PC slow by popups

Question

foxkueh 0 Junior Poster

14 Years Ago

I experience popups that slows down my processing speed of my other computer. This is my HJT log. I appreciate someone will be able to advise me on what to do.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:29:39, on 2010-2-2
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\软件\storm2\stormliv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\软件\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\wuauclr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe

O1 - Hosts: 60.209.152.204 www.kzdh.com
O1 - Hosts: 60.209.152.204 www.6781.com
O1 - Hosts: 60.209.152.204 www.i2345.cn
O1 - Hosts: 60.209.152.204 www.haokan123.com
O1 - Hosts: 60.209.152.204 www.365wz.net
O1 - Hosts: 60.209.152.204 www.5d5e.com
O1 - Hosts: 60.209.152.204 www.112r.com
O1 - Hosts: 60.209.152.204 www.32e.com
O1 - Hosts: 60.209.152.204 www.77177.com
O1 - Hosts: 60.209.152.204 www.daluobo.cn
O1 - Hosts: 60.209.152.204 www.haha111.com
O1 - Hosts: 60.209.152.204 www.15wz.com
O1 - Hosts: 60.209.152.204 www.fm5566.com
O1 - Hosts: 60.209.152.204 www.9798.net
O1 - Hosts: 60.209.152.204 www.s565.com
O1 - Hosts: 60.209.152.204 www.345s.com
O1 - Hosts: 60.209.152.204 www.110wz.com
O1 - Hosts: 60.209.152.204 www.6dh.com
O1 - Hosts: 60.209.152.204 www.tt98.com
O1 - Hosts: 60.209.152.204 www.85851.com
O1 - Hosts: 60.209.152.204 www.66d8.cn
O1 - Hosts: 60.209.152.204 www.baihu.cn
O1 - Hosts: 60.209.152.204 www.hang123.com
O1 - Hosts: 60.209.152.204 www.17909.com
O1 - Hosts: 60.209.152.204 www.838.cc
O1 - Hosts: 60.209.152.204 www.ee258.com
O1 - Hosts: 60.209.152.204 www.gjj.cc
O1 - Hosts: 60.209.152.204 www.1188.com
O1 - Hosts: 60.209.152.204 www.go2000.com
O1 - Hosts: 60.209.152.204 www.go2000.cn
O1 - Hosts: 60.209.152.204 www.1116.cn
O1 - Hosts: 60.209.152.204 www.365j.com
O1 - Hosts: 60.209.152.204 www.8687.cn
O1 - Hosts: 60.209.152.204 www.15151.cn
O1 - Hosts: 60.209.152.204 www.v2233.com
O1 - Hosts: 60.209.152.204 www.iq123.com
O1 - Hosts: 60.209.152.204 www.4688.com
O1 - Hosts: 60.209.152.204 www.fala123.cn
O1 - Hosts: 60.209.152.204 www.3110.cn
O1 - Hosts: 60.209.152.204 www.haoz123.cn
O1 - Hosts: 60.209.152.204 www.85vv.com
O1 - Hosts: 60.209.152.204 www.ok100.net.cn
O1 - Hosts: 60.209.152.204 www.ai1234.com
O1 - Hosts: 60.209.152.204 www.11227.cn
O1 - Hosts: 60.209.152.204 www.669dh.cn
O1 - Hosts: 60.209.152.204 www.kaka888.com
O1 - Hosts: 60.209.152.204 www.qq5.com
O1 - Hosts: 60.209.152.204 www.you2000.cn
O1 - Hosts: 60.209.152.204 www.yy2000.net
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\软件\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLive\PPVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\软件\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [3] C:\WINDOWS\Svcpack\XPLODE.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google 边栏评注... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: iSee 保存所有图片 - d:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee保存Flash - d:\Program Files\iSee\iSeeSaveFlash.htm
O8 - Extra context menu item: iSee保存所有图片 - d:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee读取Exif - d:\Program Files\iSee\iSeeReadExif.htm
O8 - Extra context menu item: 使用光影编辑和美化 - D:\软件\nEO iMAGING\NeoOpenNeo.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\软件\QQ\Bin\AddEmotion.htm
O8 - Extra context menu item: 通过网易闪电邮发送 - D:\软件\网易闪电邮\data\getcontent.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\软件\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\软件\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {6AD31948-2ED9-4A2B-85EA-105DD4F656B4} - (no file) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture Class) - http://m51.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\软件\storm2\stormliv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11762 bytes

hijack-this hosts windows-virus

2 Contributors
31 Replies
963 Views
1 Week Discussion Span
Latest Post 14 Years Ago Latest Post by foxkueh

All 31 Replies

crunchie 990 Most Valuable Poster

14 Years Ago

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

C:\WINDOWS\Svcpack\XPLODE.EXE

==

Download DDS from the following location:

DDS Tool

Save dds.scr to the desktop

Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

Once you double-click the icon a Windows security warning may also appear asking if you are sure you would like to run the program. Click on the Run button to start DDS. If no warning appeared, then you should just continue.

