Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to internet after combofix for 80000032.@ virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 ustar

ustar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 13 July 2012 - 03:07 PM

I get prompted with 80000032.@ virus very frequently so I installed combofix to remove the virus. TDSS reported no finding after removal. I unintalled combofix but then the internet stop working.

Attach the log of combofix and DDS. Some of the language is Chinese, please let me know if you need translation.

ComboFix 12-07-13.01 - Juan 2/2012 Thu 23:48:52.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.4063.2813 [GMT -5:00]
Ö´ÐÐλÖÃ: c:\downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TENCENT\SSPlus\SAddr.dll
c:\program files\TENCENT\SSPlus\SData.dat
c:\program files\TENCENT\SSPlus\stdtbh.dat
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
·¢ÏÖÊܸÐȾ c:\windows\SysWow64\userinit.exe ²¢Çҳɹ¦½â¶¾
´Ó - c:\windows\erdnt\cache86\userinit.exe »Ö¸´Ô­À´µµ°¸
.
.
((((((((((((((((((((((((( 2012-06-13 ÖÁ 2012-07-13 µÄеĵµ°¸ )))))))))))))))))))))))))))))))
.
.
2012-07-13 04:57 . 2012-07-13 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 03:14 . 2012-07-13 03:40 -------- d-----w- c:\users\Juan\AppData\Roaming\SaaYaa
2012-07-13 02:13 . 2012-07-13 02:13 -------- d-----w- c:\users\Juan\AppData\Roaming\Avira
2012-07-13 02:07 . 2012-05-02 20:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-13 02:07 . 2012-04-27 15:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-13 02:07 . 2012-04-25 05:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-13 02:07 . 2012-07-13 02:07 -------- d-----w- c:\programdata\Avira
2012-07-13 02:07 . 2012-07-13 02:07 -------- d-----w- c:\program files (x86)\Avira
2012-07-13 01:57 . 2012-07-13 01:57 -------- d-----w- c:\users\Juan\AppData\Roaming\Malwarebytes
2012-07-13 01:57 . 2012-07-13 01:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 01:57 . 2012-07-13 03:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-13 01:57 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 00:53 . 2012-07-13 01:08 -------- d-----w- C:\sh4ldr
2012-07-13 00:53 . 2012-07-13 00:53 -------- d-----w- c:\program files\Enigma Software Group
2012-07-13 00:52 . 2012-07-13 01:08 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-13 00:37 . 2012-07-13 00:37 -------- d-----w- c:\users\Juan\AppData\Roaming\DriverCure
2012-07-13 00:37 . 2012-07-13 00:37 -------- d-----w- c:\users\Juan\AppData\Roaming\SpeedyPC Software
2012-07-13 00:37 . 2012-07-13 01:09 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-04 07:33 . 2012-07-04 07:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-04 06:21 . 2012-07-04 06:21 -------- d-----w- c:\users\Juan\AppData\Local\Oberon Games
2012-07-04 06:17 . 2012-07-04 06:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-04 06:17 . 2012-07-04 06:17 -------- d-----w- c:\windows\system32\Macromed
2012-07-04 06:13 . 2012-07-04 06:13 -------- d-----w- c:\users\Juan\AppData\Roaming\Oberon Media
2012-07-04 06:13 . 2012-07-04 06:13 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
2012-07-04 06:12 . 2012-07-04 06:12 -------- d-----w- c:\programdata\Oberon Media
2012-07-04 06:12 . 2012-07-04 06:12 -------- d-----w- c:\program files (x86)\Oberon Media
2012-07-04 06:12 . 2012-07-04 06:12 -------- d-----w- c:\program files (x86)\MSN Games
2012-07-01 00:21 . 2012-07-01 00:21 0 ----a-w- c:\windows\SysWow64\nsgA0C3.tmp
2012-07-01 00:21 . 2012-07-01 00:21 0 ----a-w- c:\windows\system32\nsvA121.tmp
2012-06-21 15:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:34 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:34 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 19:57 . 2012-07-13 03:40 -------- d-----w- c:\programdata\QvodPlayer
2012-06-16 19:57 . 2012-06-16 19:58 -------- d-----w- c:\program files (x86)\QvodPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»Ð޸ĵĵµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-04 06:17 . 2011-06-11 04:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 07:21 . 2012-06-08 07:21 5207448 ----a-w- c:\windows\system32\SogouPY.ime
2012-06-08 07:21 . 2012-06-08 07:21 2991512 ----a-w- c:\windows\SysWow64\SogouPY.ime
2012-05-08 01:40 . 2012-05-08 01:41 40064 ----a-w- c:\windows\SysWow64\DelCert.ocx
2012-05-08 01:40 . 2012-05-08 01:41 76928 ----a-w- c:\windows\SysWow64\certInStall.dll
