N3wbi3z Posted November 18, 2013 ID:754947 Share Posted November 18, 2013 Hi there!My AV (MSE) detected Trojan:Win32/Ceatrg.A & Backdoor:Win32/Fynloski.A couple of days ago after a executable file vbc.exe from its genuine location (C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe) execute every time my computer is rebooted. I have learnt that a backdoor virus will not be completely removed from the system so I need helps from the experts to assist me in removing them completely without having my computer being formatted. These viruses was removed once and quarantined once by MSE, but it was not detected by MBAM at all (both quick scan & full scan). Note that I've disable vbc.exe from load at startup I've attach the dds log files and MBAM logs for your reference.attach.txtdds.txtmbam-log-2013-11-17 (00-37-20).txtMBAM-log-2013-11-18 (19-20-55).txt Link to post Share on other sites More sharing options...
Psychotic Posted November 18, 2013 ID:754954 Share Posted November 18, 2013 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default )[*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
N3wbi3z Posted November 18, 2013 Author ID:754961 Share Posted November 18, 2013 I'm sorry for the attached files and my poor English. Here's the ark.txt : GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-11-18 21:46:01Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GBRunning: soru4zlw.exe; Driver: C:\Users\User\AppData\Local\Temp\agloikod.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}\Connection@Name isatap.{4EEF469F-7368-49BE-AC46-10A429DD3789}Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}?\Device\{311B58A0-E4A9-4725-BD33-72B2739A3E0E}?\Device\{73E56081-88EB-41C5-BFC3-AFE12BE58A58}?\Device\{EE425463-6727-4EC4-B68D-945F30A59355}?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}"?"{311B58A0-E4A9-4725-BD33-72B2739A3E0E}"?"{73E56081-88EB-41C5-BFC3-AFE12BE58A58}"?"{EE425463-6727-4EC4-B68D-945F30A59355}"?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}?\Device\TCPIP6TUNNEL_{311B58A0-E4A9-4725-BD33-72B2739A3E0E}?\Device\TCPIP6TUNNEL_{73E56081-88EB-41C5-BFC3-AFE12BE58A58}?\Device\TCPIP6TUNNEL_{EE425463-6727-4EC4-B68D-945F30A59355}?Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427379fa5cc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427379fa5cc@402ba1d81b13 0x78 0xC8 0x0E 0x3B ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427379fa5cc@00123d00431e 0x00 0x3E 0x5F 0x04 ...Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}@InterfaceName isatap.{4EEF469F-7368-49BE-AC46-10A429DD3789}Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E7FC0D93-CD56-41F5-B87C-64DB12E036D3}@ReusableType 0Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13528Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427379fa5cc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427379fa5cc@402ba1d81b13 0x78 0xC8 0x0E 0x3B ...Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427379fa5cc@00123d00431e 0x00 0x3E 0x5F 0x04 ... ---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Psychotic Posted November 18, 2013 ID:754970 Share Posted November 18, 2013 CombofixCombofix should only be run when adviced by a team member!LinkImportant - Save the file to your desktop! Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work. Run Combofix.exeWhen finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 18, 2013 Author ID:754973 Share Posted November 18, 2013 Here's the Combofix.txt you requested, can assist me in changing the language back to English? I have no understanding in Chinese at all. ComboFix 13-11-16.01 - User 18/11/2013 22:24:17.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.4078.2830 [GMT 8:00]执行位置: c:\users\User\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\intellidownload\gunzip.exec:\windows\KwYlx.datc:\windows\SysWow64\FlashPlayerApp.exec:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_npf..((((((((((((((((((((((((( 2013-10-18 至 2013-11-18 的新的档案 )))))))))))))))))))))))))))))))..2013-11-17 11:07 . 2013-10-13 14:36 96768 ----a-w- c:\windows\system32\mshtmled.dll2013-11-17 11:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-17 11:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-17 11:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-11-17 11:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-11-17 11:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-17 11:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-11-17 11:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-11-17 11:03 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-17 11:03 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-17 11:03 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-17 11:03 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-17 11:03 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-17 11:03 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-16 16:37 . 2013-11-16 16:37 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes2013-11-16 16:36 . 2013-11-16 16:36 -------- d-----w- c:\programdata\Malwarebytes2013-11-16 16:36 . 2013-11-16 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-16 16:36 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-16 10:51 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EC36A07-59AA-44B2-81CE-933C37B36E13}\mpengine.dll2013-11-15 12:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-07 01:16 . 2013-10-18 05:28 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680523BF-87B8-46EA-8A9C-8462B076FEF2}\gapaengine.dll2013-10-31 18:19 . 2013-10-31 18:19 -------- d--h--w- c:\users\User\.android2013-10-31 18:18 . 2013-10-31 18:18 -------- d-----w- c:\program files (x86)\kuwo2013-10-31 18:18 . 2013-10-31 18:18 -------- d-----w- c:\programdata\{plbackup-CFE0-66E8-660553B4C955}2013-10-27 07:40 . 2013-10-23 03:29 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys2013-10-24 14:47 . 2013-10-31 18:23 -------- d-----w- c:\program files (x86)\Baidu2013-10-24 14:39 . 2013-10-24 14:39 -------- d-----w- C:\KwDownload2013-10-24 14:39 . 2013-10-24 14:39 -------- d-----w- c:\programdata\kuwodata...(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-17 11:04 . 2012-06-11 06:14 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-01 06:43 . 2012-06-05 11:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-18 05:28 . 2012-09-30 14:08 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-10-07 23:50 . 