DDS will now display a small black window providing information as to what DDS is doing on your computer.

DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt.

You will then be shown a small box giving instructions as to what you should do with these files. Feel free to close this message box by pressing the OK button.

We now need to save the two log files that were created. First click on the DDS.txt window and click on the File menu and then select Save As... menu option.

Save DDS.txt to the desktop. Now click on the Attach.txt Notepad window and save that to the desktop also.

Copy the contents of the DDS.txt log and paste it into your reply here.
Attach the attach.txt log with your reply using Reply to Thread button, then the Manage Attachments button.

crunchie 990 Most Valuable Poster

14 Years Ago

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Run DDS now and see if it works.

====

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Edited 14 Years Ago by crunchie because: n/a

crunchie 990 Most Valuable Poster

14 Years Ago

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

crunchie 990 Most Valuable Poster

14 Years Ago

And?

What is all the oriental stuff? I cannot tell what some of that stuff is.
Thought they spoke kiwi over there :)

crunchie 990 Most Valuable Poster

14 Years Ago

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

foxkueh 0 Junior Poster · Answer 1 · 2010-02-03T12:31:34+00:00

I experience popups that slows down my processing speed of my other computer. This is my HJT log. I appreciate someone will be able to advise me on what to do.
HJT log as above.
--
End of file - 11762 bytes

This problem occurs with a different pc which I need to solve as soon as possible. Can you help me pls.
Foxkueh

foxkueh 0 Junior Poster · Answer 2 · 2010-02-03T17:17:45+00:00

Thanks Crunchie for the instruction. However I cannot find C:\WINDOWS\Svcpack\XPLODE.EXE for Jotti's to scan. That's number one.

Secondly, the dds.scr would not run. I disable all the protections and disconnect the internet connection. Then I double-click dds.scr, but it just opens the black window and immediately disappears. I checked Task Manager to confirm it is not running.

Pls advise how I can resolve these issures.

Thanks
foxkueh

foxkueh 0 Junior Poster · Answer 3 · 2010-02-04T04:43:47+00:00

Thanks Crunchie,

Run rkill.scr ok, but dds.scr still didn't run. No txt file.

Run exehelper ok, attach exehelper.txt if any use.

exeHelper by Raktor
Build 20091220
Run at 04:31:12 on 02/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Need further help from you, mate.

foxkueh

foxkueh 0 Junior Poster · Answer 4 · 2010-02-04T08:24:46+00:00

Thanks Crunchie,

Here are the logs for you advice:

ComboFix 10-02-03.04 - Administrator -02-04 星期四 9:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.2052.18.895.322 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* 防毒软件还在运行中

注意 - 这台电脑没有安装恢复控制台！！
.
Error: Cfiles.dat

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\BITS
c:\documents and settings\Administrator\Application Data\BITS\BITS.ini
c:\documents and settings\Administrator\Application Data\BITS\DHTTable.dat
c:\documents and settings\Administrator\Application Data\BITS\ProxyList.ini
c:\program files\StormII
d:\软件\网易闪电邮\Start.exe

.
((((((((((((((((((((((((( 2010-01-04 至 2010-02-04 的新的档案 )))))))))))))))))))))))))))))))
.