2012-05-08 01:37 . 2012-05-08 01:42 2376320 ----a-w- c:\windows\system32\InstallCertListAx_64.ocx
2012-05-08 01:36 . 2012-05-08 01:41 542336 ----a-w- c:\windows\system32\CheckSign_64.ocx
2012-05-08 01:35 . 2012-05-08 01:41 48256 ----a-w- c:\windows\SysWow64\InstallCertListAx.ocx
2012-05-08 01:34 . 2012-05-08 01:41 72888 ----a-w- c:\windows\SysWow64\CheckSign.ocx
2012-05-08 01:33 . 2012-05-08 01:41 265344 ----a-w- c:\windows\SysWow64\ICBCNetSignGEx.dll
2012-05-08 01:33 . 2012-05-08 01:41 265344 ----a-w- c:\windows\SysWow64\ICBCNetSignG.dll
2012-05-08 01:33 . 2012-05-08 01:41 285824 ----a-w- c:\windows\SysWow64\ICBC_NetSign.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_04.03.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-18 18:12 . 2012-07-13 05:06 63590 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 05:06 41140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-26 21:24 . 2012-07-13 04:39 17110 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1400345868-1828450053-3714511828-1000_UserData.bin
- 2009-12-26 10:28 . 2012-07-13 03:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-26 10:28 . 2012-07-13 04:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-26 10:28 . 2012-07-13 03:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-26 10:28 . 2012-07-13 04:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 03:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 04:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-08-18 18:15 . 2012-07-13 03:36 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-08-18 18:15 . 2012-07-13 04:57 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-13 04:58 . 2012-07-13 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 03:41 . 2012-07-13 03:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 04:58 . 2012-07-13 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-13 03:41 . 2012-07-13 03:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-13 03:46 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 05:02 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 05:02 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-13 03:46 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-13 03:36 438404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-13 04:57 438404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-02-08 05:03 . 2012-07-13 04:57 32870720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1400345868-1828450053-3714511828-1000-8192.dat
- 2010-02-08 05:03 . 2012-07-13 03:32 32870720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1400345868-1828450053-3714511828-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇ¼½«²»»á±»ÏÔʾ
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2010-04-19 22:08 312896 ----a-w- c:\program files (x86)\Tudou\·ÉËÙTudou\tudouDetector.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-12-26 09:11 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-08 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"D4Svr_ICBC.exe"="D4Svr_ICBC.exe" [2011-12-30 75056]
"QvodTerminal"="c:\program files (x86)\QvodPlayer\QvodTerminal.exe" [2011-10-11 1025936]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KingSoft PowerWord PE"="c:\program files (x86)\Kingsoft\PowerWord PE\CBTray.exe" [2010-04-30 605336]
.
c:\users\Juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Juan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 133104]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
R3 Alidevice;Alidevice; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 133104]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-12-26 332272]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R4 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-30 167424]
R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-28 120104]
R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-28 70952]
R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-28 427304]
R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-28 75048]
R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-28 91432]
R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
S2 CMB8100;CMB8100;c:\windows\SysWOW64\Drivers\CertClient.dat [2008-09-24 10784]
