Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop-up dial-up window very often.


  • This topic is locked This topic is locked
13 replies to this topic

#1 WinBMY

WinBMY

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 02 April 2012 - 10:04 PM

My child's computer pop-up dial-up window very often.
It cause some PC operation problem. Here is the DDS log.

==========================================================
Log1:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by vento at 10:59:40 on 2012-04-03
Microsoft Windows 7 家用進階版 6.1.7601.1.950.886.1028.18.3839.1984 [GMT 8:00]
.
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
D:\沙箱\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conhost.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\SysWOW64\fsproflt.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\沙箱\SbieCtrl.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\沙箱\SandboxieRpcSs.exe
D:\沙箱\SandboxieDcomLaunch.exe
C:\Sandbox\vento\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\vento\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\沙箱\SandboxieCrypto.exe
C:\Sandbox\vento\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Sandbox\vento\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Sandbox\vento\DefaultBox\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
mStart Page = hxxp://tw.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID 登入協助程式: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PPTVIE~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SandboxieControl] "D:\沙箱\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Facebook Update] "C:\Users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
StartupFolder: C:\Users\vento\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\_OTL\MovedFiles\08302011_142412\C_Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\vento\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: 傳送至 OneNote(&N) - D:\PPTVIE~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - D:\PPTVIE~1\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\ppt viewer\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\ppt viewer\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{A6EB3D90-1005-4554-8343-04826B21D1F1} : NameServer = 210.241.192.201 168.95.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://tw.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://tw.yahoo.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\vento\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\vento\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\vento\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\PPTVIE~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PPTVIE~1\Office14\NPSPWRAP.DLL
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.id - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:25:52
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101367
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R0 pe3ah5ub;Gothic3 Environment Driver (pe3ah5ub);C:\Windows\system32\drivers\pe3ah5ub.sys --> C:\Windows\system32\drivers\pe3ah5ub.sys [?]
R0 ps6ah5ub;Gothic3 Synchronization Driver (ps6ah5ub);C:\Windows\system32\drivers\ps6ah5ub.sys --> C:\Windows\system32\drivers\ps6ah5ub.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir 排程管理員;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-8 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-8 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-5-25 203392]
R2 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2011-9-27 142648]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-6-6 386344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;D:\沙箱\SbieDrv.sys [2011-3-24 148072]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google 更新服務 (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S2 pr2ah5ub;Gothic3 Drivers Auto Removal (pr2ah5ub);C:\Windows\system32\pr2ah5ub.exe svc --> C:\Windows\system32\pr2ah5ub.exe svc [?]
S3 bmusbser;Network Connect USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\bmusbser.sys --> C:\Windows\system32\DRIVERS\bmusbser.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google 更新 服務 (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-01 07:56:17 -------- d-----w- C:\Program Files (x86)\Empire Interactive
2012-03-17 01:18:26 -------- d-----w- C:\Users\vento\AppData\Local\ElevatedDiagnostics
2012-03-15 14:01:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 14:01:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 14:01:01 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-15 09:52:39 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-15 09:52:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-15 09:52:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 13:50:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 13:50:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 13:50:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 13:50:05 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 13:49:41 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 13:49:41 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 13:49:41 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-09 10:57:00 -------- d-----w- C:\CCE_Quarantine
2012-03-04 11:03:05 -------- d-----w- C:\Users\vento\AppData\Roaming\Colibri Games
2012-03-04 11:02:50 -------- d-----w- C:\Users\vento\AppData\Roaming\Doodle_Jump_PC
.
==================== Find3M ====================
.
2012-03-04 00:55:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-04 00:50:41 27424 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-02-17 13:00:12 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2012-02-17 13:00:12 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2012-01-17 21:00:44 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-01-14 06:19:51 294912 ------w- C:\Windows\Setup1.exe
2012-01-14 06:19:50 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-01-11 06:47:55 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 11:00:54.26 ===============

Log2:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 家用進階版
Boot Device: \Device\HarddiskVolume2
Install Date: 2010/6/20 下午 03:43:09
System Uptime: 2012/4/3 上午 10:52:49 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM1525
Processor: AMD Athlon™ II X2 220 Processor | AM2 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 100.171 GiB free.
D: is FIXED (NTFS) - 349 GiB total, 325.444 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP241: 2012/3/24 下午 11:27:05 - 排定的檢查點
RP242: 2012/4/1 上午 09:24:43 - 排定的檢查點
.
==== Installed Programs ======================
.
GTA San Andreas
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 - Chinese Traditional
Adobe Shockwave Player 11.5
Advertising Center
AI Manager
Akamai NetSession Interface Service
All+互動英語雜誌-2011年12月號
Angry Birds Rio
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
Assassin's Creed II
ASUSUpdate
aTube Catcher
Avira AntiVir Personal - Free Antivirus
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A3300 IS and A3200 IS and A2200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chaos Pack v1.1 for Pocket Tanks Deluxe
Code of Honor The French Foreign Legion
Common
Contents
Cool & Quiet
Corel VideoStudio Pro X4
Counter-Strike Online 客戶端
Crayon Physics Deluxe - release 51
CyberLink PowerDirector
CyberLink WaveEditor
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceIO
Doodle Jump
Doodle Jump PC
EPU-4 Engine
Facebook Video Calling 1.2.0.159
FFHC Kasumi: Rebirth
Flamethrower Pack v1.1 for Pocket Tanks Deluxe
Flash Movie Player 1.0
FM Screen Capture Codec (Remove Only)
Ford Racing 3
Fuzz Pack v1.0 for Pocket Tanks Deluxe
Game淘 遊戲大廳
Google Chrome
Google Update Helper
Google 地球
Google 更新器
Gothic III
Grand Theft Auto IV
Grand Theft Auto Vice City
Gravity Pack v1.1 for Pocket Tanks Deluxe
Hero Fighter
HiJackThis
HydraVision
ICA
ImagXpress
IPM_VS_Pro
ISCOM
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LightScribe System Software
Little Fighter 2 version 2.0a
Malwarebytes Anti-Malware 版本 1.60.1.1000
Mesh Runtime
Messenger 分享元件
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - 中文 (繁體)
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Office 隨選即用 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Mobile Partner
Mozilla Firefox 5.0 (x86 zh-TW)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
Nano Pack v1.0 for Pocket Tanks Deluxe
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Nuke Pack v1.1 for Pocket Tanks Deluxe
OpenOffice.org 3.2
Platform
Platypus
PureHD
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Rocket Pack v1.0 for Pocket Tanks Deluxe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2596511) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Setup
Share
SmartSound Common Data
SmartSound Quicktracks 5
Sony Vegas Pro 8.0
Speed Thief
Super Pack v1.11 for Pocket Tanks Deluxe
Super TextTwist
Synthesia (remove only)
The KMPlayer (remove only)
TVUPlayer 2.4.5.1
Ubisoft Game Launcher
Ultimate Knight ??XP
Ultimate ZIP Cracker Trial version
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VIA Platform Device Manager
VIO
VSClassic
VSPro
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 影像中心
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR 壓縮工具
WOEI 3.75G Connect version 2.0
Xfire (remove only)
Yahoo! BrowserPlus 2.9.8
袤奻耀倰陬(Mini Desktop Racing)
跡宒馱釦 2.60
榮耀之證Code of Honor 繁體中文版 Ver.1.00
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:16 PM

Posted 08 April 2012 - 10:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448639 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 12 April 2012 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#4 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 15 April 2012 - 08:28 PM

Hi,

This infected PC was unable to execute DDS.
It delete the DDS automatically, and stop ComboFix execution.