2010-02-03 20:06 . 2010-02-03 20:06 126208 ----a-w- c:\windows\system32\SmartPopup.dll
2010-02-03 20:06 . 2010-02-03 20:06 131840 ----a-w- c:\windows\system32\SmartClick.dll
2010-02-02 01:25 . 2010-02-02 01:25 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-02 01:24 . 2010-01-07 08:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 01:24 . 2010-02-02 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 01:24 . 2010-01-07 08:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 06:32 . 2010-02-01 05:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-01 05:41 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-01 05:40 . 2010-02-01 05:40 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-01 05:40 . 2010-02-01 05:40 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-01 05:40 . 2010-02-01 05:40 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-01 05:40 . 2010-02-01 05:40 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-01 05:40 . 2010-02-01 05:40 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-01 05:40 . 2010-02-01 05:40 389272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-01 05:40 . 2010-02-01 05:40 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-01 05:40 . 2010-02-01 05:40 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-02-01 05:36 . 2010-02-01 05:37 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-01 05:36 . 2010-02-01 05:36 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-01 05:36 . 2010-02-01 05:36 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-01 05:36 . 2010-02-01 05:36 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-01 05:36 . 2010-02-01 05:36 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-01 05:35 . 2010-02-01 05:36 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-01 05:35 . 2010-02-01 05:35 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-01 05:35 . 2010-02-01 05:35 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-01 05:35 . 2010-02-01 05:35 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-01 05:35 . 2010-02-01 05:35 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-01 05:33 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-01 05:30 . 2010-02-01 05:30 -------- d-----w- c:\program files\Lavasoft
2010-01-31 02:31 . 2010-01-31 02:31 -------- dc----w- c:\documents and settings\Administrator\Application Data\PPlive
2010-01-26 21:18 . 2010-01-26 21:18 132864 ----a-w- c:\windows\system32\SmartClickEx.dll
2010-01-25 05:17 . 2010-01-25 05:17 70372 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-25 05:15 . 2010-01-25 05:15 106496 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2010-01-25 05:15 . 2010-01-25 05:15 18718 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2010-01-25 05:15 . 2010-01-25 05:15 18718 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2010-01-25 05:15 . 2010-01-25 05:15 106496 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2010-01-25 05:15 . 2010-01-25 05:15 106496 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2010-01-25 05:14 . 2010-01-25 05:15 -------- d-----w- c:\program files\Common Files\Tencent
2010-01-25 05:14 . 2010-01-25 05:14 652616 ----a-w- c:\documents and settings\Administrator\Application Data\tencent\QQ\STemp\QQpinyinDL~0\QQPinyinDownload\QQDownload.dll
2010-01-25 05:14 . 2010-01-25 05:14 210248 ----a-w- c:\documents and settings\Administrator\Application Data\tencent\QQ\STemp\QQpinyinDL~0\QQPinyinDownload\QQPinyinDownload.exe
2010-01-25 05:13 . 2010-01-25 05:17 31048 ------r- c:\documents and settings\Administrator\Application Data\tencent\QQ\SafeBase\SelfUpdate.exe
2010-01-25 03:19 . 2010-02-01 05:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-22 04:39 . 2010-01-22 04:39 -------- d-----w- c:\documents and settings\LocalService\桌面
2010-01-22 03:59 . 2010-01-22 03:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\unispim6
2010-01-22 03:09 . 2010-02-01 05:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-22 02:31 . 2010-01-22 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-22 01:33 . 2010-01-22 01:33 388096 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-22 01:33 . 2010-01-22 01:33 -------- d-----w- c:\program files\TrendMicro
2010-01-12 19:42 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 19:42 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-12 19:42 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-12 19:37 . 2010-01-12 19:37 -------- d-----w- c:\program files\PPLive
2010-01-12 19:36 . 2010-01-12 19:37 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2010-01-09 06:30 . 2010-01-09 06:30 -------- d-----w- C:\Ｃ盘临时移出文件
2010-01-09 02:05 . 2010-01-09 02:05 115200 ----a-w- c:\program files\SOFTCH~1.EXE
2010-01-05 09:53 . 2010-01-05 09:53 192512 -c----w- c:\windows\system32\dllcache\iepeers.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 20:55 . 2007-07-03 10:33 57344 ----a-w- c:\windows\system32\wuauclr.exe
2010-02-03 20:55 . 2007-07-03 10:33 34304 ----a-w- c:\windows\system32\olemaskvr.dll
2010-02-03 20:55 . 2007-07-03 10:33 31744 ----a-w- c:\windows\system32\mspmsnsvr.dll
2010-02-02 04:09 . 2008-11-17 00:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-02-01 08:08 . 2009-12-21 07:38 -------- d-----w- c:\program files\快捷方式
2010-01-31 22:19 . 2009-12-21 09:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AddressBar
2010-01-31 05:12 . 2009-11-15 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2010-01-31 05:10 . 2009-05-21 21:21 30 ----a-w- c:\windows\system32\mylk.dat
2010-01-30 23:36 . 2009-12-21 07:39 -------- dc----w- c:\documents and settings\Administrator\Application Data\AddressBar
2010-01-30 07:10 . 2009-02-14 21:53 3860 ----a-w- c:\windows\system32\cid_store.dat
2010-01-30 01:48 . 2007-07-03 12:01 -------- d-----w- c:\program files\Google
2010-01-25 05:16 . 2007-09-28 03:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\tencent
2010-01-23 20:28 . 2009-11-08 00:18 135424 ----a-w- c:\windows\system32\SmartSearch.dll
