ComboFix 11-03-03.02 - Administrator 04.03.2011 9:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2047.1392 [GMT 1:00] 执行位置: c:\documents and settings\hez\Desktop\ComboFix.exe AV: F-Secure Anti-Virus for Workstations 9.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} 注意 - 这台电脑没有安装恢复控制台 !! . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\360Downloads c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Application Data\Tiger Install c:\documents and settings\All Users\Application Data\Tiger Install\{926F1559-5D56-4F7D-93E8-3AB61F68EC6A} c:\documents and settings\All Users\Application Data\Tiger Install\{926F1559-5D56-4F7D-93E8-3AB61F68EC6A}.Dat c:\documents and settings\hez\Application Data\360SE c:\documents and settings\hez\Application Data\360SE\pd\pd.ini c:\documents and settings\hez\Application Data\Clue c:\documents and settings\hez\Application Data\Clue\Clue.ini c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303185334.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303190433.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303191245.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303192335.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303193949.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303194808.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303195853.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303200940.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303201221.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303202324.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303203412.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303204220.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303205310.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303210356.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303211441.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303212819.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303213911.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303214717.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303215243.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303220341.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303221427.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303222232.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303223326.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303224415.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303225222.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303230309.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303231354.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303232438.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303233245.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303234337.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100303235427.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304000236.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304001321.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304002412.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304003221.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304004313.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304005401.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304010452.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304011822.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304012910.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304013958.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304014251.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304015341.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304020429.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304021237.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304022331.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304023419.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304024224.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304025319.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304030406.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304031220.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304032332.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304033425.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304034232.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304035328.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304040438.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304041813.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304042901.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304043715.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304044243.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030320100304045331.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304050246.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304051320.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304052916.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304053948.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304054751.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304055309.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304060359.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304061433.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304062236.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304063326.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304064415.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304065226.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304070338.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304071425.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304072230.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304073318.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304074413.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304075743.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304080833.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304081920.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304082443.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304083252.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304084343.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304085435.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304090304.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304091351.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304092441.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304093305.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304094945.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304095751.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304100841.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304101941.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304102745.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304103837.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304104932.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304105740.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304110841.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304111938.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304112802.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304113858.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304114948.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304115755.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304120852.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304121944.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304122229.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304123321.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304124412.