[2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Vagaa] C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\VAGAA哇嘎画时代.LNK C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\VAGAA哇嘎画时代 C:\DOCUMENTS AND SETTINGS\请不要尝试破译密码\「开始」菜单\程序\VAGAA哇嘎画时代 C:\DOCUMENTS AND SETTINGS\请不要尝试破译密码\「开始」菜单\程序\启动VAGAA哇嘎.LNK HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&V使用VAGAA哇嘎下载 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VAGAA哇嘎_IS1 [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [51ditu Desktop] C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\我要地图 桌面版 C:\DOCUMENTS AND SETTINGS\ALL USERS\桌面\我要地图 桌面版.LNK C:\WINDOWS\51DITU.INI HKEY_CURRENT_USER\SOFTWARE\LINGTU\我要地图 桌面版 HKEY_LOCAL_MACHINE\SOFTWARE\LINGTU\我要地图 桌面版 HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{684181A7-2F81-4A32-8D82-F2E8528B0CBF} [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Soso Address Search] C:\WINDOWS\DOWNLOADED PROGRAM FILES\AFAIN.DLL C:\WINDOWS\DOWNLOADED PROGRAM FILES\HKBQOS.DLL C:\WINDOWS\DOWNLOADED PROGRAM FILES\XPOOJB.DLL C:\WINDOWS\SYSTEM32\DRIVERS\ADPROT.SYS HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0C7C23EF-A848-485B-873C-0ED954731014} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{669751ED-D558-49AE-B01A-3B374CC7910E} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{669751ED-D558-49AE-B01A-3B374CC7910E} [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Sogou Toolbar] C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\ C:\PROGRAM FILES\COMMON FILES\SOGOU PXP\P2PSVR.EXE HKEY_LOCAL_MACHINE\SOFTWARE\SOHU R&D HKEY_LOCAL_MACHINE\SOFTWARE\SOHU R&D\DOWNLOAD HKEY_LOCAL_MACHINE\SOFTWARE\SOHU R&D\RUN [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [BaiduSuperSoBa] C:\WINDOWS\SOSUO.COL HKEY_CLASSES_ROOT\INTERFACE\{A294F8EB-86D9-4C4A-8B3E-909253761C64} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{77FEF28E-EB96-44FF-B511-3185DEA48697} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7F05EE4-0426-454F-8013-C41E3596E9E9} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B580CF65-E151-49C3-B73F-70B13FCA8E86} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A294F8EB-86D9-4C4A-8B3E-909253761C64} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BDGUARD [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Trojan.psw.avx] C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\UNIXS32.JMP C:\WINDOWS\SYSTEM32\UPDATE.DAT HKEY_CLASSES_ROOT\CLSID\{EB9660D8-E1CD-4FF0-B4A9-00CD907F928A} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{EB9660D8-E1CD-4FF0-B4A9-00CD907F928A} [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [BoBoTurbo] C:\WINDOWS\SYSTEM32\BOBOTURBO\ C:\WINDOWS\SYSTEM32\BOBOTURBO\BOBOTURBO.EXE C:\WINDOWS\SYSTEM32\BOBOTURBO\BOBOTURBOUPDATE.EXE HKEY_CLASSES_ROOT\APPID\BOBOTURBO.EXE HKEY_CLASSES_ROOT\APPID\BOBO_ACTIVEX_V3.OCX HKEY_CLASSES_ROOT\APPID\{00BA02E8-245E-49CA-8E56-A4346051D0D7} HKEY_CLASSES_ROOT\APPID\{4D0377FC-5F57-4965-9794-5730E6C8B17C} HKEY_CLASSES_ROOT\BOBOTURBO.IBOBOTURBO HKEY_CLASSES_ROOT\BOBOTURBO.IBOBOTURBO.1 HKEY_CLASSES_ROOT\BOBO_ACTIVEX_V3.BOBO_V3CTRL.1 HKEY_CLASSES_ROOT\BOBO_ACTIVEX_V3.BOBO_V3CTRL.1.1 HKEY_CLASSES_ROOT\CLSID\{9C000BBF-24BD-4895-9CA3-CB280B6C1384} HKEY_CLASSES_ROOT\CLSID\{EC0978ED-24E3-403C-AB7A-060E388553E6} HKEY_CLASSES_ROOT\INTERFACE\{427D3B00-7D3F-4E90-A1CC-FB25E25E695D} HKEY_CLASSES_ROOT\INTERFACE\{AD873108-A523-4C3F-BEA9-50A5E62AAE02} HKEY_CLASSES_ROOT\INTERFACE\{BCA724B0-4F36-4D88-8565-07B3BF8BD247} HKEY_CLASSES_ROOT\TYPELIB\{B4B5DAFD-E6C5-4D5D-AEFE-C1482082CE64} HKEY_CLASSES_ROOT\TYPELIB\{C7A058B7-5894-4BE7-80A5-0F112884280E} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EC0978ED-24E3-403C-AB7A-060E388553E6} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BOBOTURBO.EXE HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\BOBO_ACTIVEX_V3.OCX HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{00BA02E8-245E-49CA-8E56-A4346051D0D7} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{4D0377FC-5F57-4965-9794-5730E6C8B17C} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOBOTURBO.IBOBOTURBO HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOBOTURBO.IBOBOTURBO.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOBO_ACTIVEX_V3.BOBO_V3CTRL.1 HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9C000BBF-24BD-4895-9CA3-CB280B6C1384} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{EC0978ED-24E3-403C-AB7A-060E388553E6} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{427D3B00-7D3F-4E90-A1CC-FB25E25E695D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{AD873108-A523-4C3F-BEA9-50A5E62AAE02} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{BCA724B0-4F36-4D88-8565-07B3BF8BD247} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{B4B5DAFD-E6C5-4D5D-AEFE-C1482082CE64} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C7A058B7-5894-4BE7-80A5-0F112884280E} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\ENUM\ROOT\LEGACY_BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_BOBOTURBO HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BOBOTURBO [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Risk program] C:\PDOSERR.DAT [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Adware.pkmhwhet] C:\WINDOWS\SYSTEM32\SJIS_EXT.NLS [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Trojan.ytewcxzsw.wrew2ds] C:\EMSF.BAT C:\WINDOWS\SYSTEM32\LWEURQHX.NLS C:\WINDOWS\SYSTEM32\XOLEHLPJH.NLS [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Unknown Trojan Horse/Virus] C:\1.EXE [2.8.1.8.0815 - 2.8.11.8.0904] 2008-09-06 18:49 [Maybe Useless object] C:\WINDOWS\SYSTEM32\DRIVERS\MSIFFEI.SYS C:\WINDOWS\SYSTEM32\HBMHLY.DLL