2013-10-18 05:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 02:30 . 2013-10-11 07:06 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-11 07:06 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-11 07:06 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-11 07:06 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-11 07:06 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-11 07:06 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-11 07:06 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-11 07:06 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-11 07:06 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-11 07:06 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-08-29 02:17 . 2013-10-11 07:11 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-11 07:11 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-11 07:11 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-11 07:11 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-11 07:11 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-11 07:11 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-11 07:11 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-11 07:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-11 07:11 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-11 07:11 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-11 07:11 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-11 07:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-11 07:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-11 07:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-11 07:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-11 07:11 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-11 07:06 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-11 07:06 461312 ----a-w- c:\windows\system32\scavengeui.dll..((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白与合法缺省登录将不会被显示 REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E96E81EC-9A04-0380-DFB2-B5C02F8F405B}]2013-09-27 08:24 1189224 ----a-w- c:\program files (x86)\BaiduAddr\{E96E81EC-9A04-0380-DFB2-B5C02F8F405B}\AddressBar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]R3 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]R3 cxasbt;cxasbt;c:\users\User\Chris Files\Games\Avatar Star\avital\cxbt64.sys;c:\users\User\Chris Files\Games\Avatar Star\avital\cxbt64.sys [x]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]R3 GGSAFERDriver;GGSAFER Driver;c:\users\User\Chris Files\Games\Garena Messenger\Room\safedrv.sys;c:\users\User\Chris Files\Games\Garena Messenger\Room\safedrv.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]S3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x].. ‘计划任务’ 文件夹 里的内容.2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73719310-3082030322-2275098212-1000Core.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 09:54].2013-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73719310-3082030322-2275098212-1000UA.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 09:54]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-30 790688]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-30 657568]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240].------- 而外的扫描 -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: Interfaces\{50B46BF0-AA5A-454B-AA47-D1FAA7C14F58}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\3547574656E647F575946494: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\44F6E6471437B664F62775966696: NameServer = 8.8.8.0,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\960586F6E656: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\A41636B6755445: NameServer = 8.8.8.0,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\D2E4F655375627D2: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kqptbc08.default\user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);.- - - - ORPHANS REMOVED - - - -.HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-73719310-3082030322-2275098212-1000_Classes\Wow6432Node\CLSID\{53793f09-24db-48ef-9e7a-6af16ac23540}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:00000150"Therad"=dword:00000024"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,65,4f,42,25,dc,92,c0,49,ad,0f,d5,04,10,0b,cb,af,f7,28,ea,b8,07,5c,\.[HKEY_USERS\S-1-5-21-73719310-3082030322-2275098212-1000_Classes\Wow6432Node\CLSID\{5c6cb22e-53d9-4883-a1c3-6bfee9fb5596}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000004d"Therad"=dword:00000017"SpecVersion"=dword:00000139"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_USERS\S-1-5-21-73719310-3082030322-2275098212-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):a6,1c,1f,17,9c,a8,98,46,f5,f9,38,4c,a4,bc,1f,ba,b5,07,11,8a,78, 4e,35,5b,e5,e3,57,d8,55,67,4c,39,6e,ab,57,ed,6f,30,f3,2e,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-73719310-3082030322-2275098212-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):37,f9,b5,98,48,5a,ca,03,74,b1,b8,9a,64,45,e5,6b,a0,f7,47,14,99, 46,70,00,a6,31,5c,83,e4,10,fc,57,a4,8f,13,e1,5f,43,35,4b,00,00,00,00,00,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ 其他运行进程 ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Sony\VAIO Event Service\VESMgr.exec:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exec:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exec:\windows\SysWOW64\DllHost.exec:\windows\SysWOW64\DllHost.exec:\users\User\Chris Files\Games\Garena\ggdllhost.exec:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files\Sony\VAIO Care\listener.exe.**************************************************************************.完成时间: 2013-11-18 22:36:46 - 电脑已重新启动ComboFix-quarantined-files.txt 2013-11-18 14:36.Pre-Run: 139,155,992,576 bytes freePost-Run: 138,552,991,744 bytes free.- - End Of File - - 17A185C19512A0712EE9307F54710CF3 Link to post Share on other sites More sharing options...
Psychotic Posted November 18, 2013 ID:754976 Share Posted November 18, 2013 Combofix scripting1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Download the attached CFScript.txt and save it to the location where Combofix is.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If the program is already installed:Run Malwarebytes AntimalwareIf an update is found, it will download and install the latest version.Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here. CFScript.txt Link to post Share on other sites More sharing options...