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304125221.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304130312.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304131405.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304132217.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304133312.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304134404.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304135216.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304140320.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304141413.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304142504.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304143311.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304144406.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304145214.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304150306.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304151357.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304152217.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304153312.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304154411.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304155226.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304160320.zip c:\favoritevideo\InvisibleFolder\_db_allinonetoday2010030420100304161423.zip c:\favoritevideo\InvisibleFolder\_db_big20100221.zip c:\favoritevideo\InvisibleFolder\_db_big20100305.zip c:\favoritevideo\InvisibleFolder\_db_big20100807.zip c:\favoritevideo\InvisibleFolder\_db_big20100812.zip c:\favoritevideo\InvisibleFolder\_db_big20100817.zip c:\favoritevideo\InvisibleFolder\_db_small2010022120100303.zip c:\favoritevideo\InvisibleFolder\_db_small2010022120100304.zip c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf c:\favoritevideo\InvisibleFolder\20100827103211_kubiwang100827zanting15s.swf c:\favoritevideo\InvisibleFolder\20100827103852_kubiwang100827zhu15s.swf c:\favoritevideo\InvisibleFolder\20100827173422_huiyuan100828zanting15s.swf c:\favoritevideo\InvisibleFolder\20100901182509_wanmei100902zantingjingzhi.jpg c:\favoritevideo\InvisibleFolder\20100901182638_wanmei100902zantingqiaokeli.jpg c:\favoritevideo\InvisibleFolder\20100902135544_wanmeichujdonggan100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902140340_wanmeichujiwugu100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902140719_wanmeitanlidanbaiA100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902140939_wammeitanlidanbaiB100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902141214_wanmeigelishuang100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902152917_wanmeichujitanli100902zanting15s.jpg c:\favoritevideo\InvisibleFolder\20100902163248_jingji100902zhu15s.swf c:\favoritevideo\InvisibleFolder\20100906123518_wanmeiqiaokeli100906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906123648_wanmeijinzhitanli100906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906123846_wanmeichunjitanli100906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906124028_wanmeichunjiwugu100906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906124232_wanmeichunjidonggan10906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906124518_wanmeiggelishuang100906cha15s.jpg c:\favoritevideo\InvisibleFolder\20100906191954_wanmeiqiaokeli100906zhu15s.swf c:\favoritevideo\InvisibleFolder\20100914094025_huiyuan100914zhu15s.swf c:\favoritevideo\InvisibleFolder\20100916190507_tianjinyiqi100916zhu15s.swf c:\favoritevideo\InvisibleFolder\20100916190713_tianjinyiqi100916zanting15s.swf c:\favoritevideo\InvisibleFolder\20100916190835_tianjinyiqi100916cha15s.swf c:\favoritevideo\InvisibleFolder\20100917173752_pinganchexian100901zanting15s.swf c:\favoritevideo\InvisibleFolder\20100930152150_pptv100930zhu15s.swf c:\favoritevideo\InvisibleFolder\20101013220321_guangfayinghang101013zhu8s.swf c:\favoritevideo\InvisibleFolder\20101014112623_beinasong101014zanting15smenhu.swf c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf c:\favoritevideo\InvisibleFolder\20101018182734_shoubiao101019zanting15s.swf c:\favoritevideo\InvisibleFolder\20101022101337_wanmei101022zhu15schunji.swf c:\favoritevideo\InvisibleFolder\20101022101456_wanmei101022zhu15stanlidanbai.swf c:\favoritevideo\InvisibleFolder\20101022101548_wanmei101022zhu15sgelishuangA.swf c:\favoritevideo\InvisibleFolder\20101022101638_wanmei101022zhu15sgelishuangB.swf c:\favoritevideo\InvisibleFolder\20101022101734_wanmei101022zhu15sjingzhitanli.swf c:\favoritevideo\InvisibleFolder\20101022101820_wanmei101022zhu15sqiaokeli.swf c:\favoritevideo\InvisibleFolder\20101022113051_wanmei101022jiaobiao.png c:\favoritevideo\InvisibleFolder\20101028150745_sasa101028zanting15s.swf c:\favoritevideo\InvisibleFolder\20101028185158_shenhua101029zhu15s.swf c:\favoritevideo\InvisibleFolder\20101029112426_yuanda101029cha15s.swf c:\favoritevideo\InvisibleFolder\20101029114223_sasa101029cha15s.swf c:\favoritevideo\InvisibleFolder\20101029152333_tianyijue101030qipao15s.swf c:\favoritevideo\InvisibleFolder\20101029175115_biyadi101029zanting15s.swf c:\favoritevideo\InvisibleFolder\20101029180124_biyadi101029jiaobiao.swf c:\favoritevideo\InvisibleFolder\20101029185627_tianxiaer101105zhu15s.swf c:\favoritevideo\InvisibleFolder\20101029185829_tianxiaer101104zanting15s.swf c:\favoritevideo\InvisibleFolder\20101101103022_sanling101101zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101101104016_sanlingasx101101zhu15s.swf c:\favoritevideo\InvisibleFolder\20101102093306_pinguo1102zhu15s.swf c:\favoritevideo\InvisibleFolder\20101103154932_pinganchexian101103cha15s.swf c:\favoritevideo\InvisibleFolder\20101104115357_sasa101104zhu15s.swf c:\favoritevideo\InvisibleFolder\20101104135837_shenghuojia101104zanting15s.swf c:\favoritevideo\InvisibleFolder\20101104162807_uucall101104zhu151s.swf c:\favoritevideo\InvisibleFolder\20101105180628_qianjunpo101106qipao15s.swf c:\favoritevideo\InvisibleFolder\20101105191047_tianxiaer101110zanting15s.swf c:\favoritevideo\InvisibleFolder\20101105191139_tianxiaer101112bkqipao15s.swf c:\favoritevideo\InvisibleFolder\20101108102123_haoya101108zhu15s.swf c:\favoritevideo\InvisibleFolder\20101108102617_haoya101108zanting15s.swf c:\favoritevideo\InvisibleFolder\20101108143557_3mxinxueli101122zhu15s.swf c:\favoritevideo\InvisibleFolder\20101108143711_3mxinxueli101122zanting15s.swf c:\favoritevideo\InvisibleFolder\20101109111431_biyadi101109cha15s.swf c:\favoritevideo\InvisibleFolder\20101109111547_buyadi101109zanting15s.swf c:\favoritevideo\InvisibleFolder\20101110093136_sanxing101110zhu15s.swf c:\favoritevideo\InvisibleFolder\20101111180959_tuangou101111zhu15s.swf c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf c:\favoritevideo\InvisibleFolder\20101112141416_sasa101112cha2.swf c:\favoritevideo\InvisibleFolder\20101112155827_shinianyijina101113zhu15s.swf c:\favoritevideo\InvisibleFolder\20101112165425_tankedazhan101112zhu15s.swf c:\favoritevideo\InvisibleFolder\20101112184721_tianyijue101112zhu15s.swf c:\favoritevideo\InvisibleFolder\20101112184905_tianyijue101112zanting15s.swf c:\favoritevideo\InvisibleFolder\20101112204159_qingyang101112zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101116183838_yigou101116zhu15s.swf c:\favoritevideo\InvisibleFolder\20101116184035_yigou101116zhu15s.swf c:\favoritevideo\InvisibleFolder\20101116214702_wanmeixianglongzhijian101117zanting15s.swf c:\favoritevideo\InvisibleFolder\20101117100050_pinganchexian101117qipao15s.swf c:\favoritevideo\InvisibleFolder\20101117181551_hudongbaike101118zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101118161832_kuowang101118zhu5s.swf c:\favoritevideo\InvisibleFolder\20101118173353_beilizi101119zhu15s.swf c:\favoritevideo\InvisibleFolder\20101119112613_xixun101105zhu15s.wmv