Then I switch to safe mode, then Combofix is work. Here is the log:
====================================================================
ComboFix 12-04-15.02 - vento 2/04/16 週一 9:12.6.2 - x64 MINIMAL
Microsoft Windows 7 家用進階版 6.1.7601.1.950.886.1028.18.3839.2613 [GMT 8:00]
執行位置: c:\users\vento\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\共用2\Desktop\新增資料夾\九把刀全集\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\01.都市恐怖病系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\02.愛九把刀系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\03.哈棒傳奇系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\04.短篇小說\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\05.獵命師傳奇\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\06.住在黑暗系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\07.九把刀電影院\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\01.《殺手,登峰造極的畫》\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\02.《殺手,風華絕代的正義》\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\03.《殺手,夙興夜寐的犯罪》\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\04.《殺手,流離尋岸的花》\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\05.《殺手,無與倫比的自由》\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\08.殺手系列〈實體書屬九把刀電影院系列〉\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\09.都市童話夢系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\10.三少四壯集系列\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\九把刀全集\TXT\11.九把刀小說傑作選\Desktop_.ini
c:\users\共用2\Desktop\新增資料夾\灌籃高手\Slam Dunk 10 Days After That10日後(中文版)\_desktop.ini
c:\users\共用2\Desktop\新增資料夾\灌籃高手\Slam Dunk 10 Days After That10日後(日文版)\_desktop.ini
.
.
((((((((((((((((((((((((( 2012-03-16 至 2012-04-16 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-04-16 01:19 . 2012-04-16 01:19 -------- d-----w- c:\users\巫柏睿\AppData\Local\temp
2012-04-16 01:19 . 2012-04-16 01:19 -------- d-----w- c:\users\共用2\AppData\Local\temp
2012-04-16 01:19 . 2012-04-16 01:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-16 01:19 . 2012-04-16 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 02:30 . 2012-04-15 02:30 -------- d-----w- c:\program files (x86)\Comodo
2012-04-11 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 07:56 . 2012-04-01 07:56 -------- d-----w- c:\program files (x86)\Empire Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 07:56 . 2012-01-11 06:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 00:55 . 2010-06-23 12:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-04 00:50 . 2012-03-04 00:50 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-29 09:49 . 2012-02-29 09:49 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 13:00 . 2012-02-17 13:00 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2012-02-17 13:00 . 2012-02-17 13:00 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 09:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 09:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 09:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 13:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 13:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 13:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-17 21:00 . 2011-10-07 10:47 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]
"SandboxieControl"="d:\狄箱\SbieCtrl.exe" [2011-03-24 597736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-02 4785536]
"Facebook Update"="c:\users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-31 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
.
c:\users\vento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\_otl\MovedFiles\08302011_142412\C_Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2006-6-7 4154504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 NtFsLdf20;NtFsLdf20; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir 排程管理員;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 pr2ah5ub;Gothic3 Drivers Auto Removal (pr2ah5ub);c:\windows\system32\pr2ah5ub.exe svc [x]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 pe3ah5ub;Gothic3 Environment Driver (pe3ah5ub);c:\windows\system32\drivers\pe3ah5ub.sys [x]
S0 ps6ah5ub;Gothic3 Synchronization Driver (ps6ah5ub);c:\windows\system32\drivers\ps6ah5ub.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-20 140672]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
計劃任務 文件夾 裡的內容
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-26 13:24]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://tw.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: 傳送至 OneNote(&N) - d:\pptvie~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - d:\pptvie~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://tw.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://tw.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.id - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101367
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Counter-Strike Online - d:\program files (x86)\Gamania\Counter-Strike Online\uninst.exe
AddRemove-FFHC Kasumi: Rebirth_is1 - c:\users\巫柏睿\Desktop\新增資料夾1\Angry Birds\audio\FFHC Kasumi - Rebirth\unins000.exe
AddRemove-Hero Fighter - c:\program files (x86)\Hero Fighter\Uninstal.exe
AddRemove-Speed Thief - c:\program files (x86)\Speed Thief\Uninst.isu
AddRemove-{76F0FEBD-6C17-4D57-4F1E-5F7FA70AFEB9} - c:\program files (x86)\UZC Trial\UZC.EXE
AddRemove-袤奻耀倰陬(Mini Desktop Racing) - c:\program files (x86)\袤奻耀倰陬\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,fc,be,82,c3,8e,e7,28,4a,19,46,ba,09,ff,06,3d,6f,26,59,b3,d2,
e3,eb,69,4f,67,c6,c6,f9,73,97,92,92,27,01,12,d8,a8,6d,ec,27,32,5f,8e,dd,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsSpooler]
"driverName"="Send To Microsoft OneNote 2010 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="傳送至 OneNote 2010"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\vento-PC\\傳送至 OneNote 2010"
"serverName"="vento-PC"
"shortServerName"="VENTO-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,ac,90,51,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:5190acc2
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-04-16 09:22:18
ComboFix-quarantined-files.txt 2012-04-16 01:22
.
Pre-Run: 112,250,224,640 位元組可用
Post-Run: 112,311,316,480 位元組可用
.
- - End Of File - - CB921A352E65ED37C14AF913B8A12704

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 16 April 2012 - 07:55 AM

All you Desktop.ini files were deleted.
This may be a false/positive and they can be restored.

Find out more about this file. If you want your .ini files to be restored then let me know.
http://msdn.microsoft.com/en-us/library/windows/desktop/cc144102%28v=vs.85%29.aspx

==

The Comodo firewall may be the reason you are not able to run ComboFix normally.
Will check it out later.
===

Not being able to run DDS is not a good sign.

I need to check further with these tools.

First Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

To be executed later.

HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

+++++++

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#6 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 17 April 2012 - 10:44 PM

aswMBR.exe file was deleted automatically when plug-in the memory stick.

