[2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\104281_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\107359_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\113484_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\128281_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\131609_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\135359_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\145078_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\151640_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\155218_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\161171_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\161328_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\164453_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\181718_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\184828_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\188031_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\205000_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\383468_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\397234_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\514859_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\523968_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\532265_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\55968_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\59734_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\74765_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7769078_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7793687_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7804000_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7813421_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7826593_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7838406_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7842375_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7850437_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7865796_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7887656_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7896687_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7899968_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7921093_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\7924421_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\89265_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\94968_XEEX.EXE C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CBSYSTEM.GIF C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\MIR1.MWV C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\TMP.TMP C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WDWSASYSTEM.GIF C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WLWZSYSTEM.GIF C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WSASYSTEM.GIF C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\ZXSYSTEM.GIF C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\~FRM.EXE C:\PROGRAM FILES\INTERNET EXPLORER\POWERJS.TMP C:\WINDOWS\SYSTEM32\AA02A.EXE C:\WINDOWS\SYSTEM32\AA04A.EXE C:\WINDOWS\SYSTEM32\AA05A.EXE C:\WINDOWS\SYSTEM32\AA06A.EXE C:\WINDOWS\SYSTEM32\AA07.EXE C:\WINDOWS\SYSTEM32\AA08B.EXE C:\WINDOWS\SYSTEM32\AA09.EXE C:\WINDOWS\SYSTEM32\AA11A.EXE C:\WINDOWS\SYSTEM32\AA12.EXE C:\WINDOWS\SYSTEM32\AA14.EXE C:\WINDOWS\SYSTEM32\AA15B.EXE C:\WINDOWS\SYSTEM32\AA17.EXE C:\WINDOWS\SYSTEM32\AA20.EXE C:\WINDOWS\SYSTEM32\AA22.EXE C:\WINDOWS\SYSTEM32\AA27A.EXE [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [cpush] C:\PROGRAM FILES\COMMON FILES\PUSHWARE\CPUSH.DLL C:\PROGRAM FILES\COMMON FILES\PUSHWARE\UNINST.EXE [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Ebay Shop] D:\收藏夹\当当网上购物.URL [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.psw.avx] C:\PROGRAM FILES\INTERNET EXPLORER\POWERJA.ASK HKEY_CLASSES_ROOT\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_CLASSES_ROOT\CLSID\{08CBFE20-8DC8-4195-B8E2-DD66F860469D} HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{08CBFE20-8DC8-4195-B8E2-DD66F860469D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{08CBFE20-8DC8-4195-B8E2-DD66F860469D} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{08CBFE20-8DC8-4195-B8E2-DD66F860469D} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Yiqilai] C:\WINDOWS\SYSTEM32\YQL_LYRICS_COMMON.DLL D:\收藏夹\一起来音乐社区.URL HKEY_CLASSES_ROOT\CLSID\{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [残留的快捷方式/收藏夹项目] D:\收藏夹\找到123网址导航.URL [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Risk program] HKEY_CLASSES_ROOT\CLSID\{1469CF14-258B-D136-F247-8BE1369CE137} HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1469CF14-258B-D136-F247-8BE1369CE137} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1469CF14-258B-D136-F247-8BE1369CE137} HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1469CF14-258B-D136-F247-8BE1369CE137} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.CCVOCServer.StremII] HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\APCDLI HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\APCDLI HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APCDLI [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.ytewcxzsw.wrew2ds] C:\WINDOWS\FONTS\KXBQRPA2MRNPEXKB.TTF C:\WINDOWS\SYSTEM32\DRIVERS\PCIDUMP.SYS [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.bndmss.wmel32] HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WMPOBJ HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\WMPOBJ HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WMPOBJ [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [TROJAN FILES 3] HKEY_CLASSES_ROOT\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.kxsws.ntd1l] HKEY_CLASSES_ROOT\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD} HKEY_CLASSES_ROOT\CLSID\{FC8F4603-4AB2-4A0D-B17F-886CC8AAAFD2} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{704C3595-DB85-40F6-A601-8D6F346907BD} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FC8F4603-4AB2-4A0D-B17F-886CC8AAAFD2} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.sniu.JaNT64] C:\PROGRAM FILES\INTERNET EXPLORER\JINGTTO.TOK HKEY_CLASSES_ROOT\CLSID\{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.FakeSpoolsv] HKEY_CLASSES_ROOT\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{76B9BA7A-81D0-4979-8598-8471F2AB5186} [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Trojan.funny_phok.SSODL] HKEY_CLASSES_ROOT\CLSID\{737858A9-9AEA-4838-9B49-54DA731F7F37} HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{737858A9-9AEA-4838-9B49-54DA731F7F37} HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MTLRD HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MTLRD HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_MTLRD HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\MTLRD HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_MTLRD HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MTLRD [2.8.2.8.1115 - 2.8.90.9.0428] 2009-04-30 20:16 [Maybe Useless object] C:\WINDOWS\SYSTEM32\08223B03.DLL C:\WINDOWS\SYSTEM32\2EF0D734.DLL C:\WINDOWS\SYSTEM32\704C3595.DLL C:\WINDOWS\SYSTEM32\76B9BA7A.DLL C:\WINDOWS\SYSTEM32\CCCA2FB9.DLL C:\WINDOWS\SYSTEM32\E4814792.DLL C:\WINDOWS\SYSTEM32\MTLRD.DLL C:\WINDOWS\SYSTEM32\UPDATER.EXE