ComboFix 11-06-01.07 - James 2/2011 Thu 15:19:43.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.3062.2377 [GMT -4:00]
执行位置: c:\users\James\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James\AppData\Roaming\Adobe\plugs
c:\users\James\AppData\Roaming\Adobe\shed
c:\users\James\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\config\mcckmplayervod.ini
.
.
((((((((((((((((((((((((( 2011-05-02 至 2011-06-02 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-06-02 19:24 . 2011-06-02 19:24 -------- d-----w- c:\users\James\AppData\Local\temp
2011-06-02 19:24 . 2011-06-02 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-01 21:06 . 2011-06-01 23:51 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-31 20:24 . 2011-05-31 20:24 -------- d-----w- c:\windows\Sun
2011-05-30 02:36 . 2011-05-30 02:36 -------- d-sh--w- c:\programdata\thunder_vod_cache
2011-05-30 02:36 . 2011-05-30 02:36 -------- d-----w- c:\program files\Common Files\Thunder Network
2011-05-30 02:36 . 2011-05-30 02:36 -------- d-----w- c:\programdata\Thunder Network
2011-05-30 02:35 . 2011-05-30 02:35 -------- d-----w- c:\program files\Thunder Network
2011-05-30 02:35 . 2009-05-04 17:09 89600 ----a-w- c:\windows\system32\atl71.dll
2011-05-30 02:35 . 2009-05-04 17:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-30 02:35 . 2009-05-04 17:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-29 05:51 . 2011-05-29 05:51 -------- d-----w- c:\program files\ESET
2011-05-29 05:16 . 2011-05-29 05:16 -------- d-----w- c:\users\James\AppData\Roaming\AVG10
2011-05-29 05:16 . 2011-05-29 05:16 -------- d--h--w- c:\programdata\Common Files
2011-05-29 05:15 . 2011-05-29 05:20 -------- d-----w- c:\users\James\AppData\Roaming\PIPI
2011-05-29 05:15 . 2011-05-29 05:47 -------- d-----w- c:\programdata\AVG10
2011-05-29 05:15 . 2011-05-29 05:18 -------- d-----w- c:\windows\system32\drivers\AVG
2011-05-29 05:13 . 2011-05-29 05:19 -------- d-----w- c:\programdata\MFAData
2011-05-29 05:10 . 2011-05-29 05:10 -------- d-sh--w- c:\programdata\seemao_backup
2011-05-29 05:09 . 2011-05-29 05:10 -------- d-----w- c:\programdata\~smtemp
2011-05-29 05:01 . 2011-05-29 05:01 -------- d-----w- c:\programdata\KuaiKuai
2011-05-22 22:29 . 2011-05-22 22:29 -------- d-----w- c:\programdata\PC Tools
2011-05-16 20:09 . 2011-05-16 20:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 00:15 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 00:15 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 00:15 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-07 05:27 . 2011-05-07 05:27 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-07 05:27 . 2011-05-07 05:27 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-07 05:27 . 2011-05-07 05:27 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-07 05:27 . 2011-05-07 05:27 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-07 05:27 . 2011-05-07 05:27 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-07 05:27 . 2011-05-07 05:27 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-07 05:27 . 2011-05-07 05:27 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-07 05:27 . 2011-05-07 05:27 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 05:33 . 2011-04-12 20:09 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33 . 2011-04-12 20:09 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28 . 2011-04-12 20:08 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-07 05:27 . 2011-05-07 05:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^James^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 23:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 23:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 23:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 00:40 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-05-31 6638080]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-21 4093392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-31 1343400]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva384;XDva384;c:\windows\system32\XDva384.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-21 691696]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-08-16 6637056]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- 而外的扫描 -------
.
uStart Page =
hxxp://www.bing.com/?pc=Z007&form=ZGAPHPIE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\z4dfk4n4.default\
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-06-02 15:25:42
ComboFix-quarantined-files.txt 2011-06-02 19:25
.
Pre-Run: 180,994,048,000 bytes free
Post-Run: 180,967,469,056 bytes free
.
- - End Of File - - 22E5B2FAD221C93783C3E9F6CF1D5B1C