S2 CMBProtector;CMBProtector;c:\windows\SysWOW64\Drivers\CMBProtector.dat [2008-09-24 12320]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\IcbcDaemon_64.exe [2011-12-26 554112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\SysWOW64\D4Ser_ICBC.exe [2011-11-24 58672]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2009-07-31 91648]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys [2009-07-31 75776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 YLMFVDISK;YLMF Virtual Diskette V1;c:\windows\system32\drivers\VirtDisk64.sys [2011-12-09 23896]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-04 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-11-13 86120]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ XLDoctor Service
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\aetsprov]
2006-10-31 20:30 73728 ----a-w- c:\windows\SysWOW64\aetsprov.dll
.
¡®¼Æ»®ÈÎÎñ¡¯ Îļþ¼Ð ÀïµÄÄÚÈÝ
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 09:11]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-12-26 09:11 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BCB0605-D909-4c3b-B490-DEFE88BA95FA}]
2011-12-26 21:48 466048 ----a-w- c:\program files (x86)\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN64\Icbc_AntiPhishing_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Conflict]
@="{486C8576-C2C5-42AD-87C6-5E9681633935}"
[HKEY_CLASSES_ROOT\CLSID\{486C8576-C2C5-42AD-87C6-5E9681633935}]
c:\users\Juan\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_ForbidSync]
@="{683617F1-0DD4-4B24-B87F-73CE23B8440C}"
[HKEY_CLASSES_ROOT\CLSID\{683617F1-0DD4-4B24-B87F-73CE23B8440C}]
c:\users\Juan\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_LargeFile]
@="{6B3CB227-0A30-418E-A673-FF1F142D9327}"
[HKEY_CLASSES_ROOT\CLSID\{6B3CB227-0A30-418E-A673-FF1F142D9327}]
c:\users\Juan\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Synced]
@="{B2AF7140-40A1-449E-82B9-2C0876C97AF4}"
[HKEY_CLASSES_ROOT\CLSID\{B2AF7140-40A1-449E-82B9-2C0876C97AF4}]
c:\users\Juan\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Syncing]
@="{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D}"
[HKEY_CLASSES_ROOT\CLSID\{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D}]
c:\users\Juan\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-13 11106408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2011-11-13 1833576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
"ICBCEBankAssist"="c:\program files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe" [2012-01-04 47744]
.
------- ¶øÍâµÄɨÃè -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: &UʹÓÃÃ×ÈËÏÂÔز¢ÊÕ²Ø - c:\program files (x86)\NamiRobot\Data\du.html
IE: &ʹÓÃ115Óŵ°ÏÂÔØ - c:\users\Juan\AppData\Roaming\115\UDown\getUrl.htm
IE: &ʹÓÃ115Óŵ°ÏÂÔØÈ«²¿Á´½Ó - c:\users\Juan\AppData\Roaming\115\UDown\getAllUrl.htm
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: µ¼³öµ½ Microsoft Excel(&X) - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{9D5CCDC3-545F-4418-8AEC-9CD2773B4861} - {48B4D816-8BE7-4F32-85C9-F2E912C02311} - c:\program files (x86)\Kingsoft\PowerWord PE\SelectForIE.dll
LSP: c:\program files (x86)\SogouExplorer\sogouipfilter.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
TCP: DhcpNameServer = 50.93.222.1
DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} - hxxps://b2c.icbc.com.cn/icbc/ICBC_TDRDV.cab
DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} - hxxps://mybank.icbc.com.cn/icbc/newperbank/certInStall.dll
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} - hxxps://member.icbc.com.cn/ICBC/html/download/icbcclean/icbcclean.cab
DPF: {3AA9CF07-DF20-48FF-98BE-DED276E40146} - hxxps://mybank.icbc.com.cn/icbc/GDReadPub.cab
DPF: {746E471A-B6E4-44E3-8F3C-2A09B3A030B4} - hxxps://b2c.icbc.com.cn/icbc/icbc_tdrusbkey.cab
DPF: {7CCE07A5-A590-4554-B5C3-082840D7012E} - hxxps://mybank.icbc.com.cn/icbc/icbc_gdgetdv.dll
DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://mybank.icbc.com.cn/icbc/newperbank/AxSafeControls.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://mybank.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {BDEACC50-F56D-4D60-860F-CF6ED1766D65} - hxxp://m95.mail.qq.com/zh_CN/activex/TencentMailActiveX.cab?r=0.38714994116573187
DPF: {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} - hxxps://mybank.icbc.com.cn/icbc/newperbank/USBKEY.cab
.
.
------- ÎļþÀàÐÍ -------
.
inifile=c:\windows\SysWow64\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4FE4D409-ED6E-AB4E-1977-BC59ED54D8CE} - c:\program files\TENCENT\SSPlus\SAddr.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CMB8100]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\CertClient.dat"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CMBProtector]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Excel\Settings\Sb*_]
