[2.8.1.8.0815 - 2.8.9.8.0827]
2008-09-02 00:38
[Trojan]
C:\WINDOWS\SURHOST.DLL

[2.8.1.8.0815 - 2.8.9.8.0827]
2008-09-02 00:38
[Trojan.Blocker.surhost]
HKEY_CLASSES_ROOT\CLSID\{EBF22F53-896C-48B1-9986-0891F7709EC9}
HKEY_CLASSES_ROOT\SWIHOST.BLOCKER
HKEY_CLASSES_ROOT\SWIHOST.BLOCKER.1
HKEY_CLASSES_ROOT\TYPELIB\{07F17041-CD93-4D39-A2B6-39A49DCF8CF7}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EBF22F53-896C-48B1-9986-0891F7709EC9}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{EBF22F53-896C-48B1-9986-0891F7709EC9}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{07F17041-CD93-4D39-A2B6-39A49DCF8CF7}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EBF22F53-896C-48B1-9986-0891F7709EC9}

[2.8.1.8.0815 - 2.8.9.8.0827]
2008-10-30 16:18
[BaiduSuperSoBa]
C:\WINDOWS\SYSTEM32\IEXP_LOG.TXT

[2.8.1.8.0815 - 2.8.9.8.0827]
2008-10-30 16:18
[WanXiang Plugin]
HKEY_CLASSES_ROOT\CLSID\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}
HKEY_CLASSES_ROOT\SNAV.SEARCHHOOK
HKEY_CLASSES_ROOT\SNAV.SEARCHHOOK.1
HKEY_CLASSES_ROOT\TYPELIB\{4F87EBCD-FBF4-4ADD-980A-D9EDC6C8FDE5}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{4F87EBCD-FBF4-4ADD-980A-D9EDC6C8FDE5}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{635A7AFA-FB22-4A4E-8AB8-C85CFAB14626}

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:03
[U88]
HKEY_CLASSES_ROOT\INTERFACE\{CE7C3CEF-4B15-11D1-ABED-709549C10000}
HKEY_CLASSES_ROOT\TYPELIB\{CE7C3CE2-4B15-11D1-ABED-709549C10000}

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:03
[qyule]
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AA9742E6-AB51-48A8-831C-C1EB757C3E61}

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:03
[IEBar.KBBar]
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{CE7C3CEF-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{CE7C3CE2-4B15-11D1-ABED-709549C10000}

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:03
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:03
[BaiduSuperSoBa]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\BAIDU\
C:\WINDOWS\SOSUO.COL
C:\WINDOWS\SYSTEM32\IEXP_LOG.TXT
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B580CF65-E151-49C3-B73F-70B13FCA8E86}

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:49
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 16:49
[Wormdown.Brontok.ber]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSCONFIG.EXE\DEBUGGER

[2.8.1.8.0815 - 2.8.28.8.1109]
2008-11-14 17:12
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-14 19:21
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-14 22:41
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-14 22:58
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-14 23:36
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-15 00:04
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-15 03:26
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-15 03:39
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-15 12:17
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE

[2.8.1.8.0815 - 2.8.29.8.1111]
2008-11-15 13:22
[Trojan.psw.avx]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRAY.EXE