TDSSKiller found one suspicious.
TDSSKiller can be run under normal mode. And I re-run aswMRB under safemode.
Here are the log.
===========================================
TDSSKiller Log:
11:26:08.0609 4380 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
11:26:08.0625 4380 ============================================================
11:26:08.0625 4380 Current date / time: 2012/04/18 11:26:08.0625
11:26:08.0625 4380 SystemInfo:
11:26:08.0625 4380
11:26:08.0625 4380 OS Version: 6.1.7601 ServicePack: 1.0
11:26:08.0625 4380 Product type: Workstation
11:26:08.0625 4380 ComputerName: VENTO-PC
11:26:08.0625 4380 UserName: vento
11:26:08.0625 4380 Windows directory: C:\Windows
11:26:08.0625 4380 System windows directory: C:\Windows
11:26:08.0625 4380 Running under WOW64
11:26:08.0625 4380 Processor architecture: Intel x64
11:26:08.0625 4380 Number of processors: 2
11:26:08.0625 4380 Page size: 0x1000
11:26:08.0625 4380 Boot type: Normal boot
11:26:08.0625 4380 ============================================================
11:26:09.0436 4380 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:26:09.0436 4380 Drive \Device\Harddisk1\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:26:09.0436 4380 \Device\Harddisk0\DR0:
11:26:09.0436 4380 MBR used
11:26:09.0436 4380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1200800, BlocksNum 0x1DCF0000
11:26:09.0436 4380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EEF0800, BlocksNum 0x2B967000
11:26:09.0436 4380 \Device\Harddisk1\DR2:
11:26:09.0436 4380 MBR used
11:26:09.0436 4380 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E9FDE
11:26:09.0514 4380 Initialize success
11:26:09.0514 4380 ============================================================
11:26:11.0168 4184 ============================================================
11:26:11.0168 4184 Scan started
11:26:11.0168 4184 Mode: Manual;
11:26:11.0168 4184 ============================================================
11:26:11.0885 4184 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:26:11.0885 4184 !SASCORE - ok
11:26:12.0010 4184 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:26:12.0010 4184 1394ohci - ok
11:26:12.0041 4184 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:26:12.0041 4184 ACPI - ok
11:26:12.0057 4184 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:26:12.0073 4184 AcpiPmi - ok
11:26:12.0166 4184 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:26:12.0166 4184 AdobeFlashPlayerUpdateSvc - ok
11:26:12.0275 4184 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:26:12.0275 4184 adp94xx - ok
11:26:12.0307 4184 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:26:12.0322 4184 adpahci - ok
11:26:12.0338 4184 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:26:12.0338 4184 adpu320 - ok
11:26:12.0369 4184 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:26:12.0369 4184 AeLookupSvc - ok
11:26:12.0447 4184 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:26:12.0463 4184 AFD - ok
11:26:12.0525 4184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:26:12.0525 4184 agp440 - ok
11:26:12.0681 4184 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
11:26:12.0681 4184 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
11:26:12.0697 4184 Akamai ( HiddenFile.Multi.Generic ) - warning
11:26:12.0697 4184 Akamai - detected HiddenFile.Multi.Generic (1)
11:26:12.0728 4184 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:26:12.0728 4184 ALG - ok
11:26:12.0775 4184 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:26:12.0775 4184 aliide - ok
11:26:12.0806 4184 AMD External Events Utility (5989d711769200f0f3e145319250472b) C:\Windows\system32\atiesrxx.exe
11:26:12.0806 4184 AMD External Events Utility - ok
11:26:12.0868 4184 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:26:12.0868 4184 amdide - ok
11:26:12.0899 4184 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:26:12.0899 4184 AmdK8 - ok
11:26:12.0915 4184 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:26:12.0915 4184 AmdPPM - ok
11:26:12.0962 4184 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:26:12.0977 4184 amdsata - ok
11:26:13.0024 4184 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:26:13.0024 4184 amdsbs - ok
11:26:13.0071 4184 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:26:13.0087 4184 amdxata - ok
11:26:13.0149 4184 AntiVirSchedulerService (d6c7bc32f9a26057128b0dd2b900ed8e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:26:13.0149 4184 AntiVirSchedulerService - ok
11:26:13.0165 4184 AntiVirService (9d1196ae6859838faecf95ccdd558265) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:26:13.0180 4184 AntiVirService - ok
11:26:13.0243 4184 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:26:13.0243 4184 AppID - ok
11:26:13.0305 4184 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:26:13.0305 4184 AppIDSvc - ok
11:26:13.0352 4184 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:26:13.0352 4184 Appinfo - ok
11:26:13.0414 4184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:26:13.0414 4184 arc - ok
11:26:13.0461 4184 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:26:13.0461 4184 arcsas - ok
11:26:13.0539 4184 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
11:26:13.0539 4184 ASInsHelp - ok
11:26:13.0586 4184 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
11:26:13.0586 4184 AsIO - ok
11:26:13.0601 4184 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
11:26:13.0601 4184 AsUpIO - ok
11:26:13.0648 4184 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:26:13.0648 4184 AsyncMac - ok
11:26:13.0695 4184 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:26:13.0695 4184 atapi - ok
11:26:13.0773 4184 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
11:26:13.0773 4184 AtiHdmiService - ok
11:26:13.0945 4184 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
11:26:13.0976 4184 atikmdag - ok
11:26:14.0038 4184 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:26:14.0038 4184 AtiPcie - ok
11:26:14.0132 4184 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:14.0147 4184 AudioEndpointBuilder - ok
11:26:14.0163 4184 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:26:14.0163 4184 AudioSrv - ok
11:26:14.0194 4184 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
11:26:14.0194 4184 avgntflt - ok
11:26:14.0210 4184 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
11:26:14.0210 4184 avipbb - ok
11:26:14.0272 4184 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:26:14.0272 4184 AxInstSV - ok
11:26:14.0319 4184 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:26:14.0335 4184 b06bdrv - ok
11:26:14.0381 4184 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:26:14.0397 4184 b57nd60a - ok
11:26:14.0444 4184 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:26:14.0444 4184 BDESVC - ok
11:26:14.0475 4184 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:26:14.0475 4184 Beep - ok
11:26:14.0537 4184 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:26:14.0553 4184 BFE - ok
11:26:14.0615 4184 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:26:14.0647 4184 BITS - ok
11:26:14.0693 4184 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:26:14.0693 4184 blbdrive - ok
11:26:14.0756 4184 bmusbser (ed5622610395d9987dd8f8f06d526422) C:\Windows\system32\DRIVERS\bmusbser.sys
11:26:14.0756 4184 bmusbser - ok
11:26:14.0803 4184 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:26:14.0803 4184 bowser - ok
11:26:14.0818 4184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:26:14.0834 4184 BrFiltLo - ok
11:26:14.0849 4184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:26:14.0849 4184 BrFiltUp - ok
11:26:14.0959 4184 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:26:14.0974 4184 BridgeMP - ok
11:26:15.0005 4184 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:26:15.0005 4184 Browser - ok
11:26:15.0037 4184 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:26:15.0052 4184 Brserid - ok
11:26:15.0068 4184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:26:15.0068 4184 BrSerWdm - ok
11:26:15.0099 4184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:26:15.0099 4184 BrUsbMdm - ok
11:26:15.0177 4184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:26:15.0177 4184 BrUsbSer - ok
11:26:15.0193 4184 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:26:15.0193 4184 BTHMODEM - ok
11:26:15.0224 4184 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:26:15.0224 4184 bthserv - ok
11:26:15.0271 4184 catchme - ok
11:26:15.0286 4184 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:26:15.0286 4184 cdfs - ok
11:26:15.0395 4184 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:26:15.0395 4184 cdrom - ok
11:26:15.0442 4184 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:15.0458 4184 CertPropSvc - ok
11:26:15.0473 4184 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:26:15.0473 4184 circlass - ok
11:26:15.0505 4184 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:26:15.0520 4184 CLFS - ok
11:26:15.0567 4184 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:26:15.0567 4184 clr_optimization_v2.0.50727_32 - ok
11:26:15.0645 4184 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:26:15.0645 4184 clr_optimization_v2.0.50727_64 - ok
11:26:15.0692 4184 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:26:15.0707 4184 clr_optimization_v4.0.30319_32 - ok
11:26:15.0739 4184 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:26:15.0739 4184 clr_optimization_v4.0.30319_64 - ok
11:26:15.0801 4184 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:26:15.0817 4184 CmBatt - ok
11:26:15.0941 4184 cmdAgent (30c4806eafd05f84a3b1323c49bd82d8) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:26:15.0957 4184 cmdAgent - ok
11:26:16.0035 4184 cmderd (fa26df95bfbeccbd44c961834789c549) C:\Windows\system32\DRIVERS\cmderd.sys
11:26:16.0035 4184 cmderd - ok
11:26:16.0082 4184 cmdGuard (755f1e440b6c90d83fe3e50331e55298) C:\Windows\system32\DRIVERS\cmdguard.sys
11:26:16.0082 4184 cmdGuard - ok
11:26:16.0129 4184 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:26:16.0129 4184 cmdHlp - ok
11:26:16.0175 4184 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:26:16.0175 4184 cmdide - ok
11:26:16.0207 4184 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:26:16.0207 4184 CNG - ok
11:26:16.0285 4184 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:26:16.0285 4184 Compbatt - ok
11:26:16.0316 4184 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:26:16.0316 4184 CompositeBus - ok
11:26:16.0331 4184 COMSysApp - ok
11:26:16.0363 4184 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:26:16.0363 4184 crcdisk - ok
11:26:16.0409 4184 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:26:16.0425 4184 CryptSvc - ok
11:26:16.0503 4184 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:26:16.0519 4184 cvhsvc - ok
11:26:16.0581 4184 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:26:16.0612 4184 DcomLaunch - ok
11:26:16.0675 4184 DCService.exe (3b604417ebae4e1e66e6abd8cc55fd76) C:\ProgramData\DatacardService\DCService.exe
11:26:16.0675 4184 DCService.exe - ok
11:26:16.0721 4184 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:26:16.0721 4184 defragsvc - ok
11:26:16.0768 4184 Device Handle Service (0a403702cb00432ac818523cd416bf67) C:\Windows\SysWOW64\AsHookDevice.exe
11:26:16.0768 4184 Device Handle Service - ok
11:26:16.0940 4184 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:26:16.0940 4184 DfsC - ok
11:26:17.0065 4184 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:26:17.0080 4184 Dhcp - ok
11:26:17.0111 4184 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:26:17.0111 4184 discache - ok
11:26:17.0221 4184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:26:17.0221 4184 Disk - ok
11:26:17.0267 4184 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:26:17.0283 4184 Dnscache - ok
11:26:17.0330 4184 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:26:17.0330 4184 dot3svc - ok
11:26:17.0361 4184 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:26:17.0377 4184 DPS - ok
11:26:17.0470 4184 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
11:26:17.0486 4184 DragonUpdater - ok
11:26:17.0548 4184 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:26:17.0564 4184 drmkaud - ok
11:26:17.0611 4184 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:26:17.0611 4184 DXGKrnl - ok
11:26:17.0642 4184 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:26:17.0642 4184 EapHost - ok
11:26:17.0735 4184 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:26:17.0751 4184 ebdrv - ok
11:26:17.0829 4184 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:26:17.0845 4184 EFS - ok
11:26:17.0891 4184 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:26:17.0907 4184 ehRecvr - ok
11:26:17.0938 4184 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:26:17.0938 4184 ehSched - ok
11:26:18.0001 4184 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:26:18.0001 4184 elxstor - ok
11:26:18.0079 4184 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:26:18.0079 4184 ErrDev - ok
11:26:18.0141 4184 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:26:18.0157 4184 EventSystem - ok
11:26:18.0219 4184 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:26:18.0219 4184 exfat - ok
11:26:18.0281 4184 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:26:18.0297 4184 fastfat - ok
11:26:18.0344 4184 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:26:18.0359 4184 Fax - ok
11:26:18.0375 4184 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:26:18.0375 4184 fdc - ok
11:26:18.0406 4184 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:26:18.0406 4184 fdPHost - ok
11:26:18.0453 4184 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:26:18.0453 4184 FDResPub - ok
11:26:18.0500 4184 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:26:18.0500 4184 FileInfo - ok
11:26:18.0515 4184 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:26:18.0531 4184 Filetrace - ok
11:26:18.0547 4184 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:26:18.0547 4184 flpydisk - ok
11:26:18.0593 4184 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:26:18.0593 4184 FltMgr - ok
11:26:18.0703 4184 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:26:18.0718 4184 FontCache - ok
11:26:18.0796 4184 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:26:18.0796 4184 FontCache3.0.0.0 - ok
11:26:18.0843 4184 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:26:18.0843 4184 FsDepends - ok
11:26:18.0905 4184 FSProFilter (bce299c96e94670680b72b1d4476eaa8) C:\Windows\system32\Drivers\FSPFltd.sys
11:26:18.0905 4184 FSProFilter - ok
11:26:18.0952 4184 fsproflt (b6911cb6436139af4b65f0c26c0f69ad) C:\Windows\SysWOW64\fsproflt.exe
11:26:18.0952 4184 fsproflt - ok
11:26:19.0046 4184 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
11:26:19.0046 4184 fssfltr - ok
11:26:19.0139 4184 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:26:19.0139 4184 fsssvc - ok
11:26:19.0171 4184 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:26:19.0171 4184 Fs_Rec - ok
11:26:19.0233 4184 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:26:19.0249 4184 fvevol - ok
11:26:19.0295 4184 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:26:19.0295 4184 gagp30kx - ok
11:26:19.0358 4184 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:26:19.0358 4184 gpsvc - ok
11:26:19.0451 4184 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:19.0451 4184 gupdate - ok
11:26:19.0467 4184 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:26:19.0483 4184 gupdatem - ok
11:26:19.0545 4184 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:26:19.0545 4184 gusvc - ok
11:26:19.0623 4184 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:26:19.0623 4184 hcw85cir - ok
11:26:19.0685 4184 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:26:19.0685 4184 HdAudAddService - ok
11:26:19.0717 4184 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:26:19.0717 4184 HDAudBus - ok
11:26:19.0732 4184 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:26:19.0732 4184 HidBatt - ok
