Thanks, I checked system32/drivers and the gpfinbc.sys has be deleted so it seems.
ComboFix 10-05-23.06 - RuDolF~ 4/2010 Mon 23:20:51.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.950.852.1033.18.1847.1131 [GMT 8]
執行位置: c:\users\RuDolF~\Desktop\Comp Stuff\ComboFix.exe
Command switches used :: c:\users\RuDolF~\Desktop\Comp Stuff\CFScript.txt.txt
FILE ::
"c:\windows\system32\Drivers\gpfinbc.sys"
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Drivers\gpfinbc.sys
c:\windows\system32\drivers\xwsj.sys
.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GPFINBC
-------\Service_gpfinbc
-------\Service_rqrprhoh
((((((((((((((((((((((((( 2010-04-24 至 2010-05-24 的新的檔案 )))))))))))))))))))))))))))))))
.
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- C:\Device
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- c:\users\Fong\AppData\Local\temp
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- c:\users\David\AppData\Local\temp
2010-05-24 15:26 . 2010-05-24 15:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-24 15:19 . 2010-05-24 15:19 -------- d-----w- C:\32788R22FWJFW
2010-05-24 12:49 . 2010-05-24 12:49 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 12:49 . 2010-05-24 12:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:49 . 2010-05-24 12:49 -------- d-----w- c:\program files\Java
2010-05-24 12:06 . 2010-05-24 12:06 -------- d-----w- c:\users\RuDolF~\Office Genuine Advantage
2010-05-24 10:05 . 2010-05-24 15:27 -------- d-----w- c:\users\RuDolF~\AppData\Local\temp
2010-05-24 01:58 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-24 01:58 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-24 01:58 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-24 01:58 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-24 01:58 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-05-24 01:58 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-24 01:58 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-24 01:19 . 2010-05-24 02:01 -------- d-----w- c:\program files\Avas 4
2010-05-23 08:57 . 2010-05-23 08:57 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-05-15 12:17 . 2010-05-15 12:17 -------- d-----w- c:\program files\YouTube Downloader
2010-05-15 12:15 . 2010-05-15 12:15 37888 ----a-w- c:\windows\system32\flash_lib.dll
2010-05-15 12:15 . 2010-05-15 12:15 1117184 ----a-w- c:\windows\system32\swfExt.dll
2010-05-15 11:59 . 2010-05-15 11:59 -------- d-----w- c:\program files\AoA Audio Extractor
2010-05-12 09:35 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-04 23:14 . 2010-05-04 23:14 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-04 23:14 . 2010-05-04 23:14 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-04 23:14 . 2010-05-04 23:14 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-04 23:13 . 2010-05-04 23:13 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-30 14:36 . 2010-04-30 14:36 -------- d-----w- c:\windows\system32\Wat
2010-04-29 07:33 . 2010-04-29 07:33 -------- d-----w- c:\program files\Active X Control
2010-04-28 01:50 . 2010-04-28 01:50 -------- d-----w- c:\users\RuDolF~\dwhelper
2010-04-28 01:42 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 01:41 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 01:41 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 15:27 . 2010-04-15 19:56 8 ----a-w- c:\windows\mvraidver.dat
2010-05-24 15:07 . 2010-04-15 20:28 355130 ----a-w- c:\windows\system32\prfh0804.dat
2010-05-24 15:07 . 2010-04-15 20:28 101230 ----a-w- c:\windows\system32\prfc0804.dat
2010-05-24 15:07 . 2010-04-15 20:18 96316 ----a-w- c:\windows\system32\prfc0404.dat
2010-05-24 15:07 . 2010-04-15 20:18 371100 ----a-w- c:\windows\system32\prfh0404.dat
2010-05-24 15:06 . 2010-04-19 12:25 -------- d-----w- c:\programdata\FLEXnet
2010-05-24 09:56 . 2009-07-14 00:01 0 ----a-w- c:\windows\system32\drivers\TermDD.sys
2010-05-24 09:05 . 2010-05-24 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 01:58 . 2010-04-16 17:29 -------- d-----w- c:\program files\Alwil Software
2010-05-24 01:18 . 2010-05-24 01:18 -------- d-----w- c:\program files\ALWIL Software Security
2010-05-24 01:18 . 2010-05-23 16:28 -------- d-----w- c:\programdata\Alwil Software
2010-05-24 00:39 . 2010-05-24 00:39 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\Malwarebytes
2010-05-24 00:39 . 2010-05-24 00:39 -------- d-----w- c:\programdata\Malwarebytes
2010-05-24 00:20 . 2010-05-24 00:20 0 ----a-w- c:\windows\nsreg.dat
2010-05-24 00:11 . 2010-05-24 00:11 -------- d-----w- c:\program files\Enigma Software Group
2010-05-24 00:10 . 2010-05-24 00:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 08:09 . 2010-04-19 05:51 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\skypePM
2010-05-21 06:46 . 2010-04-19 05:51 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\Skype
2010-05-14 15:49 . 2010-04-20 02:23 129192 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-14 15:49 . 2010-04-15 20:43 -------- d-----w- c:\program files\lg_fwupdate