N3wbi3z Posted November 18, 2013 Author ID:754980 Share Posted November 18, 2013 I will post the MBAM logs approximately 2 hours later.Here's another ComboFix.txt you requested: ComboFix 13-11-16.01 - User 18/11/2013 22:59:33.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.4078.2938 [GMT 8:00]执行位置: c:\users\User\Desktop\ComboFix.exeCommand switches used :: c:\users\User\Desktop\CFScript.txtAV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))..C:\KwDownloadc:\kwdownload\Lyric\F-ve Dolls-被欺骗了.lrcc:\kwdownload\Lyric\小虎队-爱.lrcc:\kwdownload\Lyric\少女时代-Into The New World.lrcc:\kwdownload\Lyric\张信哲-过火.lrcc:\kwdownload\Temp\21A0707C30A9D080.wmac:\kwdownload\Temp\4EB7404B0D3DC9A2.wmac:\kwdownload\Temp\5E1C25EC4FE257EF.wmac:\kwdownload\Temp\B83D418ECA920B3A.mkvc:\kwdownload\Temp\E09EC13C54927A47.wmac:\kwdownload\Temp\E8164867158446A2.wmac:\kwdownload\Temp\F53A522FF938F1F4.zipc:\program files (x86)\Baiduc:\program files (x86)\BaiduAddrc:\program files (x86)\BaiduAddr\{E96E81EC-9A04-0380-DFB2-B5C02F8F405B}\AddressBar.dllc:\program files (x86)\BaiduAddr\{E96E81EC-9A04-0380-DFB2-B5C02F8F405B}\ASBarBroker.exec:\program files (x86)\BaiduAddr\Uninstall.exec:\program files (x86)\kuwoc:\program files (x86)\kuwo\KWMUSIC2013\bin\AdbWinApi.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\AdbWinUsbApi.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\ccenter.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\CKuwoPlayer.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\Conf\default\config.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\CoreAVC0.axc:\program files (x86)\kuwo\KWMUSIC2013\bin\CWmpPlayer.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\data\2013-11-1.datc:\program files (x86)\kuwo\KWMUSIC2013\bin\data\2013-11-4.datc:\program files (x86)\kuwo\KWMUSIC2013\bin\DshowPlayer.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\DuiLib.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\DumpReport.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\Encode.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\hanzi_pinyin.dictc:\program files (x86)\kuwo\KWMUSIC2013\bin\html\gameBoxLoading.htmc:\program files (x86)\kuwo\KWMUSIC2013\bin\html\loading.gifc:\program files (x86)\kuwo\KWMUSIC2013\bin\html\minierror.htmc:\program files (x86)\kuwo\KWMUSIC2013\bin\html\mvloading.htmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\html\mvloading.swfc:\program files (x86)\kuwo\KWMUSIC2013\bin\IEProxy.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\IESandBox.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\kid.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\KuwoDaemon.apkc:\program files (x86)\kuwo\KWMUSIC2013\bin\KuwoSyncMobile.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\kwAdb.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwConfig.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwDataDef.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwDPGame.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwHttp.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwHttpRequestMgr.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwInfos.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwLib.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwLnkTipWnd.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwLog.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModAndroidMgr.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModAppStore.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModConfig.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModDownload.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModGameEntry.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModLocalMusic.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModLyric.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModLyricShow.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModPlaylist.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModSkinManage.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModSynList.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwModUpdateWeb.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwMusic.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwMusicCore.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwMV.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwRecoSong.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwService.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\KwServiceProxy.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwSongCache.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwTagLib.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KwUpdate.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\KWUpdate.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\lidx.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\Log\act.logc:\program files (x86)\kuwo\KWMUSIC2013\bin\Log\act.log.outc:\program files (x86)\kuwo\KWMUSIC2013\bin\MatroskaSplitter.axc:\program files (x86)\kuwo\KWMUSIC2013\bin\MediaInfo.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\Microsoft.VC90.CRT.manifestc:\program files (x86)\kuwo\KWMUSIC2013\bin\Module.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\MpaDecFilter.axc:\program files (x86)\kuwo\KWMUSIC2013\bin\msvcp90.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\msvcr90.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\mylkx.datc:\program files (x86)\kuwo\KWMUSIC2013\bin\pd.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\PlayerCore.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\Eq_Kweq.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\in_ac3.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\in_APE.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\in_mp4.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\in_mpg123.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\in_mpg123.dll.manifestc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\In_Wma.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\Microsoft.VC90.CRT.manifestc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\msvcp90.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\msvcr90.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\plugin\out_kw_ds.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\ReconEngine.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\res\baidu.plc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\casullisten.plc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\DeskTipWndRes\BkImage.pngc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\DeskTipWndRes\CloseBtn.pngc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\DeskTipWndRes\EnterBtn.pngc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\aac.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\ac3.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\ape.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\cda.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\cue.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\dks.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\flac.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\GameIcon.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\KwDownloadLnk.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\lrcx.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\m4a.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\mid.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\mp1.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\MP2.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\mp3.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\ogg.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\ThumbnailToolbar.bmpc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\tta.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\wav.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\icons\wma.icoc:\program files (x86)\kuwo\KWMUSIC2013\bin\res\tyyykw.wavc:\program files (x86)\kuwo\KWMUSIC2013\bin\ShellDl.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\AlreadDownloadDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\AutoLoginTip.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\AutoRunShowTipWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\BackToOldVer.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\changeautoskintimewnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\changeskinwnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\CloudLoginBallon.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\CopyNotifyDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\CreateNewList.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\cursor\hand-close.curc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\cursor\hand-open.curc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\DeskLyric.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\DownloadFinishTipDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\DownloadSettingDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\EqDlgAttribute.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\ExitTipDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\FirstPlayApeWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\forcechangeskinwnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\fullplaycontrol.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\functionwnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\iconTip.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KeywordSafeTip.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwAndroidUsbCopy.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwCloudCenterBox.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwConfig.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwEmptyWebDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwEqDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwKickDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwLimitMvDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwLimitSongDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwLimitVipDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwMinisiteDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwMusic.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwPopupRbWebDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwRestoreBackList.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwTaskbarNotifierDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwUserKick.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwVipOpenPage.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\KwVipWebDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\Kwwebpopup.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\logindlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\logindlgex.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\minidlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\miniplaylist.