11:26:19.0763 4184 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:26:19.0763 4184 HidBth - ok
11:26:19.0810 4184 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:26:19.0810 4184 HidIr - ok
11:26:19.0857 4184 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:26:19.0857 4184 hidserv - ok
11:26:19.0919 4184 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:26:19.0919 4184 HidUsb - ok
11:26:20.0029 4184 hitmanpro35 (8ab06ddaf6fe854db1e28f7c0ab1fce3) C:\Windows\system32\drivers\hitmanpro36.sys
11:26:20.0029 4184 hitmanpro35 - ok
11:26:20.0075 4184 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:26:20.0091 4184 hkmsvc - ok
11:26:20.0138 4184 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:26:20.0153 4184 HomeGroupListener - ok
11:26:20.0200 4184 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:26:20.0200 4184 HomeGroupProvider - ok
11:26:20.0294 4184 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:26:20.0294 4184 HpSAMD - ok
11:26:20.0387 4184 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:26:20.0387 4184 HTTP - ok
11:26:20.0450 4184 huawei_enumerator (09af4d7563efc283bedddafe60faf168) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:26:20.0450 4184 huawei_enumerator - ok
11:26:20.0559 4184 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:26:20.0559 4184 hwdatacard - ok
11:26:20.0637 4184 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:26:20.0637 4184 hwpolicy - ok
11:26:20.0762 4184 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:26:20.0762 4184 i8042prt - ok
11:26:20.0809 4184 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:26:20.0824 4184 iaStorV - ok
11:26:20.0887 4184 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:26:20.0902 4184 idsvc - ok
11:26:21.0074 4184 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:26:21.0105 4184 igfx - ok
11:26:21.0183 4184 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:26:21.0199 4184 iirsp - ok
11:26:21.0261 4184 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:26:21.0277 4184 IKEEXT - ok
11:26:21.0355 4184 ImeDictUpdateService (4552b448cf9c00ba2a94032af35bd9fc) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
11:26:21.0355 4184 ImeDictUpdateService - ok
11:26:21.0464 4184 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
11:26:21.0464 4184 inspect - ok
11:26:21.0511 4184 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:26:21.0511 4184 intelide - ok
11:26:21.0542 4184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:26:21.0542 4184 intelppm - ok
11:26:21.0573 4184 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:26:21.0573 4184 IPBusEnum - ok
11:26:21.0620 4184 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:26:21.0620 4184 IpFilterDriver - ok
11:26:21.0698 4184 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:26:21.0713 4184 iphlpsvc - ok
11:26:21.0776 4184 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:26:21.0776 4184 IPMIDRV - ok
11:26:21.0807 4184 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:26:21.0807 4184 IPNAT - ok
11:26:21.0838 4184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:26:21.0838 4184 IRENUM - ok
11:26:21.0854 4184 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:26:21.0854 4184 isapnp - ok
11:26:21.0916 4184 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:26:21.0916 4184 iScsiPrt - ok
11:26:21.0947 4184 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:26:21.0947 4184 kbdclass - ok
11:26:22.0010 4184 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:26:22.0010 4184 kbdhid - ok
11:26:22.0057 4184 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:22.0072 4184 KeyIso - ok
11:26:22.0197 4184 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:26:22.0197 4184 KSecDD - ok
11:26:22.0228 4184 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:26:22.0228 4184 KSecPkg - ok
11:26:22.0291 4184 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:26:22.0291 4184 ksthunk - ok
11:26:22.0337 4184 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:26:22.0353 4184 KtmRm - ok
11:26:22.0400 4184 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:26:22.0431 4184 LanmanServer - ok
11:26:22.0462 4184 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:26:22.0478 4184 LanmanWorkstation - ok
11:26:22.0525 4184 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:26:22.0540 4184 LightScribeService - ok
11:26:22.0634 4184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:26:22.0634 4184 lltdio - ok
11:26:22.0681 4184 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:26:22.0696 4184 lltdsvc - ok
11:26:22.0727 4184 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:26:22.0727 4184 lmhosts - ok
11:26:22.0774 4184 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:26:22.0774 4184 LSI_FC - ok
11:26:22.0852 4184 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:26:22.0852 4184 LSI_SAS - ok
11:26:22.0868 4184 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:26:22.0868 4184 LSI_SAS2 - ok
11:26:22.0899 4184 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:26:22.0899 4184 LSI_SCSI - ok
11:26:22.0930 4184 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:26:22.0930 4184 luafv - ok
11:26:22.0977 4184 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:26:22.0993 4184 Mcx2Svc - ok
11:26:23.0008 4184 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:26:23.0008 4184 megasas - ok
11:26:23.0024 4184 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:26:23.0039 4184 MegaSR - ok
11:26:23.0055 4184 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:23.0055 4184 MMCSS - ok
11:26:23.0117 4184 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:26:23.0117 4184 Modem - ok
11:26:23.0149 4184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:26:23.0164 4184 monitor - ok
11:26:23.0211 4184 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:26:23.0211 4184 mouclass - ok
11:26:23.0242 4184 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:26:23.0242 4184 mouhid - ok
11:26:23.0305 4184 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:26:23.0305 4184 mountmgr - ok
11:26:23.0383 4184 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:26:23.0383 4184 mpio - ok
11:26:23.0429 4184 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:26:23.0429 4184 mpsdrv - ok
11:26:23.0492 4184 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:26:23.0523 4184 MpsSvc - ok
11:26:23.0554 4184 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:26:23.0554 4184 MRxDAV - ok
11:26:23.0617 4184 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:26:23.0632 4184 mrxsmb - ok
11:26:23.0679 4184 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:26:23.0679 4184 mrxsmb10 - ok
11:26:23.0710 4184 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:26:23.0710 4184 mrxsmb20 - ok
11:26:23.0757 4184 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:26:23.0757 4184 msahci - ok
11:26:23.0835 4184 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:26:23.0835 4184 msdsm - ok
11:26:23.0866 4184 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:26:23.0866 4184 MSDTC - ok
11:26:23.0897 4184 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:26:23.0897 4184 Msfs - ok
11:26:23.0929 4184 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:26:23.0929 4184 mshidkmdf - ok
11:26:23.0944 4184 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:26:23.0944 4184 msisadrv - ok
11:26:23.0975 4184 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:26:23.0975 4184 MSiSCSI - ok
11:26:24.0022 4184 msiserver - ok
11:26:24.0069 4184 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:26:24.0069 4184 MSKSSRV - ok
11:26:24.0100 4184 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:26:24.0100 4184 MSPCLOCK - ok
11:26:24.0116 4184 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:26:24.0116 4184 MSPQM - ok
11:26:24.0163 4184 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:26:24.0163 4184 MsRPC - ok
11:26:24.0209 4184 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:26:24.0209 4184 mssmbios - ok
11:26:24.0272 4184 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:26:24.0287 4184 MSTEE - ok
11:26:24.0303 4184 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:26:24.0303 4184 MTConfig - ok
11:26:24.0350 4184 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
11:26:24.0350 4184 MTsensor - ok
11:26:24.0381 4184 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:26:24.0381 4184 Mup - ok
11:26:24.0443 4184 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:26:24.0459 4184 napagent - ok
11:26:24.0553 4184 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:26:24.0568 4184 NativeWifiP - ok
11:26:24.0631 4184 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:26:24.0631 4184 NDIS - ok
11:26:24.0662 4184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:26:24.0662 4184 NdisCap - ok
11:26:24.0677 4184 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:26:24.0677 4184 NdisTapi - ok
11:26:24.0740 4184 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:26:24.0740 4184 Ndisuio - ok
11:26:24.0818 4184 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:26:24.0833 4184 NdisWan - ok
11:26:24.0880 4184 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:26:24.0880 4184 NDProxy - ok
11:26:24.0974 4184 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:26:24.0989 4184 Nero BackItUp Scheduler 4.0 - ok
11:26:25.0052 4184 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
11:26:25.0052 4184 Net Driver HPZ12 - ok
11:26:25.0099 4184 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:26:25.0114 4184 NetBIOS - ok
11:26:25.0177 4184 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:26:25.0192 4184 NetBT - ok
11:26:25.0223 4184 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:25.0239 4184 Netlogon - ok
11:26:25.0301 4184 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:26:25.0317 4184 Netman - ok
11:26:25.0333 4184 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:26:25.0348 4184 netprofm - ok
11:26:25.0426 4184 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
11:26:25.0442 4184 netr28x - ok
11:26:25.0489 4184 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:26:25.0489 4184 NetTcpPortSharing - ok
11:26:25.0535 4184 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:26:25.0535 4184 nfrd960 - ok
11:26:25.0613 4184 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:26:25.0629 4184 NlaSvc - ok
11:26:25.0645 4184 Normandy - ok
11:26:25.0676 4184 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:26:25.0676 4184 Npfs - ok
11:26:25.0723 4184 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:26:25.0738 4184 nsi - ok
11:26:25.0801 4184 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:26:25.0801 4184 nsiproxy - ok
11:26:25.0879 4184 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:26:25.0894 4184 Ntfs - ok
11:26:25.0941 4184 NtFsLdf20 - ok
11:26:25.0972 4184 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:26:25.0972 4184 Null - ok
11:26:26.0050 4184 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:26:26.0050 4184 nvraid - ok
11:26:26.0081 4184 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:26:26.0081 4184 nvstor - ok
11:26:26.0128 4184 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:26:26.0128 4184 nv_agp - ok
11:26:26.0144 4184 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:26:26.0144 4184 ohci1394 - ok
11:26:26.0206 4184 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:26:26.0222 4184 ose - ok
11:26:26.0347 4184 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:26:26.0378 4184 osppsvc - ok
11:26:26.0425 4184 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:26.0425 4184 p2pimsvc - ok
11:26:26.0471 4184 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:26:26.0503 4184 p2psvc - ok
11:26:26.0565 4184 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:26:26.0565 4184 Parport - ok
11:26:26.0612 4184 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:26:26.0612 4184 partmgr - ok
11:26:26.0643 4184 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:26:26.0643 4184 PcaSvc - ok
11:26:26.0721 4184 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:26:26.0721 4184 pci - ok
11:26:26.0752 4184 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:26:26.0752 4184 pciide - ok
11:26:26.0799 4184 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:26:26.0799 4184 pcmcia - ok
11:26:26.0846 4184 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:26:26.0846 4184 pcw - ok
11:26:26.0924 4184 pe3ah5ub (c450fba1896d289867d27c25517d9213) C:\Windows\system32\drivers\pe3ah5ub.sys
11:26:26.0924 4184 pe3ah5ub - ok
11:26:26.0955 4184 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:26:26.0955 4184 PEAUTH - ok
11:26:27.0002 4184 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:26:27.0017 4184 PerfHost - ok
11:26:27.0111 4184 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:26:27.0127 4184 pla - ok
11:26:27.0220 4184 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:26:27.0236 4184 PlugPlay - ok
11:26:27.0298 4184 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
11:26:27.0314 4184 Pml Driver HPZ12 - ok
11:26:27.0345 4184 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:26:27.0345 4184 PNRPAutoReg - ok
11:26:27.0407 4184 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:26:27.0423 4184 PNRPsvc - ok
11:26:27.0470 4184 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:26:27.0470 4184 PolicyAgent - ok
11:26:27.0517 4184 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:26:27.0517 4184 Power - ok
11:26:27.0579 4184 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:26:27.0579 4184 PptpMiniport - ok
11:26:27.0626 4184 pr2ah5ub - ok
11:26:27.0657 4184 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:26:27.0657 4184 Processor - ok
11:26:27.0704 4184 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:26:27.0719 4184 ProfSvc - ok
11:26:27.0766 4184 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:27.0766 4184 ProtectedStorage - ok
11:26:27.0797 4184 ps6ah5ub (409c762afbac40bfeadfba4a029f531f) C:\Windows\system32\drivers\ps6ah5ub.sys
11:26:27.0797 4184 ps6ah5ub - ok
11:26:27.0891 4184 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:26:27.0907 4184 Psched - ok
11:26:28.0000 4184 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:26:28.0000 4184 PSI_SVC_2 - ok
11:26:28.0078 4184 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:26:28.0094 4184 ql2300 - ok
11:26:28.0125 4184 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:26:28.0125 4184 ql40xx - ok
11:26:28.0156 4184 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:26:28.0156 4184 QWAVE - ok
11:26:28.0172 4184 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:26:28.0187 4184 QWAVEdrv - ok
11:26:28.0203 4184 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:26:28.0203 4184 RasAcd - ok
11:26:28.0281 4184 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:26:28.0281 4184 RasAgileVpn - ok
11:26:28.0312 4184 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:26:28.0328 4184 RasAuto - ok
11:26:28.0359 4184 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:26:28.0359 4184 Rasl2tp - ok
11:26:28.0406 4184 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:26:28.0421 4184 RasMan - ok
11:26:28.0499 4184 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:26:28.0499 4184 RasPppoe - ok
11:26:28.0531 4184 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:26:28.0531 4184 RasSstp - ok
11:26:28.0577 4184 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:26:28.0577 4184 rdbss - ok
11:26:28.0609 4184 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:26:28.0609 4184 rdpbus - ok
11:26:28.0624 4184 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:26:28.0624 4184 RDPCDD - ok
11:26:28.0655 4184 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:26:28.0655 4184 RDPENCDD - ok
11:26:28.0718 4184 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:26:28.0718 4184 RDPREFMP - ok
11:26:28.0749 4184 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:26:28.0765 4184 RDPWD - ok