2010-01-13 08:04 . 2007-07-04 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 23:17 . 2009-11-11 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLive
2010-01-12 19:37 . 2009-11-11 02:52 -------- d-----w- c:\program files\PPLiveVA
2010-01-12 19:37 . 2009-01-19 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PPLiveVA
2010-01-11 20:12 . 2009-02-25 08:52 6005616 ----a-w- c:\documents and settings\Administrator\Application Data\PPLiveVA\PPVAUpdate\PPVAUpdate.exe
2010-01-05 09:53 . 2007-03-14 05:23 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:52 . 2007-03-14 05:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:52 . 2007-03-14 05:23 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-21 07:54 . 2009-12-21 07:54 342472 ----a-w- c:\windows\system32\upimlib.dll
2009-12-21 07:54 . 2009-06-07 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\unispim6
2009-12-21 07:53 . 2009-12-21 07:53 -------- d-----w- c:\program files\Thunisoft
2009-12-16 06:42 . 2009-12-26 06:57 872960 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 06:42 . 2009-12-26 06:57 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 06:42 . 2009-12-26 06:57 340480 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 06:41 . 2009-12-26 06:57 346624 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-09 22:43 . 2009-10-09 21:24 1786 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-09 22:43 . 2007-03-14 05:23 41444 ----a-w- c:\windows\system32\prfc0804.dat
2009-12-09 22:43 . 2007-03-14 05:23 120340 ----a-w- c:\windows\system32\prfh0804.dat
2009-12-09 08:10 . 2007-07-03 10:35 87144 ----a-w- c:\documents and settings\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 06:22 . 2009-11-30 06:22 49664 ----a-w- c:\windows\system32\SmartDash.dll
2009-11-21 15:54 . 2007-03-14 05:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 07:37 . 2007-08-31 00:45 31048 -c--a-w- c:\documents and settings\Administrator\Application Data\QQ\59B848686BA6270269CE15953350482D\qqdoctor\selfupdate.exe
2009-06-24 05:21 . 2009-07-29 07:16 190 ----a-w- c:\program files\快捷上网.url
2008-07-04 02:33 . 2008-12-07 10:09 24576 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
2009-01-12 11:45 . 2009-02-14 21:51 36864 ----a-w- c:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-01-12 11:45 . 2009-02-14 21:51 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 91FF07895928E71F83A18F7247860EDE . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"PPLiveVA"="c:\program files\PPLive\PPVA\PPLiveVA.exe" [2009-12-30 71152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-28 1218008]
"Malwarebytes Anti-Malware (reboot)"="d:\软件\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-13 7626752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\XPtoVista\Logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^「开始」菜单^程序^启动^快捷方式.lnk]
path=c:\documents and settings\Administrator\「开始」菜单\程序\启动\快捷方式.lnk
backup=c:\windows\pss\快捷方式.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-10 19:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-01 01:21 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2003-01-21 07:19 40960 ----a-w- c:\windows\VM_STI.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:13 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-23 23:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 07:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2007-03-14 05:23 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Pinyin IME Migration]
2008-11-03 20:24 33128 ----a-w- c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2007-09-13 08:59 69688 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 06:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-07-13 05:19 7626752 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-07-13 05:19 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-07-13 05:19 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2007-03-14 05:23 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2007-03-14 05:23 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP]
2010-01-21 09:15 173512 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPLiveVA]
2009-12-30 09:15 71152 ----a-w- c:\program files\PPLive\PPVA\PPLiveVA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 07:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-21 09:11 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 08:07 2260480 --sha-r- d:\软件\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-18 02:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-09-13 08:59 185680 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\软件\\Powerword 2007\\update.exe"=
"d:\\软件\\QQLive\\MiniQQLive.exe"=
"d:\\软件\\storm2\\Storm.exe"=
"d:\\软件\\storm2\\stormliv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\酷我音乐盒\\KwMusic.exe"=
"d:\\酷我音乐盒\\KwMV.exe"=
"d:\\软件\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\酷6网\\极速酷6\\Ku6SpeedUpper.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPLiveVA.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPLiveVA_U.exe"=
"c:\\Program Files\\PPLive\\PPVA\\FlvPick.exe"=
"c:\\Program Files\\PPLive\\PPVA\\crashreporter.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPVADownload.exe"=
"c:\\Program Files\\PPLive\\PPVA\\DownloadProgress.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-1 13:41 64288]
R2 ccosm;Contrl Center of Storm Media;d:\软件\storm2\stormliv.exe [2008-3-11 14:33 475136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-2 21:19 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-11-10 203280]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-8-22 13:08 685816]
S2 gupdate;Google 更新服务 (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-1-30 9:48 135664]
S3 npkycryp;npkycryp;\??\c:\windows\system32\npkycryp.sys --> c:\windows\system32\npkycryp.sys [?]
S3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\rtl8180.sys [2007-7-3 19:30 184320]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
‘计划任务’ 文件夹里的内容