2010-05-12 13:22 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-12 13:22 . 2010-04-16 16:17 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 03:21 . 2010-04-15 20:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 23:14 . 2010-04-20 07:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-04 23:14 . 2010-04-20 07:46 -------- d-----w- c:\programdata\DivX
2010-05-04 23:14 . 2010-04-20 07:46 -------- d-----w- c:\program files\DivX
2010-05-04 23:13 . 2010-04-20 07:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-04 23:13 . 2010-04-20 07:48 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-04 23:13 . 2010-04-20 07:48 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-04 23:13 . 2010-04-20 07:46 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-30 14:08 . 2010-04-19 02:08 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-29 07:39 . 2010-05-24 00:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 07:39 . 2010-05-24 00:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 06:58 . 2010-04-20 07:48 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\DivX
2010-04-24 13:38 . 2010-04-24 13:21 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\ImgBurn
2010-04-22 17:22 . 2010-04-15 20:29 129192 ----a-w- c:\users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-22 10:22 . 2010-04-22 10:21 -------- d-----w- c:\program files\QuickTime
2010-04-22 10:21 . 2010-04-22 10:21 -------- d-----w- c:\programdata\Apple Computer
2010-04-22 10:20 . 2010-04-22 10:20 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 10:20 . 2010-04-22 10:20 -------- d-----w- c:\program files\Apple Software Update
2010-04-22 10:20 . 2010-04-22 10:20 -------- d-----w- c:\programdata\Apple
2010-04-21 01:53 . 2010-04-19 01:38 129192 ----a-w- c:\users\RuDolF~\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-20 16:25 . 2010-04-16 16:19 -------- d-----w- c:\program files\Microsoft Works
2010-04-20 11:22 . 2010-04-20 11:02 -------- d-----w- c:\program files\Sibelius Software
2010-04-20 11:04 . 2010-04-20 11:04 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\Sibelius Software
2010-04-20 11:04 . 2010-04-20 11:04 604 ---ha-w- c:\program files\STLL Notifier
2010-04-20 11:04 . 2010-04-20 11:04 -------- d-----w- c:\programdata\Sibelius Software
2010-04-20 10:53 . 2010-04-19 05:44 115472 ----a-w- c:\users\Fong\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-20 10:24 . 2010-04-20 10:24 876032 ----a-w- c:\windows\system32\VFP6RENU.DLL
2010-04-20 10:24 . 2010-04-20 10:24 24990 ----a-w- c:\windows\system32\VFP6RUN.EXE
2010-04-20 10:24 . 2010-04-20 10:24 3370256 ----a-w- c:\windows\system32\VFP6R.DLL
2010-04-20 10:24 . 2010-04-20 10:24 3673360 ----a-w- c:\windows\system32\MSO97RT.DLL
2010-04-20 10:24 . 2010-04-20 10:24 487184 ----a-w- c:\windows\system32\MRT7ENU.DLL
2010-04-20 10:24 . 2010-04-20 10:24 161792 ----a-w- c:\windows\system32\GRINTL32.DLL
2010-04-20 10:24 . 2010-04-20 10:24 1584912 ----a-w- c:\windows\system32\GRAPH8.EXE
2010-04-20 10:24 . 2010-04-20 10:24 6656 ----a-w- c:\windows\system32\FOXHHELPPS.DLL
2010-04-20 10:24 . 2010-04-20 10:24 5120 ----a-w- c:\windows\system32\GR8409.DLL
2010-04-20 10:24 . 2010-04-20 10:24 26112 ----a-w- c:\windows\system32\FOXHHELP.EXE
2010-04-20 08:05 . 2010-04-20 08:05 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-20 08:05 . 2010-04-20 08:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-20 08:05 . 2010-04-20 08:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-20 08:05 . 2010-04-20 08:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-20 08:05 . 2010-04-20 08:05 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-20 08:05 . 2010-04-20 08:05 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-20 08:05 . 2010-04-20 08:05 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-20 08:05 . 2010-04-20 08:05 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-04-20 08:05 . 2010-04-20 08:05 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-04-20 08:05 . 2010-04-20 08:05 -------- d-----w- c:\program files\Common Files\Real
2010-04-20 08:05 . 2010-04-20 08:05 -------- d-----w- c:\program files\Real
2010-04-20 08:05 . 2010-04-20 08:05 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-20 07:48 . 2010-04-20 07:48 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 57609 ----a-w- c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-20 07:48 . 2010-04-20 07:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-20 07:48 . 2010-04-20 07:48 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-04-20 03:22 . 2010-04-20 02:16 -------- d-----w- c:\program files\Sony
2010-04-20 03:21 . 2010-04-20 02:09 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\Sony
2010-04-20 02:36 . 2010-04-20 02:36 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\Publish Providers
2010-04-20 02:24 . 2010-04-20 02:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sony
2010-04-20 02:24 . 2010-04-20 02:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Publish Providers
2010-04-20 02:16 . 2010-04-20 02:16 -------- d-----w- c:\programdata\Sony
2010-04-20 01:56 . 2010-04-16 15:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-20 01:32 . 2010-04-20 01:31 -------- d-----w- c:\program files\Hotspot Shield
2010-04-20 01:25 . 2010-04-20 01:25 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb7BF5.tmp.exe