11:26:28.0827 4184 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:26:28.0827 4184 rdyboost - ok
11:26:28.0874 4184 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:26:28.0874 4184 RemoteAccess - ok
11:26:28.0952 4184 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:26:28.0967 4184 RemoteRegistry - ok
11:26:29.0077 4184 RichVideo64 (0b169fe016039571ecc6db70073f8979) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
11:26:29.0077 4184 RichVideo64 - ok
11:26:29.0123 4184 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:26:29.0123 4184 RpcEptMapper - ok
11:26:29.0170 4184 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:26:29.0186 4184 RpcLocator - ok
11:26:29.0233 4184 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
11:26:29.0264 4184 RpcSs - ok
11:26:29.0295 4184 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:26:29.0295 4184 rspndr - ok
11:26:29.0389 4184 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:26:29.0389 4184 RTL8167 - ok
11:26:29.0435 4184 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:29.0451 4184 SamSs - ok
11:26:29.0529 4184 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:26:29.0529 4184 SASDIFSV - ok
11:26:29.0576 4184 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:26:29.0576 4184 SASKUTIL - ok
11:26:29.0638 4184 SbieDrv (152ee68830ffb13f0b1fec6c9b99644f) D:\沙箱\SbieDrv.sys
11:26:29.0638 4184 SbieDrv - ok
11:26:29.0654 4184 SbieSvc (fd0287131d91352f225ebb5cd3527952) D:\沙箱\SbieSvc.exe
11:26:29.0669 4184 SbieSvc - ok
11:26:29.0732 4184 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:26:29.0732 4184 sbp2port - ok
11:26:29.0763 4184 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:26:29.0779 4184 SCardSvr - ok
11:26:29.0825 4184 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:26:29.0825 4184 scfilter - ok
11:26:29.0903 4184 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:26:29.0919 4184 Schedule - ok
11:26:29.0950 4184 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:26:29.0950 4184 SCPolicySvc - ok
11:26:30.0028 4184 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:26:30.0044 4184 SDRSVC - ok
11:26:30.0075 4184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:26:30.0075 4184 secdrv - ok
11:26:30.0106 4184 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:26:30.0106 4184 seclogon - ok
11:26:30.0137 4184 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:26:30.0137 4184 SENS - ok
11:26:30.0184 4184 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:26:30.0200 4184 SensrSvc - ok
11:26:30.0231 4184 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:26:30.0231 4184 Serenum - ok
11:26:30.0278 4184 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:26:30.0278 4184 Serial - ok
11:26:30.0309 4184 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:26:30.0325 4184 sermouse - ok
11:26:30.0371 4184 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:26:30.0387 4184 SessionEnv - ok
11:26:30.0434 4184 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:26:30.0434 4184 sffdisk - ok
11:26:30.0465 4184 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:26:30.0465 4184 sffp_mmc - ok
11:26:30.0527 4184 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:26:30.0527 4184 sffp_sd - ok
11:26:30.0559 4184 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:26:30.0559 4184 sfloppy - ok
11:26:30.0605 4184 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:26:30.0621 4184 Sftfs - ok
11:26:30.0683 4184 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:26:30.0699 4184 sftlist - ok
11:26:30.0761 4184 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:26:30.0777 4184 Sftplay - ok
11:26:30.0793 4184 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:26:30.0793 4184 Sftredir - ok
11:26:30.0824 4184 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:26:30.0824 4184 Sftvol - ok
11:26:30.0886 4184 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:26:30.0902 4184 sftvsa - ok
11:26:30.0964 4184 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:26:30.0980 4184 SharedAccess - ok
11:26:31.0027 4184 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:26:31.0058 4184 ShellHWDetection - ok
11:26:31.0120 4184 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:26:31.0120 4184 SiSRaid2 - ok
11:26:31.0167 4184 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:26:31.0167 4184 SiSRaid4 - ok
11:26:31.0214 4184 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:26:31.0214 4184 Smb - ok
11:26:31.0261 4184 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:26:31.0276 4184 SNMPTRAP - ok
11:26:31.0307 4184 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:26:31.0307 4184 spldr - ok
11:26:31.0370 4184 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:26:31.0385 4184 Spooler - ok
11:26:31.0479 4184 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:26:31.0510 4184 sppsvc - ok
11:26:31.0541 4184 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:26:31.0541 4184 sppuinotify - ok
11:26:31.0619 4184 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:26:31.0619 4184 srv - ok
11:26:31.0651 4184 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:26:31.0651 4184 srv2 - ok
11:26:31.0682 4184 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:26:31.0682 4184 srvnet - ok
11:26:31.0713 4184 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:26:31.0729 4184 SSDPSRV - ok
11:26:31.0760 4184 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:26:31.0760 4184 SstpSvc - ok
11:26:31.0822 4184 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:26:31.0838 4184 stexstor - ok
11:26:31.0900 4184 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:26:31.0916 4184 stisvc - ok
11:26:31.0978 4184 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:26:31.0978 4184 swenum - ok
11:26:32.0009 4184 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:26:32.0025 4184 swprv - ok
11:26:32.0119 4184 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:26:32.0150 4184 SysMain - ok
11:26:32.0197 4184 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:26:32.0212 4184 TabletInputService - ok
11:26:32.0353 4184 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:26:32.0384 4184 TapiSrv - ok
11:26:32.0415 4184 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:26:32.0415 4184 TBS - ok
11:26:32.0493 4184 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:26:32.0509 4184 Tcpip - ok
11:26:32.0587 4184 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:26:32.0602 4184 TCPIP6 - ok
11:26:32.0649 4184 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:26:32.0649 4184 tcpipreg - ok
11:26:32.0696 4184 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:26:32.0696 4184 TDPIPE - ok
11:26:32.0711 4184 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:26:32.0727 4184 TDTCP - ok
11:26:32.0774 4184 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:26:32.0774 4184 tdx - ok
11:26:32.0821 4184 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:26:32.0821 4184 TermDD - ok
11:26:32.0883 4184 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:26:32.0914 4184 TermService - ok
11:26:32.0945 4184 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:26:32.0945 4184 Themes - ok
11:26:32.0977 4184 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:26:32.0977 4184 THREADORDER - ok
11:26:32.0992 4184 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:26:33.0008 4184 TrkWks - ok
11:26:33.0039 4184 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:26:33.0039 4184 TrustedInstaller - ok
11:26:33.0133 4184 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:26:33.0133 4184 tssecsrv - ok
11:26:33.0211 4184 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:26:33.0211 4184 TsUsbFlt - ok
11:26:33.0273 4184 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:26:33.0273 4184 tunnel - ok
11:26:33.0304 4184 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:26:33.0304 4184 uagp35 - ok
11:26:33.0382 4184 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:26:33.0398 4184 udfs - ok
11:26:33.0445 4184 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:26:33.0460 4184 UI0Detect - ok
11:26:33.0507 4184 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:26:33.0523 4184 uliagpkx - ok
11:26:33.0569 4184 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:26:33.0569 4184 umbus - ok
11:26:33.0647 4184 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:26:33.0647 4184 UmPass - ok
11:26:33.0694 4184 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:26:33.0725 4184 upnphost - ok
11:26:33.0772 4184 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:26:33.0772 4184 usbccgp - ok
11:26:33.0819 4184 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:26:33.0819 4184 usbcir - ok
11:26:33.0881 4184 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:26:33.0881 4184 usbehci - ok
11:26:33.0928 4184 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:26:33.0928 4184 usbhub - ok
11:26:33.0944 4184 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:26:33.0959 4184 usbohci - ok
11:26:34.0006 4184 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:26:34.0006 4184 usbprint - ok
11:26:34.0084 4184 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:26:34.0084 4184 USBSTOR - ok
11:26:34.0131 4184 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:26:34.0131 4184 usbuhci - ok
11:26:34.0178 4184 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:26:34.0193 4184 UxSms - ok
11:26:34.0240 4184 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:26:34.0256 4184 VaultSvc - ok
11:26:34.0318 4184 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:26:34.0318 4184 vdrvroot - ok
11:26:34.0381 4184 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:26:34.0396 4184 vds - ok
11:26:34.0443 4184 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:26:34.0443 4184 vga - ok
11:26:34.0474 4184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:26:34.0490 4184 VgaSave - ok
11:26:34.0552 4184 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:26:34.0568 4184 vhdmp - ok
11:26:34.0630 4184 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
11:26:34.0661 4184 VIAHdAudAddService - ok
11:26:34.0708 4184 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:26:34.0708 4184 viaide - ok
11:26:34.0755 4184 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:26:34.0755 4184 volmgr - ok
11:26:34.0817 4184 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:26:34.0817 4184 volmgrx - ok
11:26:34.0864 4184 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:26:34.0880 4184 volsnap - ok
11:26:34.0958 4184 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:26:34.0958 4184 vsmraid - ok
11:26:35.0051 4184 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:26:35.0083 4184 VSS - ok
11:26:35.0114 4184 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:26:35.0114 4184 vwifibus - ok
11:26:35.0176 4184 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:26:35.0176 4184 vwififlt - ok
11:26:35.0223 4184 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:26:35.0254 4184 W32Time - ok
11:26:35.0301 4184 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:26:35.0301 4184 WacomPen - ok
11:26:35.0348 4184 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:35.0348 4184 WANARP - ok
11:26:35.0363 4184 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:26:35.0363 4184 Wanarpv6 - ok
11:26:35.0457 4184 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:26:35.0473 4184 WatAdminSvc - ok
11:26:35.0535 4184 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:26:35.0551 4184 wbengine - ok
11:26:35.0597 4184 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:26:35.0613 4184 WbioSrvc - ok
11:26:35.0675 4184 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:26:35.0707 4184 wcncsvc - ok
11:26:35.0722 4184 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:26:35.0738 4184 WcsPlugInService - ok
11:26:35.0769 4184 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:26:35.0769 4184 Wd - ok
11:26:35.0816 4184 WDelMgr20 - ok
11:26:35.0894 4184 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:26:35.0894 4184 Wdf01000 - ok
11:26:35.0925 4184 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:35.0925 4184 WdiServiceHost - ok
11:26:35.0941 4184 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:26:35.0941 4184 WdiSystemHost - ok
11:26:35.0987 4184 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:26:36.0019 4184 WebClient - ok
11:26:36.0050 4184 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:26:36.0050 4184 Wecsvc - ok
11:26:36.0097 4184 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:26:36.0112 4184 wercplsupport - ok
11:26:36.0159 4184 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:26:36.0175 4184 WerSvc - ok
11:26:36.0221 4184 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:26:36.0221 4184 WfpLwf - ok
11:26:36.0268 4184 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:26:36.0268 4184 WIMMount - ok
11:26:36.0299 4184 WinDefend - ok
11:26:36.0315 4184 WinHttpAutoProxySvc - ok
11:26:36.0346 4184 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:26:36.0346 4184 Winmgmt - ok
11:26:36.0409 4184 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:26:36.0424 4184 WinRM - ok
11:26:36.0487 4184 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
11:26:36.0502 4184 WinUsb - ok
11:26:36.0580 4184 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:26:36.0611 4184 Wlansvc - ok
11:26:36.0658 4184 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:26:36.0658 4184 wlcrasvc - ok
11:26:36.0752 4184 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:36.0767 4184 wlidsvc - ok
11:26:36.0845 4184 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:26:36.0845 4184 WmiAcpi - ok
11:26:36.0923 4184 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:26:36.0923 4184 wmiApSrv - ok
11:26:36.0970 4184 WMPNetworkSvc - ok
11:26:37.0001 4184 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:26:37.0017 4184 WPCSvc - ok
11:26:37.0064 4184 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:26:37.0079 4184 WPDBusEnum - ok
11:26:37.0126 4184 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:26:37.0126 4184 ws2ifsl - ok
11:26:37.0157 4184 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:26:37.0157 4184 wscsvc - ok
11:26:37.0173 4184 WSearch - ok
11:26:37.0267 4184 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:26:37.0282 4184 wuauserv - ok
11:26:37.0329 4184 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:26:37.0345 4184 WudfPf - ok
11:26:37.0407 4184 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:26:37.0407 4184 WUDFRd - ok
11:26:37.0454 4184 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:26:37.0469 4184 wudfsvc - ok
11:26:37.0501 4184 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:26:37.0501 4184 WwanSvc - ok
11:26:37.0532 4184 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:26:37.0625 4184 \Device\Harddisk0\DR0 - ok
11:26:37.0641 4184 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
11:26:37.0641 4184 \Device\Harddisk1\DR2 - ok
11:26:37.0657 4184 Boot (0x1200) (6ff2e3b80e3192c10d281ff4dd53c6c6) \Device\Harddisk0\DR0\Partition0
11:26:37.0657 4184 \Device\Harddisk0\DR0\Partition0 - ok
11:26:37.0672 4184 Boot (0x1200) (4bef019886997cdf1bcf935ee417412f) \Device\Harddisk0\DR0\Partition1
11:26:37.0688 4184 \Device\Harddisk0\DR0\Partition1 - ok
11:26:37.0688 4184 Boot (0x1200) (407ca2a1bdecda08aaaad7aa00797eb8) \Device\Harddisk1\DR2\Partition0
11:26:37.0688 4184 \Device\Harddisk1\DR2\Partition0 - ok
11:26:37.0688 4184 ============================================================
11:26:37.0688 4184 Scan finished
11:26:37.0688 4184 ============================================================
11:26:37.0703 0668 Detected object count: 1
11:26:37.0703 0668 Actual detected object count: 1
11:26:47.0594 0668 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:26:47.0594 0668 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
============================================================================================================