2010-02-04 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:35]

2010-02-04 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:35]

2010-02-04 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:35]

2010-02-04 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:35]

2010-02-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 05:35]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:48]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 01:48]

2009-11-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-10 04:22]

2009-11-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-10 04:22]

2010-02-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-09 14:18]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.so11.cn/?R1
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bb2000.net/
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google 边栏评注... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: iSee 保存所有图片 - d:\program files\iSee\iSeeSavePicAll.htm
IE: iSee保存Flash - d:\program files\iSee\iSeeSaveFlash.htm
IE: iSee保存所有图片 - d:\program files\iSee\iSeeSavePicAll.htm
IE: iSee读取Exif - d:\program files\iSee\iSeeReadExif.htm
IE: 使用光影编辑和美化 - d:\软件\nEO iMAGING\NeoOpenNeo.htm
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: 导出到 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 添加到QQ表情 - d:\软件\QQ\Bin\AddEmotion.htm
IE: 通过网易闪电邮发送 - d:\软件\网易闪电邮\data\getcontent.htm
DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} - hxxp://m51.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rlz=1R0GGGL_zh-CN
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1vo47hzc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\google\Picasa3\npPicasa3.dll
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-FlashMail - d:\软件\网易闪电邮\Start.exe
HKU-Default-RunOnce-3 - c:\windows\Svcpack\XPLODE.EXE
MSConfigStartUp-FlashMail - d:\软件\网易闪电邮\Start.exe
MSConfigStartUp-iSeeTray - d:\软件\Program Files\iSee\iSee.exe
MSConfigStartUp-KuGoo3 - c:\program files\KuGoo3\KuGoo.exe
MSConfigStartUp-Picasa Media Detector - d:\picasa2\PicasaMediaDetector.exe
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-QQ2008 - d:\软件\QQ\uninst.exe
AddRemove-飞速土豆 - d:\飞速tudou\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 10:04
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程。。。

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-507921405-776561741-725345543-500\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-507921405-776561741-725345543-500\Software\ACD Systems\EditLib\Presets\+R *2*]
"调暗"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,3c,
63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,45,78,70,6f,73,75,72,65,4c,65,76,\
"加亮阴影"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,
3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,45,78,70,6f,73,75,72,65,4c,65,\
"仅限中间调"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,
3e,3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,45,78,70,6f,73,75,72,65,4c,\

[HKEY_USERS\S-1-5-21-507921405-776561741-725345543-500\Software\ACD Systems\EditLib\Presets\陙≧輋IQ *2*]
"提高对比度"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,
3e,3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,45,78,70,6f,73,75,72,65,41,\

[HKEY_USERS\S-1-5-21-507921405-776561741-725345543-500\Software\ACD Systems\EditLib\Presets\4杚_/*貧IQ]
"调亮/调暗"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,
3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,4c,43,45,3c,2f,6e,61,6d,65,3e,\
"仅限调暗"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,
3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,4c,43,45,3c,2f,6e,61,6d,65,3e,\
"仅限调亮"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,
3c,63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,4c,43,45,3c,2f,6e,61,6d,65,3e,\
"默认值"=hex:3c,3f,78,6d,6c,20,76,65,72,73,69,6f,6e,3d,22,31,2e,30,22,3f,3e,3c,
63,6f,6d,6d,61,6e,64,3e,3c,6e,61,6d,65,3e,4c,43,45,3c,2f,6e,61,6d,65,3e,3c,\