c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf c:\favoritevideo\InvisibleFolder\20101122134022_xiangganglvyouju101118zanting15s.swf c:\favoritevideo\InvisibleFolder\20101122152453_91wan101123zanting15s.swf c:\favoritevideo\InvisibleFolder\20101122155631_lining101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101122180436_wushen101123zanting15s.swf c:\favoritevideo\InvisibleFolder\20101123103414_kfc101123zanting15s.swf c:\favoritevideo\InvisibleFolder\20101123105214_huiyuan101123zhu15s.swf c:\favoritevideo\InvisibleFolder\20101123133709_KFC101123jiao15s.png c:\favoritevideo\InvisibleFolder\20101123170208_lvsezhengtu101125zhu15s.swf c:\favoritevideo\InvisibleFolder\20101123170438_lvsezhengtu101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101123171854_lvsezhengtu101124zanting15s.swf c:\favoritevideo\InvisibleFolder\20101123171947_lvsezhengtu101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101124180524_zuoxuan101124zhu15s.swf c:\favoritevideo\InvisibleFolder\20101124180657_zuoxuan101124cha15s.swf c:\favoritevideo\InvisibleFolder\20101124181958_shinianyijian101124zanting15s.swf c:\favoritevideo\InvisibleFolder\20101124183653_penglai101124zhu15s.swf c:\favoritevideo\InvisibleFolder\20101124183829_penglai101124zanting15s.swf c:\favoritevideo\InvisibleFolder\20101124192626_wanmeixianglongzhijian101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101124192746_wanmeixianglongzhijian101127zhu15s.swf c:\favoritevideo\InvisibleFolder\20101125101352_yimingsiwei101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125103517_wopai101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125105100_lumi101125zhu15s.swf c:\favoritevideo\InvisibleFolder\20101125145655_hudongbaike101129zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101125164857_taobao101125zhu15s.swf c:\favoritevideo\InvisibleFolder\20101125165045_taobao101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125165246_taobao101125cha15s.swf c:\favoritevideo\InvisibleFolder\20101125165320_liyijiujiuwang101125zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125180142_wushen101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101125182059_wushen101126zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125182742_lining101129zanting15s.swf c:\favoritevideo\InvisibleFolder\20101125184548_wushen101126qipao15s.swf c:\favoritevideo\InvisibleFolder\20101125185140_zhengtu101126bkqipao15s.swf c:\favoritevideo\InvisibleFolder\20101125185227_zhengtu101126zanting15s.swf c:\favoritevideo\InvisibleFolder\20101126103912_mojie101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101126105026_mojie101126zanting15s.swf c:\favoritevideo\InvisibleFolder\20101126114605_xiaochunzaixian101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101126115015_xiaochunzaixian101126zanting15s.swf c:\favoritevideo\InvisibleFolder\20101126172748_zhengtu2101127zanting15s.swf c:\favoritevideo\InvisibleFolder\20101126173622_xiaogouwang101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101126174343_zhongguoliantong101129zhu15s.swf c:\favoritevideo\InvisibleFolder\20101126180350_huiyuan101126zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101126180436_huiyuan101126jiao15s.png c:\favoritevideo\InvisibleFolder\20101126181441_shinianzhijian101127zhu15s.swf c:\favoritevideo\InvisibleFolder\20101126181451_moshoushijie101126zhu15s.swf c:\favoritevideo\InvisibleFolder\20101129153908_aolunazuoxuan101129zanting15s.swf c:\favoritevideo\InvisibleFolder\20101129155727_taobao101129cha15s.swf c:\favoritevideo\InvisibleFolder\20101129155840_taobao101129zanting15s.swf c:\favoritevideo\InvisibleFolder\20101129160012_taobao101129zhu15s.swf c:\favoritevideo\InvisibleFolder\20101129160824_xiaochun101129zhu15s1.swf c:\favoritevideo\InvisibleFolder\20101129161257_xiaochun101129zanting15s.swf c:\favoritevideo\InvisibleFolder\20101129170233_nvxing101130zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101130165041_moyu101201qipao15s.swf c:\favoritevideo\InvisibleFolder\20101130174759_yinheyingxiongzhuan101201zhu15s.swf c:\favoritevideo\InvisibleFolder\20101130183135_aixinbaoguo101201zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101130185116_taobao101201cha15s.swf c:\favoritevideo\InvisibleFolder\20101130185404_taobao101201bkqipao15s.swf c:\favoritevideo\InvisibleFolder\20101130185557_taobao101201zhu15s.swf c:\favoritevideo\InvisibleFolder\20101130221143_shenmedalu101201zanting.swf c:\favoritevideo\InvisibleFolder\20101201093719_sanling101201zanting15s.jpg c:\favoritevideo\InvisibleFolder\20101201102842_lumi101201zhu15s.swf c:\favoritevideo\InvisibleFolder\20101201141043_jujing101201yixingqipao15s.swf c:\favoritevideo\InvisibleFolder\20101201161659_shenmodalu101202zhu15s.swf c:\favoritevideo\InvisibleFolder\20101201163955_xiaochun101201zhu15s.swf c:\favoritevideo\InvisibleFolder\20101201171132_sanjieqiyuan101202zhu15s.swf c:\favoritevideo\InvisibleFolder\20101201171440_sanjieqiyuan101202zanting15s.swf c:\favoritevideo\InvisibleFolder\20101201184224_hanmei101202zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202110144_wanwangzhiwang101202zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202110240_wanwangzhiwang101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202110318_wanwangzhiwang101204zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202155137_sanjieqiyuan101204zhu15s.swf c:\favoritevideo\InvisibleFolder\20101202155355_sanjieqiyuan101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202165626_yuandayiyuan101202cha15s.gif c:\favoritevideo\InvisibleFolder\20101202182934_lankou101203zhu15sgm.swf c:\favoritevideo\InvisibleFolder\20101202183141_lankou101203zhu15sps.swf c:\favoritevideo\InvisibleFolder\20101202203019_shenmodalu101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101202203145_shenmodalu101203zhu15s.swf c:\favoritevideo\InvisibleFolder\20101203150904_lining101204zanting15s.swf c:\favoritevideo\InvisibleFolder\20101203153518_liyijiujiuwang101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101203172801_qianjunpo101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101203173535_shinianyijian101203zanting15s.swf c:\favoritevideo\InvisibleFolder\20101203173703_taobao101204zanting15s.swf c:\favoritevideo\InvisibleFolder\20101203173813_taobao101204zhu15s.swf c:\favoritevideo\InvisibleFolder\20101203173826_shinianyijian101203zhu15s.swf c:\favoritevideo\InvisibleFolder\20101203174847_N8101203zhu15s.swf c:\favoritevideo\InvisibleFolder\20101206181841_shinianyijian101206zanting15s.swf c:\favoritevideo\InvisibleFolder\20101207093302_aidengwei101207zanting15s.gif c:\favoritevideo\InvisibleFolder\20101207150603_yimeng101207zhu15s.swf c:\favoritevideo\InvisibleFolder\20101208093825_KFC101208zanting15s.swf c:\favoritevideo\InvisibleFolder\20101208182717_taobao101208zhu15s.swf c:\favoritevideo\InvisibleFolder\20101208184307_yuanda101208cha15s.gif c:\favoritevideo\InvisibleFolder\20101208191421_woyouwang101209zhu15s.swf c:\favoritevideo\InvisibleFolder\20101209152626_wanwangzhiwang101210zhu15s.swf c:\favoritevideo\InvisibleFolder\20101210104135_fengxinlongda101210zhu15s.swf c:\favoritevideo\InvisibleFolder\20101210110326_tianjinyiqi101213cha15s.swf c:\favoritevideo\InvisibleFolder\20101210151459_91wan101212zanting15s.swf c:\favoritevideo\InvisibleFolder\20101210155106_taobao101213cha15s.swf c:\favoritevideo\InvisibleFolder\20101210155315_taobao101213zhu15s.swf c:\favoritevideo\InvisibleFolder\20101214133759_zhengtu101215zanting15s.swf c:\favoritevideo\InvisibleFolder\20101214181906_taobao101215zanting15s.swf c:\favoritevideo\InvisibleFolder\20101215111408_yimingsiwei101215zhu15s.swf c:\favoritevideo\InvisibleFolder\20101215114522_wopaiwang101215zanting15s.swf c:\favoritevideo\InvisibleFolder\20101215134752_lvsezhengtu101217zanting15s.swf