aswBMR scan log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 11:32:37
-----------------------------
11:32:37.293 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:37.293 Number of processors: 2 586 0x603
11:32:37.293 ComputerName: VENTO-PC UserName: vento
11:32:38.198 Initialize success
11:33:48.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:33:48.335 Disk 0 Vendor: Hitachi_HDS721064CLA332 JPGOA3EA Size: 610480MB BusType: 11
11:33:48.351 Disk 0 MBR read successfully
11:33:48.351 Disk 0 MBR scan
11:33:48.351 Disk 0 Windows 7 default MBR code
11:33:48.367 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 9216 MB offset 2048
11:33:48.367 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 244192 MB offset 18876416
11:33:48.398 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 357070 MB offset 518981632
11:33:48.429 Disk 0 scanning C:\Windows\system32\drivers
11:33:54.201 Service scanning
11:34:06.307 Modules scanning
11:34:06.307 Disk 0 trace - called modules:
11:34:06.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:34:06.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048e4060]
11:34:06.307 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004859060]
11:34:06.307 Scan finished successfully
11:34:32.296 Disk 0 MBR has been saved successfully to "C:\Users\vento\Desktop\MBR.dat"
11:34:32.312 The log file has been saved successfully to "C:\Users\vento\Desktop\aswMBR20120418.txt"

