[2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan] C:\WINNT\SYSTEM32\3.TMP C:\WINNT\SYSTEM32\6.TMP C:\WINNT\SYSTEM32\AJCBWIBC.DLL C:\WINNT\SYSTEM32\AJMHPSQD.DLL C:\WINNT\SYSTEM32\BDKEETFB.DLL C:\WINNT\SYSTEM32\CWOEZLZE.DLL C:\WINNT\SYSTEM32\DB2D9172.DLL C:\WINNT\SYSTEM32\DFTHULKF.DLL C:\WINNT\SYSTEM32\DXIBRNAQ.DLL C:\WINNT\SYSTEM32\JHTZSKEJ.DLL C:\WINNT\SYSTEM32\JVTFARUV.DLL C:\WINNT\SYSTEM32\KRONFLGM.DLL C:\WINNT\SYSTEM32\KSUSERFY.TMP C:\WINNT\SYSTEM32\LKANADAQ.DLL C:\WINNT\SYSTEM32\QQPQDSEZ.DLL C:\WINNT\SYSTEM32\RPCSS.DLL.BKP20 C:\WINNT\SYSTEM32\SVTEPPSK.EXE C:\WINNT\SYSTEM32\THVKYRHR.DLL C:\WINNT\SYSTEM32\UJOQJFGF.DLL C:\WINNT\SYSTEM32\UMRDMJFZ.DLL C:\WINNT\SYSTEM32\YJCZVOPF.TMP C:\WINNT\SYSTEM32\ZFXZAJBX.DLL C:\WINNT\SYSTEM32\ZQJHVBVA.DLL D:\TEMP\RGMGIZBV.TMP D:\TEMP\SV1E.TMP D:\TEMP\SV5.TMP D:\TEMP\UQRFEDQM.TMP D:\TEMP\WOWINITCODE.DAT D:\TEMP\WVICMOGE.TMP D:\TEMP\ZFNTPZUE.TMP D:\TEMP\~01AFF3.TMP D:\TEMP\~028FF1.TMP D:\TEMP\~04C9FB.TMP HKEY_CLASSES_ROOT\CLSID\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DB2D9172-BDCF-432E-8AF3-8D2688F850DE} [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [G_Server] C:\WINNT\SYSTEM32\KSUSERFY.DLL [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [System] C:\WINNT\SYSTEM32\SYSTEM.EXE [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [QQ Toolbar] C:\PROGRAM FILES\TENCENT\QQTOOLBAR\ C:\PROGRAM FILES\TENCENT\QQTOOLBAR\IEBAR.DLL HKEY_CLASSES_ROOT\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} HKEY_CLASSES_ROOT\CLSID\{FB46BBEE-B3D5-46BF-94F4-A6C1A17F0A28} HKEY_CLASSES_ROOT\SOSOIEBAR.IEBAROBJ HKEY_CURRENT_USER\SOFTWARE\TENCENT\QQTOOLBAR HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{29CF293A-1E7D-4069-9E11-E39698D0AF95} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FB46BBEE-B3D5-46BF-94F4-A6C1A17F0A28} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SOSOIEBAR.IEBAROBJ HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{29CF293A-1E7D-4069-9E11-E39698D0AF95} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QQTOOLBAR HKEY_LOCAL_MACHINE\SOFTWARE\TENCENT\QQTOOLBAR [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.psw.avx] C:\WINNT\SYSTEM32\4BF9CBA3.DLL C:\WINNT\SYSTEM32\4C70249.SYS C:\WINNT\SYSTEM32\53360697.DLL C:\WINNT\SYSTEM32\8566F82E.DLL C:\WINNT\SYSTEM32\D91BC61E.DLL C:\WINNT\SYSTEM32\GDIPRO.DLL C:\WINNT\SYSTEM32\HBMHLY.DLL C:\WINNT\SYSTEM32\HBSOUL.DLL C:\WINNT\SYSTEM32\RINGTTE.DLL C:\WINNT\SYSTEM32\SVTEPPS.DLL C:\WINNT\SYSTEM32\SYS05015.ADD C:\WINNT\SYSTEM32\SYS05015.DLL C:\WINNT\SYSTEM32\SYS07008.ADD C:\WINNT\SYSTEM32\SYS07008.DLL HKEY_CLASSES_ROOT\CLSID\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_CLASSES_ROOT\CLSID\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_CLASSES_ROOT\CLSID\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} HKEY_CLASSES_ROOT\CLSID\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_CLASSES_ROOT\CLSID\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_CLASSES_ROOT\CLSID\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_CLASSES_ROOT\CLSID\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_CLASSES_ROOT\CLSID\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_CLASSES_ROOT\CLSID\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_CLASSES_ROOT\CLSID\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_CLASSES_ROOT\CLSID\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{3474A8C2-BEF9-46C8-983A-A26A0030EC30} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{432BDC7C-DE5B-43F4-AA81-E7F8AFB0182D} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4BD36A11-8E6A-47BD-A49E-740D8ACF73A0} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4EFDDEBE-303C-4D1A-8C9E-E4F215C43651} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{53360697-E270-4F80-AD5D-6FB518F03D24} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{76D44356-B494-443A-BEDC-AA68DE4255E6} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C4C78494-4D05-4614-8CF2-03F1C4276C8A} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C56BCC10-503E-43AB-B208-3CD37FCFCE40} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D1CC9DC6-F0BC-40FC-9552-E497B05E05B8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F0C9FBC2-6FA2-479D-B65D-F9D65C613ECC} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\C56BCC1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\D4F876 