c:\favoritevideo\InvisibleFolder\20101215134844_lvsezhengtu101216zhu15s.swf c:\favoritevideo\InvisibleFolder\20101215235231_bianfeng101216zanting.swf c:\favoritevideo\InvisibleFolder\20101216104923_xinwang101216zhu15s.swf c:\favoritevideo\InvisibleFolder\20101216151819_lvsezhengtu101218zhu15s.swf c:\favoritevideo\InvisibleFolder\20101216180658_wanmeishenmodalu101217zhu15s.swf c:\favoritevideo\InvisibleFolder\20101217112741_xiaogouwang101217zhu15s.swf c:\favoritevideo\InvisibleFolder\20101217165615_dafuni101220zanting15s.swf c:\favoritevideo\InvisibleFolder\20101217165709_dafuni101220zhu15s.swf c:\favoritevideo\InvisibleFolder\20101220144923_biyadi101223cha15s.swf c:\favoritevideo\InvisibleFolder\20101220154353_sanchuanqipai101221zanting15s.swf c:\favoritevideo\InvisibleFolder\20101220174642_dongfengrichan101220cha15s.swf c:\favoritevideo\InvisibleFolder\20101220210510_shenguishijie101221zhu15s.swf c:\favoritevideo\InvisibleFolder\20101221112902_KFC101221jiaobiao.swf c:\favoritevideo\InvisibleFolder\20101221173934_woyouwangluo101221zanting15s.swf c:\favoritevideo\InvisibleFolder\20101221174112_woyouwangluo101221bkqipao15s.swf c:\favoritevideo\InvisibleFolder\20101222133852_zhengtu101223zhu15s.swf c:\favoritevideo\InvisibleFolder\20101223114801_tianyijue101223zanting15s.swf c:\favoritevideo\InvisibleFolder\20101224165431_91wan101225zanting15s.swf c:\favoritevideo\InvisibleFolder\20101224171826_taobao101225cha15s.swf c:\favoritevideo\InvisibleFolder\20101224181513_taobao101226zanting15s.swf c:\favoritevideo\InvisibleFolder\20101228181517_yingjia101228qipao.gif c:\favoritevideo\InvisibleFolder\20101229171842_taobao101230zanting15s.swf c:\favoritevideo\InvisibleFolder\20101230103922_tianyijue110101zhu15s.swf c:\favoritevideo\InvisibleFolder\20101230161623_zhengtu2101231zanting15s.swf c:\favoritevideo\InvisibleFolder\20101231174418_moplongzhiren110101zhu15s.swf c:\favoritevideo\InvisibleFolder\20101231175304_moplongzhiren110102zhu15s.swf c:\favoritevideo\InvisibleFolder\20110105145904_wanmeishenguishijie110108zanting15s.swf c:\favoritevideo\InvisibleFolder\20110105161556_taobao110106cha15s.swf c:\favoritevideo\InvisibleFolder\20110105164452_baidushinianyijian110106zanting15s.swf c:\favoritevideo\InvisibleFolder\20110107113836_moptianshuqitan110107zanting15s.swf c:\favoritevideo\InvisibleFolder\20110107144725_shinianyijian110107zhu15s.swf c:\favoritevideo\InvisibleFolder\20110107182904_taobao110110zhu15s.swf c:\favoritevideo\InvisibleFolder\20110114105142_taobao110115zanting15s.swf c:\favoritevideo\InvisibleFolder\20110114105528_taobao110115zhu15s1.swf c:\favoritevideo\InvisibleFolder\20110119173551_wanglaoji110120jiao15s.swf c:\favoritevideo\InvisibleFolder\20110124103209_hainanhangkong110124zhu15s.swf c:\favoritevideo\InvisibleFolder\20110128091826_tiandiyinigxiong110128zanting15s.swf c:\favoritevideo\InvisibleFolder\20110128092246_tiandiyingxiong110128zhu15s.swf c:\favoritevideo\InvisibleFolder\20110128141758_aiyaya110128jiaobiao.JPG c:\favoritevideo\InvisibleFolder\20110221185002_lvshou110221zhu15s.swf c:\favoritevideo\InvisibleFolder\20110302155841_jiarenmeizhuang110302zt.jpg c:\favoritevideo\InvisibleFolder\20110303170943_letao110304zhu15s.swf c:\favoritevideo\InvisibleFolder\51job100226zanting15s.swf c:\favoritevideo\InvisibleFolder\aierlan100306zhu15s.swf c:\favoritevideo\InvisibleFolder\alibaba100307zhu15s1.swf c:\favoritevideo\InvisibleFolder\chuangshiji100311qipao15s.swf c:\favoritevideo\InvisibleFolder\chuanqixuzhang100309zanting15s.swf c:\favoritevideo\InvisibleFolder\chuanqixuzhang100310qipao15s.swf c:\favoritevideo\InvisibleFolder\condisp.dll c:\favoritevideo\InvisibleFolder\dahuashuihu100311qipao15s.swf c:\favoritevideo\InvisibleFolder\dahuashuihu100311zanting15s.swf c:\favoritevideo\InvisibleFolder\dilu100305ALguoyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305ALyueyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305BSguoyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305LHWguoyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305LHWyueyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305SFguoyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dilu100305SFyueyuzhu15s.swf c:\favoritevideo\InvisibleFolder\dingpiao100201zhu15s.swf c:\favoritevideo\InvisibleFolder\externtab(1.0.0.5).zip c:\favoritevideo\InvisibleFolder\fuzhuang100205zhu15s.swf c:\favoritevideo\InvisibleFolder\gaiya100308qipao15s.swf c:\favoritevideo\InvisibleFolder\gaiya100309zanting15s.swf c:\favoritevideo\InvisibleFolder\gaiya100310qipao15s.swf c:\favoritevideo\InvisibleFolder\gaiya100310zanting15s.swf c:\favoritevideo\InvisibleFolder\google100226zanting15s.swf c:\favoritevideo\InvisibleFolder\google100226zhu15s.swf c:\favoritevideo\InvisibleFolder\google100227qipao15s.swf c:\favoritevideo\InvisibleFolder\google100311zanting15s.swf c:\favoritevideo\InvisibleFolder\gouwujie100211cha15s.swf c:\favoritevideo\InvisibleFolder\gouwujie100211qipao15s.swf c:\favoritevideo\InvisibleFolder\gouwujie100211zanting15s.swf c:\favoritevideo\InvisibleFolder\gouwujie100211zhu15s.swf c:\favoritevideo\InvisibleFolder\houjienanhai100308zhu15s.swf c:\favoritevideo\InvisibleFolder\kangjianwang100306cha15s.swf c:\favoritevideo\InvisibleFolder\kangzhan100305zhu15s.swf c:\favoritevideo\InvisibleFolder\kangzhan100306qipao15s.swf c:\favoritevideo\InvisibleFolder\koubeiwang100311zhu15s.gif c:\favoritevideo\InvisibleFolder\koudaijingling100302cha15s.gif c:\favoritevideo\InvisibleFolder\koudaijingling100302qipao15s.swf c:\favoritevideo\InvisibleFolder\koudaijingling100302zanting15s.jpg c:\favoritevideo\InvisibleFolder\koudaijingling100302zhu15s.swf c:\favoritevideo\InvisibleFolder\kugou100306zhu15s.swf c:\favoritevideo\InvisibleFolder\lining100302cha15s.swf c:\favoritevideo\InvisibleFolder\lining100302zhu15s.swf c:\favoritevideo\InvisibleFolder\lining100307cha15s.swf c:\favoritevideo\InvisibleFolder\lining100307zhu15s.swf c:\favoritevideo\InvisibleFolder\longchuang100305zhu15s.swf c:\favoritevideo\InvisibleFolder\longchuang100305zhu15s1.swf c:\favoritevideo\InvisibleFolder\longchuang100305zhu15s3.swf c:\favoritevideo\InvisibleFolder\longchuang100308zhu15s.swf c:\favoritevideo\InvisibleFolder\lvshou100302zhu15s.swf c:\favoritevideo\InvisibleFolder\lvshou100309zhu15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100301zhu15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100303cha15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100303jiao15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100303qipao15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100303zanting15s.swf c:\favoritevideo\InvisibleFolder\meizhuang100304qipao15s.swf c:\favoritevideo\InvisibleFolder\mir.dll c:\favoritevideo\InvisibleFolder\mop100301zanting15sxiongba.swf c:\favoritevideo\InvisibleFolder\mop100301zhu15sxiongba.swf c:\favoritevideo\InvisibleFolder\mop100304zanting15sdiguo.swf c:\favoritevideo\InvisibleFolder\mop100304zhu15sdiguo.swf c:\favoritevideo\InvisibleFolder\mop100311zanting15shanghai.swf c:\favoritevideo\InvisibleFolder\mop100311zhu15shanghai.swf c:\favoritevideo\InvisibleFolder\oplayer.ocx c:\favoritevideo\InvisibleFolder\oppo100301cha15s.swf c:\favoritevideo\InvisibleFolder\oppo100301jiaobiao15s.swf c:\favoritevideo\InvisibleFolder\OPPO10203zhu15s.wmv c:\favoritevideo\InvisibleFolder\peer(0).dll c:\favoritevideo\InvisibleFolder\peer.dll c:\favoritevideo\InvisibleFolder\pplive091222cha15s1.jpg c:\favoritevideo\InvisibleFolder\pplive091222cha15s2.jpg c:\favoritevideo\InvisibleFolder\pplivemoren100128zanting15s.jpg c:\favoritevideo\InvisibleFolder\ppliveva_setup_0.6.0.0024_s_promotion_pplive.exe c:\favoritevideo\InvisibleFolder\pplss2.swf c:\favoritevideo\InvisibleFolder\ppp.dll c:\favoritevideo\InvisibleFolder\pptv3D100303zhu15s.swf