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 18 April 2012 - 09:24 AM

The logs are clean. You can proceed with this now.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#8 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 19 April 2012 - 10:01 PM

In normal mode, ComboFix.exe was unable to run. I run combofix under safe mode.
And here is the log:


ComboFix 12-04-15.02 - vento 2/04/20 週五 10:47:12.7.2 - x64 MINIMAL
Microsoft Windows 7 家用進階版 6.1.7601.1.950.886.1028.18.3839.2510 [GMT 8:00]
執行位置: c:\users\vento\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2012-03-20 至 2012-04-20 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-04-20 02:52 . 2012-04-20 02:52 -------- d-----w- c:\users\巫柏睿\AppData\Local\temp
2012-04-20 02:52 . 2012-04-20 02:52 -------- d-----w- c:\users\共用2\AppData\Local\temp
2012-04-20 02:52 . 2012-04-20 02:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-20 02:52 . 2012-04-20 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 02:39 . 2012-04-20 02:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 12:14 . 2012-04-16 12:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:12 . 2012-04-18 11:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 12:12 . 2012-04-18 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 12:12 . 2012-04-16 12:12 -------- d-----w- c:\windows\system32\Macromed
2012-04-15 02:30 . 2012-04-15 02:30 -------- d-----w- c:\program files (x86)\Comodo
2012-04-11 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 07:56 . 2012-04-01 07:56 -------- d-----w- c:\program files (x86)\Empire Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 07:56 . 2012-01-11 06:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 00:55 . 2010-06-23 12:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-04 00:50 . 2012-03-04 00:50 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-29 09:49 . 2012-02-29 09:49 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 13:00 . 2012-02-17 13:00 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2012-02-17 13:00 . 2012-02-17 13:00 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 09:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 09:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 09:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 13:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 13:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 13:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_01.19.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 02:43 . 2012-04-20 02:43 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-16 01:05 . 2012-04-16 01:05 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-16 00:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-16 00:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-16 00:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-24 23:28 . 2012-04-20 02:43 70482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 02:43 47828 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-20 07:44 . 2012-04-20 02:43 24594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288522896-628113693-862871898-1000_UserData.bin
- 2010-06-20 23:37 . 2012-04-16 00:45 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-20 23:37 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-04 07:47 . 2012-04-16 00:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-04 07:47 . 2012-04-20 02:33 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-16 00:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-17 12:50 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-16 00:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-16 00:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-24 11:54 . 2012-04-17 14:41 5402 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-06-24 11:54 . 2012-04-15 13:46 5402 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-07-10 07:44 . 2012-04-17 12:14 2468 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-06-08 10:17 . 2012-04-18 09:55 8172 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288522896-628113693-862871898-1001_UserData.bin
- 2012-04-16 01:06 . 2012-04-16 01:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-16 01:06 . 2012-04-16 01:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 12:12 . 2012-04-18 11:37 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-16 12:14 . 2012-04-16 12:14 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-04-16 12:14 . 2012-04-16 12:14 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
+ 2012-04-16 12:12 . 2012-04-18 11:37 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2010-06-22 07:38 . 2012-04-17 12:17 365830 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-09-30 02:40 . 2012-04-16 01:01 389880 c:\windows\system32\prfh0404.dat
+ 2009-09-30 02:40 . 2012-04-19 12:10 389880 c:\windows\system32\prfh0404.dat
- 2009-09-30 02:40 . 2012-04-16 01:01 110498 c:\windows\system32\prfc0404.dat
+ 2009-09-30 02:40 . 2012-04-19 12:10 110498 c:\windows\system32\prfc0404.dat
- 2009-07-14 02:36 . 2012-04-16 01:01 620568 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 12:10 620568 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 12:10 110498 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-16 01:01 110498 c:\windows\system32\perfc009.dat
+ 2012-04-16 12:12 . 2012-04-18 11:37 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-04-16 12:14 . 2012-04-16 12:14 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
+ 2012-04-16 12:14 . 2012-04-16 12:14 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.dll
- 2009-07-14 05:12 . 2012-02-16 12:07 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-18 10:08 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-05-21 04:49 . 2012-04-19 10:01 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
- 2011-05-21 04:49 . 2012-04-15 06:14 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
+ 2009-07-14 05:01 . 2012-04-20 02:43 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-16 01:05 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-16 12:12 . 2012-04-18 11:37 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
- 2010-06-21 09:04 . 2012-04-16 01:05 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-06-21 09:04 . 2012-04-20 02:43 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-11-28 14:11 . 2012-04-16 15:27 8615572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-288522896-628113693-862871898-1000-8192.dat
- 2010-11-28 14:11 . 2012-04-15 13:46 8615572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-288522896-628113693-862871898-1000-8192.dat
+ 2011-05-09 02:04 . 2012-04-18 14:03 3992864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-288522896-628113693-862871898-1000-12288.dat
- 2011-05-09 02:04 . 2012-03-04 03:17 3992864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-288522896-628113693-862871898-1000-12288.dat
+ 2012-04-16 12:12 . 2012-04-18 11:37 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]
"SandboxieControl"="d:\狄箱\SbieCtrl.exe" [2011-03-24 597736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-02 4785536]
"Facebook Update"="c:\users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-31 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
.
c:\users\vento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\_otl\MovedFiles\08302011_142412\C_Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2006-6-7 4154504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 NtFsLdf20;NtFsLdf20; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir 排程管理員;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 pr2ah5ub;Gothic3 Drivers Auto Removal (pr2ah5ub);c:\windows\system32\pr2ah5ub.exe svc [x]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 pe3ah5ub;Gothic3 Environment Driver (pe3ah5ub);c:\windows\system32\drivers\pe3ah5ub.sys [x]
S0 ps6ah5ub;Gothic3 Synchronization Driver (ps6ah5ub);c:\windows\system32\drivers\ps6ah5ub.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-20 140672]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
計劃任務 文件夾 裡的內容
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:37]
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-26 13:24]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://tw.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: 傳送至 OneNote(&N) - d:\pptvie~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - d:\pptvie~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://tw.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://tw.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.id - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101367
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52679513.sys
Toolbar-Locked - (no file)
AddRemove-FFHC Kasumi: Rebirth_is1 - c:\users\巫柏睿\Desktop\新增資料夾1\Angry Birds\audio\FFHC Kasumi - Rebirth\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,fc,be,82,c3,8e,e7,28,4a,19,46,ba,09,ff,06,3d,6f,26,59,b3,d2,
e3,eb,69,4f,67,c6,c6,f9,73,97,92,92,27,01,12,d8,a8,6d,ec,27,32,5f,8e,dd,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsSpooler]
"driverName"="Send To Microsoft OneNote 2010 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="傳送至 OneNote 2010"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\vento-PC\\傳送至 OneNote 2010"
"serverName"="vento-PC"
"shortServerName"="VENTO-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,ac,90,51,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:5190acc2
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-04-20 10:54:07
ComboFix-quarantined-files.txt 2012-04-20 02:54
ComboFix2.txt 2012-04-16 01:22
.
Pre-Run: 100,196,540,416 位元組可用
Post-Run: 100,083,314,688 位元組可用
.
- - End Of File - - 48FCF12D3126A83BA214DDACDADE1D79

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 20 April 2012 - 08:26 AM

Open notepad and copy/paste the text in the quote box below into it:


ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://tw.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://tw.yahoo.com/
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.BabylonToolbar_i.id - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 8264069c000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101367
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please let me know what problem persists.

#10 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 21 April 2012 - 09:04 PM

Here will have 2 log files.
First one is I run it by using outdate combofix.

After that I download the update combofix and run it again.

First one:

ComboFix 12-04-15.02 - vento 2/04/22 週日 9:21.8.2 - x64 MINIMAL
Microsoft Windows 7 家用進階版 6.1.7601.1.950.886.1028.18.3839.2564 [GMT 8:00]
執行位置: c:\users\vento\Desktop\ComboFix.exe
Command switches used :: c:\users\vento\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
- 降低功能模式 -
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2012-03-22 至 2012-04-22 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-04-22 01:22 . 2012-04-22 01:22 -------- d-----w- c:\users\巫柏睿\AppData\Local\temp
2012-04-22 01:22 . 2012-04-22 01:22 -------- d-----w- c:\users\共用2\AppData\Local\temp
2012-04-22 01:22 . 2012-04-22 01:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-22 01:22 . 2012-04-22 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 02:39 . 2012-04-20 02:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 12:14 . 2012-04-16 12:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:12 . 2012-04-18 11:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 12:12 . 2012-04-18 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 12:12 . 2012-04-16 12:12 -------- d-----w- c:\windows\system32\Macromed
2012-04-15 02:30 . 2012-04-15 02:30 -------- d-----w- c:\program files (x86)\Comodo
2012-04-11 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 07:56 . 2012-04-01 07:56 -------- d-----w- c:\program files (x86)\Empire Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 07:56 . 2012-01-11 06:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 00:55 . 2010-06-23 12:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-04 00:50 . 2012-03-04 00:50 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-29 09:49 . 2012-02-29 09:49 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 13:00 . 2012-02-17 13:00 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2012-02-17 13:00 . 2012-02-17 13:00 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 09:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 09:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 09:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 13:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 13:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 13:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-20_02.52.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-22 01:18 . 2012-04-22 01:18 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-20 02:43 . 2012-04-20 02:43 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-22 00:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-22 00:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 00:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-24 23:28 . 2012-04-22 00:27 70594 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-22 00:27 47844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-20 07:44 . 2012-04-22 00:27 24610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288522896-628113693-862871898-1000_UserData.bin
- 2010-06-20 23:37 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-20 23:37 . 2012-04-22 00:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 07:47 . 2012-04-22 00:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-04 07:47 . 2012-04-20 02:33 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 00:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-20 11:01 . 2012-04-22 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-20 11:01 . 2012-04-22 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-22 01:19 . 2012-04-22 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-22 01:19 . 2012-04-22 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-30 02:40 . 2012-04-22 00:29 389880 c:\windows\system32\prfh0404.dat
- 2009-09-30 02:40 . 2012-04-19 12:10 389880 c:\windows\system32\prfh0404.dat
+ 2009-09-30 02:40 . 2012-04-22 00:29 110498 c:\windows\system32\prfc0404.dat
- 2009-09-30 02:40 . 2012-04-19 12:10 110498 c:\windows\system32\prfc0404.dat
+ 2009-07-14 02:36 . 2012-04-22 00:29 620568 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-19 12:10 620568 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-22 00:29 110498 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 12:10 110498 c:\windows\system32\perfc009.dat
+ 2011-05-21 04:49 . 2012-04-22 00:25 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
- 2011-05-21 04:49 . 2012-04-19 10:01 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
- 2009-07-14 05:01 . 2012-04-20 02:43 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-22 01:18 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-21 09:04 . 2012-04-20 02:43 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-06-21 09:04 . 2012-04-22 01:18 1474832 c:\windows\system32\drivers\sfi.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]
"SandboxieControl"="d:\狄箱\SbieCtrl.exe" [2011-03-24 597736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-02 4785536]
"Facebook Update"="c:\users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-31 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
.
c:\users\vento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\_otl\MovedFiles\08302011_142412\C_Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2006-6-7 4154504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 NtFsLdf20;NtFsLdf20; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir 排程管理員;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 pr2ah5ub;Gothic3 Drivers Auto Removal (pr2ah5ub);c:\windows\system32\pr2ah5ub.exe svc [x]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 pe3ah5ub;Gothic3 Environment Driver (pe3ah5ub);c:\windows\system32\drivers\pe3ah5ub.sys [x]
S0 ps6ah5ub;Gothic3 Synchronization Driver (ps6ah5ub);c:\windows\system32\drivers\ps6ah5ub.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-20 140672]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
計劃任務 文件夾 裡的內容
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:37]
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-26 13:24]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://tw.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: 傳送至 OneNote(&N) - d:\pptvie~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - d:\pptvie~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-FFHC Kasumi: Rebirth_is1 - c:\users\巫柏睿\Desktop\新增資料夾1\Angry Birds\audio\FFHC Kasumi - Rebirth\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,fc,be,82,c3,8e,e7,28,4a,19,46,ba,09,ff,06,3d,6f,26,59,b3,d2,
e3,eb,69,4f,67,c6,c6,f9,73,97,92,92,27,01,12,d8,a8,6d,ec,27,32,5f,8e,dd,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsSpooler]
"driverName"="Send To Microsoft OneNote 2010 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="傳送至 OneNote 2010"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\vento-PC\\傳送至 OneNote 2010"
"serverName"="vento-PC"
"shortServerName"="VENTO-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,ac,90,51,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:5190acc2
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-04-22 09:24:35
ComboFix-quarantined-files.txt 2012-04-22 01:24
ComboFix2.txt 2012-04-20 02:54
ComboFix3.txt 2012-04-16 01:22
.
Pre-Run: 100,123,643,904 位元組可用
Post-Run: 116,235,784,192 位元組可用
.
- - End Of File - - C41DFD667621B8535518BCF59F2B63BE