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\C56BCC1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\D4F876 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\4C70249 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C56BCC1 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\D4F876 [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Uncorrect AppInit_DLLs] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00 [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Risk.vpsm.kck] C:\WINNT\SYSTEM32\1A.TMP [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Eyiruanjian Canliu] HKEY_CLASSES_ROOT\CLSID\{E0F3526A-4165-4589-80CD-50B6FBAC3BDA} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E0F3526A-4165-4589-80CD-50B6FBAC3BDA} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E0F3526A-4165-4589-80CD-50B6FBAC3BDA} [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.msosiocp.dosjisn] C:\WINNT\SYSTEM32\HBASKTAO.DLL C:\WINNT\SYSTEM32\HBBO.DLL C:\WINNT\SYSTEM32\HBDNF.DLL C:\WINNT\SYSTEM32\HBQQFFO.DLL C:\WINNT\SYSTEM32\HBTL.DLL HKEY_CLASSES_ROOT\CLSID\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_CLASSES_ROOT\CLSID\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_CLASSES_ROOT\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_CLASSES_ROOT\CLSID\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_CLASSES_ROOT\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_CLASSES_ROOT\CLSID\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_CLASSES_ROOT\CLSID\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_CLASSES_ROOT\CLSID\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{2CB77746-8ECC-40CA-8217-10CA8BE5EFC8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{495271CA-D0C6-4052-ABE6-5B01C73CDFB0} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{8566F82E-03A4-416E-AEAC-66600D8881F1} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{9CA963CA-107C-4089-B0AB-31380F90D7E3} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{BA4B5EBD-AB43-4C2B-84F5-F1AD85E79E4A} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DA56B183-A731-402B-9235-2CB8803E212D} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F0930A2F-D971-4828-8209-B7DFD266ED44} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32 [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.xpserve.lsoss] C:\WINNT\SYSTEM32\495271CA.DLL C:\WINNT\SYSTEM32\9CA963CA.DLL [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.ytewcxzsw.wrew2ds] C:\WINNT\SYSTEM32\3474A8C2.DLL C:\WINNT\SYSTEM32\4EFDDEBE.DLL C:\WINNT\SYSTEM32\8882FA1.SYS C:\WINNT\SYSTEM32\C250CF20.DLL C:\WINNT\SYSTEM32\C551839.SYS C:\WINNT\SYSTEM32\C56BCC1.SYS C:\WINNT\SYSTEM32\C56BCC10.DLL C:\WINNT\SYSTEM32\D4F876.SYS C:\WINNT\SYSTEM32\E4814792.DLL C:\WINNT\SYSTEM32\KSUSERFY.NLS HKEY_CLASSES_ROOT\CLSID\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_CLASSES_ROOT\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D3112B69-A745-4805-874E-ABD480EA1299} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{C250CF20-5F89-4310-9854-4BC261FB14FB} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D3112B69-A745-4805-874E-ABD480EA1299} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_C551839 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\C551839 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_C551839 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\C551839 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_C551839 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\8882FA1 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C551839 [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.inityuser.go10] HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD\KSUSERFY.DLL [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Trojan.bndmss.wmel32] HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HBKERNEL32 HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\HBKERNEL32 HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HBKERNEL32 [2.8.1.8.0815 - 2.8.18.8.1014] 2008-10-15 16:51 [Maybe Useless object] C:\WINNT\SYSTEM32\DRIVERS\HBKERNEL32.SYS