c:\favoritevideo\InvisibleFolder\PPTVmoren100120zhu15s.wmv c:\favoritevideo\InvisibleFolder\pptvsetup_2.5.5.0019_s.exe c:\favoritevideo\InvisibleFolder\ppva.dll c:\favoritevideo\InvisibleFolder\productupdate.dll c:\favoritevideo\InvisibleFolder\qiangsheng100306qipao15s.swf c:\favoritevideo\InvisibleFolder\qiangsheng100306zhu15s.swf c:\favoritevideo\InvisibleFolder\qigou100226zhu15s.swf c:\favoritevideo\InvisibleFolder\qigou100302zanting15s.swf c:\favoritevideo\InvisibleFolder\qqxuanwu100309qipao15s.swf c:\favoritevideo\InvisibleFolder\QQxuanwu100309zanting15s.swf c:\favoritevideo\InvisibleFolder\su8100215qipao15s1.swf c:\favoritevideo\InvisibleFolder\tengfei100310zhu15s.swf c:\favoritevideo\InvisibleFolder\tianxi100105zhu15s1.swf c:\favoritevideo\InvisibleFolder\tianxi100105zhu15s2.swf c:\favoritevideo\InvisibleFolder\tianxi100224zhu15s.swf c:\favoritevideo\InvisibleFolder\tianxi100224zhu15sdx.swf c:\favoritevideo\InvisibleFolder\uucall100304zhu15s.swf c:\favoritevideo\InvisibleFolder\VideoCommendModule.dll c:\favoritevideo\InvisibleFolder\videoplayback(0) c:\favoritevideo\InvisibleFolder\videoplayback(2) c:\favoritevideo\InvisibleFolder\videoplayback(3) c:\favoritevideo\InvisibleFolder\videoplayback(4) c:\favoritevideo\InvisibleFolder\videoplayback(6) c:\favoritevideo\InvisibleFolder\volvo100225zhu15s.wmv c:\favoritevideo\InvisibleFolder\wulinyingxiong100225cha15s.jpg c:\favoritevideo\InvisibleFolder\wulinyingxiong100225qipao15s.swf c:\favoritevideo\InvisibleFolder\wulinyingxiong100225zanting15s.jpg c:\favoritevideo\InvisibleFolder\wulinyingxiong100225zhu15s.swf c:\favoritevideo\InvisibleFolder\yunying100226cha15s.jpg c:\favoritevideo\InvisibleFolder\zhansanguo100309cha15s.gif c:\favoritevideo\InvisibleFolder\zhansanguo100309qipao15s.swf c:\favoritevideo\InvisibleFolder\zhansanguo100309zanting15s.jpg c:\favoritevideo\InvisibleFolder\zhansanguo100309zhu15s.swf c:\favoritevideo\InvisibleFolder\zhifubao100304zanting15s.gif c:\favoritevideo\InvisibleFolder\zhongshenzhizhan100304zanting15s.swf c:\favoritevideo\InvisibleFolder\zhongshenzhizhan100305zanting15s.swf c:\program files\SogouExplorer c:\program files\SogouExplorer\adbrule.dat c:\program files\SogouExplorer\browser.conf c:\program files\SogouExplorer\changelog.txt c:\program files\SogouExplorer\CmdLineParser.dll c:\program files\SogouExplorer\crashrpt.exe c:\program files\SogouExplorer\Dialog.dll c:\program files\SogouExplorer\DialogCore.dll c:\program files\SogouExplorer\install_flash_player.exe c:\program files\SogouExplorer\LICENSE c:\program files\SogouExplorer\p2pclient.dll c:\program files\SogouExplorer\p4pshare.dll c:\program files\SogouExplorer\pxpnet.dll c:\program files\SogouExplorer\seacc.dll c:\program files\SogouExplorer\seapi.dll c:\program files\SogouExplorer\ShareClient.dll c:\program files\SogouExplorer\site.url c:\program files\SogouExplorer\Skin\搜狗浏览器 2010.seskin c:\program files\SogouExplorer\SnapShoter.dll c:\program files\SogouExplorer\SoDaLib.dll c:\program files\SogouExplorer\SogouExplorer.exe c:\program files\SogouExplorer\sogounet.dll c:\program files\SogouExplorer\StartPage\Local\baidu.gif c:\program files\SogouExplorer\StartPage\Local\baiduc.gif c:\program files\SogouExplorer\StartPage\Local\checkbox.gif c:\program files\SogouExplorer\StartPage\Local\checkbox1.gif c:\program files\SogouExplorer\StartPage\Local\checkbox2.gif c:\program files\SogouExplorer\StartPage\Local\close.gif c:\program files\SogouExplorer\StartPage\Local\close.png c:\program files\SogouExplorer\StartPage\Local\default.gif c:\program files\SogouExplorer\StartPage\Local\default.jpg c:\program files\SogouExplorer\StartPage\Local\default_page.ico c:\program files\SogouExplorer\StartPage\Local\fenge.png c:\program files\SogouExplorer\StartPage\Local\google.gif c:\program files\SogouExplorer\StartPage\Local\googlec.gif c:\program files\SogouExplorer\StartPage\Local\guding1.png c:\program files\SogouExplorer\StartPage\Local\guding2.png c:\program files\SogouExplorer\StartPage\Local\help.gif c:\program files\SogouExplorer\StartPage\Local\ie.css c:\program files\SogouExplorer\StartPage\Local\ie.js c:\program files\SogouExplorer\StartPage\Local\iframe.html c:\program files\SogouExplorer\StartPage\Local\iframe_wk.html c:\program files\SogouExplorer\StartPage\Local\index1.html c:\program files\SogouExplorer\StartPage\Local\index2.html c:\program files\SogouExplorer\StartPage\Local\logo.gif c:\program files\SogouExplorer\StartPage\Local\none.jpg c:\program files\SogouExplorer\StartPage\Local\q1.png c:\program files\SogouExplorer\StartPage\Local\q2.png c:\program files\SogouExplorer\StartPage\Local\rbg.jpg c:\program files\SogouExplorer\StartPage\Local\rbg0.jpg c:\program files\SogouExplorer\StartPage\Local\rbg2.jpg c:\program files\SogouExplorer\StartPage\Local\rbg3.jpg c:\program files\SogouExplorer\StartPage\Local\reset.gif c:\program files\SogouExplorer\StartPage\Local\sb.jpg c:\program files\SogouExplorer\StartPage\Local\selmenu.png c:\program files\SogouExplorer\StartPage\Local\set.gif c:\program files\SogouExplorer\StartPage\Local\setcancel.gif c:\program files\SogouExplorer\StartPage\Local\setok.gif c:\program files\SogouExplorer\StartPage\Local\shadow1.jpg c:\program files\SogouExplorer\StartPage\Local\shadow2.gif c:\program files\SogouExplorer\StartPage\Local\sogou.gif c:\program files\SogouExplorer\StartPage\Local\sogouc.gif c:\program files\SogouExplorer\StartPage\Local\space.gif c:\program files\SogouExplorer\StartPage\Local\tran1.png c:\program files\SogouExplorer\StartPage\Local\tran2.png c:\program files\SogouExplorer\StartPage\Local\tran3.png c:\program files\SogouExplorer\StartPage\Local\wk.css c:\program files\SogouExplorer\StartPage\Local\wk.js c:\program files\SogouExplorer\StartPage\Selector\baidu_logo.png c:\program files\SogouExplorer\StartPage\Selector\google_logo.png c:\program files\SogouExplorer\StartPage\Selector\index.html c:\program files\SogouExplorer\StartPage\Selector\pic_daohang.jpg c:\program files\SogouExplorer\StartPage\Selector\pic_kongbai.jpg c:\program files\SogouExplorer\StartPage\Selector\pic_sousuo.jpg c:\program files\SogouExplorer\StartPage\Selector\pic_zuiai.jpg c:\program files\SogouExplorer\StartPage\Selector\pic_zuiai_1.jpg c:\program files\SogouExplorer\StartPage\Selector\pic_zuiai_2.jpg c:\program files\SogouExplorer\StartPage\Selector\s_baidu_logo.png c:\program files\SogouExplorer\StartPage\Selector\s_google_logo.png c:\program files\SogouExplorer\StartPage\Selector\s_sogou_logo.png c:\program files\SogouExplorer\StartPage\Selector\sogou_logo.png c:\program files\SogouExplorer\StartPage\Selector\start_body_bg.jpg c:\program files\SogouExplorer\StartPage\Selector\start_btn_daohang.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_daohang_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_kongbai.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_kongbai_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_light.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_qita.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_queding.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_queding_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_queding_hover.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_sousuo.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_sousuo_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_zidingyi.