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\ModifyLyricRelationWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\msgbox.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\MuiscTreeInfoWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\MultiLoginManager.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\MusicTool.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\MusicToolDown.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\MusicTree.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\mvmodbar.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\OpenUploadLocal.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\PathListDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\PlaylistRootPanel.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\PlaylistRootPanel2.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\PlaylistStyle3.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\RecoTipDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\RemoteUserLoginAfter.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\RemoteUserLoginBefore.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\SaveLyricDeltaWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\searchtip.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\ShutDownSettingDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\ShutDownTipDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\skin.datc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\skin.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\startpage.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\SynExistListTipDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\SynLsTipDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UpdateTipDialog.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UpdateTipDialogEx.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UpLyricDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UserfaceWnd.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UserFeedbackDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\UserLoginGuide.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\base\WebPopupDlg.xmlc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\localskin\1\bk.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\localskin\1\conf.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\localskin\1\small.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\1\bk.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\1\conf.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\1\small.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\2\bk.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\2\conf.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\2\small.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\5\bk.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\5\conf.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\5\small.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\6\bk.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\6\conf.inic:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\serverskin\6\small.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\skin\startpage\Default.jpgc:\program files (x86)\kuwo\KWMUSIC2013\bin\temp\KMusic\2.aacc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIAndroidUsbDevice.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIAvMgr.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIDeskLyric.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIDownload.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIMiniPanel.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIMusicTree.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UINowPlaying.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIPlayControl.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIPlaylistPanel.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIPopupWnd.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\UIVIPMan.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\Win7Trait.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\WriteMbox.exec:\program files (x86)\kuwo\KWMUSIC2013\bin\Zlib.dllc:\program files (x86)\kuwo\KWMUSIC2013\bin\酷我音乐 2013.lnkc:\program files (x86)\kuwo\KWMUSIC2013\KwMusic.exec:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Conf\user\config.inic:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\lyricshow\LyricTheme.xmlc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModMusicTool\conf.txtc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModResource\NetSong-artists.plc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModWebUpdate\zip\netsong.zipc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModWebUpdate\zip\sharesong.zipc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModWebUpdate\zip\songcomment.zipc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModWebUpdate\zip\userinfo2012.zipc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\ModuleData\ModWebUpdate\zip\vipMbox_new.zipc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\cache\KW_SEARCH_SONG\jay.datc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_COLOR_highlight.jpgc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_COLOR_nomal.jpgc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_PIC_highlight.jpgc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_PIC_nomal.jpgc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_1a.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_1b.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_2a.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_2b.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_3a.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_3b.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_4a.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_4b.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_5a.pngc:\program files (x86)\kuwo\KWMUSIC2013\KWMUSIC\Res\DeskLyric\DL_Themes_5b.pngc:\program files (x86)\kuwo\KWMUSIC2013\KwMusicSetup.exec:\program files (x86)\kuwo\KWMUSIC2013\Microsoft.VC90.CRT.manifestc:\program files (x86)\kuwo\KWMUSIC2013\msvcp90.dllc:\program files (x86)\kuwo\KWMUSIC2013\msvcr90.dllc:\program files (x86)\kuwo\KWMUSIC2013\readme.txtc:\program files (x86)\kuwo\KWMUSIC2013\Uninstall.exec:\programdata\{plbackup-CFE0-66E8-660553B4C955}c:\programdata\{plbackup-CFE0-66E8-660553B4C955}\播放列表-列表组1-默认列表.plc:\programdata\{plbackup-CFE0-66E8-660553B4C955}\播放列表.plc:\programdata\kuwodatac:\programdata\kuwodata\kwmusic2013\Cache\webcache\017F6063.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\02393A1D.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\024C3854.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\0538A4DA.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\05C50B48.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\0C957F82.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\0DC9ED5A.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\14922790.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\1E008699.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\22BD182E.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\23CBDE0C.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\259FBF33.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\2D31F565.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\33CC1FEB.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\3BEF7CDE.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\3CCDC191.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\41BCE6F7.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\430B8B49.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\436344A8.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\4BF9335B.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\665B9454.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\6A2959E2.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\6A67ADA2.datc:\programdata\kuwodata\kwmusic2013\Cache\webcache\73D677DA.datc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\index\index.txtc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\index\update.txtc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\21A0707C30A9D080.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\4EB7404B0D3DC9A2.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\5E1C25EC4FE257EF.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\B83D418ECA920B3A.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\E09EC13C54927A47.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\E8164867158446A2.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\kmap\F53A522FF938F1F4.kmapc:\programdata\kuwodata\kwmusic2013\Conf\p2pconf\setup.xmlc:\programdata\kuwodata\kwmusic2013\Conf\Server\config.inic:\programdata\kuwodata\kwmusic2013\Conf\user\config.inic:\programdata\kuwodata\kwmusic2013\Conf\user\sprdtasks.inic:\programdata\kuwodata\kwmusic2013\ModuleData\lyricshow\LyricTheme.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\lyricshow\LyricTheme_old.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\icon_tool_ID123.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\icon_tool_ID126.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\icon_tool_ID167.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\icon_tool_ID170.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\icon_tool_ID185.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\savepathhistory.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\下载列表-下载失败.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\下载列表-已下载.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\下载列表-正在下载.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModDownload\下载列表2.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\deletemusic-deletesongs_0.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\deletemusiclist.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\localmusic-localallsongs_0.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\localmusiclist.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\musicscanerconfig.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModLocalLibrary\searchhistory.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModMusicTool\conf.txtc:\programdata\kuwodata\kwmusic2013\ModuleData\ModMusicTool\ksong.inic:\programdata\kuwodata\kwmusic2013\ModuleData\ModNotify\no_copyright.txtc:\programdata\kuwodata\kwmusic2013\ModuleData\ModNowPlaying\lastplay.xmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-列表组1-默认列表.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-80后电台+-4953.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-一人一首成名曲电台+-4996.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-中国好声音第二季电台+-19386.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-伤感电台+-6003.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-华语好歌电台+-19625.