2010-04-19 14:25 . 2010-04-16 15:12 -------- d-----w- c:\program files\Google
2010-04-19 11:50 . 2010-04-19 11:50 50 ----a-w- c:\windows\system32\bridf08b.dat
2010-04-19 11:50 . 2010-04-19 11:50 -------- d-----w- c:\program files\Brother
2010-04-19 11:50 . 2010-04-15 19:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 11:50 . 2010-04-19 11:50 -------- d-----w- c:\users\RuDolF~\AppData\Roaming\InstallShield
2010-04-19 11:48 . 2010-04-19 11:47 250 ----a-w- c:\windows\system32\cid_store.dat
2010-04-19 11:48 . 2010-04-19 11:47 26 ----a-w- c:\windows\system32\xlhcc.dat
2010-04-19 11:44 . 2010-04-19 11:44 -------- d-----w- c:\programdata\Brother
2010-04-19 11:39 . 2010-04-19 11:39 -------- d-----w- c:\program files\Adobe Media Player
2010-04-19 11:38 . 2010-04-19 11:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\drivers\fvevol.sys ---
Company: Microsoft Corporation
File Description: BitLocker Drive Encryption Driver
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft? Windows? Operating System
Copyright: ? Microsoft Corporation. All rights reserved.
Original Filename: FVEVOL.SYS.MUI
File size: 194488
Created time: 2010-04-28 01:42
Modified time: 2009-09-26 05:58
MD5: DAFBD9FE39197495AED6D51F3B85B5D2
SHA1: 24026D4CD6C558B559B292E9F44AC5A1AC44DCF1
--- c:\windows\system32\drivers\ksecpkg.sys ---
Company: Microsoft Corporation
File Description: Kernel Security Support Provider Interface Packages
File Version: 6.1.7600.16484 (win7_gdr.091210-1534)
Product Name: Microsoft? Windows? Operating System
Copyright: ? Microsoft Corporation. All rights reserved.
Original Filename: ksecpkg.sys
File size: 133720
Created time: 2010-04-28 01:41
Modified time: 2009-12-11 07:44
MD5: 365C6154BBBC5377173F1CA7BFB6CC59
SHA1: 8A596DC2F7CB01FFBFF21BDBF113375691D2324E
--- c:\windows\system32\lsasrv.dll ---
Company: Microsoft Corporation
File Description: LSA Server DLL
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Microsoft? Windows? Operating System
Copyright: ? Microsoft Corporation. All rights reserved.
Original Filename: lsasrv.dll.mui
File size: 1037312
Created time: 2010-04-28 01:41
Modified time: 2009-12-11 07:38
MD5: 4DDF6D393AD49DA2BEC4875B0B516A74
SHA1: 10A75D68C6ACFB4C7FCDEC063F27BE8D3CB4C989
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-04-20 01:31 220208 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-19 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-18 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-18 166936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-25 8129056]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"MRUTray"="c:\program files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-04-15 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"VX1000"="c:\windows\vVX1000.exe" [2010-03-12 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-07 611712]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-02 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-20 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DirectOC.lnk - c:\program files\MSI\DirectOC\StartDirectOC.exe [2010-4-16 188416]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
R3 aswArKrn;aswArKrn;c:\users\RuDolF~\AppData\Local\Temp\aswArKrn.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FLASHSYS.sys [2007-12-14 9216]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
.
‘計劃任務’ 文件夾 裡的內容
2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 19:06]
2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 19:06]
.
.
------- 而外的掃描 -------
.
uStart Page =
hxxp://www.google.com.hk/IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: ‥I¥I‥31p?U﹐u - c:\program files\Thunder\Program\GetUrl.htm
IE: ‥I¥I‥31p?U﹐u¥t3!AiĀ±μ - c:\program files\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下載 - c:\program files\Thunder\Program\GetUrl.htm
IE: 使用迅雷下載全部鏈接 - c:\program files\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下?全部?接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder\Thunder.exe
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\RuDolF~\AppData\Roaming\Mozilla\Firefox\Profiles\0pqnwlgr.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.mozilla.com/en-US/firefox/3.6.3/firstrun/FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(925).dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,30,26,43,d2,ef,4e,4b,98,a7,31,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,30,26,43,d2,ef,4e,4b,98,a7,31,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Marvell\raid\Apache2\bin\httpd.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Marvell\raid\Apache2\bin\httpd.exe
c:\windows\system32\taskhost.exe
c:\program files\Marvell\raid\svc\mvraidsvc.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\consent.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\sppsvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
完成時間: 2010-05-24 23:30:44 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2010-05-24 15:30
ComboFix2.txt 2010-05-24 10:05
Pre-Run: 444,725,137,408 bytes free
Post-Run: 444,517,539,840 bytes free
- - End Of File - - 2D2366960B0015CE7E0426567B05B9E7