[HKEY_USERS\S-1-5-21-507921405-776561741-725345543-500\Software\Microsoft\Internet Explorer\MenuExt\鹠燫0RQ*Q*h埮`]
@="d:\\软件\\QQ\\Bin\\AddEmotion.htm"
"contexts"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Classes\*\shell\ *~v*NN購*N噀鯪\command]
@="\"c:\\\\Program Files\\\\Internet Explorer\\\\iexplore.exe\" http://www.sw777.cn/s/?%1"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MenuExt\鹠燫0RQ*Q*h埮`]
"contexts"=dword:00000002
@="d:\\软件\\QQ\\Bin\\AddEmotion.htm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.ATL\\Microsoft.VC80.ATL.manifest"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.CRT\\Microsoft.VC80.CRT.manifest"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.MFCLOC\\Microsoft.VC80.MFCLOC.manifest"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.MFC\\Microsoft.VC80.MFC.manifest"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.Windows.GdiPlus\\Microsoft.Windows.GdiPlus.Manifest"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.ATL\\8.0.50727.4053.policy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.CRT\\8.0.50727.4053.policy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_3c7113f3\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.MFCLOC\\8.0.50727.4053.policy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_fb80a995\Codebases\F_d:\;*e*c*c*d*1*0*5*f*;*o忲n\QQ\Bin\QQ.exe]
"URL"="c:\\Documents and Settings\\Administrator\\Application Data\\Tencent\\QQ\\STemp\\~TXQQ2052~0\\SysDir\\Microsoft.VC80.MFC\\8.0.50727.4053.policy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*2*0*0*8*B*e*t*a*1*Hy弝Hr\Components\SectionQQ]
"Installed"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\裇愺?*O*n*e*N*o*t*e* *2*0*0*7*\DsDriver]
"printBinNames"=multi:"默认纸盒\00\00"
"printColor"=hex:01
"printMaxXExtent"=dword:00000076
"printMaxYExtent"=dword:00000000
"printMinXExtent"=dword:00000076
"printMinYExtent"=dword:00000000
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00A3\00A4\00A5\00B4 (JIS)\00B5 (JIS)\00Japanese Postcard\00自定义大小\00\00"
"printMediaReady"=multi:"\00\00"
"printOrientationsSupported"=multi:"PORTRAIT\00\00"
"printMaxResolutionSupported"=dword:0000012c
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\裇愺?*O*n*e*N*o*t*e* *2*0*0*7*\DsSpooler]
"description"=""
"driverName"="Send To Microsoft OneNote Driver"
"location"=""
"portName"=multi:"Send To Microsoft OneNote Port:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="发送至 OneNote 2007"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"="发送至 OneNote 2007"
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\PARENTS\\发送至 OneNote 2007"
"versionNumber"=dword:00000004
"serverName"="PARENTS"
"shortServerName"="PARENTS"
"flags"=dword:00000000
"url"="http://PARENTS/发送至 OneNote 2007"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \DsDriver]
"printBinNames"=multi:" 自动选择\00 主纸盘\00 照片纸盒\00\00"
"printCollate"=hex:01
"printColor"=hex:01
"printDuplexSupported"=hex:01
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:0000086f
"printMaxYExtent"=dword:00001dc4
"printMinXExtent"=dword:000002fa
"printMinYExtent"=dword:000004e1
"printMediaSupported"=multi:"Letter\00Legal\00Executive\00A4\00A5\00B5 (JIS)\00Envelope #10\00A6\0010x15 厘米\0010x15 厘米（带裁剪边）\0013x18 厘米\002L 127x178 毫米\004x6 英寸\004x6 英寸（带裁剪边）\005x7 英寸\008x10 英寸\00照片卡 10x20 厘米（带裁剪边）\00照片卡，4x8 英寸（带裁剪边）\00无边界 10x15 厘米\00无边界 10x15 厘米（带裁剪边）\00无边界 8x10 英寸\00无边界 4x6 英寸\00无边界 4x6 英寸（带裁剪边）\00无边界 5x7 英寸\00无边界 13x18 厘米\00无边界 8.5x11 英寸\00无边界 A4，210x297 毫米\00无边界 cabinet 120x165 毫米\00无边界 hagaki 100x148 毫米\00无边界 A5，148x210 毫米\00无边界双面 A4，210x594 毫米\00无边界 A6\00无边界 B5，182x257 毫米\00无边界 L 89x127 毫米\003.5x5 英寸\00无边界 3.5x5 英寸\00无边界全景 4x10 英寸\00无边界全景 4x11 英寸\00无边界全景 4x12 英寸\00无边界全景 10x30 厘米\00无边界全景 10x25 厘米\00无边界全景 10x28 厘米\00无边界 2L 127x178 毫米\00Cabinet 尺寸 120x165 毫米\00A2 信封\00C6 信封\00DL 信封\00Hagaki 100x148 毫米\00索引卡 3x5 英寸\00索引卡 4x6 英寸\00索引卡 5x8 英寸\00日式信封 #2 111x146 毫米\00日式信封 #3，120x235 毫米\00日式信封 #4，90x205 毫米\00L 89x127 毫米\00Ofuku hagaki\00全景 4x10 英寸\00全景 4x11 英寸\00全景 4x12 英寸\00全景 10x25 厘米\00全景 10x28 厘米\00全景 10x30 厘米\00无边界卡 10x20 厘米（带裁剪边）\00无边界 B7\00无边界卡 4x8 英寸（带裁剪边）\00卡片信封 4.4x6 英寸\00HV\00无边界 HV\00B7\00全景双面 A4，210x594 毫米\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000006
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00"
"printRateUnit"="PagesPerMinute"
"driverVersion"=dword:00000401