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-我的频道请登录.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-经典怀旧电台+-4459.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-网络红歌电台+-18239.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-超级好听的英文歌电台+-18892.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-酷我新歌电台+-6007.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表-音乐电台-酷我热歌电台+-6001.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModPlayList\播放列表.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModResource\NetSong-artists.plc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\ape.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\css\base.cssc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\css\common.cssc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\error.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\abg.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\abg2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\ablue.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\ablue2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\addgedan.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\addgedanhov.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\addlist.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\addlist2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\anow.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\big.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\blank.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btn.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btn2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btn3.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btn4.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btnbottom.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btnmiddle.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\btntop.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\close.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\closed.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\erji.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\fankui.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\focusbg.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\focusbtn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\focusbtnhover.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\fousplay.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\fousplayHover.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\gamers.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\gotop.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\haveselect.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\hgaoqing.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\high.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\hot.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\hot2.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\ieerror.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\jiaguanzhu.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\jiazai.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\kuwo.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\kuwomusic.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\kuwomusic2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\leftIcon.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\leftIconHover.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\listbgt.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\listbgt2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\loading1.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\loading2.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\loading22.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\loading3.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\low.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\message.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\message2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\more.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\more2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\MV.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\MV2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\mvbg.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\mvbg2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\navtan.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new_btn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new_btn2.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new_radio.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\new2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\newpho.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\newphobottom.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\newphomiddle.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\otherbtn.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\pic160bg.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\pic160bg2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\playlist.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\qqplay.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\qqplayhover.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\qqtongming.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\qqtongming2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\rightIcon.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\rightIconHover.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\rightnavnow.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\rightnavnow1.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\sanjiao.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scon.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scrollbg.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scrollbghover.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scrollbottom.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scrollmiddle.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\scrolltop.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shijian.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shiting.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shou.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shou2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shoucang.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shouting.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shouting.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shouting2.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\shouting2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\sleft.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\small.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\sousuo.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\sright.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\subnav.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan1.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan3.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan4.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan5.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan6.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan7.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tan8.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\tanbtn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\topnav.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\trp.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\xiuchang.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\xiushi.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\img\xiushi2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\DD_belatedPNG.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\iscroll.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\jquery.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\jquery.masonry.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\local2013.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\quku.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\js\tree.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\jserror.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\quku.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\netsong\version.inic:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\radio\radio.confc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\allInOneNoTitle.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\alBg.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\allBtn.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\bodyBg.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\botom.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\Btn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\bz_vip.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\class.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\dax.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\icon.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\left_j.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\qq.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\right_j.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tcjdt.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan1.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan10.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan11.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan12.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_1.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_12.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_13.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_3.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_4.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_5.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_7.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_8.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan2013_9.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan3.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan4.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan5.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan6.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan7.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan8.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tequan9.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\Thumbs.dbc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tiyan_1.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tiyan_2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tiyan_3.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tiyan_4.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\tiyan_5.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\top.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\vipno.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\vipok.