ComboFix 12-04-26.01 - Random McGill Guy 26/04/2012 18:00:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.2415 [GMT -4:00]
执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\eqvpbaa.tmp
c:\programdata\szlfbaa.tmp
c:\programdata\whnsbaa.tmp
c:\programdata\xhnsbaa.tmp
.
.
((((((((((((((((((((((((( 2012-03-26 至 2012-04-26 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-26 22:10 . 2012-04-26 22:10--------d-----w-c:\users\Default\AppData\Local\temp
2012-04-26 22:02 . 2012-04-26 22:0269000----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\offreg.dll
2012-04-26 21:43 . 2012-04-26 21:43--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 21:43 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\program files\SUPERAntiSpyware
2012-04-26 20:49 . 2012-04-26 20:49--------d-----w-c:\programdata\SUPERAntiSpyware.com
2012-04-26 06:20 . 2012-04-26 06:20--------d-----w-C:\TDSSKiller_Quarantine
2012-04-26 06:05 . 2012-04-26 21:53--------d-----w-C:\MGtools
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\program files\HitmanPro
2012-04-26 04:27 . 2012-04-26 04:27--------d-----w-c:\programdata\HitmanPro
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2012-04-25 18:32 . 2012-04-26 21:05--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-04-25 15:05 . 2012-04-25 23:42--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\vlc
2012-04-24 23:19 . 2012-04-24 23:19--------d-----w-c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00 . 2012-04-13 08:468917360----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44 . 2012-04-22 01:45--------d-----w-c:\programdata\Battle.net
2012-04-20 15:07 . 2012-04-20 15:07--------d-----w-c:\programdata\IObit
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33 . 2012-04-16 06:33--------d-----w-c:\programdata\Malwarebytes
2012-04-16 05:44 . 2012-04-16 05:44--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44 . 2012-04-20 15:07--------d-----w-c:\program files (x86)\IObit
2012-04-16 05:35 . 2011-04-05 21:3560504----a-w-c:\windows\system32\drivers\sbhips.sys
2012-04-16 05:35 . 2011-04-05 21:3594296----a-w-c:\windows\system32\drivers\sbtis.sys
2012-04-16 05:35 . 2011-04-05 21:35253528----a-w-c:\windows\system32\drivers\SbFw.sys
2012-04-16 05:35 . 2011-02-08 13:1484568----a-w-c:\windows\system32\drivers\SbFwIm.sys
2012-04-15 12:24 . 2012-04-15 12:24418464----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00 . 2012-04-26 20:16--------d-----w-c:\program files (x86)\Ludashi
2012-04-13 22:51 . 2012-04-13 22:51--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360mobilemgr
2012-04-13 22:43 . 2012-04-13 23:59--------d-----w-c:\programdata\360safe
2012-04-13 22:40 . 2011-08-31 10:1819800----a-w-c:\windows\system32\drivers\efimon.sys
2012-04-13 22:40 . 2012-04-13 22:40--------d-----w-c:\program files (x86)\360
2012-04-13 22:39 . 2012-04-14 03:49--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\360inst
2012-04-13 20:17 . 2012-04-15 12:240--sha-w-c:\windows\system32\dds_trash_log.cmd
2012-04-13 17:45 . 2012-04-13 17:45--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44 . 2012-04-13 21:18--------d-----w-c:\program files (x86)\彩云游戏浏览器
2012-04-12 20:13 . 2012-04-22 06:28--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13 . 2012-04-12 20:13--------d-----w-c:\program files (x86)\KuGou2012
2012-04-12 06:46 . 2012-04-13 17:45--------d-----w-C:\TGGAME
2012-04-12 04:18 . 2012-04-12 04:18--------d-----w-c:\users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01 . 2012-02-28 06:422382848----a-w-c:\windows\system32\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:032382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:58141112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 07:37174392----a-w-c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 06:47304640----a-w-c:\program files\Internet Explorer\IEShims.dll
2012-04-12 04:01 . 2012-02-28 06:562311168----a-w-c:\windows\system32\jscript9.dll
2012-04-12 04:01 . 2012-02-28 01:08194048----a-w-c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59 . 2012-03-06 06:435504880----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-12 03:59 . 2012-03-06 05:593958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59 . 2012-03-06 05:593902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55 . 2012-03-01 06:5422896----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:4080896----a-w-c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:45158720----a-w-c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:45220672----a-w-c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:355120----a-w-c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:49172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:405120----a-w-c:\windows\SysWow64\wmi.dll
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06 . 2012-04-09 01:0661440----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06 . 2012-04-09 01:06106496----a-r-c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Common Files\Tencent
2012-04-09 01:06 . 2012-04-09 01:06--------d-----w-c:\program files (x86)\Tencent
2012-04-09 01:06 . 2012-04-09 01:07--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-09 01:06 . 2012-04-09 01:0618760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
2012-04-08 00:21 . 2012-04-08 00:22--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\GRETECH