"ClientGUID"=hex:b5,21,91,f7,a2,59,3d,46,81,3b,93,d1,91,c6,d5,c8
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office PowerPoint\Settings\Sb*_]
"ClientGUID"=hex:cf,5d,cc,ee,a1,b4,d3,45,a7,be,32,eb,04,31,0f,b5
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Office\12.0\Common\Open Find\Microsoft Office Word\Settings\Sb*_]
"ClientGUID"=hex:f5,38,17,63,af,52,ed,4c,91,7a,c2,f0,cb,e8,60,2c
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\2* 0]
"0"=hex:14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,
43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,74,00,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\4* 0]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,90,e2,4d,37,3f,12,65,45,91,64,39,c4,92,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\5*‘]
"0"=hex:14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,
45,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,58,00,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*_*(*S*B*S*_*)* 0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*2* 0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4* 0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4* 0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*5*_*(*S*B*S*)* 0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. c o m _ _sO¹ƒ
0gP– 0\OpenWithList]
@Class="Shell"
"a"="iTunes.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*ÿK\TX?b‹sNP[ ÿ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*ÿK\TX?b‹sNP[ ÿ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*2* 0]
"0"=hex:77,00,78,00,74,00,7a,00,2e,00,35,00,64,00,36,00,64,00,2e,00,63,00,6f,
00,6d,00,e0,65,50,96,11,63,18,62,89,7c,1d,4e,51,7f,d1,91,03,83,c0,79,7d,76,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*4* 0]
"0"=hex:77,00,77,00,77,00,2e,00,6c,00,73,00,6d,00,70,00,33,00,2e,00,63,00,6f,
00,6d,00,e9,97,fd,56,4b,62,3a,67,c3,94,f0,58,51,7f,10,62,f6,65,ac,4e,59,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1400345868-1828450053-3714511828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*c*o*m*ÿK\TX?b‹sNP[ ÿ]
"0"=hex:77,00,77,00,77,00,2e,00,74,00,73,00,6b,00,73,00,63,00,6e,00,2e,00,63,
00,6f,00,6d,00,08,ff,4b,5c,54,58,3f,62,8b,73,16,4e,50,5b,09,ff,00,00,a6,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B416D21B-3B22-B6D4-BBD3-BBD452DB3D5B}\Shell\^\'`(*R*)*\Command]
@="Rundll32.exe Shell32.dll,Control_RunDLL Inetcpl.cpl"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0DDF3C19-E692-22D2-AB05-11AA44BDD685}\Shell\^\'`(*&*R*)*\Command]
@="Rundll32.exe Shell32.dll,Control_RunDLL Inetcpl.cpl"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\(*—g)*1Uë_—\CLUBBOX\NetStat]
"0000"=dword:00000058
"0001"=dword:000000b6
"1000"=dword:00000009
"1001"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\(*—g)*1Uë_—\PDBOX\NetStat]
"0000"=dword:00000070
"0001"=dword:00000292
"1000"=dword:00000001
"1001"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TNüS Qö€ *‡˜€ˆP÷NSœ^Êx]
"DisplayName"="Çǵð¹Ú½º ÆÄÀÏÀü¼Û°ü¸®ÀÚ"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ªRÍS Qö€ *‡˜€ˆP÷NSœ^Êx]
"DisplayName"="Ŭ·´¹Ú½º ÆÄÀÏÀü¼Û°ü¸®ÀÚ"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ ÆäËûÔËÐнø³Ì ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\D4MON_ICBC.exe
.
**************************************************************************
.
Íê³Éʱ¼ä: 2012-07-13 00:10:55 - µçÄÔÒÑÖØÐÂÆô¶¯
ComboFix-quarantined-files.txt 2012-07-13 05:10
ComboFix2.txt 2012-07-13 04:22
ComboFix3.txt 2012-07-13 04:06
ComboFix4.txt 2012-07-13 01:31
.
Pre-Run: 7,190,274,048 bytes free
Post-Run: 6,987,888,640 bytes free
.
- - End Of File - - 8746CE56C085348B722D1D4C9FA70077

Attached Files


Edited by nasdaq, 18 July 2012 - 01:25 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:07 AM

Posted 18 July 2012 - 01:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Try this and check if you now have an internet connection.

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If no connection download to a CD or flash drive this tool and copy it to the desktop of the problem computer.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:07 AM

Posted 24 July 2012 - 07:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users