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \DsSpooler]
"description"=""
"driverName"="HP Photosmart C8100 series"
"location"=""
"portName"=multi:"\\\\GOOGLYBEAR\\HPPhotos\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="在 GOOGLYBEAR 上自动 HP Photosmart C8100 series"
"printKeepPrintedJobs"=hex:00
"printSeparatorFile"=""
"printShareName"=""
"printSpooling"="PrintWhileSpooling"
"priority"=dword:00000001
"uNCName"="\\\\PARENTS\\在 GOOGLYBEAR 上自动 HP Photosmart C8100 series"
"versionNumber"=dword:00000004
"serverName"="PARENTS"
"shortServerName"="PARENTS"
"flags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \HPPresetRoot]
"HPRestrictedUserGuid"="4621b228-c361-43bc-3aba-9fcf83adb7ed"
"PresetPoolMaxIndexCount"=hex:0a,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \HPPresetRoot\PresetPoolData]
"PresetPool:0"=hex:94,11,00,00,15,00,00,00,52,00,00,00,20,00,d8,9e,a4,8b,53,62,
70,53,be,8b,6e,7f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:1"=hex:a6,11,00,00,15,00,00,00,52,00,00,00,00,4e,2c,82,e5,65,38,5e,
53,62,70,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:2"=hex:18,12,00,00,15,00,00,00,52,00,00,00,67,71,47,72,53,62,70,53,
2d,00,e0,65,b9,8f,4c,75,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:3"=hex:c6,11,00,00,15,00,00,00,52,00,00,00,67,71,47,72,53,62,70,53,
2d,00,26,5e,7d,76,72,82,b9,8f,46,68,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:4"=hex:a2,11,00,00,15,00,00,00,52,00,00,00,cc,53,62,97,53,62,70,53,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:5"=hex:96,11,00,00,15,00,00,00,52,00,00,00,14,6f,3a,79,53,62,70,53,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:6"=hex:8a,11,00,00,15,00,00,00,52,00,00,00,eb,5f,1f,90,2f,00,cf,7e,
4e,6d,53,62,70,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:7"=hex:c0,11,00,00,15,00,00,00,52,00,00,00,0e,66,e1,4f,47,72,53,62,
70,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:8"=hex:bc,11,00,00,15,00,00,00,52,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"PresetPool:9"=hex:ac,11,00,00,15,00,00,00,52,00,00,00,e5,5d,82,53,d8,9e,a4,8b,
be,8b,6e,7f,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \HPPresetRoot\WatermarkPoolData]
"WatermarkPool:0"=hex:20,00,5b,00,e0,65,5d,00,00,00,00,20,00,5b,00,e0,65,5d,00,
00,00,00,41,00,72,00,69,00,61,00,6c,00,00,00,00,34,00,00,00,50,00,00,00,00,\
"WatermarkPool:1"=hex:3a,67,c6,5b,00,00,00,3a,67,c6,5b,00,00,00,41,00,72,00,69,
00,61,00,6c,00,00,00,00,34,00,00,00,48,00,00,00,00,01,01,c0,c0,c0,00,00,00,\
"WatermarkPool:2"=hex:49,83,3f,7a,00,00,00,49,83,3f,7a,00,00,00,41,00,72,00,69,
00,61,00,6c,00,00,00,00,34,00,00,00,48,00,00,00,00,01,01,c0,c0,c0,00,00,00,\
"WatermarkPool:3"=hex:37,68,8b,4f,00,00,00,37,68,8b,4f,00,00,00,41,00,72,00,69,
00,61,00,6c,00,00,00,00,34,00,00,00,48,00,00,00,00,01,01,c0,c0,c0,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(W G O O G L Y B E A R
N陙≧ H P P h o t o s m a r t C 8 1 0 0 s e r i e s \PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="HP Photosmart c8100 series"
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,58,dd,09,20,08,\
"FeatureKeywordSize"=dword:00000109
"FeatureKeyword"=hex:44,75,70,6c,65,78,55,6e,69,74,00,4e,6f,74,49,6e,73,74,61,
6c,6c,65,64,00,0a,48,50,50,72,6e,50,72,6f,70,52,65,73,6f,75,72,63,65,44,61,\
"Forms?"=dword:2009dd58
"HPTrayCount"=dword:00000000
"HPTRAYINFOREGDATA"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"DMCStatus"=dword:00000000
"DMCExportOnly"="True"
"InstallationComplete"=dword:00000000
"PrinterPropertiesPermission"=dword:00000001
"ConvertTicketModule"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\HPZC35ha.DLL"
"ConvertTicketModule32"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\HPZC35ha.DLL"
"DMCModule32"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\HPCDMC32.DLL"
"HPRegionalPenErrorRecovery"=dword:00000001
"HPSupportRegionalPenQuery"=dword:00000001
"HPDynCtrDigits"=dword:00000005
"HPPrintingLanguage"=dword:00000004
"CombinedMediaStatus"=dword:00000000
"TrayFormTable"=multi:"主纸盘\00A4\000\00照片纸盒\000\000\00\00"
"TrayFormMapSize"=dword:00000021
"TrayFormMap"=hex:55,70,70,65,72,54,72,61,79,00,09,00,00,00,50,68,6f,74,6f,54,
72,61,79,00,00,00,00,00,00,00,00,00,00
"TrayFormKeywordSize"=dword:00000029
"TrayFormKeyword"=hex:55,70,70,65,72,54,72,61,79,00,41,34,3a,48,65,77,6c,65,74,
74,2d,50,61,63,6b,61,72,64,00,50,68,6f,74,6f,54,72,61,79,00,00,00
"HPDUMMY"=dword:00000000
"HPFormCount"=dword:00000003
"HPFORMINFOREGDATA"=hex:05,00,00,00,9f,00,00,00,00,00,00,00
"HPCustomMinLength"=dword:0001e828
"HPCustomMaxLength"=dword:000ba090
"HPCustomMaxWidth"=dword:00034b5c
"HPCustomMinWidth"=dword:000129a8
"MaxPaperWidth"=dword:0000086f
"InstallDate"="02/24/2009:06:23"
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\windows\system32\UNISPIM6.IME
.
完成时间: 2010-02-04 10:07:58
ComboFix-quarantined-files.txt 2010-02-04 02:07