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\vipsecsice.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\img\zz_vip.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\js\allInOneNoTitle.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\js\cookie.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\js\getRequest.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\js\jquery-1.4.2.min.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\js\tequanInfo.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\res\vipMbox_new\vipNoTitle_2012-10.cssc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\netsong.zipc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\Radio.zipc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\sharesong.zipc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\songcomment.zipc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\allInOneNoTitle.htmlc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\alBg.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\allBtn.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\bodyBg.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\botom.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\Btn.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\bz_vip.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\class.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\dax.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\icon.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\left_j.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\qq.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\right_j.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tcjdt.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan1.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan10.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan11.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan12.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_1.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_12.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_13.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_3.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_4.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_5.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_7.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_8.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan2013_9.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan3.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan4.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan5.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan6.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan7.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan8.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tequan9.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\Thumbs.dbc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tiyan_1.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tiyan_2.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tiyan_3.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tiyan_4.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\tiyan_5.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\top.pngc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\vipno.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\vipok.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\vipsecsice.jpgc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\img\zz_vip.gifc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\js\allInOneNoTitle.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\js\cookie.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\js\getRequest.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\js\jquery-1.4.2.min.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\js\tequanInfo.jsc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\temp\vipMbox_new\vipMbox_new\vipNoTitle_2012-10.cssc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\userinfo2012.zipc:\programdata\kuwodata\kwmusic2013\ModuleData\ModWebUpdate\zip\vipMbox_new.zipc:\programdata\kuwodata\kwmusic2013\Res\cache\BUFFER_CATEGORY_CONFIG\0ED2A0E3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\BUFFER_CATEGORY_CONFIG\74C09504.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\1074BAA5.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\1D56D3DB.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\48F65BCD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\5CCB39B2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\5CCB39B3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\66977251.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ALBUM_PIC\786A0E89.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ARTISTPIC\439B7FF0.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_ARTISTPIC\68D82A7C.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_LYRIC_PIC\099E0433.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_LYRIC_PIC\6F000777.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_LYRIC_PIC\7D93F812.datc:\programdata\kuwodata\kwmusic2013\Res\cache\DOWNLOAD_LYRIC_PIC\LyricBkConf.xmlc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_LYRIC\0AE44019.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_LYRIC\308FCD60.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_LYRIC\38A9EBE9.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_LYRIC\42F7DEE9.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\00B6DE60.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\017A08FE.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\02114F63.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\0272F5F0.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\03086186.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\058A3A32.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05902ECD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05902ED1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05902ED3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05902EDD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05902EF3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\05BCA987.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\068DEECB.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\09EC50E7.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\0AE8DAA1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\0D1541C8.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\0F851D33.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\10DA9B50.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\13679F9A.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1799E0C4.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\179D1CC9.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\18BB8692.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\190CDD19.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1B364F97.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1B5478D4.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1C2F2384.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1CB055DD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1D114E35.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\1F16AA6F.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2068FDD9.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\22FBA82C.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2598AF2D.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\268FB6B2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\271A4807.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2902EF21.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2A6529E9.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2A6529EB.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2A6E0A42.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2B6A0D95.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2B7EB0A3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2C7351A3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2E5F44D1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2E6F9302.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2EDE31C3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2F60E708.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\2F95F7A2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\31442CB3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\31C6D7F5.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\31D99969.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\3236EF17.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\33E69899.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\36128F60.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\36128F62.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\37534055.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\3775ACF5.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\37B0ABE3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\39A4F7B5.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\3F97ECB7.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\41EFE4C4.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4254D523.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4292EF46.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\450E9ED7.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\49D9CEA8.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4BFC2754.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4C0BE615.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4CD52F23.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\4F416D27.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\50718E64.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\51CFF0AB.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\57DB67E4.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\57E45B12.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\580D6FB2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\585EFE18.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\59FFA062.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5BBFC0D5.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5CB38BD8.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5E03EC85.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5E84CBFE.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5F23ABA2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\5F741630.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\61928852.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\636632BD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\65240428.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\65FC7CCB.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\67E3BD9B.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\69552333.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\69B2279B.