2012-04-08 00:21 . 2012-04-08 00:27--------d-----w-c:\program files (x86)\GRETECH
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\Common Files\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\program files (x86)\duowan
2012-04-07 13:32 . 2012-04-07 13:32--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\duowan
2012-03-31 17:05 . 2012-03-31 17:05--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\Unity
2012-03-31 16:54 . 2012-03-31 16:54--------d-----w-c:\users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Roaming\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:04 . 2012-03-29 05:04--------d-----w-c:\programdata\ATI
2012-03-29 05:00 . 2012-03-29 05:000----a-w-c:\windows\ativpsrm.bin
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD AVT
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\AMD APP
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files\Common Files\ATI Technologies
2012-03-29 04:58 . 2012-03-29 04:58--------d-----w-c:\program files (x86)\Common Files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files (x86)\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:58--------d-----w-c:\program files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54--------d-----w-c:\program files\ATI
2012-03-29 04:52 . 2012-02-15 08:13496128----a-w-c:\windows\system32\atieclxx.exe
2012-03-29 03:06 . 2012-02-15 07:1658880----a-w-c:\windows\system32\coinst.dll
2012-03-29 03:01 . 2012-03-29 03:01--------d-----w-c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26 . 2012-03-29 01:42--------d-----w-c:\program files (x86)\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 06:05 . 2012-04-26 06:0533660----a-w-C:\MGlogs.zip
2012-04-15 12:24 . 2011-11-07 22:5570304----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30 . 2009-07-14 02:36152064----a-w-c:\windows\SysWow64\msclmd.dll
2012-03-29 01:30 . 2009-07-14 02:36175104----a-w-c:\windows\system32\msclmd.dll
2012-03-22 19:12 . 2012-03-22 19:124435968----a-w-c:\windows\SysWow64\GPhotos.scr
2012-02-23 14:18 . 2010-12-21 09:07279656------w-c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 08:441031680----a-w-c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 08:44826368----a-w-c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 08:44204800----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 08:4423552----a-w-c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:0569632----a-w-c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:0559904----a-w-c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:0561952----a-w-c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:0554784----a-w-c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:0516507904----a-w-c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:0413238272----a-w-c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:0354272----a-w-c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:0348128----a-w-c:\windows\SysWow64\OpenCL.dll
2012-02-10 10:08 . 2012-03-20 23:26279840----a-w-c:\windows\system32\ikutm.dll
2012-02-10 06:24 . 2012-03-14 16:551544192----a-w-c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 16:551837568----a-w-c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 16:55902656----a-w-c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 16:55320512----a-w-c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 16:55197120----a-w-c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 16:551077248----a-w-c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 16:55218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 16:551170944----a-w-c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:35 . 2012-03-14 16:55739840----a-w-c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 16:55161792----a-w-c:\windows\SysWow64\d3d10_1.dll
2012-02-03 04:16 . 2012-03-14 16:553143168----a-w-c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:0221504----a-w-c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:0016896----a-w-c:\windows\SysWow64\kdbsdk32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1294208----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime FileREG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-02-03 820768]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
@="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
[HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
@="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
[HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
@="{E427F712-D68E-4BE6-886F-B088037A87CB}"
[HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
2010-12-16 02:211296712----a-w-c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:1297792----a-w-c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-02-03 496160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://
www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
LSP: c:\program files (x86)\YouKu\common\ikutm.dll
TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,52,53,04,f3,22,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
"rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-04-26 18:12:48
ComboFix-quarantined-files.txt 2012-04-26 22:12
ComboFix2.txt 2012-04-16 06:27
.
Pre-Run: 53,691,072,512 bytes free
Post-Run: 53,618,073,600 bytes free
.
- - End Of File - - 864B4A4C1B86BA6708CC02F497959572