Second one:
ComboFix 12-04-20.03 - vento 2/04/22 週日 9:43.9.2 - x64 MINIMAL
Microsoft Windows 7 家用進階版 6.1.7601.1.950.886.1028.18.3839.2572 [GMT 8:00]
執行位置: c:\users\vento\Desktop\ComboFix.exe
Command switches used :: c:\users\vento\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2012-03-22 至 2012-04-22 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-04-22 01:49 . 2012-04-22 01:49 -------- d-----w- c:\users\巫柏睿\AppData\Local\temp
2012-04-22 01:49 . 2012-04-22 01:49 -------- d-----w- c:\users\共用2\AppData\Local\temp
2012-04-22 01:49 . 2012-04-22 01:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-22 01:49 . 2012-04-22 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 02:39 . 2012-04-20 02:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 12:14 . 2012-04-16 12:14 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:12 . 2012-04-18 11:37 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 12:12 . 2012-04-18 11:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-16 12:12 . 2012-04-16 12:12 -------- d-----w- c:\windows\system32\Macromed
2012-04-15 02:30 . 2012-04-15 02:30 -------- d-----w- c:\program files (x86)\Comodo
2012-04-11 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-01 07:56 . 2012-04-01 07:56 -------- d-----w- c:\program files (x86)\Empire Interactive
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 07:56 . 2012-01-11 06:47 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 00:55 . 2010-06-23 12:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-04 00:50 . 2012-03-04 00:50 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-29 09:49 . 2012-02-29 09:49 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 13:00 . 2012-02-17 13:00 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2012-02-17 13:00 . 2012-02-17 13:00 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 04:09 . 2012-02-14 04:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-15 09:52 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 09:52 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 09:52 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 13:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 13:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 13:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-20_02.52.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-22 01:40 . 2012-04-22 01:40 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-20 02:43 . 2012-04-20 02:43 20310 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-22 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-22 01:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 01:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-24 23:28 . 2012-04-22 01:37 70610 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-22 01:38 47844 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-20 07:44 . 2012-04-22 01:38 24610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-288522896-628113693-862871898-1000_UserData.bin
- 2010-06-20 23:37 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-20 23:37 . 2012-04-22 01:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 07:47 . 2012-04-22 01:27 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-04 07:47 . 2012-04-20 02:33 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-22 01:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 02:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-20 11:01 . 2012-04-22 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-20 11:01 . 2012-04-20 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-20 11:01 . 2012-04-22 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-22 01:41 . 2012-04-22 01:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-22 01:41 . 2012-04-22 01:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-20 02:44 . 2012-04-20 02:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-30 02:40 . 2012-04-22 01:32 389880 c:\windows\system32\prfh0404.dat
- 2009-09-30 02:40 . 2012-04-19 12:10 389880 c:\windows\system32\prfh0404.dat
+ 2009-09-30 02:40 . 2012-04-22 01:32 110498 c:\windows\system32\prfc0404.dat
- 2009-09-30 02:40 . 2012-04-19 12:10 110498 c:\windows\system32\prfc0404.dat
+ 2009-07-14 02:36 . 2012-04-22 01:32 620568 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-19 12:10 620568 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-22 01:32 110498 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 12:10 110498 c:\windows\system32\perfc009.dat
+ 2011-05-21 04:49 . 2012-04-22 01:36 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
- 2011-05-21 04:49 . 2012-04-19 10:01 164288 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Ime\IMETC14\TCHFTS.DAT
- 2009-07-14 05:01 . 2012-04-20 02:43 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-22 01:40 415808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-21 09:04 . 2012-04-20 02:43 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-06-21 09:04 . 2012-04-22 01:40 1474832 c:\windows\system32\drivers\sfi.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-26 39408]
"SandboxieControl"="d:\狄箱\SbieCtrl.exe" [2011-03-24 597736]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-02 4785536]
"Facebook Update"="c:\users\vento\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-31 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
.
c:\users\vento\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\_otl\MovedFiles\08302011_142412\C_Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2006-6-7 4154504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00c0404]
IME File REG_SZ IMTCP14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 NtFsLdf20;NtFsLdf20; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir 排程管理員;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-04-13 409232]
R2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2010-01-06 142648]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 pr2ah5ub;Gothic3 Drivers Auto Removal (pr2ah5ub);c:\windows\system32\pr2ah5ub.exe svc [x]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bmusbser.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Normandy;Normandy SR2; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]
S0 pe3ah5ub;Gothic3 Environment Driver (pe3ah5ub);c:\windows\system32\drivers\pe3ah5ub.sys [x]
S0 ps6ah5ub;Gothic3 Synchronization Driver (ps6ah5ub);c:\windows\system32\drivers\ps6ah5ub.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-20 140672]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 04:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
計劃任務 文件夾 裡的內容
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:37]
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-26 13:24]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 07:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://tw.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: 傳送至 OneNote(&N) - d:\pptvie~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - d:\pptvie~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\vento\AppData\Roaming\Mozilla\Firefox\Profiles\ufbxmg5n.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-FFHC Kasumi: Rebirth_is1 - c:\users\巫柏睿\Desktop\新增資料夾1\Angry Birds\audio\FFHC Kasumi - Rebirth\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-288522896-628113693-862871898-1000\Software\SecuROM\License information*]
"datasecu"=hex:3c,fc,be,82,c3,8e,e7,28,4a,19,46,ba,09,ff,06,3d,6f,26,59,b3,d2,
e3,eb,69,4f,67,c6,c6,f9,73,97,92,92,27,01,12,d8,a8,6d,ec,27,32,5f,8e,dd,03,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\DsSpooler]
"driverName"="Send To Microsoft OneNote 2010 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="傳送至 OneNote 2010"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\vento-PC\\傳送至 OneNote 2010"
"serverName"="vento-PC"
"shortServerName"="VENTO-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\袈?*O*n*e*N*o*t*e* *2*0*1*0*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,ac,90,51,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:5190acc2
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-04-22 09:51:40
ComboFix-quarantined-files.txt 2012-04-22 01:51
ComboFix2.txt 2012-04-22 01:24
ComboFix3.txt 2012-04-20 02:54
ComboFix4.txt 2012-04-16 01:22
.
Pre-Run: 116,328,214,528 位元組可用
Post-Run: 116,157,136,896 位元組可用
.
- - End Of File - - 48797A8F47F7C0313063572268F602A3

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 22 April 2012 - 08:22 AM

AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

Both your AntiVir and Comodo are enable. This will only slow down your computer. Never have 2 Antivirus running in real life.

How is the computer performing?

#12 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 26 April 2012 - 02:34 AM

dial-up pop-up after login while booting. It asks several times. The others are running fine.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 26 April 2012 - 08:50 AM

If this article is defining your problem then try some of the fixes suggested on this page.


http://windowsxp.mvps.org/autodial.htm

If at any time you need advice before proceeding please ask.

Keep me posted.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 02 May 2012 - 10:45 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users