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_zidingyi_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_zuiai.png c:\program files\SogouExplorer\StartPage\Selector\start_btn_zuiai_hit.png c:\program files\SogouExplorer\StartPage\Selector\start_checkbox_checked.png c:\program files\SogouExplorer\StartPage\Selector\start_checkbox_hover.png c:\program files\SogouExplorer\StartPage\Selector\start_checkbox_normal.png c:\program files\SogouExplorer\StartPage\Selector\start_daohang_logo_bg.png c:\program files\SogouExplorer\StartPage\Selector\start_ico_home.gif c:\program files\SogouExplorer\StartPage\Selector\start_stage_arrow_daohang.png c:\program files\SogouExplorer\StartPage\Selector\start_stage_arrow_kongbai.png c:\program files\SogouExplorer\StartPage\Selector\start_stage_arrow_sousuo.png c:\program files\SogouExplorer\StartPage\Selector\start_stage_arrow_zidingyi.png c:\program files\SogouExplorer\StartPage\Selector\start_stage_arrow_zuiai.png c:\program files\SogouExplorer\StartPage\Selector\start_stage_main.png c:\program files\SogouExplorer\StartPage\Selector\start_text_1.png c:\program files\SogouExplorer\StartPage\Selector\start_zidingyi_dizhikuang.gif c:\program files\SogouExplorer\StartPage\Selector\start_zidingyi_icon.gif c:\program files\SogouExplorer\StartPage\Selector\start_zidingyi_text.gif c:\program files\SogouExplorer\TridentCore.dll c:\program files\SogouExplorer\Uninstall.exe c:\program files\SogouExplorer\UserInstruct\download.swf c:\program files\SogouExplorer\UserInstruct\passport.swf c:\program files\SogouExplorer\UserInstruct\passport_20.swf c:\program files\SogouExplorer\UserInstruct\swichcore.swf c:\program files\SogouExplorer\UserInstruct\tabscroll.swf c:\program files\SogouExplorer\UserInstruct\videoExtract.swf c:\program files\SogouExplorer\UserInstruct\videoOnTop.swf c:\program files\SogouExplorer\video_acc.dll c:\program files\SogouExplorer\webkit_plugins_file.xml c:\program files\SogouExplorer\WebkitCore.dll c:\program files\StormII c:\program files\StormII\BFThumbs.dll c:\program files\StormII\box\BoxLog.dll c:\program files\StormII\box\cache\readme.txt c:\program files\StormII\box\HttpServer.dll c:\program files\StormII\box\InstallInfo.ini c:\program files\StormII\box\MovieBoxCore.dll c:\program files\StormII\box\MovieBoxPS.dll c:\program files\StormII\box\skin\MovieBox.bfsk c:\program files\StormII\box\skin\大片风暴盒子.bfsk c:\program files\StormII\box\skin\幽蓝墨韵盒子.bfsk c:\program files\StormII\box\skin\暴风影音2012盒子.bfsk c:\program files\StormII\box\skin\深宇之夜盒子.bfsk c:\program files\StormII\box\Stline.exe c:\program files\StormII\box\UILib.dll c:\program files\StormII\box\UiManager.dll c:\program files\StormII\box\UiPlay.dll c:\program files\StormII\BugReport.exe c:\program files\StormII\codec\264be.dll c:\program files\StormII\codec\264dmmx.dll c:\program files\StormII\codec\264dsse.dll c:\program files\StormII\codec\264dsse2.dll c:\program files\StormII\codec\264dsse3.dll c:\program files\StormII\codec\ac3filter.ax c:\program files\StormII\codec\atidvcr.dll c:\program files\StormII\codec\avcodec.dll c:\program files\StormII\codec\avdevice.dll c:\program files\StormII\codec\avformat.dll c:\program files\StormII\codec\AviSplitter.ax c:\program files\StormII\codec\avssplitter.ax c:\program files\StormII\codec\avsvideo.ax c:\program files\StormII\codec\avutil.dll c:\program files\StormII\codec\bass.dll c:\program files\StormII\codec\bass_alac.dll c:\program files\StormII\codec\bass_ape.dll c:\program files\StormII\codec\bass_flac.dll c:\program files\StormII\codec\bass_mpc.dll c:\program files\StormII\codec\bass_tta.dll c:\program files\StormII\codec\bass_wv.dll c:\program files\StormII\codec\bass_aac.dll c:\program files\StormII\codec\binkw32.dll c:\program files\StormII\codec\cddareader.ax c:\program files\StormII\codec\cl264dec.ax c:\program files\StormII\codec\CLVc1Dec.ax c:\program files\StormII\codec\CLVsd.ax c:\program files\StormII\codec\clvsdx.ax c:\program files\StormII\codec\coreavc.ax c:\program files\StormII\codec\CUDA_Filter.ax c:\program files\StormII\codec\davsts.ax c:\program files\StormII\codec\DCBassSource.ax c:\program files\StormII\codec\DEC_StdMpeg4.dll c:\program files\StormII\codec\divxdec.ax c:\program files\StormII\codec\dxvadec.ax c:\program files\StormII\codec\empgdmx.ax c:\program files\StormII\codec\EmzAMRNBDec.dll c:\program files\StormII\codec\EmzMp4Source.dll c:\program files\StormII\codec\EzdAMRWBDec.dll c:\program files\StormII\codec\ff_kernelDeint.dll c:\program files\StormII\codec\ff_liba52.dll c:\program files\StormII\codec\ff_libavcodec.dll c:\program files\StormII\codec\ff_libdts.dll c:\program files\StormII\codec\ff_libfaad2.dll c:\program files\StormII\codec\ff_libmad.dll c:\program files\StormII\codec\ff_libmpeg2.dll c:\program files\StormII\codec\ff_libmplayer.dll c:\program files\StormII\codec\ff_realaac.dll c:\program files\StormII\codec\ff_samplerate.dll c:\program files\StormII\codec\ff_theora.dll c:\program files\StormII\codec\ff_TomsMoComp.dll c:\program files\StormII\codec\ff_tremor.dll c:\program files\StormII\codec\ff_unrar.dll c:\program files\StormII\codec\ff_vfw.dll c:\program files\StormII\codec\ff_wmv9.dll c:\program files\StormII\codec\ff_xvidcore.dll c:\program files\StormII\codec\ffavisynth.dll c:\program files\StormII\codec\ffdshow.ax c:\program files\StormII\codec\ffdshow.ax.manifest c:\program files\StormII\codec\FFDShowAPI.dll c:\program files\StormII\codec\ffmpeg.dll c:\program files\StormII\codec\ffsource.ax c:\program files\StormII\codec\ffSpkCfg.dll c:\program files\StormII\codec\Flash.ocx c:\program files\StormII\codec\FLT_ffdshow.dll c:\program files\StormII\codec\FLVSplitter.ax c:\program files\StormII\codec\H264VDEC.dll c:\program files\StormII\codec\HikAudioDec.ax c:\program files\StormII\codec\HikDataDump.ax c:\program files\StormII\codec\HikFileSource.ax c:\program files\StormII\codec\HikFileSplitter.ax c:\program files\StormII\codec\HikH264Dec.ax c:\program files\StormII\codec\HikMpeg4Dec.ax c:\program files\StormII\codec\HikPSDemux.ax c:\program files\StormII\codec\iconv.dll c:\program files\StormII\codec\ir50_32.dll c:\program files\StormII\codec\libavcodec.dll c:\program files\StormII\codec\MatroskaSplitter.ax c:\program files\StormII\codec\mfplat.dll c:\program files\StormII\codec\Microsoft.VC90.CRT.manifest c:\program files\StormII\codec\mkunicode.dll c:\program files\StormII\codec\mkx.dll c:\program files\StormII\codec\mkzlib.dll c:\program files\StormII\codec\mmamrdmx.ax c:\program files\StormII\codec\mp4.dll c:\program files\StormII\codec\MP4Splitter.ax c:\program files\StormII\codec\mpeg2dmx.ax c:\program files\StormII\codec\MpegSplitter.ax c:\program files\StormII\codec\mpg4ds32.ax c:\program files\StormII\codec\MPlayer.exe c:\program files\StormII\codec\msvcp71.dll c:\program files\StormII\codec\msvcr71.dll c:\program files\StormII\codec\msvcr90.dll c:\program files\StormII\codec\NDParser.ax c:\program files\StormII\codec\NeSplitter.ax c:\program files\StormII\codec\nvviddec.ax c:\program files\StormII\codec\OggSplitter.ax c:\program files\StormII\codec\ogm.dll c:\program files\StormII\codec\PmpSplt.ax c:\program files\StormII\codec\pthreadVC2.dll c:\program files\StormII\codec\qasf.dll c:\program files\StormII\codec\qmp4source.ax c:\program files\StormII\codec\QTSystem\QuickTime.qtp c:\program files\StormII\codec\RadGtSplitter.ax c:\program files\StormII\codec\RenderFilter.ax c:\program files\StormII\codec\RMSplt.ax c:\program files\StormII\codec\skinsres.dll c:\program files\StormII\codec\smackw32.dll c:\program files\StormII\codec\splitter.ax c:\program files\StormII\codec\swscale.dll c:\program files\StormII\codec\ts.dll c:\program files\StormII\codec\tsccvid.dll c:\program files\StormII\codec\vc1dc.dll c:\program files\StormII\codec\vc1dmmx.dll c:\program files\StormII\codec\vc1dsse.dll c:\program files\StormII\codec\vc1dsse2.dll c:\program files\StormII\codec\vc1wp.ax c:\program files\StormII\codec\vp6vfw.dll c:\program files\StormII\codec\vp7vfw.dll c:\program files\StormII\codec\WavSplitter.ax c:\program