Pre-Run: 4,413,751,296 可用字节
Post-Run: 4,799,832,064 可用字节

- - End Of File - - DD2F5740DF6E8A9BEB3E14A9766C8555
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:13:44, on 2010-2-4
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\软件\storm2\stormliv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\conime.exe
D:\软件\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O1 - Hosts: 60.209.152.204 www.kzdh.com
O1 - Hosts: 60.209.152.204 www.6781.com
O1 - Hosts: 60.209.152.204 www.i2345.cn
O1 - Hosts: 60.209.152.204 www.haokan123.com
O1 - Hosts: 60.209.152.204 www.365wz.net
O1 - Hosts: 60.209.152.204 www.5d5e.com
O1 - Hosts: 60.209.152.204 www.112r.com
O1 - Hosts: 60.209.152.204 www.32e.com
O1 - Hosts: 60.209.152.204 www.77177.com
O1 - Hosts: 60.209.152.204 www.daluobo.cn
O1 - Hosts: 60.209.152.204 www.haha111.com
O1 - Hosts: 60.209.152.204 www.15wz.com
O1 - Hosts: 60.209.152.204 www.fm5566.com
O1 - Hosts: 60.209.152.204 www.9798.net
O1 - Hosts: 60.209.152.204 www.s565.com
O1 - Hosts: 60.209.152.204 www.345s.com
O1 - Hosts: 60.209.152.204 www.110wz.com
O1 - Hosts: 60.209.152.204 www.6dh.com
O1 - Hosts: 60.209.152.204 www.tt98.com
O1 - Hosts: 60.209.152.204 www.85851.com
O1 - Hosts: 60.209.152.204 www.66d8.cn
O1 - Hosts: 60.209.152.204 www.baihu.cn
O1 - Hosts: 60.209.152.204 www.hang123.com
O1 - Hosts: 60.209.152.204 www.17909.com
O1 - Hosts: 60.209.152.204 www.838.cc
O1 - Hosts: 60.209.152.204 www.ee258.com
O1 - Hosts: 60.209.152.204 www.gjj.cc
O1 - Hosts: 60.209.152.204 www.1188.com
O1 - Hosts: 60.209.152.204 www.go2000.com
O1 - Hosts: 60.209.152.204 www.go2000.cn
O1 - Hosts: 60.209.152.204 www.1116.cn
O1 - Hosts: 60.209.152.204 www.365j.com
O1 - Hosts: 60.209.152.204 www.8687.cn
O1 - Hosts: 60.209.152.204 www.15151.cn
O1 - Hosts: 60.209.152.204 www.v2233.com
O1 - Hosts: 60.209.152.204 www.iq123.com
O1 - Hosts: 60.209.152.204 www.4688.com
O1 - Hosts: 60.209.152.204 www.fala123.cn
O1 - Hosts: 60.209.152.204 www.3110.cn
O1 - Hosts: 60.209.152.204 www.haoz123.cn
O1 - Hosts: 60.209.152.204 www.85vv.com
O1 - Hosts: 60.209.152.204 www.ok100.net.cn
O1 - Hosts: 60.209.152.204 www.ai1234.com
O1 - Hosts: 60.209.152.204 www.11227.cn
O1 - Hosts: 60.209.152.204 www.669dh.cn
O1 - Hosts: 60.209.152.204 www.kaka888.com
O1 - Hosts: 60.209.152.204 www.qq5.com
O1 - Hosts: 60.209.152.204 www.you2000.cn
O1 - Hosts: 60.209.152.204 www.yy2000.net
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\软件\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLive\PPVA\DownloaderManager.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\软件\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscri
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google 边栏评注... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: iSee 保存所有图片 - d:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee保存Flash - d:\Program Files\iSee\iSeeSaveFlash.htm
O8 - Extra context menu item: iSee保存所有图片 - d:\Program Files\iSee\iSeeSavePicAll.htm
O8 - Extra context menu item: iSee读取Exif - d:\Program Files\iSee\iSeeReadExif.htm
O8 - Extra context menu item: 使用光影编辑和美化 - D:\软件\nEO iMAGING\NeoOpenNeo.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\软件\QQ\Bin\AddEmotion.htm
O8 - Extra context menu item: 通过网易闪电邮发送 - D:\软件\网易闪电邮\data\getcontent.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\软件\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\软件\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {6AD31948-2ED9-4A2B-85EA-105DD4F656B4} - (no file) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} (ScreenCapture Class) - http://m51.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - D:\软件\storm2\stormliv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google 更新服务 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11133 bytes

foxkueh 0 Junior Poster · Answer 5 · 2010-02-04T08:25:02+00:00