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\69B2279E.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\6A1A6242.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\6BD6F4A2.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\6C359D03.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\6C49B031.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\6DEA6B6B.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\714DE630.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7402F1FE.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\74559DAD.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7552CD4C.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7559B58D.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\75AF189C.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\767A68E1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\770051E1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7A4B77DA.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7B21855C.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7B96F8D3.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7E2E25E1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KW_SEARCH_SONG\7F090311.datc:\programdata\kuwodata\kwmusic2013\Res\cache\Kw_Song_Cache\0BC4CFC7.datc:\programdata\kuwodata\kwmusic2013\Res\cache\Kw_Song_Cache\1C70CE33.datc:\programdata\kuwodata\kwmusic2013\Res\cache\Kw_Song_Cache\20A5A779.datc:\programdata\kuwodata\kwmusic2013\Res\cache\Kw_Song_Cache\638DD6E0.datc:\programdata\kuwodata\kwmusic2013\Res\cache\Kw_Song_Cache\638DD6E1.datc:\programdata\kuwodata\kwmusic2013\Res\cache\KwPlayer\7B33539C.datc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_COLOR_highlight.jpgc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_COLOR_nomal.jpgc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_PIC_highlight.jpgc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_PIC_nomal.jpgc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_1a.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_1b.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_2a.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_2b.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_3a.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_3b.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_4a.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_4b.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_5a.pngc:\programdata\kuwodata\kwmusic2013\Res\DeskLyric\DL_Themes_5b.pngc:\users\User\.androidc:\users\User\.android\adbkeyc:\users\User\.android\adbkey.pub..((((((((((((((((((((((((( 2013-10-18 至 2013-11-18 的新的档案 )))))))))))))))))))))))))))))))..2013-11-18 15:07 . 2013-11-18 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp2013-11-18 15:07 . 2013-11-18 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-11-18 14:46 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{29F281A5-B757-4D99-9E0E-80CE7F67159D}\mpengine.dll2013-11-17 11:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-11-17 11:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-11-17 11:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-11-17 11:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-11-17 11:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-11-17 11:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-11-17 11:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-11-17 11:03 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-17 11:03 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-17 11:03 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-17 11:03 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll2013-11-17 11:03 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-17 11:03 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-16 16:37 . 2013-11-16 16:37 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes2013-11-16 16:36 . 2013-11-16 16:36 -------- d-----w- c:\programdata\Malwarebytes2013-11-16 16:36 . 2013-11-16 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-11-16 16:36 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-15 12:08 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-07 01:16 . 2013-10-18 05:28 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{680523BF-87B8-46EA-8A9C-8462B076FEF2}\gapaengine.dll2013-10-27 07:40 . 2013-10-23 03:29 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys...(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-11-17 11:04 . 2012-06-11 06:14 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-01 06:43 . 2012-06-05 11:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-18 05:28 . 2012-09-30 14:08 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-10-07 23:50 . 2013-10-18 05:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-08 02:30 . 2013-10-11 07:06 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-09-08 02:27 . 2013-10-11 07:06 327168 ----a-w- c:\windows\system32\mswsock.dll2013-09-08 02:03 . 2013-10-11 07:06 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-09-04 12:12 . 2013-10-11 07:06 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-09-04 12:11 . 2013-10-11 07:06 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-09-04 12:11 . 2013-10-11 07:06 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-09-04 12:11 . 2013-10-11 07:06 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-09-04 12:11 . 2013-10-11 07:06 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-09-04 12:11 . 2013-10-11 07:06 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-09-04 12:11 . 2013-10-11 07:06 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-08-29 02:17 . 2013-10-11 07:11 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-08-29 02:16 . 2013-10-11 07:11 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-08-29 02:16 . 2013-10-11 07:11 243712 ----a-w- c:\windows\system32\wow64.dll2013-08-29 02:16 . 2013-10-11 07:11 859648 ----a-w- c:\windows\system32\tdh.dll2013-08-29 02:13 . 2013-10-11 07:11 878080 ----a-w- c:\windows\system32\advapi32.dll2013-08-29 01:51 . 2013-10-11 07:11 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51 . 2013-10-11 07:11 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-08-29 01:50 . 2013-10-11 07:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-08-29 01:50 . 2013-10-11 07:11 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-08-29 01:50 . 2013-10-11 07:11 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-08-29 01:48 . 2013-10-11 07:11 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-08-29 01:48 . 2013-10-11 07:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-08-29 00:49 . 2013-10-11 07:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-08-29 00:49 . 2013-10-11 07:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-08-29 00:49 . 2013-10-11 07:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-08-29 00:49 . 2013-10-11 07:11 2048 ----a-w- c:\windows\SysWow64\user.exe2013-08-28 01:21 . 2013-10-11 07:06 3155968 ----a-w- c:\windows\system32\win32k.sys2013-08-28 01:12 . 2013-10-11 07:06 461312 ----a-w- c:\windows\system32\scavengeui.dll..((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白与合法缺省登录将不会被显示 REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]R3 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]R3 cxasbt;cxasbt;c:\users\User\Chris Files\Games\Avatar Star\avital\cxbt64.sys;c:\users\User\Chris Files\Games\Avatar Star\avital\cxbt64.sys [x]R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]R3 GGSAFERDriver;GGSAFER Driver;c:\users\User\Chris Files\Games\Garena Messenger\Room\safedrv.sys;c:\users\User\Chris Files\Games\Garena Messenger\Room\safedrv.sys [x]R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy2.sys [x]S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]S3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x].. ‘计划任务’ 文件夹 里的内容.2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73719310-3082030322-2275098212-1000Core.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 09:54].2013-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73719310-3082030322-2275098212-1000UA.job- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 09:54]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-09 518784]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-30 790688]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-30 657568]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240].------- 而外的扫描 -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.43.1TCP: Interfaces\{50B46BF0-AA5A-454B-AA47-D1FAA7C14F58}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\3547574656E647F575946494: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\44F6E6471437B664F62775966696: NameServer = 8.8.8.0,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\960586F6E656: NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\A41636B6755445: NameServer = 8.8.8.0,8.8.4.4TCP: Interfaces\{AB9C7618-5165-49F8-9B1F-F550A27D3E19}\D2E4F655375627D2: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kqptbc08.default\user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);.- - - - ORPHANS REMOVED - - - -.BHO-{E96E81EC-9A04-0380-DFB2-B5C02F8F405B} - c:\program files (x86)\BaiduAddr\{E96E81EC-9A04-0380-DFB2-B5C02F8F405B}\AddressBar.dllAddRemove-KwMusic7 - c:\program files (x86)\kuwo\KWMUSIC2013\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).完成时间: 2013-11-18 23:09:47ComboFix-quarantined-files.txt 2013-11-18 15:09ComboFix2.txt 2013-11-18 14:36.Pre-Run: 138,633,961,472 bytes freePost-Run: 138,557,861,888 bytes free.- - End Of File - - 4B26C1B487FF0E23EB822EDDB4500BA2 Link to post Share on other sites More sharing options...
N3wbi3z Posted November 18, 2013 Author ID:754999 Share Posted November 18, 2013 Here's the MBAM log file: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.11.17.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421User :: VAIO-VPCEG38FG [administrator] 18/11/2013 11:18:05 PMmbam-log-2013-11-18 (23-18-05).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 1457142Time elapsed: 1 hour(s), 32 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 15HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Psychotic Posted November 19, 2013 ID:755299 Share Posted November 19, 2013 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755375 Share Posted November 19, 2013 Log from ESET Online Scan: C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller applicationC:\Users\User\Chris Files\Games\Cheat Engine 6.2\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB applicationC:\Users\User\Chris Files\Games\Cheat Engine 6.2\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF applicationC:\Users\User\Chris Files\Games\Devil May Cry Rebooted\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BQ applicationC:\Users\User\Downloads\Download\CheatEngine62.exe multiple threats Link to post Share on other sites More sharing options...