files\StormII\codec\WMADMOD.dll c:\program files\StormII\codec\WMVDECOD.dll c:\program files\StormII\codec\wmvdmod.dll c:\program files\StormII\codec\xavsdec.dll c:\program files\StormII\codec\xvid.ax c:\program files\StormII\codec\xvidcore.dll c:\program files\StormII\Config.dll c:\program files\StormII\CoreLog.dll c:\program files\StormII\DXVACheck.dll c:\program files\StormII\DXVAMgr.dll c:\program files\StormII\FilterInfo.dll c:\program files\StormII\FlashWindowDll.dll c:\program files\StormII\game.ico c:\program files\StormII\GdiPlus.dll c:\program files\StormII\GifParser.dll c:\program files\StormII\HD\ATI UVD解决方案(Vista_Win7).xml c:\program files\StormII\HD\ATI UVD解决方案.xml c:\program files\StormII\HD\ATI UVD解决方案2.xml c:\program files\StormII\HD\Intel解决方案(Vista_Win7).xml c:\program files\StormII\HD\Intel解决方案.xml c:\program files\StormII\HD\MPEG-2解决方案.xml c:\program files\StormII\HD\NVidia CUDA解决方案.xml c:\program files\StormII\HD\NVidia PureVideoHD解决方案(Vista_Win7).xml c:\program files\StormII\HD\NVidia PureVideoHD解决方案.xml c:\program files\StormII\HD\NVidia PureVideoHD解决方案2.xml c:\program files\StormII\HD\PowerDVD解决方案.xml c:\program files\StormII\HD\VIA解决方案.xml c:\program files\StormII\HD\微软解决方案(Vista_Win7).xml c:\program files\StormII\HD\暴风影音解决方案.xml c:\program files\StormII\http.dll c:\program files\StormII\intr.dll c:\program files\StormII\jscript.dll c:\program files\StormII\kcheck2.dll c:\program files\StormII\keys.dat c:\program files\StormII\kmem_ui.dll c:\program files\StormII\mcntr.dll c:\program files\StormII\media\def\def.flv c:\program files\StormII\media\def\def.ini c:\program files\StormII\media\empty.swf c:\program files\StormII\media\media4in1.swf c:\program files\StormII\media\mediabp.swf c:\program files\StormII\media\others.xml c:\program files\StormII\media\others.xml.ini c:\program files\StormII\media\stcon.ini c:\program files\StormII\media\toff.ini c:\program files\StormII\media\video_material_list.xml c:\program files\StormII\media\video_material_list.xml.ini c:\program files\StormII\media\video_style_list.xml c:\program files\StormII\media\video_style_list.xml.ini c:\program files\StormII\Media2.dll c:\program files\StormII\MediaInfo.dll c:\program files\StormII\medialib.dll c:\program files\StormII\mee.db c:\program files\StormII\meedb.dll c:\program files\StormII\minfo\MediaInfo2.dll c:\program files\StormII\minfo\MInfo.dll c:\program files\StormII\mps.dll c:\program files\StormII\msscript.ocx c:\program files\StormII\msvcp60.dll c:\program files\StormII\OnLineDataMngr.dll c:\program files\StormII\Option.dll c:\program files\StormII\p2p_player.swf c:\program files\StormII\PLDownload.dll c:\program files\StormII\rndrmgr.dll c:\program files\StormII\Skin\大片风暴.bfsk c:\program files\StormII\Skin\幽蓝墨韵.bfsk c:\program files\StormII\Skin\暴风影音2012.bfsk c:\program files\StormII\Skin\深宇之夜.bfsk c:\program files\StormII\spfa.dll c:\program files\StormII\splayers.dll c:\program files\StormII\sqlite3.dll c:\program files\StormII\storm.exe c:\program files\StormII\StormBox.ico c:\program files\StormII\StormNC\domain_caches.dat c:\program files\StormII\StormNC\file_io.dll c:\program files\StormII\StormNC\kcore.dll c:\program files\StormII\StormNC\kdownload.dll c:\program files\StormII\StormNC\kinterface.dll c:\program files\StormII\StormNC\kpine.dll c:\program files\StormII\StormNC\kpres.dll c:\program files\StormII\StormNC\kpupload.dll c:\program files\StormII\StormNC\ksproxy.dll c:\program files\StormII\StormNC\local_data.dll c:\program files\StormII\StormNC\mach_pref.dll c:\program files\StormII\StormNC\master_pre.dat c:\program files\StormII\StormNC\Microsoft.VC80.CRT.manifest c:\program files\StormII\StormNC\Microsoft.VC90.CRT.manifest c:\program files\StormII\StormNC\msvcm80.dll c:\program files\StormII\StormNC\msvcm90.dll c:\program files\StormII\StormNC\msvcp80.dll c:\program files\StormII\StormNC\msvcp90.dll c:\program files\StormII\StormNC\msvcr80.dll c:\program files\StormII\StormNC\msvcr90.dll c:\program files\StormII\StormNC\qvs.dll c:\program files\StormII\StormNC\self_id.dll c:\program files\StormII\StormNC\sp_manager.dll c:\program files\StormII\StormNC\st.dll c:\program files\StormII\StormNC\StormNC_I.dll c:\program files\StormII\StormNC\StormNC_R.dll c:\program files\StormII\StormNC\UnMapPort.exe c:\program files\StormII\stormpop.exe c:\program files\StormII\StormRes.dll c:\program files\StormII\StormSkinRes.dll c:\program files\StormII\Stormtray.exe c:\program files\StormII\StormUpdate.dll c:\program files\StormII\StormUpdate.exe c:\program files\StormII\subdecoder.dll c:\program files\StormII\swDirScaner.dll c:\program files\StormII\Tips.dll c:\program files\StormII\uninst.exe c:\program files\StormII\unrar.dll c:\program files\StormII\update.dll c:\program files\StormII\vodswf\loading.swf c:\program files\StormII\web\Error.html c:\program files\StormII\web\images\box_bg.jpg c:\program files\StormII\web\images\box_li.jpg c:\program files\StormII\web\images\cancel.jpg c:\program files\StormII\web\images\cancellation.jpg c:\program files\StormII\web\images\cid.jpg c:\program files\StormII\web\images\downloads.jpg c:\program files\StormII\web\images\false.jpg c:\program files\StormII\web\images\false_0906707.jpg c:\program files\StormII\web\images\line.jpg c:\program files\StormII\web\images\link_bg.jpg c:\program files\StormII\web\images\link_out.jpg c:\program files\StormII\web\images\loading.gif c:\program files\StormII\web\images\star.gif c:\program files\StormII\web\images\star_bg.gif c:\program files\StormII\web\Loading.html c:\program files\StormII\win7Taskbar.dll c:\program files\StormII\zlib1.dll c:\windows\struct~.ini c:\windows\system32\Cache c:\windows\system32\drivers\360SelfProtection.sys ----- BITS: Possible infected sites ----- hxxp://jsus.ivt.ntnu.no . ((((((((((((((((((((((((((((((((((((((( 驱动/服务 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ZHUDONGFANGYU -------\Service_ZhuDongFangYu -------\Legacy_360SelfProtection -------\Service_360SelfProtection ((((((((((((((((((((((((( 2011-02-04 至 2011-03-04 的新的档案 ))))))))))))))))))))))))))))))) . 2011-03-04 08:16 . 2011-03-04 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Locktime 2011-02-07 11:37 . 2011-02-07 11:43 -------- d-----w- c:\program files\IP Address Shield . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-07 13:36 . 2010-10-25 12:26 80216 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS 2011-01-06 14:02 . 2011-01-06 14:02 0 ----a-w- c:\windows\system32\nss23D.tmp 2011-01-06 09:40 . 2010-10-25 12:26 153304 ----a-w- c:\windows\system32\drivers\qutmdrv.sys 2010-12-30 13:15 . 2010-10-25 12:26 30040 ----a-w- c:\windows\system32\drivers\qutmipc.sys 2010-12-16 03:04 . 2010-12-16 03:04 3234672 ----a-w- c:\windows\system32\SogouPY.ime 2010-12-15 14:15 . 2010-10-25 12:26 60376 ----a-w- c:\windows\system32\drivers\hookport.sys 2010-12-15 12:52 . 2010-02-03 10:23 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys 2010-12-07 18:23 . 2010-10-25 12:26 150744 ----a-w- c:\windows\system32\drivers\360netmon.sys 2010-05-05 18:28 . 2010-05-31 14:10 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 1791B79392B2C5681F220423E7B14DCA . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}] 2010-06-25 06:43 147928 ----a-w- c:\program files\easyMule\modules\IE2EM.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}] 2010-02-04 08:36 120528 ----a-w- c:\program files\Thunder Network\Thunder\Program\EmbedDetectNow.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}] 2010-04-19 22:08 312896 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c14aa221-bae1-45f6-b0b3-90c23f2daa7d}] 2008-12-05 12:35 389120 ----a-w- c:\program files\Clue\adxloader.