,14,14,0d,01,02,01,00,18,41,00,0d,00,fa,08,00,00,
90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,90,0d,00,fa,08,00,00,90,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\~伅?nb\Q*Q*8nb]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_USERS\S-1-5-21-682003330-484061587-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\~伅媜忲N\Q*Q*;Su]
"Order"=hex:08,00,00,00,02,00,00,00,00,01,00,00,01,00,00,00,02,00,00,00,76,00,
00,00,00,00,00,00,68,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,56,00,36,\

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,12,d6,13,
80,59,e6,c9,01,07,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]
"DisplayName"="QQ游戏"
"UninstallString"="c:\\Program Files\\腾讯游戏\\QQGAME\\Uninstall.EXE"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\WININET.dll
c:\windows\system32\KVInstall.dll
c:\program files\JiangMin\common\KvTrustInit.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2010-07-06 01:42:46
ComboFix-quarantined-files.txt 2010-07-05 17:42
ComboFix2.txt 2010-07-01 18:25

Pre-Run: 8 个目录 11,518,074,880 可用字节
Post-Run: 9 个目录 11,694,411,776 可用字节

- - End Of File - - 94DF3BC821FFC2A28267215B833450EE


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:10 AM

Posted 10 July 2010 - 02:29 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:10 AM

Posted 14 July 2010 - 06:54 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users