Psychotic Posted November 19, 2013 ID:755395 Share Posted November 19, 2013 Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machineHaving said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755421 Share Posted November 19, 2013 I've a few question before we proceed.Manually removed, or via ESET?For [C:\Program Files (x86)\intellidownload\torrent.exe], is this a malware or software? I've never notice the existence of this thing in my computer.For [C:\Users\User\Chris Files\Games\Devil May Cry Rebooted\Binaries\Win32\steam_api.dll], I've never notice about this at all, so do I need to remove whole programs (Devil May Cry Rebooted), or just the steam_api.dll? Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755422 Share Posted November 19, 2013 Oh 1 more question. Do I have to re-scan with ESET after removing them? Link to post Share on other sites More sharing options...
Psychotic Posted November 19, 2013 ID:755430 Share Posted November 19, 2013 Add-/remove programmsClick on start-->control panel.Vista/7: Open Programs and FeaturesXP: Open add/remove programsSearch for and remove the following programs¦ÌTorrentClose the window. C:\Users\User\Chris Files\Games\Devil May Cry Rebooted\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BQ application Delete this file as this is the crack itself - please note that the game may not function any longer. The other files ESET found aren´t malware, but may contain security risks. You don´t need to rescan, simply tell me when ready. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755432 Share Posted November 19, 2013 I couldn't find the Torrent in Programs and Features but I do have uTorrent installed. Is that the one? Link to post Share on other sites More sharing options...
Psychotic Posted November 19, 2013 ID:755448 Share Posted November 19, 2013 No, it isn´t the same, but simply delete this folder: C:\Program Files (x86)\intellidownload\ I strongly recommend not to use P2P software: P2P software installedGoing over your logs I noticed that you have utorrent installed.Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall utorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.If you wish to keep it, please do not use it until your computer is cleaned. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755450 Share Posted November 19, 2013 Just finish uninstall uTorrent and deleted intellidownload. I've never use uTorrent at all even I do install them. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 19, 2013 Author ID:755459 Share Posted November 19, 2013 Umm, I'm ready for the next step?Please tell me if I have to remove anything else.Note that I've deleted all the targeted threats detected by ESET. Link to post Share on other sites More sharing options...
Psychotic Posted November 20, 2013 ID:755793 Share Posted November 20, 2013 Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt alsoSecurityCheckPlease download SecurityCheck: LINK1 LINK2 Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 20, 2013 Author ID:755840 Share Posted November 20, 2013 Log file from AdwCleaner: # AdwCleaner v3.012 - Report created 20/11/2013 at 19:31:51# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : User - VAIO-VPCEG38FG# Running from : C:\Users\User\Desktop\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kqptbc08.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82EA3E77-7BD2-4744-A8F2-670770767EC5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82EA3E77-7BD2-4744-A8F2-670770767EC5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}Key Deleted : HKCU\Software\YourFileDownloaderKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\DeviceVMKey Deleted : HKLM\Software\YourFileDownloaderKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v25.0 (en-US) [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\kqptbc08.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2953 octets] - [20/11/2013 19:30:25]AdwCleaner[s0].txt - [2864 octets] - [20/11/2013 19:31:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2924 octets] ########## Link to post Share on other sites More sharing options...
Psychotic Posted November 20, 2013 ID:755841 Share Posted November 20, 2013 Then we need the checkup.txt as well Link to post Share on other sites More sharing options...
N3wbi3z Posted November 20, 2013 Author ID:755842 Share Posted November 20, 2013 Log file from SecurityCheck: Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 22 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (25.0) Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Psychotic Posted November 20, 2013 ID:755843 Share Posted November 20, 2013 Your system is clean now! Adobe Reader out of dateYour Adobe Reader is outdated. We will fix this.Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered. Run setup and follow the instructions. Click upon Start-->control panel-->add/remove programs. Search for and remove any older reader versions. Uninstall our tools using delfixPlease follow these steps in order: In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed. In any case please download delfix to your desktop. Close all other programms and start delfix. Please check all the boxes and run the tool. delfix will now delete all found traces of our removal process [*] If there is still something left please delete it manualy. Recommendations: How to protect yourselfSystem UpdatesPlease ensure to have automatic updates activated in your control panel.For further information and a tutorial, see this Microsoft Support article. ProtectionWhat you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.To keep your browser free of advertising, you may install the Adblock Plus browser extension.It will filter unwanted advertising out of the website´s content. To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.In addition, before accessing a dangerous classified web site, a warning screen is displayed. [*]Up to date SoftwareKeep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:Secunia Personal Software Inspector - checks if your software has updates available. SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software. Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser. [*]BackupHardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]BehaviourThe commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help you if aren´t careful enough.While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware. Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything. When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Link to post Share on other sites More sharing options...
N3wbi3z Posted November 20, 2013 Author ID:755845 Share Posted November 20, 2013 Thanks for the help, Marius =)May I know if during the infection period, does the virus able to mutate itself to any external device such as USB drive, external HDD/SSD?If yes, then what should I do to clean them off? Link to post Share on other sites More sharing options...
Psychotic Posted November 20, 2013 ID:755848 Share Posted November 20, 2013 If you want to be on the safe side, disable any autorun functions and scan your externals with ESET online scanner. Additionally, you may use flash_disinfector to prevent viruses from infecting USB devices: Please download Flash_Disinfector.exe by sUBs and save it to your desktop.Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.Wait until it has finished scanning and then exit the program.Reboot your computer when done.Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files. Link to post Share on other sites More sharing options...
Recommended Posts