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files\Xmlbar\Tudou Downloader\IEBar\xbietb.dll" [2010-02-01 413696] [HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}] [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1] [HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}] [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-11-26 301680] "360Safetray"="c:\program files\360\360safe\safemon\360Tray.exe" [2010-12-31 959832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "MaxGPOScriptWait"= 1200 (0x4b0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-17514\Scripts\Logon\0\0] "Script"=net [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-17514\Scripts\Logon\0\1] "Script"=net [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-17514\Scripts\Logon\0\2] "Script"=net [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-66367\Scripts\Logon\0\0] "Script"=net [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-66367\Scripts\Logon\0\1] "Script"=net [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3959417778-1711865379-3952174976-66367\Scripts\Logon\0\2] "Script"=net [HKLM\~\startupfolder\C:^Documents and Settings^hez^Start Menu^Programs^Startup^启动飞速土豆.lnk] path=c:\documents and settings\hez\Start Menu\Programs\Startup\启动飞速土豆.lnk backup=c:\windows\pss\启动飞速土豆.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2009-02-27 10:14 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2009-02-27 14:54 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] 2009-11-26 09:22 1653360 ----a-w- c:\program files\F-Secure\FSGUI\tnbutil.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] 2008-04-14 03:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2008-04-14 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTudouAutoStart] 2007-09-21 10:26 958464 ----a-w- c:\program files\Tudou\iTudou\iTudou.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 20:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2008-04-14 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP] 2010-09-20 05:07 185784 ----a-w- c:\program files\Common Files\PPLiveNetwork\PPAP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-22 13:36 14854144 ----a-w- c:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh] 2003-11-20 17:01 525824 ----a-w- c:\program files\COMPAQ\SetRefresh\SetRefresh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-09-29 22:13 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-01-12 16:07 1242448 ----a-w- c:\program files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSeeMediaCenter] 2010-10-22 09:11 820600 ----a-w- c:\program files\Common Files\uusee\UUSeeMediaCenter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TSUSVC"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "nlsvc"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=3 (0x3) "iPod Service"=3 (0x3) "idsvc"=3 (0x3) "gupdate"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "F-Secure Gatekeeper Handler Starter"=2 (0x2) "Bonjour Service"=2 (0x2) "ATI Smart"=3 (0x3) "Ati HotKey Poller"=3 (0x3) "Apple Mobile Device"=2 (0x2) "AdobeActiveFileMonitor7.0"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [03.02.2010 11:23 42664] R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [25.10.2010 13:26 60376] R1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [25.10.2010 13:26 150744] R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [25.10.2010 13:26 80216] R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\EfiMon.sys [13.08.2010 11:54 19712] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [03.02.2010 11:23 68080] R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.04.2007 12:03 82200] R1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [25.10.2010 13:26 153304] R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [25.10.2010 13:26 30040] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [03.02.2010 11:23 63992] S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys --> c:\windows\system32\drivers\360SelfProtection.sys [?] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [18.08.2010 16:41 84608] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [03.02.2010 11:22 130728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14.04.2008 04:00 14336] S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16.09.2008 13:03 169312] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [03.02.2010 11:22 39792] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [03.02.2010 11:22 25200] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.03.2010 15:08 136176] S4 TSUSVC;Tencent Software Update Service;c:\program files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe [09.12.2008 10:22 116040] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM vvdsvc REG_MULTI_SZ vvdsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{517e4465-367a-11df-804c-001321677395}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd9ad10e-10da-11df-8044-001321677395}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- 而外的扫描 ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download by easyMule - c:\program files\easyMule\IE2EM.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Use [ViDown] to download all links - c:\program files\ViDown\vd_linkall.htm IE: Use [ViDown] to download video - c:\program files\ViDown\vd_link.htm IE: 使用iTudou下载节目 - c:\program files\Tudou\iTudou\iTudou_Link.HTM IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm IE: 使用迅雷查看图片 - c:\program files\Thunder Network\Thunder\Program\repairimage.htm IE: 使用迅雷离线下载 - c:\program files\Thunder Network\Thunder\Program\OfflineDownload.htm IE: 稞麦&Xmlbar搜索 - http://www.xmlbar.com/iebar/iemenu.php?lang=Chinese Simplified&ver=1.0 IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no FF - ProfilePath - c:\documents and settings\hez\Application Data\Mozilla\Firefox\Profiles\3cabpzju.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: network.proxy.type - 2 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - %profile%\extensions\quickstores@quickstores.de FF - Ext: CCTV player plugin for Firefox: cctvplayer-plugin@www.cctv.com - %profile%\extensions\cctvplayer-plugin@www.cctv.com FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} . . ------- 文件类型 ------- . txtfile=c:\windows\notepad.exe %1 . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-Stormtray - c:\program files\StormII\Stormtray.exe AddRemove-SogouExplorer - c:\program files\SogouExplorer\Uninstall.exe AddRemove-storm2 - c:\program files\StormII\uninst.exe AddRemove-{926F1559-5D56-4F7D-93E8-3AB61F68EC6A} - c:\program files\NqlivE\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-04 09:55 Windows 5.1.2600 Service Pack 3 NTFS 扫描被隐藏的进程 。。。 扫描被隐藏的启动组 。。。 扫描被隐藏的文件 。。。 c:\docume~1\hez\LOCALS~1\Temp\etilqs_bVwViJUGDdfhcBHYRcFF 512 bytes c:\docume~1\hez\LOCALS~1\Temp\etilqs_YpPxrkjwRS6awdAUHvRt 0 bytes 扫描完成 被隐藏的档案: 2 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- 运行进程下的动态链接库 --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3488) c:\windows\system32\WININET.dll c:\program files\360\360safe\safemon\safemon.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ 其他运行进程 ------------------------ . c:\program files\360\360safe\deepscan\zhudongfangyu.exe c:\windows\System32\SCardSvr.exe c:\program files\F-Secure\Common\FSMA32.EXE c:\program files\F-Secure\Common\FSHDLL32.EXE c:\program files\F-Secure\Common\FNRB32.EXE c:\program files\F-Secure\Common\FIH32.EXE c:\windows\system32\conime.exe c:\program files\360\360safe\LiveUpdate360.exe . ************************************************************************** . 完成时间: 2011-03-04 10:01:45 - 电脑已重新启动 ComboFix-quarantined-files.txt 2011-03-04 09:01 Pre-Run: 187?200?987?136 bytes free Post-Run: 187?137?499?136 bytes free - - End Of File - - 083F826A60A9220DCAF919E965FC87F0